Mention the INDIRECT function in an Excel forum and you'll start a fight. It's volatile, meaning it's always awake and recalculating, which can turn a fast spreadsheet into a sluggish mess. But used correctly, it's a power user's secret weapon for building dynamic, reactive dashboards.
Russia has replaced the leadership of its strategic aircraft manufacturer Tupolev, appointing 37-year-old Yuri Ambrosimov as chief executive to replace 76-year-old Aleksandr Bobryshev, according to a report by Defense Express citing Russian industry sources. The personnel change took place roughly one year after the previous round of management rotations at Tupolev in 2024 and comes […] Session 10A: Confidential Computing 2
Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University)
PAPER
Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution
Cloud based Spark platform is a tempting approach for sharing data, as it allows data users to easily analyze the data while the owners to efficiently share the large volume of data. However, the absence of a robust policy enforcement mechanism on Spark hinders the data owners from sharing their data due to the risk of private data breach. In this respect, we found that malicious data users and cloud managers can easily leak the data by constructing a policy violating physical plan, compromising the Spark libraries, or even compromising the Spark cluster itself. Nonetheless, current approaches fail to securely and generally enforce the policies on Spark, as they do not check the policies on physical plan level, and they do not protect the integrity of data analysis pipeline. This paper presents Laputa, a secure policy enforcement framework on Spark. Specifically, Laputa designs a pattern matching based policy checking on the physical plans, which is generally applicable to Spark applications with more fine-grained policies. Then, Laputa compartmentalizes Spark applications based on confidential computing, by which the entire data analysis pipeline is protected from the malicious data users and cloud managers. Meanwhile, Laputa preserves the usability as the data users can run their Spark applications on Laputa with minimal modification. We implemented Laputa, and evaluated its security and performance aspects on TPC-H, Big Data benchmarks, and real world applications using ML models. The evaluation results demonstrated that Laputa correctly blocks malicious Spark applications while imposing moderate performance overheads.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – Secure Data Analytics appeared first on Security Boulevard.
VBA used to be the only way to handle iterative, multistep logic in Microsoft Excel. Not anymore. REDUCE brings the power of functional programming directly into your cells, allowing you to condense complex, messy data into single, clean results.
Many Excel users abandon the ROWS function because it feels like a technicality they can skip. However, to build a truly functional workbook, you need formulas that adapt to your data dimensions, and the ROWS function is ideal for this. Here are four ways I use it to make my Excel spreadsheet smarter.
Session 10A: Confidential Computing 2
Authors, Creators & Presenters: Weili Wang (Southern University of Science and Technology), Honghan Ji (ByteDance Inc.), Peixuan He (ByteDance Inc.), Yao Zhang (ByteDance Inc.), Ye Wu (ByteDance Inc.), Yinqian Zhang (Southern University of Science and Technology)
PAPER
WAVEN: WebAssembly Memory Virtualization for Enclaves
The advancement of trusted execution environments (TEEs) has enabled the confidential computing paradigm and created new application scenarios for WebAssembly (Wasm). "Wasm+TEE" designs achieve in-enclave multi-tenancy with strong isolation, facilitating concurrent execution of untrusted code instances from multiple users. However, the linear memory model of Wasm lacks efficient cross-module data sharing and fine-grained memory access control, significantly restricting its applications in certain confidential computing scenarios where secure data sharing is essential (e.g., confidential stateful FaaS and data marketplaces). In this paper, we propose WAVEN (WebAssembly Memory Virtualization for ENclaves), a novel WebAssembly memory virtualization scheme, to enable memory sharing among Wasm modules and page-level access control. We implement WAVEN atop WAMR, a popular Wasm runtime for TEEs, and empirically demonstrate its efficiency and effectiveness. To the best of our knowledge, our work represents the first approach that enables cross-module memory sharing with fine-grained memory access control in Wasm.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – WAVEN: WebAssembly Memory Virtualization For Enclaves appeared first on Security Boulevard.
Session 9D: Github + OSN Security
Authors, Creators & Presenters: Jan-Ulrich Holtgrave (CISPA Helmholtz Center for Information Security), Kay Friedrich (CISPA Helmholtz Center for Information Security), Fabian Fischer (CISPA Helmholtz Center for Information Security), Nicolas Huaman (Leibniz University Hannover), Niklas Busch (CISPA Helmholtz Center for Information Security), Jan H. Klemmer (CISPA Helmholtz Center for Information Security), Marcel Fourné (Paderborn University), Oliver Wiese (CISPA Helmholtz Center for Information Security), Dominik Wermke (North Carolina State University), Sascha Fahl (CISPA Helmholtz Center for Information Security)
PAPER
Attributing Open-Source Contributions is Critical but Difficult: A Systematic Analysis of GitHub Practices and Their Impact on Software Supply Chain Security
Critical open-source projects form the basis of many large software systems. They provide trusted and extensible implementations of important functionality for cryptography, compatibility, and security. Verifying commit authorship authenticity in open-source projects is essential and challenging. Git users can freely configure author details such as names and email addresses. Platforms like GitHub use such information to generate profile links to user accounts. We demonstrate three attack scenarios malicious actors can use to manipulate projects and profiles on GitHub to appear trustworthy. We designed a mixed-research study to assess the effect on critical open-source software projects and evaluated countermeasures. First, we conducted a large-scale measurement among 50,328 critical open-source projects on GitHub and demonstrated that contribution workflows can be abused in 85.9% of the projects. We identified 573,043 email addresses that a malicious actor can claim to hijack historic contributions and improve the trustworthiness of their accounts. When looking at commit signing as a countermeasure, we found that the majority of users (95.4%) never signed a commit, and for the majority of projects (72.1%), no commit was ever signed. In contrast, only 2.0% of the users signed all their commits, and for 0.2% of the projects all commits were signed. Commit signing is not associated with projects' programming languages, topics, or other security measures. Second, we analyzed online security advice to explore the awareness of contributor spoofing and identify recommended countermeasures. Most documents exhibit awareness of the simple spoofing technique via Git commits but no awareness of problems with GitHub's handling of email addresses.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – Attributing Open-Source Contributions Is Critical But Difficult appeared first on Security Boulevard.
Samsung appears to have leaked a built-in privacy display for the Galaxy S26 Ultra, hinting at a hardware-based feature designed to block side-angle viewing.
The post Galaxy S26 Ultra Leak Reveals Samsung’s Built-In Privacy Screen Feature appeared first on TechRepublic.
Samsung appears to have leaked a built-in privacy display for the Galaxy S26 Ultra, hinting at a hardware-based feature designed to block side-angle viewing.
The post Galaxy S26 Ultra Leak Reveals Samsung’s Built-In Privacy Screen Feature appeared first on TechRepublic.
NASA successfully conducted a hot fire of RS-25 engine No. 2063 on Jan. 22 at the Fred Haise Test Stand at NASA’s Stennis Space Center near Bay St. Louis, Mississippi, clearing the way for the engine to be installed for the agency’s Artemis IV mission.
The RS-25 engines help power NASA’s SLS (Space Launch System) rocket that will carry astronauts to the Moon under the Artemis campaign.
Engine No. 2063 originally was installed on the SLS core stage for the Artemis II mission but was removed in 2025 after engineers discovered a hydraulic leak on the engine’s main oxidizer valve actuator, which controls propellant flow into the engine combustion chamber.
Following standard NASA procedures, teams removed the engine from the core stage and replaced the actuator.
Because NASA requires any significantly modified or repaired engine to undergo hot fire testing before flight, teams at NASA Stennis fired the engine for five minutes (300 seconds), at up to 109% of its rated power level in a test known as a confidence test that demonstrates the engine is ready for flight.
The test was conducted by a team of operators from NASA, L3Harris Technologies, and Sierra Lobo, Inc., the NASA Stennis test operations contractor. NASA Stennis provides critical data to L3Harris, the prime engines contractor for the SLS rocket.
With the successful test complete, engine No. 2063 is scheduled to be installed on the SLS core stage for Artemis IV. All RS-25 engines for NASA’s Artemis missions are tested and proven flightworthy at NASA Stennis before flight.
NASA is targeting as soon as February to send four astronauts around the Moon and back on Artemis II, the first crewed mission under the Artemis campaign. During launch, the SLS rocket will use four RS-25 engines, along with a pair of solid rocket boosters, to help lift the Orion spacecraft and the crew away from Earth using more than 8.8 million pounds of thrust.
Under the Artemis campaign, NASA is returning humans to the Moon for economic benefits, scientific discovery, and to prepare for crewed missions to Mars.
These tricks show how AI tools, new import formulas, and classic features improve productivity.
The post 10 Clever Microsoft Excel Tricks to Use in 2026 appeared first on TechRepublic.
These tricks show how AI tools, new import formulas, and classic features improve productivity.
The post 10 Clever Microsoft Excel Tricks to Use in 2026 appeared first on TechRepublic.
Fable’s extended preview outlines a bigger, more reactive Albion, with open-world freedom, reputation-driven consequences, and flexible “style-weaving” combat, all heading to PS5, Xbox Series X and S, and PC in autumn 2026.
The post Your Fable reboot preview is here, open world Albion looks gloriously chaotic appeared first on Digital Trends.
Don't let that extra "S" fool you—ROW and ROWS do completely different jobs in Excel. One tells you where you are, while the other tells you how much space you have. If you're tired of formulas breaking when you delete a row, it's time to master the difference between these two tools.
A little token that few people had heard of a year ago has become a big mover of money. Reports say the A7A5 stablecoin, launched as a rouble-linked coin, has processed the equivalent of $100 billion in transfers since it began moving at scale.
According to analysis by Elliptic, A7A5 grew quickly after its launch and was used heavily for settlement between firms that could not rely on regular banks. The firm traced huge daily flows, with transaction totals rising into the billions and aggregate transfers passing major milestones.
A7A5 was set up in a way that tied it to rouble deposits and to a handful of private entities connected to Russia’s financial network.
Reports say the project was linked to a payments group and to banking partners that have been under western scrutiny. Some of the people and firms behind the token were later sanctioned by authorities in the US and the UK.
Transactions were concentrated on a small number of exchanges and on on-chain routes that made cross-border transfers possible without the usual banking rails.
In practice, the coin served as a bridge into other stablecoins and crypto markets. That routing let trade keep moving even when formal channels were closed to certain actors.
Reports note that regulators and analysts view those flows as a tool that could help avoid sanctions. Regulators in several countries have taken action against linked platforms and individuals after patterns of transfers were uncovered.
Some of the design choices around the token made monitoring harder for a time, and in a few cases tokens were reissued in new wallets to muddy traces.
Markets noticed. The token’s market cap surged, and exchanges that handled it saw sharply higher volumes.
Ordinary traders were not the main users; activity was often timed with business hours and weekdays, which suggested corporate or institutional flows rather than retail swaps. This type of pattern changed how people outside the region looked at crypto as a payments tool.
Authorities responded by blacklisting some addresses and platforms and by stepping up enforcement against those named in the network.
The moves show that a token can move a lot of value, but it can also draw regulatory heat and prompt countermeasures that affect every participant in the chain.
Featured image from Pixabay, chart from TradingView
Session 9D: Github + OSN Security
Authors, Creators & Presenters: Aditya Sirish A Yelgundhalli (New York University), Patrick Zielinski (New York University), Reza Curtmola (New Jersey Institute of Technology), Justin Cappos (New York University)
PAPER
Rethinking Trust In Forge-Based Git Security
Git is the most popular version control system today, with Git forges such as GitHub, GitLab, and Bitbucket used to add functionality. Significantly, these forges are used to enforce security controls. However, due to the lack of an open protocol for ensuring a repository's integrity, forges cannot prove themselves to be trustworthy, and have to carry the responsibility of being non-verifiable trusted third parties in modern software supply chains. In this paper, we present gittuf, a system that decentralizes Git security and enables every user to contribute to collectively enforcing the repository's security. First, gittuf enables distributing of policy declaration and management responsibilities among more parties such that no single user is trusted entirely or unilaterally. Second, gittuf decentralizes the tracking of repository activity, ensuring that a single entity cannot manipulate repository events. Third, gittuf decentralizes policy enforcement by enabling all developers to independently verify the policy, eliminating the single point of trust placed in the forge as the only arbiter for whether a change in the repository is authorized. Thus, gittuf can provide strong security guarantees in the event of a compromise of the centralized forge, the underlying infrastructure, or a subset of privileged developers trusted to set policy. gittuf also implements policy features that can protect against unauthorized changes to branches and tags i.e., pushes as well as files/folders i.e., commits. Our analysis of gittuf shows that its properties and policy features provide protections against previously seen version control system attacks. In addition, our evaluation of gittuf shows it is viable even for large repositories with a high volume of activity such as those of Git and Kubernetes (less than 4% storage overhead and under 0.59s of time to verify each push).
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – Rethinking Trust In Forge-Based Git Security appeared first on Security Boulevard.
Session 9D: Github + OSN Security
Authors, Creators & Presenters: Aditya Sirish A Yelgundhalli (New York University), Patrick Zielinski (New York University), Reza Curtmola (New Jersey Institute of Technology), Justin Cappos (New York University)
PAPER
Rethinking Trust In Forge-Based Git Security
Git is the most popular version control system today, with Git forges such as GitHub, GitLab, and Bitbucket used to add functionality. Significantly, these forges are used to enforce security controls. However, due to the lack of an open protocol for ensuring a repository's integrity, forges cannot prove themselves to be trustworthy, and have to carry the responsibility of being non-verifiable trusted third parties in modern software supply chains. In this paper, we present gittuf, a system that decentralizes Git security and enables every user to contribute to collectively enforcing the repository's security. First, gittuf enables distributing of policy declaration and management responsibilities among more parties such that no single user is trusted entirely or unilaterally. Second, gittuf decentralizes the tracking of repository activity, ensuring that a single entity cannot manipulate repository events. Third, gittuf decentralizes policy enforcement by enabling all developers to independently verify the policy, eliminating the single point of trust placed in the forge as the only arbiter for whether a change in the repository is authorized. Thus, gittuf can provide strong security guarantees in the event of a compromise of the centralized forge, the underlying infrastructure, or a subset of privileged developers trusted to set policy. gittuf also implements policy features that can protect against unauthorized changes to branches and tags i.e., pushes as well as files/folders i.e., commits. Our analysis of gittuf shows that its properties and policy features provide protections against previously seen version control system attacks. In addition, our evaluation of gittuf shows it is viable even for large repositories with a high volume of activity such as those of Git and Kubernetes (less than 4% storage overhead and under 0.59s of time to verify each push).
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – Rethinking Trust In Forge-Based Git Security appeared first on Security Boulevard.
You've built a perfect Excel table, but the moment you try to use its headers in a drop-down menu, everything breaks. Excel's Data Validation is notoriously picky with tables, but there's a clever workaround. So, stop hard-coding your menus and use this dynamic sync instead.
Session 9D: Github + OSN Security
Authors, Creators & Presenters: Jian Cui (Indiana University), Hanna Kim (KAIST), Eugene Jang (S2W Inc.), Dayeon Yim (S2W Inc.), Kicheol Kim (S2W Inc.), Yongjae Lee (S2W Inc.), Jin-Woo Chung (S2W Inc.), Seungwon Shin (KAIST), Xiaojing Liao (Indiana University)
PAPER
Tweezers: A Framework For Security Event Detection Via Event Attribution-Centric Tweet Embedding
Twitter is recognized as a crucial platform for the dissemination and gathering of Cyber Threat Intelligence (CTI). Its capability to provide real-time, actionable intelligence makes it a indispensable tool for detecting security events, helping security professionals cope with ever-growing threats. However, the large volume of tweets and inherent noises of human-crafted tweets pose significant challenges in accurately identifying security events. While many studies tried to filter out event-related tweets based on keywords, they are not effective due to their limitation in understanding the semantics of tweets. Another challenge in security event detection from Twitter is the comprehensive coverage of security events. Previous studies emphasized the importance of early detection of security events, but they overlooked the importance of event coverage. To cope with these challenges, in our study, we introduce a novel event attribution-centric tweet embedding method to enable the high precision and coverage of events. Our experiment result shows that the proposed method outperforms existing text and graph-based tweet embedding methods in identifying security events. Leveraging this novel embedding approach, we have developed and implemented a framework, Tweezers, that is applicable to security event detection from Twitter for CTI gathering. This framework has demonstrated its effectiveness, detecting twice as many events compared to established baselines. Additionally, we have showcased two applications, built on Tweezers for the integration and inspection of security events, i.e., security event trend analysis and informative security user identification.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – Tweezers appeared first on Security Boulevard.
Login