Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-46659)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in TensorFlow 2.4.2,2.3.3,2.2.3,2.1.4, which stems from the fact that tf.rawops.SparseCountSparseOutput causes a segmentation error to be thrown from the standard...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-46658)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in TensorFlow 2.4.2,2.3.3,2.2.3, 2.1.4, which can be exploited by an attacker to trigger a heap buffer overflow in tf.rawops.QuantizedResizeBilinear...

Google TensorFlow code issue vulnerability (CNVD-2021-46656)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A code issue vulnerability exists in TensorFlow 2.4.2,2.3.3,2.2.3,2.1.4, which can be exploited by an attacker to cause a denial of service by exploiting a CHECK failure from the implementation...

Do CAPTCHAs work and what’s the alternative?

We know youre busy, so the answer is “No”. Users want less friction, and a good bot detection and mitigation solution will do the job MUCH better. The first lesson on the first day of UI school is that users want the path of least resistance. While the gamification of cybersecurity does have a...

WAF-A-MoLE - A Guided Mutation-Based Fuzzer For ML-based Web Application Firewalls

A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al. Given an input SQL injection query, it tries to produce a semantic invariant query that is able to bypass the target WAF. You can use this tool for assessin...

Google now requires app developers to verify their address and use 2FA

Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification 2SV, provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards...

WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-59602)

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress Membership & Learning Management System Plugin for WordPress plugin prior to version 4.21.1, which stems from the plugin generating...

Chamilo SQL Injection Vulnerability

Chamilo is a learning management system focused on ease of use and accessibility. A SQL injection vulnerability exists in main/inc/ajax/model.ajax.php in Chamilo 1.11.14 and earlier versions. The vulnerability can be exploited by an attacker to conduct a SQL injection attack via the searchField,...

Chamilo LMS SQL注入漏洞

Chamilo is a learning management system focused on ease of use and accessibility. A SQL injection vulnerability exists in main/inc/ajax/model.ajax.php in Chamilo 1.11.14 and earlier versions. The vulnerability can be exploited by an attacker to conduct a SQL injection attack via the searchField,...

DRUPAL-CONTRIB-2021-018

This project is related to Opigno LMS distribution. It implements the learning path, that combines together in a very flexible way the differents steps of a training in Opigno LMS. The module does not set X-Frame-Options and blocks ability of other modules e.g Security Kit to add them, leaving it...

How to confuse antimalware neural networks. Adversarial attacks and protection

Introduction Nowadays, cybersecurity companies implement a variety of methods to discover new, previously unknown malware files. Machine learning ML is a powerful and widely used approach for this task. At Kaspersky we have a number of complex ML models based on different file features, including...

Opigno Learning path - Less critical - UI redressing (clickjacking) - SA-CONTRIB-2021-018

This project is related to Opigno LMS distribution. It implements the learning path, that combines together in a very flexible way the differents steps of a training in Opigno LMS. The module does not set X-Frame-Options and blocks ability of other modules e.g Security Kit to add them, leaving it...

Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft

Flaws impacting millions of internet of things IoT devices running NVIDIA’s Jetson chips open the door for a variety of hacks, including denial-of-service DoS attacks or the siphoning of data. NVIDIA released patches addressing nine high-severity vulnerabilities including eight additional bugs of...

The Future of Machine Learning and Cybersecurity

The Center for Security and Emerging Technology has a new report: "Machine Learning and Cybersecurity: Hype and Reality." Heres the bottom line: The report offers four conclusions: Machine learning can help defenders more accurately detect and triage potential attacks. However, in many cases thes...

Microsoft announces recipients of academic grants for AI research on combating phishing

Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the...

Microsoft announces recipients of academic grants for AI research on combating phishing

Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the...

Microsoft announces recipients of academic grants for AI research on combating phishing

Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the...

Microsoft announces recipients of academic grants for AI research on combating phishing

Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the...

vulhub

This repository is an open-source collection of vulnerable web applications and environments for testing and learning purposes. It is maintained by phith0n and hosted on GitHub. The repository contains a variety of applications, including web servers, databases, and other services, that are...

Akamai Platform Update: New Security Enhancements That Intelligently Automate Application and API Security, Mitigate Online Fraud, and Reduce Burden on Security Professionals

Today is Day 2 of Akamai's Platform Update. Yesterday, we talked about the acceleration of modern app development and how we're empowering users to shift more compute and data to the edge. From the core to the cloud to the edge, the applications and APIs that power modern web experiences must als...