Security Bulletin: TensorFlow is vulnerable to a heap-based buffer overflow on IBM Watson Machine Learning on CP4D

Summary TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by UnsortedSegmentSum on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2019-16778 DESCRIPTION: TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper...

Security Bulletin: Tensor Flow security vulnerabilities with denial of service on IBM Watson Machine Learning on CP4D

Summary TensorFlow is vulnerable to a denial of service .Remote attacker could exploit this vulnerability to cause a denial of service condition on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-15190 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused ...

Security Bulletin: GO is vulnerable to allows attacks on clients on IBM Watson Machine Learning on CP4D

Summary GO is vulnerable to to a denial of service and allows attacks on clients on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this...

Security Bulletin: Tensor Flow security vulnerabilities with segmentation fault on IBM Watson Machine Learning on CP4D

Summary TensorFlow is vulnerable to a denial of service and segmentation fault on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-5215 DESCRIPTION: Tensorflow is vulnerable to a denial of service, caused by a flaw when converting a string from Python to a tf.float16 valu...

Security Bulletin: Tensor Flow security vulnerabilities with denial of service on IBM Watson Machine Learning Server

Summary TensorFlow is vulnerable to a denial of service .Remote attacker could exploit this vulnerability to cause a denial of service condition on IBM Watson Machine Learning Server Vulnerability Details CVEID: CVE-2020-15190 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused b...

Security Bulletin: GO security vulnerabilities on IBM Watson Machine Learning Server

Summary Golang Go is vulnerable to a denial of service on IBM Watson Machine Learning Server Vulnerability Details CVEID: CVE-2020-15586 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a data race in some net/http servers. By sending specially-crafted HTTP requests, a remot...

Moodle 3.6.1 - Persistent Cross-Site Scripting Vulnerability

Exploit Title: Moodle 3.6.1 - Persistent Cross-Site Scripting XSS Exploit Author: farisv Vendor Homepage: https://moodle.org/ Software Link: https://download.moodle.org https://github.com/moodle/moodle/archive/refs/tags/v3.6.1.zip Version: Moodle 3.6.2, 3.5.4, 3.4.7, 3.1.16 CVE: CVE-2019-3810...

Moodle 3.6.1 - Persistent Cross-Site Scripting (XSS)

Exploit Title: Moodle 3.6.1 - Persistent Cross-Site Scripting XSS Date: 04/2021 Exploit Author: farisv Vendor Homepage: https://moodle.org/ Software Link: https://download.moodle.org https://github.com/moodle/moodle/archive/refs/tags/v3.6.1.zip Version: Moodle 3.6.2, 3.5.4, 3.4.7, 3.1.16 CVE:...

Moodle 3.6.1 Cross Site Scripting

Exploit Title: Moodle 3.6.1 - Persistent Cross-Site Scripting XSS Date: 04/2021 Exploit Author: farisv Vendor Homepage: https://moodle.org/ Software Link: https://download.moodle.org https://github.com/moodle/moodle/archive/refs/tags/v3.6.1.zip Version: Moodle 3.6.2, 3.5.4, 3.4.7, 3.1.16 CVE:...

Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT

Cryptocurrency mining—once considered no more than a nuisance, a relatively benign activity that was a drain on machine resources—has been on the rise in recent years. This increase in cryptocurrency mining activity is driven by the increasing value of cryptocurrencies like Bitcoin, the growth in...

Security Bulletin: Tensor Flow security vulnerabilities on IBM Watson Machine Learning Server

Summary TensorFlow is vulnerable to a heap-based buffer overflow and denial of service on IBM Watson Machine Learning Server Vulnerability Details CVEID: CVE-2020-15201 DESCRIPTION: TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the...

Improve Your Cyber Security Posture by Combining State of the Art Security Tools

Today there are plenty of cybersecurity tools on the market. It is now more important than ever that the tools you decide to use work well together. If they don't, you will not get the complete picture, and you won't be able to analyze the entire system from a holistic perspective. This means tha...

Logic Flaw Vulnerability in Super Star Learning Express Application System Platform

Chaostar is the abbreviation of Beijing Chaostar Company full name: Beijing Century Chaostar Information Technology Development Co., Ltd. Founded in 1993, Chaostar is one of the early companies in China engaged in digitization of paper materials as well as production of electronic publications. A...

Ozon: DOM XSS в learning.ozon.ru

DOM XSS in learning.ozon.ru via return parameter routerback...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m keynoting the all-virtual RSA Conference 2021, May 17-20, 2021. I’m keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning via Zoom, July 8-9, 2021. I’ll be speaking at an Informa event on...

Network Detection & Response: The Next Frontier in Fighting the Human Problem

Last year, Gartner published a market guide on network detection and response NDR. Formerly known as network-traffic analytics, which I’ve spoken about in the past at length, NDR has adapted to not only play a major role in helping network and security teams identify threats, but it has enabled...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments, not a single exploit or tool. The repository contains a variety of vulnerable environments, including CouchDB, FFmpeg, Git, InfluxDB, and more,...

Gamifying machine learning for stronger security and AI models

To stay ahead of adversaries, who show no restraint in adopting tools and techniques that can help them attain their goals, Microsoft continues to harness AI and machine learning to solve security challenges. One area we’ve been experimenting on is autonomous systems. In a simulated enterprise...

Gamifying machine learning for stronger security and AI models

To stay ahead of adversaries, who show no restraint in adopting tools and techniques that can help them attain their goals, Microsoft continues to harness AI and machine learning to solve security challenges. One area we’ve been experimenting on is autonomous systems. In a simulated enterprise...

Columbo - A Computer Forensic Analysis Tool Used To Simplify And Identify Specific Patterns In Compromised Datasets

Columbo is a computer forensic analysis tool used to simplify and identify specific patterns in compromised datasets. It breaks down data to small sections and uses pattern recognition and machine learning models to identify adversaries behaviour and their possible locations in compromised Window...