88 research outputs found
S3C2 Summit 2023-06: Government Secure Supply Chain Summit
Recent years have shown increased cyber attacks targeting less secure
elements in the software supply chain and causing fatal damage to businesses
and organizations. Past well-known examples of software supply chain attacks
are the SolarWinds or log4j incidents that have affected thousands of customers
and businesses. The US government and industry are equally interested in
enhancing software supply chain security. On June 7, 2023, researchers from the
NSF-supported Secure Software Supply Chain Center (S3C2) conducted a Secure
Software Supply Chain Summit with a diverse set of 17 practitioners from 13
government agencies. The goal of the Summit was two-fold: (1) to share our
observations from our previous two summits with industry, and (2) to enable
sharing between individuals at the government agencies regarding practical
experiences and challenges with software supply chain security. For each
discussion topic, we presented our observations and take-aways from the
industry summits to spur conversation. We specifically focused on the Executive
Order 14028, software bill of materials (SBOMs), choosing new dependencies,
provenance and self-attestation, and large language models. The open
discussions enabled mutual sharing and shed light on common challenges that
government agencies see as impacting government and industry practitioners when
securing their software supply chain. In this paper, we provide a summary of
the Summit.Comment: arXiv admin note: text overlap with arXiv:2307.16557,
arXiv:2307.1564
Discovering Attackers Past Behavior to Generate Online Hyper-Alerts
To support information security, organizations deploy Intrusion Detection Systems (IDS) that monitor information systems and networks, generating alerts for every suspicious behavior. However, the huge amount of alerts that an IDS triggers and their low-level representation make the alerts analysis a challenging task. In this paper, we propose a new approach based on hierarchical clustering that supports intrusion alert analysis in two main steps. First, it correlates historical alerts to identify the most common strategies attackers have used. Then, it associates upcoming alerts in real time according to the strategies discovered in the first step. The experiments were performed using a real dataset from the University of Maryland. The results showed that the proposed approach could properly identify the attack strategy patterns from historical alerts, and organize the upcoming alerts into a smaller amount of meaningful hyper-alerts
Global wealth disparities drive adherence to COVID-safe pathways in head and neck cancer surgery
Peer reviewe
The impact of surgical delay on resectability of colorectal cancer: An international prospective cohort study
AIM: The SARS-CoV-2 pandemic has provided a unique opportunity to explore the impact of surgical delays on cancer resectability. This study aimed to compare resectability for colorectal cancer patients undergoing delayed versus non-delayed surgery. METHODS: This was an international prospective cohort study of consecutive colorectal cancer patients with a decision for curative surgery (January-April 2020). Surgical delay was defined as an operation taking place more than 4 weeks after treatment decision, in a patient who did not receive neoadjuvant therapy. A subgroup analysis explored the effects of delay in elective patients only. The impact of longer delays was explored in a sensitivity analysis. The primary outcome was complete resection, defined as curative resection with an R0 margin. RESULTS: Overall, 5453 patients from 304 hospitals in 47 countries were included, of whom 6.6% (358/5453) did not receive their planned operation. Of the 4304 operated patients without neoadjuvant therapy, 40.5% (1744/4304) were delayed beyond 4 weeks. Delayed patients were more likely to be older, men, more comorbid, have higher body mass index and have rectal cancer and early stage disease. Delayed patients had higher unadjusted rates of complete resection (93.7% vs. 91.9%, P = 0.032) and lower rates of emergency surgery (4.5% vs. 22.5%, P < 0.001). After adjustment, delay was not associated with a lower rate of complete resection (OR 1.18, 95% CI 0.90-1.55, P = 0.224), which was consistent in elective patients only (OR 0.94, 95% CI 0.69-1.27, P = 0.672). Longer delays were not associated with poorer outcomes. CONCLUSION: One in 15 colorectal cancer patients did not receive their planned operation during the first wave of COVID-19. Surgical delay did not appear to compromise resectability, raising the hypothesis that any reduction in long-term survival attributable to delays is likely to be due to micro-metastatic disease
Profiling Attacker Behavior Following SSH Compromises
This practical experience report presents the results of an experiment aimed at building a profile of attacker behavior following a remote compromise. For this experiment, we utilized four Linux honeypot computers running SSH with easily guessable passwords. During the course of our research, we also determined the most commonly attempted usernames and passwords, the average number of attempted logins per day, and the ratio of failed to successful attempts. To build a profile of attacker behavior, we looked for specific actions taken by the attacker and the order in which they occurred. These actions were: checking the configuration, changing the password, downloading a file, installing/running rogue code, and changing the system configuration. 1
- …