Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1)

Welcome to the new normal. We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. The lines demarcating normal life have shifted abruptly – perhaps never to return. That’s not the worst that can happen, as we all know, but it does mean w...

Black Hat 2020: Open-Source AI to Spur Wave of 'Synthetic Media' Attacks

An abundance of deep-learning and open-source technologies are making it easy for cybercriminals to generate fake images, text and audio called “synthetic media”. This type of media can be easily leveraged on Facebook, Twitter and other social media platforms to launch disinformation campaigns wi...

Repurposing Neural Networks to Generate Synthetic Media for Information Operations

FireEye’s Data Science and Information Operations Analysis teams released this blog post to coincide with our Black Hat USA 2020 Briefing, which details how open source, pre-trained neural networks can be leveraged to generate synthetic media for malicious purposes. To summarize our presentation,...

Security Bulletin: Watson Machine Learning Service is impacted by security vulnerabilities in OpenJDK 11

Summary Security vulnerabilities in OpenJDK impacts Watson Machine Learning Service. These vulnerabilities are now addressed. Vulnerability Details CVEID: CVE-2019-2964 DESCRIPTION: An unspecified vulnerability in Java SE related to the Concurrency component could allow an unauthenticated attacke...

SQL Injection Vulnerability in Digital Learning Resource Platform of Higher Education Publishing House

Digital Learning Resource Platform is a digital product of Higher Education Press, a practical, effective and scalable CMS system. SQL injection vulnerability exists in the Digital Learning Resource Platform of Higher Education Publishing House, which can be exploited by an attacker to obtain...

Learn Machine Learning and AI – Online Training Program @ 93% OFF

Within the next decade, artificial intelligence is likely to play a significant role in our everyday lives. Machine learning already powers image recognition, self-driving cars, and Netflix recommendations. For any aspiring developer, learning how to code smart software is a good move. These skil...

Learn Machine Learning and AI – Online Training Program @ 93% OFF

Within the next decade, artificial intelligence is likely to play a significant role in our everyday lives. Machine learning already powers image recognition, self-driving cars, and Netflix recommendations. For any aspiring developer, learning how to code smart software is a good move. These skil...

Afternoon Cyber Tea: Peak, Plateau, or Plummet? Cyber security trends that are here to stay and how to detect and recover from ransomware attacks

The rapidity of change in the cyberthreat landscape can be daunting for today’s cyber defense teams. Just as they perfect the ability to block one attack method, adversaries change their approach. Tools like artificial intelligence and machine learning allow us to pivot quickly, however, knowing...

Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection

The application of deep learning and other machine learning methods to threat detection on endpoints, email and docs, apps, and identities drives a significant piece of the coordinated defense delivered by Microsoft Threat Protection. Within each domain as well as across domains, machine learning...

Adversarial Machine Learning and the CFAA

I just co-authored a paper on the legal risks of doing machine learning research, given the current state of the Computer Fraud and Abuse Act: Abstract: Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML systems such as those used in Facebook, Tesla,...

Security Bulletin: WML CE: TensorFlow: In SQLite before 3.32.3, select.c mishandles query-flattener optimization

Summary In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. TensorFlow in WML CE uses SQLite as its embedded SQL database engine. Vulnerability Details CVEID:...

Security Bulletin: WML CE Scikit-learn vulnerable to irresponsible usage

Summary WML containers include scikit-learn. Scikit-learn includes joblib and pickle to cache and load models. Pickle and joblib by extension, has some issues regarding maintainability and security. Because of this, usage of the joblib.load function in scikit-learn must be done in a responsible...

Security Bulletin: WML CE: Pillow before 7.1.0 has multiple out-of-bounds reads

Summary Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. PyTorch and TensorFlow use Pillow. Vulnerability Details CVEID: CVE-2020-10177 DESCRIPTION: Pillow could allow a remote attacker to obtain sensitive information, caused by multiple out-of-bounds reads in...

Security Bulletin: WML CE: TensorBoard: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack.

Summary Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. TensorBoard uses lodash. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the...

Security Bulletin: WML CE: libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read

Summary libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in getrgbrow in rdppm.c via a malformed PPM input file. Vulnerability Details CVEID: CVE-2020-13790 DESCRIPTION: Libjpeg-turbo is vulnerable to a denial of service, caused by heap-based buffer over-read in getrgbrow...

pearson.abplearning.com Cross Site Scripting vulnerability OBB-1225937

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Cato MDR: Managed Threat Detection and Response Made Easy

Lately, we can't help noticing an endless cycle where the more enterprises invest in threat prevention; the more hackers adapt and continue to penetrate enterprises. To make things worse, detecting these penetrations still takes too long with an average dwell time that exceeds 100 ! days. To keep...

alpinelearninggroup.org Cross Site Scripting vulnerability OBB-1217010

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

e-learning Php Script 0.1.0 - (search) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: e-learning Php Script 0.1.0 - 'search' SQL Injection Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script Version...

e-learning PHP Script 0.1.0 SQL Injection

Exploit Title: e-learning Php Script 0.1.0 - 'search' SQL Injection Date: 2020-06-29 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script Version: 0.1.0 Tested on: Kali Linux Source...