This review examines human vulnerabilities in cybersecurity within Microfinance Institutions, analyzing their impact on organizational resilience. Focusing on social engineering, inadequate security training, and weak...This review examines human vulnerabilities in cybersecurity within Microfinance Institutions, analyzing their impact on organizational resilience. Focusing on social engineering, inadequate security training, and weak internal protocols, the study identifies key vulnerabilities exacerbating cyber threats to MFIs. A literature review using databases like IEEE Xplore and Google Scholar focused on studies from 2019 to 2023 addressing human factors in cybersecurity specific to MFIs. Analysis of 57 studies reveals that phishing and insider threats are predominant, with a 20% annual increase in phishing attempts. Employee susceptibility to these attacks is heightened by insufficient training, with entry-level employees showing the highest vulnerability rates. Further, only 35% of MFIs offer regular cybersecurity training, significantly impacting incident reduction. This paper recommends enhanced training frequency, robust internal controls, and a cybersecurity-aware culture to mitigate human-induced cyber risks in MFIs.展开更多
With the rapid proliferation of Internet ofThings(IoT)devices,ensuring their communication security has become increasingly important.Blockchain and smart contract technologies,with their decentralized nature,provide ...With the rapid proliferation of Internet ofThings(IoT)devices,ensuring their communication security has become increasingly important.Blockchain and smart contract technologies,with their decentralized nature,provide strong security guarantees for IoT.However,at the same time,smart contracts themselves face numerous security challenges,among which reentrancy vulnerabilities are particularly prominent.Existing detection tools for reentrancy vulnerabilities often suffer from high false positive and false negative rates due to their reliance on identifying patterns related to specific transfer functions.To address these limitations,this paper proposes a novel detection method that combines pattern matching with deep learning.Specifically,we carefully identify and define three common patterns of reentrancy vulnerabilities in smart contracts.Then,we extract key vulnerability features based on these patterns.Furthermore,we employ a Graph Attention Neural Network to extract graph embedding features from the contract graph,capturing the complex relationships between different components of the contract.Finally,we use an attention mechanism to fuse these two sets of feature information,enhancing the weights of effective information and suppressing irrelevant information,thereby significantly improving the accuracy and robustness of vulnerability detection.Experimental results demonstrate that our proposed method outperforms existing state-ofthe-art techniques,achieving a 3.88%improvement in accuracy compared to the latest vulnerability detection model AME(Attentive Multi-Encoder Network).This indicates that our method effectively reduces false positives and false negatives,significantly enhancing the security and reliability of smart contracts in the evolving IoT ecosystem.展开更多
Database systems have consistently been prime targets for cyber-attacks and threats due to the critical nature of the data they store.Despite the increasing reliance on database management systems,this field continues...Database systems have consistently been prime targets for cyber-attacks and threats due to the critical nature of the data they store.Despite the increasing reliance on database management systems,this field continues to face numerous cyber-attacks.Database management systems serve as the foundation of any information system or application.Any cyber-attack can result in significant damage to the database system and loss of sensitive data.Consequently,cyber risk classifications and assessments play a crucial role in risk management and establish an essential framework for identifying and responding to cyber threats.Risk assessment aids in understanding the impact of cyber threats and developing appropriate security controls to mitigate risks.The primary objective of this study is to conduct a comprehensive analysis of cyber risks in database management systems,including classifying threats,vulnerabilities,impacts,and countermeasures.This classification helps to identify suitable security controls to mitigate cyber risks for each type of threat.Additionally,this research aims to explore technical countermeasures to protect database systems from cyber threats.This study employs the content analysis method to collect,analyze,and classify data in terms of types of threats,vulnerabilities,and countermeasures.The results indicate that SQL injection attacks and Denial of Service(DoS)attacks were the most prevalent technical threats in database systems,each accounting for 9%of incidents.Vulnerable audit trails,intrusion attempts,and ransomware attacks were classified as the second level of technical threats in database systems,comprising 7%and 5%of incidents,respectively.Furthermore,the findings reveal that insider threats were the most common non-technical threats in database systems,accounting for 5%of incidents.Moreover,the results indicate that weak authentication,unpatched databases,weak audit trails,and multiple usage of an account were the most common technical vulnerabilities in database systems,each accounting for 9%of vulnerabilities.Additionally,software bugs,insecure coding practices,weak security controls,insecure networks,password misuse,weak encryption practices,and weak data masking were classified as the second level of security vulnerabilities in database systems,each accounting for 4%of vulnerabilities.The findings from this work can assist organizations in understanding the types of cyber threats and developing robust strategies against cyber-attacks.展开更多
1.INTRODUCTION.The integration of technology in medicine,particularly in the field of radiology,has led to significant advancements in patient care and diagnosis.While this digital transformation of healthcare has bro...1.INTRODUCTION.The integration of technology in medicine,particularly in the field of radiology,has led to significant advancements in patient care and diagnosis.While this digital transformation of healthcare has brought many benefits,it has also exposed radiological systems and sensitive patient data to unprecedented cybersecurity threats.This article aims to highlight the current cyberattack landscape,trends,and benefits of ethical hacking,which could be employed to identify vulnerabilities and improve cybersecurity defenses.展开更多
The vulnerability of farms to the effects of climate change weighs heavily and indirectly on the living conditions of farming households in northern Benin. This article analyses the vulnerability of cotton-growing hou...The vulnerability of farms to the effects of climate change weighs heavily and indirectly on the living conditions of farming households in northern Benin. This article analyses the vulnerability of cotton-growing households to the effects of climate change. Using a simple random sample of 240 households, the study identified the hardships suffered by cotton-growing farm households in the communes of Boukoumbé and Kérou in northern Benin. The theoretical framework is based on sustainable living conditions, according to which poverty is no longer understood solely in monetary or pecuniary terms, but rather is based on a multidimensional approach. The normalization method is used to calculate the index level for each sub-component. The results show that the level of vulnerability to living conditions per household is 0.3120. Households headed by women are less vulnerable to the effects of climate change (-0.0042) than those headed by men (0.0258). The effects of climate change on household living conditions are estimated at 0.0209.展开更多
Ethernet-based Passive Optical Network(EPON) is considered a very promising solution for the first mile problem of the next generation networks.Due to its particular characteristic of shared media structure,EPON suffe...Ethernet-based Passive Optical Network(EPON) is considered a very promising solution for the first mile problem of the next generation networks.Due to its particular characteristic of shared media structure,EPON suffers many security vulnerabilities. Communication security must be guaranteed when EPON is applied in practice.This paper gives a general introduction to the EPON system,analyzes the potential threats and attacks pertaining to the EPON system,and presents effective countermea-sures against these threats and attacks with emphasis on the authentication protocols and key distribution.展开更多
In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed eit...In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security vulnerabilities used to secure the web application layer, the security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web application development. In our SLR, we have performed a deep analysis on web application security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web security processes and standards.展开更多
With the trade network analysis method and bilateral country-product level trade data of 2017-2020,this paper reveals the overall characteristics and intrinsic vulnerabilities of China’s global supply chains.Our rese...With the trade network analysis method and bilateral country-product level trade data of 2017-2020,this paper reveals the overall characteristics and intrinsic vulnerabilities of China’s global supply chains.Our research finds that first,most global supply-chain-vulnerable products are from technology-intensive sectors.For advanced economies,their supply chain vulnerabilities are primarily exposed to political and economic alliances.In comparison,developing economies are more dependent on regional communities.Second,China has a significant export advantage with over 80%of highly vulnerable intermediate inputs relying on imports of high-end electrical,mechanical and chemical products from advanced economies or their multinational companies.China also relies on developing economies for the import of some resource products.Third,during the trade frictions from 2018 to 2019 and the subsequent COVID-19 pandemic,there was a significant reduction in the supply chain vulnerabilities of China and the US for critical products compared with other products,which reflects a shift in the layout of critical product supply chains to ensure not just efficiency but security.China should address supply chain vulnerabilities by bolstering supply-side weaknesses,diversifying import sources,and promoting international coordination and cooperation.展开更多
From an environmental protection perspective, the crucial issues pertaining to the policing of hazardous waste relate to both the vulnerabilities and limitations of current practices, and the potential issues that dem...From an environmental protection perspective, the crucial issues pertaining to the policing of hazardous waste relate to both the vulnerabilities and limitations of current practices, and the potential issues that demand attention in the here and now, to alleviate future calamity. This paper describes the process involved in developing a vulnerabilities and limitations checklist that provides a relatively simple yet multi-pronged approach to assessing present and future environmental harms and crimes within the hazardous waste sector. Although it was not the intention of the authors to develop a generic checklist, this tool may prove useful to other industry sectors.展开更多
Although disasters can occur anywhere, certain types of disasters are more likely to have more effects on some buildings than others, especially on those in urban areas. Buildings in Lagos have had nasty experiences f...Although disasters can occur anywhere, certain types of disasters are more likely to have more effects on some buildings than others, especially on those in urban areas. Buildings in Lagos have had nasty experiences from both natural and artificial disasters, claiming lives and properties in the past. This study aims at evaluating the disaster risks, vulnerabilities and response strategies in the high rise buildings in Lagos municipality. Structured questionnaire was administered to building owners, estate managers and disaster managers who manage the high rise buildings. The information obtained was supplemented by personal interviews conducted with tenants and rescue organizations. The study identified collapse of building, fire out break, and communication and power failure as the most likely potential disasters, power failure and collapse had the highest severity of impact, and the degree of preparedness achieved to confront the disasters was below satisfaction. However, the specific status of the response strategies was as expected, but there was room for improvements. The potential disasters were natural, human and environmental and the most vulnerable sectors were other properties rather than the high rise buildings themselves. The magnitude of risk levels could be contained with the level of response strategies already achieved if coordinated.展开更多
This study pursues the objective of analyzing and verifying the knowledge of the agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College) in relation to the practical flaws...This study pursues the objective of analyzing and verifying the knowledge of the agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College) in relation to the practical flaws resulting from the lack of knowledge of the observable rules in information system security. In a clearer way, it aims to verify the level of knowledge of the vulnerabilities, to verify the level of use of the antivirus software, to analyze the frequency of use of Windows update, the use of an anti-spyware software as well as a firewall software on the computer. Through a survey conducted on a sample of 100 agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College), the results revealed that 48% of the sample has no knowledge on computer vulnerabilities;for the use of antivirus software: 47% do not use the antivirus;for Windows update: 29% never update the Windows operating system;for anti-spyware: 48% never use;for the firewall: 50% are not informed. In fine, our results proposed a protection model VMAUSP (Vulnerability Measurability Measures Antivirus, Update, Spyware and Firewall) to users based on the behavioral approach, learning how the model works.展开更多
The boom of coding languages in the 1950s revolutionized how our digital world was construed and accessed. The languages invented then, including Fortran, are still in use today due to their versatility and ability to...The boom of coding languages in the 1950s revolutionized how our digital world was construed and accessed. The languages invented then, including Fortran, are still in use today due to their versatility and ability to underpin a large majority of the older portions of our digital world and applications. Fortran, or Formula Translation, was a programming language implemented by IBM that shortened the apparatus of coding and the efficacy of the language syntax. Fortran marked the beginning of a new era of efficient programming by reducing the number of statements needed to operate a machine several-fold. Since then, dozens more languages have come into regular practice and have been increasingly diversified over the years. Some modern languages include Python, Java, JavaScript, C, C++, and PHP. These languages significantly improved efficiency and also have a broad range of uses. Python is mainly used for website/software development, data analysis, task automation, image processing, and graphic design applications. On the other hand, Java is primarily used as a client-side programming language. Expanding the coding languages allowed for increasing accessibility but also opened up applications to pertinent security issues. These security issues have varied by prevalence and language. Previous research has narrowed its focus on individual languages, failing to evaluate the security. This research paper investigates the severity and frequency of coding vulnerabilities comparatively across different languages and contextualizes their uses in a systematic literature review.展开更多
To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities ...To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.展开更多
Cyberattacks on the Industrial Control System(ICS)have recently been increasing,made more intelligent by advancing technologies.As such,cybersecurity for such systems is attracting attention.As a core element of contr...Cyberattacks on the Industrial Control System(ICS)have recently been increasing,made more intelligent by advancing technologies.As such,cybersecurity for such systems is attracting attention.As a core element of control devices,the Programmable Logic Controller(PLC)in an ICS carries out on-site control over the ICS.A cyberattack on the PLC will cause damages on the overall ICS,with Stuxnet and Duqu as the most representative cases.Thus,cybersecurity for PLCs is considered essential,and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks.In this study,a vulnerability analysis was conducted on the XGB PLC.Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack,memory modulation attack,and FTP/Web service account theft for the verification of the results.Based on the results,the attacks were proven to be able to cause the PLC to malfunction and disable it,and the identified vulnerabilities were defined.展开更多
The present study focuses on the impacts of extreme drought and flooding situations in Amazonia, using level/discharge data from some rivers in the Amazon region as indicators of impacts. The last 10 years have featur...The present study focuses on the impacts of extreme drought and flooding situations in Amazonia, using level/discharge data from some rivers in the Amazon region as indicators of impacts. The last 10 years have featured various “once in a century” droughts and floods in the Amazon basin, which have affected human and natural systems in the region. We assess a history of such hazards based on river data, and discuss some of the observed impacts in terms of vulnerability of human and natural systems, as well as some of adaptation strategies implemented by regional and local governments to cope with them. A critical perspective of mitigation of drought and flood policies in Amazonia suggests that they have been mostly ineffective in reducing vulnerability for the majority of the population, constituting, perhaps, examples of maladaptation via the undermining of resilience.展开更多
Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more t...Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more than 40 million smart contracts are running,is frequently challenged by smart contract vulnerabilities.What’s worse,since the homogeneity of a wide range of smart contracts and the increase in inter-contract dependencies,a vulnerability in a certain smart contract could affect a large number of other contracts in Ethereum.However,little is known about how vulnerable contracts affect other on-chain contracts and which contracts can be affected.Thus,we first present the contract dependency graph(CDG)to perform a vulnerability analysis for Ethereum smart contracts,where CDG characterizes inter-contract dependencies formed by DELEGATECALL-type internal transaction in Ethereum.Then,three generic definitions of security violations against CDG are given for finding respective potential victim contracts affected by different types of vulnerable contracts.Further,we construct the CDG with 195,247 smart contracts active in the latest blocks of the Ethereum and verify the above security violations against CDG by detecting three representative known vulnerabilities.Compared to previous large-scale vulnerability analysis,our analysis scheme marks potential victim contracts that can be affected by different types of vulnerable contracts,and identify their possible risks based on the type of security violation actually occurring.The analysis results show that the proportion of potential victim contracts reaches 14.7%,far more than that of corresponding vulnerable contracts(less than 0.02%)in CDG.展开更多
The Ethiopian Electric Power(EEP) has been operating and managing the national interconnected power system with dispersed and geographically isolated generators, a complex transmission system and loads. In recent year...The Ethiopian Electric Power(EEP) has been operating and managing the national interconnected power system with dispersed and geographically isolated generators, a complex transmission system and loads. In recent years, with an increasing load demand due to rural electrification and industrialization, the Ethiopian power system has faced more frequent, widely spread and long lasting blackouts. To slash the occurrence of such incidents, identifying the system vulnerabilities is the first step in this direction. In this paper, the vulnerability assessment is performed using indices called active power performance index(PIp) and voltage performance index(PIv). These indices provide a direct means of comparing the relative severity of the different line outages on the system loads and voltage profiles. Accordingly, it is found that the most severe line outages are those lines that interconnect the high load centered(Addis Ababa and Central regions) with the rest of the regional power systems. In addition, the most vulnerable buses of the network in respect of voltage limit violations are mainly found at the high load centers.展开更多
Excessive unplanned urban growth leads to many vulnerabilities and impacts on urban environments to varying degrees. However, the majority of the extant literature focuses on the problems related to location and socio...Excessive unplanned urban growth leads to many vulnerabilities and impacts on urban environments to varying degrees. However, the majority of the extant literature focuses on the problems related to location and socioeconomic conditions, rather than vulnerability processes and related environmental degradation. This paper analyzes the scope of urban vulnerabilities for five rapidly urbanizing and highly-congested cities in the Kathmandu Valley, Nepal. First, the historic context of the Valley’s uncontrolled urbanization sets the scene. Second, the optic is narrowed to focus upon the geographical features of the resultant urbanized Valley landscape that includes spatial arrangements and of houses, population densities, road networks, vehicular densities, garbage problems, and available open spaces. Additionally, seismic vulnerabilities in the urban areas are also considering in this examination. Third, three-dimensional visualizations of selected urban locations are presented to differentiate between vulnerable and relatively safe locations. The intent of this research is to contribute to the methodological understanding of human/hazards interactions in rapidly urbanizing cities of the Third World, which share similar socioeconomic conditions and environmental con-texts.展开更多
This paper introduces the design and construction of global navigation satellite systems(GNSS)vulnerability simulation,verification,and mitigation platform.The platform contains five modules:simulation of the signal-i...This paper introduces the design and construction of global navigation satellite systems(GNSS)vulnerability simulation,verification,and mitigation platform.The platform contains five modules:simulation of the signal-in-space environment,simulation of the vulnerabilities in the space segment,signal quality monitoring and data processing,vulnerability assessment and validation,and integrated control.It provides a set of integrated simulations of different types of interference in the GNSS signal propagation domain,including electromagnetic interference,atmospheric disturbances,multipath,and interference in the inter-satellite link.This paper focuses on the design of the main system modules and testing through an experimental analysis.The results demonstrate both the effectiveness and realism of the modules and overall platform.展开更多
文摘This review examines human vulnerabilities in cybersecurity within Microfinance Institutions, analyzing their impact on organizational resilience. Focusing on social engineering, inadequate security training, and weak internal protocols, the study identifies key vulnerabilities exacerbating cyber threats to MFIs. A literature review using databases like IEEE Xplore and Google Scholar focused on studies from 2019 to 2023 addressing human factors in cybersecurity specific to MFIs. Analysis of 57 studies reveals that phishing and insider threats are predominant, with a 20% annual increase in phishing attempts. Employee susceptibility to these attacks is heightened by insufficient training, with entry-level employees showing the highest vulnerability rates. Further, only 35% of MFIs offer regular cybersecurity training, significantly impacting incident reduction. This paper recommends enhanced training frequency, robust internal controls, and a cybersecurity-aware culture to mitigate human-induced cyber risks in MFIs.
基金supported by theHigher Education Research Project of Jilin Province:JGJX24C118the National Defense Basic Scientific Research Program of China(No.JCKY2023602C026).
文摘With the rapid proliferation of Internet ofThings(IoT)devices,ensuring their communication security has become increasingly important.Blockchain and smart contract technologies,with their decentralized nature,provide strong security guarantees for IoT.However,at the same time,smart contracts themselves face numerous security challenges,among which reentrancy vulnerabilities are particularly prominent.Existing detection tools for reentrancy vulnerabilities often suffer from high false positive and false negative rates due to their reliance on identifying patterns related to specific transfer functions.To address these limitations,this paper proposes a novel detection method that combines pattern matching with deep learning.Specifically,we carefully identify and define three common patterns of reentrancy vulnerabilities in smart contracts.Then,we extract key vulnerability features based on these patterns.Furthermore,we employ a Graph Attention Neural Network to extract graph embedding features from the contract graph,capturing the complex relationships between different components of the contract.Finally,we use an attention mechanism to fuse these two sets of feature information,enhancing the weights of effective information and suppressing irrelevant information,thereby significantly improving the accuracy and robustness of vulnerability detection.Experimental results demonstrate that our proposed method outperforms existing state-ofthe-art techniques,achieving a 3.88%improvement in accuracy compared to the latest vulnerability detection model AME(Attentive Multi-Encoder Network).This indicates that our method effectively reduces false positives and false negatives,significantly enhancing the security and reliability of smart contracts in the evolving IoT ecosystem.
基金supported by the Deanship of Scientific Research,Vice Presidency for Graduate Studies and Scientific Research,King Faisal University,Saudi Arabia(Grant No.KFU242068).
文摘Database systems have consistently been prime targets for cyber-attacks and threats due to the critical nature of the data they store.Despite the increasing reliance on database management systems,this field continues to face numerous cyber-attacks.Database management systems serve as the foundation of any information system or application.Any cyber-attack can result in significant damage to the database system and loss of sensitive data.Consequently,cyber risk classifications and assessments play a crucial role in risk management and establish an essential framework for identifying and responding to cyber threats.Risk assessment aids in understanding the impact of cyber threats and developing appropriate security controls to mitigate risks.The primary objective of this study is to conduct a comprehensive analysis of cyber risks in database management systems,including classifying threats,vulnerabilities,impacts,and countermeasures.This classification helps to identify suitable security controls to mitigate cyber risks for each type of threat.Additionally,this research aims to explore technical countermeasures to protect database systems from cyber threats.This study employs the content analysis method to collect,analyze,and classify data in terms of types of threats,vulnerabilities,and countermeasures.The results indicate that SQL injection attacks and Denial of Service(DoS)attacks were the most prevalent technical threats in database systems,each accounting for 9%of incidents.Vulnerable audit trails,intrusion attempts,and ransomware attacks were classified as the second level of technical threats in database systems,comprising 7%and 5%of incidents,respectively.Furthermore,the findings reveal that insider threats were the most common non-technical threats in database systems,accounting for 5%of incidents.Moreover,the results indicate that weak authentication,unpatched databases,weak audit trails,and multiple usage of an account were the most common technical vulnerabilities in database systems,each accounting for 9%of vulnerabilities.Additionally,software bugs,insecure coding practices,weak security controls,insecure networks,password misuse,weak encryption practices,and weak data masking were classified as the second level of security vulnerabilities in database systems,each accounting for 4%of vulnerabilities.The findings from this work can assist organizations in understanding the types of cyber threats and developing robust strategies against cyber-attacks.
文摘1.INTRODUCTION.The integration of technology in medicine,particularly in the field of radiology,has led to significant advancements in patient care and diagnosis.While this digital transformation of healthcare has brought many benefits,it has also exposed radiological systems and sensitive patient data to unprecedented cybersecurity threats.This article aims to highlight the current cyberattack landscape,trends,and benefits of ethical hacking,which could be employed to identify vulnerabilities and improve cybersecurity defenses.
文摘The vulnerability of farms to the effects of climate change weighs heavily and indirectly on the living conditions of farming households in northern Benin. This article analyses the vulnerability of cotton-growing households to the effects of climate change. Using a simple random sample of 240 households, the study identified the hardships suffered by cotton-growing farm households in the communes of Boukoumbé and Kérou in northern Benin. The theoretical framework is based on sustainable living conditions, according to which poverty is no longer understood solely in monetary or pecuniary terms, but rather is based on a multidimensional approach. The normalization method is used to calculate the index level for each sub-component. The results show that the level of vulnerability to living conditions per household is 0.3120. Households headed by women are less vulnerable to the effects of climate change (-0.0042) than those headed by men (0.0258). The effects of climate change on household living conditions are estimated at 0.0209.
文摘Ethernet-based Passive Optical Network(EPON) is considered a very promising solution for the first mile problem of the next generation networks.Due to its particular characteristic of shared media structure,EPON suffers many security vulnerabilities. Communication security must be guaranteed when EPON is applied in practice.This paper gives a general introduction to the EPON system,analyzes the potential threats and attacks pertaining to the EPON system,and presents effective countermea-sures against these threats and attacks with emphasis on the authentication protocols and key distribution.
文摘In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security vulnerabilities used to secure the web application layer, the security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web application development. In our SLR, we have performed a deep analysis on web application security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web security processes and standards.
文摘With the trade network analysis method and bilateral country-product level trade data of 2017-2020,this paper reveals the overall characteristics and intrinsic vulnerabilities of China’s global supply chains.Our research finds that first,most global supply-chain-vulnerable products are from technology-intensive sectors.For advanced economies,their supply chain vulnerabilities are primarily exposed to political and economic alliances.In comparison,developing economies are more dependent on regional communities.Second,China has a significant export advantage with over 80%of highly vulnerable intermediate inputs relying on imports of high-end electrical,mechanical and chemical products from advanced economies or their multinational companies.China also relies on developing economies for the import of some resource products.Third,during the trade frictions from 2018 to 2019 and the subsequent COVID-19 pandemic,there was a significant reduction in the supply chain vulnerabilities of China and the US for critical products compared with other products,which reflects a shift in the layout of critical product supply chains to ensure not just efficiency but security.China should address supply chain vulnerabilities by bolstering supply-side weaknesses,diversifying import sources,and promoting international coordination and cooperation.
文摘From an environmental protection perspective, the crucial issues pertaining to the policing of hazardous waste relate to both the vulnerabilities and limitations of current practices, and the potential issues that demand attention in the here and now, to alleviate future calamity. This paper describes the process involved in developing a vulnerabilities and limitations checklist that provides a relatively simple yet multi-pronged approach to assessing present and future environmental harms and crimes within the hazardous waste sector. Although it was not the intention of the authors to develop a generic checklist, this tool may prove useful to other industry sectors.
文摘Although disasters can occur anywhere, certain types of disasters are more likely to have more effects on some buildings than others, especially on those in urban areas. Buildings in Lagos have had nasty experiences from both natural and artificial disasters, claiming lives and properties in the past. This study aims at evaluating the disaster risks, vulnerabilities and response strategies in the high rise buildings in Lagos municipality. Structured questionnaire was administered to building owners, estate managers and disaster managers who manage the high rise buildings. The information obtained was supplemented by personal interviews conducted with tenants and rescue organizations. The study identified collapse of building, fire out break, and communication and power failure as the most likely potential disasters, power failure and collapse had the highest severity of impact, and the degree of preparedness achieved to confront the disasters was below satisfaction. However, the specific status of the response strategies was as expected, but there was room for improvements. The potential disasters were natural, human and environmental and the most vulnerable sectors were other properties rather than the high rise buildings themselves. The magnitude of risk levels could be contained with the level of response strategies already achieved if coordinated.
文摘This study pursues the objective of analyzing and verifying the knowledge of the agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College) in relation to the practical flaws resulting from the lack of knowledge of the observable rules in information system security. In a clearer way, it aims to verify the level of knowledge of the vulnerabilities, to verify the level of use of the antivirus software, to analyze the frequency of use of Windows update, the use of an anti-spyware software as well as a firewall software on the computer. Through a survey conducted on a sample of 100 agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College), the results revealed that 48% of the sample has no knowledge on computer vulnerabilities;for the use of antivirus software: 47% do not use the antivirus;for Windows update: 29% never update the Windows operating system;for anti-spyware: 48% never use;for the firewall: 50% are not informed. In fine, our results proposed a protection model VMAUSP (Vulnerability Measurability Measures Antivirus, Update, Spyware and Firewall) to users based on the behavioral approach, learning how the model works.
文摘The boom of coding languages in the 1950s revolutionized how our digital world was construed and accessed. The languages invented then, including Fortran, are still in use today due to their versatility and ability to underpin a large majority of the older portions of our digital world and applications. Fortran, or Formula Translation, was a programming language implemented by IBM that shortened the apparatus of coding and the efficacy of the language syntax. Fortran marked the beginning of a new era of efficient programming by reducing the number of statements needed to operate a machine several-fold. Since then, dozens more languages have come into regular practice and have been increasingly diversified over the years. Some modern languages include Python, Java, JavaScript, C, C++, and PHP. These languages significantly improved efficiency and also have a broad range of uses. Python is mainly used for website/software development, data analysis, task automation, image processing, and graphic design applications. On the other hand, Java is primarily used as a client-side programming language. Expanding the coding languages allowed for increasing accessibility but also opened up applications to pertinent security issues. These security issues have varied by prevalence and language. Previous research has narrowed its focus on individual languages, failing to evaluate the security. This research paper investigates the severity and frequency of coding vulnerabilities comparatively across different languages and contextualizes their uses in a systematic literature review.
文摘To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.
基金This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT:Ministry of Science and ICT)(Nos.NRF-2016M2A8A4952280 and NRF-2020R1A2C1012187).
文摘Cyberattacks on the Industrial Control System(ICS)have recently been increasing,made more intelligent by advancing technologies.As such,cybersecurity for such systems is attracting attention.As a core element of control devices,the Programmable Logic Controller(PLC)in an ICS carries out on-site control over the ICS.A cyberattack on the PLC will cause damages on the overall ICS,with Stuxnet and Duqu as the most representative cases.Thus,cybersecurity for PLCs is considered essential,and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks.In this study,a vulnerability analysis was conducted on the XGB PLC.Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack,memory modulation attack,and FTP/Web service account theft for the verification of the results.Based on the results,the attacks were proven to be able to cause the PLC to malfunction and disable it,and the identified vulnerabilities were defined.
文摘The present study focuses on the impacts of extreme drought and flooding situations in Amazonia, using level/discharge data from some rivers in the Amazon region as indicators of impacts. The last 10 years have featured various “once in a century” droughts and floods in the Amazon basin, which have affected human and natural systems in the region. We assess a history of such hazards based on river data, and discuss some of the observed impacts in terms of vulnerability of human and natural systems, as well as some of adaptation strategies implemented by regional and local governments to cope with them. A critical perspective of mitigation of drought and flood policies in Amazonia suggests that they have been mostly ineffective in reducing vulnerability for the majority of the population, constituting, perhaps, examples of maladaptation via the undermining of resilience.
基金supported by the Key R and D Programs of Zhejiang Province under Grant No.2022C01018the Natural Science Foundation of Zhejiang Province under Grant No.LQ20F020019.
文摘Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more than 40 million smart contracts are running,is frequently challenged by smart contract vulnerabilities.What’s worse,since the homogeneity of a wide range of smart contracts and the increase in inter-contract dependencies,a vulnerability in a certain smart contract could affect a large number of other contracts in Ethereum.However,little is known about how vulnerable contracts affect other on-chain contracts and which contracts can be affected.Thus,we first present the contract dependency graph(CDG)to perform a vulnerability analysis for Ethereum smart contracts,where CDG characterizes inter-contract dependencies formed by DELEGATECALL-type internal transaction in Ethereum.Then,three generic definitions of security violations against CDG are given for finding respective potential victim contracts affected by different types of vulnerable contracts.Further,we construct the CDG with 195,247 smart contracts active in the latest blocks of the Ethereum and verify the above security violations against CDG by detecting three representative known vulnerabilities.Compared to previous large-scale vulnerability analysis,our analysis scheme marks potential victim contracts that can be affected by different types of vulnerable contracts,and identify their possible risks based on the type of security violation actually occurring.The analysis results show that the proportion of potential victim contracts reaches 14.7%,far more than that of corresponding vulnerable contracts(less than 0.02%)in CDG.
文摘The Ethiopian Electric Power(EEP) has been operating and managing the national interconnected power system with dispersed and geographically isolated generators, a complex transmission system and loads. In recent years, with an increasing load demand due to rural electrification and industrialization, the Ethiopian power system has faced more frequent, widely spread and long lasting blackouts. To slash the occurrence of such incidents, identifying the system vulnerabilities is the first step in this direction. In this paper, the vulnerability assessment is performed using indices called active power performance index(PIp) and voltage performance index(PIv). These indices provide a direct means of comparing the relative severity of the different line outages on the system loads and voltage profiles. Accordingly, it is found that the most severe line outages are those lines that interconnect the high load centered(Addis Ababa and Central regions) with the rest of the regional power systems. In addition, the most vulnerable buses of the network in respect of voltage limit violations are mainly found at the high load centers.
文摘Excessive unplanned urban growth leads to many vulnerabilities and impacts on urban environments to varying degrees. However, the majority of the extant literature focuses on the problems related to location and socioeconomic conditions, rather than vulnerability processes and related environmental degradation. This paper analyzes the scope of urban vulnerabilities for five rapidly urbanizing and highly-congested cities in the Kathmandu Valley, Nepal. First, the historic context of the Valley’s uncontrolled urbanization sets the scene. Second, the optic is narrowed to focus upon the geographical features of the resultant urbanized Valley landscape that includes spatial arrangements and of houses, population densities, road networks, vehicular densities, garbage problems, and available open spaces. Additionally, seismic vulnerabilities in the urban areas are also considering in this examination. Third, three-dimensional visualizations of selected urban locations are presented to differentiate between vulnerable and relatively safe locations. The intent of this research is to contribute to the methodological understanding of human/hazards interactions in rapidly urbanizing cities of the Third World, which share similar socioeconomic conditions and environmental con-texts.
基金This study is supported by the National High Technology Research and Development Program of China(863 Program,No.2011AA120503).
文摘This paper introduces the design and construction of global navigation satellite systems(GNSS)vulnerability simulation,verification,and mitigation platform.The platform contains five modules:simulation of the signal-in-space environment,simulation of the vulnerabilities in the space segment,signal quality monitoring and data processing,vulnerability assessment and validation,and integrated control.It provides a set of integrated simulations of different types of interference in the GNSS signal propagation domain,including electromagnetic interference,atmospheric disturbances,multipath,and interference in the inter-satellite link.This paper focuses on the design of the main system modules and testing through an experimental analysis.The results demonstrate both the effectiveness and realism of the modules and overall platform.
