ManaTI - A Web-Based Tool To Assist The Work Of The Intuitive Threat Analysts

Machine Learning for Threat Intuitive Analysis The goal of the ManaTI project is to develop machine learning techniques to assist an intuitive threat analyst to speed the discovery of new security problems. The machine learning will contribute to the analysis by finding new relationships and...

Rethinking how we learn security

A couple of years ago, I wrote an article on the relative lack of investor and startup interest in addressing a crucial CISO priority—the preparedness of employees on the security team. Considering what seems to be a steady stream of news about breaches, what can be done to encourage more people ...

The vulnerability of the Endpoint Learning function in the network operating system NX-OS of Cisco Nexus series 9000 switches allows a intruder to trigger a service failure.

The vulnerability of the Endpoint Learning function in the network operating system NX-OS of Cisco Nexus series 9000 switches is related to state management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Moodle Injection Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. An injection vulnerability exists in Moodle, which can be exploited by an attacker to inject scripts...

Azure Sentinel—the cloud-native SIEM that empowers defenders is now generally available

Machine learning enhanced with artificial intelligence AI holds great promise in addressing many of the global cyber challenges we see today. They give our cyber defenders the ability to identify, detect, and block malware, almost instantaneously. And together they give security admins the abilit...

UNICEF Leaks Personal Data of 8,000 Users via Email Blunder

The charity organization UNICEF inadvertently leaked the personal details of thousands of people who use its online learning portal Agora by way of an errant email sent to 20,000 inboxes. The email was accidentally sent on August 26 by UNICEF and included the names, email addresses, gender and...

Multiple Vulnerabilities in Youmu's Learning Platform

Ltd. is a company that builds institutions' informatized teaching and management support system based on the comprehensive platform of Youmu class online education. There are multiple vulnerabilities in the UMOCL learning platform, which can be exploited by attackers to arbitrarily upload, downlo...

Open Sourcing StringSifter

Malware analysts routinely use the Strings program during static analysis in order to inspect a binary's printable characters. However, identifying relevant strings by hand is time consuming and prone to human error. Larger binaries produce upwards of thousands of strings that can quickly evoke...

WordPress nd-learning plugin has an unspecified vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. nd-learning is an online e-learning site builder plugin used in it. An unspecified vulnerability exists in the WordPress nd-learning...

Deep learning rises: New methods for detecting malicious PowerShell

Scientific and technological advancements in deep learning, a category of algorithms within the larger framework of machine learning, provide new opportunities for development of state-of-the art protection technologies. Deep learning methods are impressively outperforming traditional methods on...

CVE-2019-1977

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure ACI mode could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an endpoint device in certain circumstances. The...

CVE-2019-1977

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure ACI mode could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an endpoint device in certain circumstances. The...

Input validation

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure ACI mode could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an endpoint device in certain circumstances. The...

CVE-2019-1977 Cisco Nexus 9000 Series Fabric Switches ACI Mode Border Leaf Endpoint Learning Vulnerability

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure ACI mode could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an endpoint device in certain circumstances. The...

CVE-2019-1977 Cisco Nexus 9000 Series Fabric Switches ACI Mode Border Leaf Endpoint Learning Vulnerability

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure ACI mode could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an endpoint device in certain circumstances. The...

CVE-2019-15775

The nd-learning plugin before 4.8 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...

CVE-2019-15775

The nd-learning plugin before 4.8 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...

CVE-2019-15775

CVE-2019-15775 affects the WordPress nd-learning plugin (prior to version 4.8). It exposes a nopriv_ AJAX action that can modify the siteurl setting, enabling unauthenticated modification of site configuration. Impact as documented: potential compromise of site URL, with CVSS v3 base score 6.1 (M...

CVE-2019-15775

The nd-learning plugin before 4.8 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...

CVE-2019-15753

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instance...