Experts Denounce Racial Bias of Crime-Predictive Facial-Recognition AI

More than 1,000 technology experts and academics from organizations such as MIT, Microsoft, Harvard and Google have signed an open letter denouncing a forthcoming paper describing artificial intelligence AI algorithms that can predict crime based only on a person’s face, calling it out for...

Memory Corruption Vulnerability Exists in Extreme Office 2019 For Windows at Beijing Haiteng Times Technology Co Ltd (CNVD-2020-44381)

Extreme Office is an independently controlled office learning software developed by Beijing Haiteng Times Technology Co. A memory corruption vulnerability exists in Extreme Office 2019 For Windows by Beijing Haiteng Times Technology Co. which can be exploited by attackers to cause a denial of...

CVE-2020-14972

Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution RCE via the useremail, userpass, and id parameters on the admin login-portal and the edit-lessons webpages...

CVE-2020-14972

Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution RCE via the useremail, userpass, and id parameters on the admin login-portal and the edit-lessons webpages...

CVE-2020-14972

CVE-2020-14972 affects Sourcecodester Pisay Online E-Learning System 1.0. Connected sources describe multiple SQL injection vulnerabilities in the admin login-portal and the edit-lessons pages that allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (...

CVE-2020-14972

Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution RCE via the useremail, userpass, and id parameters on the admin login-portal and the edit-lessons webpages...

Modernizing the security operations center to better secure a remote workforce

The response to COVID-19 has required many security operations centers SOCs to rethink how they protect their organizations. With so many employees working remotely, IT groups are routing more traffic directly to cloud apps, rather than through the network. In this model, traditional network...

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police c...

Attack Analytics Multi-Sensor Integrations Provide Unmatched Visibility

Since debuting Attack Analytics back in 2018, this groundbreaking security analytics functionality has come a long way. Time and again our customers have told us how powerful they find the tool and how much time it saves them. Attack Analytics better positions Imperva’s customers to focus on what...

Guangzhou Shuangqi Network Technology Co., Ltd. 5y Learning Platform Existing Override Vulnerability

Guangzhou Shuangqi Network Technology Co., Ltd. was founded in 2015, and its business scope includes vocational skills training, research and development of network technology; computer technology development and so on. Guangzhou Shuangqi Network Technology Co. 5y learning platform has an...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is not a PoC exploit for a specific CVE, but rather a toolkit for testing and learning about various vulnerabilities. The primary purpose of Vulhub is to provide a simple way to create and run vulnerable environment...

Kubernetes Falls to Cryptomining via Machine-Learning Framework

A unique cyberattack campaign that targets Kubeflow, a machine-learning toolkit for Kubernetes, has affected large swathes of container clusters, according to Microsoft. The Kubeflow open-source project is a popular framework for running machine-learning ML tasks in Kubernetes. According to an...

Misconfigured Kubeflow workloads are a security risk

Azure Security Center ASC monitors and defends thousands of Kubernetes clusters running on top of AKS. Azure Security Center regularly searches for and research for new attack vectors against Kubernetes workloads. We recently published a blog post about a large scale campaign against Kubernetes...

Availability Attacks against Neural Networks

New research on using specially crafted inputs to slow down machine-learning neural network systems: Sponge Examples: Energy-Latency Attacks on Neural Networks shows how to find adversarial examples that cause a DNN to burn more energy, take more time, or both. They affect a wide range of DNN...

register.virtuallearning.ca Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1190064 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

h1-ctf: [H1-2006 2020] Includes 1 free content discovery

Summary Got it! Thanks guys for going through the trouble to make these. Best regards @nahamsec @adamtlangley @B3nac for hosting and @hackingfish @zonkism and @clos for peer support to make it. Writeup to follow, but let's have the flag first! F859962 Impact Participating in CTFs can cause...

SQL Injection Vulnerability in the Website Building System of National Digital Learning Resource Center (CNVD-2020-40611)

The National Center for Digital Learning Resources NCDLR is a business unit specializing in the research, development, promotion and service of digital learning resources and education informatization software. There is a SQL injection vulnerability in the National Digital Learning Resource...

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack

Machine learning ML is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud,...

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack

Machine learning ML is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud,...

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack

Machine learning ML is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud,...