Security Bulletin: IBM Waston Machine Learning Acclerator is affected by an OpenSSL 1.0.2k vulnerability

Summary There is a vulnerability in OpenSSL 1.0.2k used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator has addressed the applicable CVE: CVE-2020-1968. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: IBM Waston Machine Learning Acclerator is affected by OpenSSL vulnerabilities

Summary There are vulnerabilities in OpenSSL used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator has addressed the applicable CVEs: CVE-2021-23839, CVE-2021-23840, CVE-2021-23841. Vulnerability Details Refer to the security bulletins listed in the...

vulhub1

This is an open-source collection of vulnerable systems and applications for educational purposes, maintained by phith0n. It provides a controlled environment for learning and practicing penetration testing, vulnerability assessment, and security research. The repository contains various vulnerab...

SQL Injection Vulnerability in Higher Education Online Learning and Information Service Platform of Huaxia Earth Education Network

Ltd. is a large-scale enterprise focusing on distance learning content provision and learning support services. A SQL injection vulnerability exists in the Huaxia Dadi Education Network's higher education e-learning and information service platform, which can be exploited by an attacker to obtain...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Ill be part of a European Internet Forum virtual debate on June 17, 2021. The topic is "Decrypting the encryption debate: How to ensure public safety with a privacy-preserving and secure Internet?" I’m speaking at the all-online...

Mozilla Says Google's New Ad Tech—FLoC—Doesn't Protect User Privacy

Google's upcoming plans to replace third-party cookies with a less invasive ad targeted mechanism have a number of issues that could defeat its privacy objectives and allow for significant linkability of user behavior, possibly even identifying individual users. "FLoC is premised on a compelling...

SAP Enable Now Information Disclosure Vulnerability (CNVD-2021-42412)

SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is primarily used for e-learning and training in SAP and non-SAP systems. An information disclosure vulnerability exists in SAP Enable Now versions 1.0 and 10, which can be exploited by an...

Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances

Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official...

The Supreme Court Narrowed the CFAA

In a 6-3 ruling, the Supreme Court just narrowed the scope of the Computer Fraud and Abuse Act: In a ruling delivered today, the court sided with Van Buren and overturned his 18-month conviction. In a 37-page opinion written and delivered by Justice Amy Coney Barrett, the court explained that the...

Security Bulletin: IBM Waston Machine Learning Acclerator is affected by a Python vulnerability

Summary There is a vulnerability in Python used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator havs addressed the applicable CVE, CVE-2021-3177 by upgrade python to version 3.7.10 Vulnerability Details Refer to the security bulletins listed in the...

Kids on the Web in 2021: Infinite creativity

For over a year weve been living in a world gripped by the COVID-19 pandemic. Not only has the pandemic affected peoples lifestyles, it has also accelerated the development and implementation of technologies that make it easier for us to complete everyday and work-related tasks. We no longer need...

The vulnerability in the virtual learning environment Moodle arises from insufficient cleaning of data provided by users at the final authentication stage of LTI. This allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability in the virtual learning environment Moodle exists due to insufficient cleaning of data provided by users at the final authentication stage of LTI. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Building Multilayered Security for Modern Threats

Considering recent announcements of major attacks caused by external malicious actors, including a ransomware attack on a U.S. gasoline pipeline, the need for increased security posture is as important as ever, and multilayered security remains the key. With rampant ransomware attacks and other...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2021-48869)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow 2.4.2, 2.3.3 suffers from a buffer overflow vulnerability that stems from the RaggedBincount's split parameter not specifying a valid SparseTensor, which can be exploited by an...

Google TensorFlow code issue vulnerability (CNVD-2021-48868)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A code issue vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which stems from tf.rawops.FusedBatchNorm demonstrating undefined behavior by dereferencing null pointers to...

Fedora: Security Advisory for moodle (FEDORA-2021-1716261bc3)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: moodle-3.11-1.fc34

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities...

Building SIEM for Today’s Threat Landscape

It’s easy to see how the changing security landscape has shaped the evolution of the security information and event management SIEM practice area — and how it continues to. But architecting an effective SIEM approach requires a well-thought-out strategy. A combination of security information...

aiproteomics (=0.2.1), alpharing (>=1.0.0 <=2.0.0) +26 more potentially affected by CVE-2021-29618 via tensorflow-cpu (>=1.15.0 <=2.1.0)

tensorflow-cpu PYPI version =1.15.0, =1.0.0, =0.0.1, =1.0.0.4, =0.1.0, =0.2.3, =0.0.5, =0.1.2, =1.0.0, =1.8.2, =1.6.1, =1.8.3 - netfl =1.5.0 and more Source cves: CVE-2021-29618 Source advisory: OSV:GHSA-XQFJ-CR6Q-PC8W...

aiproteomics (=0.2.1), alpharing (>=1.0.0 <=2.0.0) +26 more potentially affected by CVE-2021-29615 via tensorflow-cpu (>=1.15.0 <=2.1.0)

tensorflow-cpu PYPI version =1.15.0, =1.0.0, =0.0.1, =1.0.0.4, =0.1.0, =0.2.3, =0.0.5, =0.1.2, =1.0.0, =1.8.2, =1.6.1, =1.8.3 - netfl =1.5.0 and more Source cves: CVE-2021-29615 Source advisory: OSV:GHSA-QW5H-7F53-XRP6...