Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of credentials within Azure Machine Learning Service workbooks. The issue results from storing...

Introducing Adaptive Protection in Microsoft Purview—People-centric data protection for a multiplatform world

At Microsoft, we never stop working to protect you and your data. If the evolving cyberattacks over the past three years have taught us anything, it’s that threat actors are both cunning and committed. At every level of your enterprise, attackers never stop looking for a way in. The massive...

Introducing Adaptive Protection in Microsoft Purview—People-centric data protection for a multiplatform world

At Microsoft, we never stop working to protect you and your data. If the evolving cyberattacks over the past three years have taught us anything, it’s that threat actors are both cunning and committed. At every level of your enterprise, attackers never stop looking for a way in. The massive...

Attacking Machine Learning Systems

The field of machine learning ML security--and corresponding adversarial ML--is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many...

AIs as Computer Hackers

Hacker "Capture the Flag" has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’. It’s a controlled setting for what computer hackers do in real life: findi...

acuity (=6.18.0), acuitypro (=6.18.0) +81 more potentially affected by CVE-2022-25882 via onnx (>=0.2.0 <=1.12.0)

onnx PYPI version =0.2.0, =0.0.0, =0.0.157, =1.44.0, =1.44.0, =1.44.0, =1.44.0, =1.44.0, =1.44.0, =1.44.0, =0.5.8, =0.1.0, =0.3.0 and more Source cves: CVE-2022-25882 Source advisory: OSV:PYSEC-2023-38...

Microsoft Security innovations from 2022 to help you create a safer world today

The start of a new year is always a great time for reflection—to be grateful for all we have and the progress security teams have made as well as look ahead to how we can reshape the security landscape. I use this time to think about goals for the future, and to reflect on the highlights,...

Digital event highlights new features in Microsoft Purview

Keeping your company and customer data secure has never been more complex. With multiple clouds, legacy on-premises systems, and numerous devices, it can be hard to keep track of what data you have and where it lives. On top of that, ever-changing employee roles make managing who has access to wh...

Digital event highlights new features in Microsoft Purview

Keeping your company and customer data secure has never been more complex. With multiple clouds, legacy on-premises systems, and numerous devices, it can be hard to keep track of what data you have and where it lives. On top of that, ever-changing employee roles make managing who has access to wh...

Oracle Database Server for Unix (Jan 2023 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory. - Vulnerability in the Oracle Database - Machine Learning for Python Python component of Oracle Database Server. The supported version that ...

Oracle Database Server for Windows (Jan 2023 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory. - Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and...

Microsoft Azure Services Flaws Could've Exposed Cloud Resources to Unauthorized Access

Four different Microsoft Azure services have been found vulnerable to server-side request forgery SSRF attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API...

Microsoft Azure Services Flaws Could've Exposed Cloud Resources to Unauthorized Access

Four different Microsoft Azure services have been found vulnerable to server-side request forgery SSRF attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API...

4 Places to Supercharge Your SOC with Automation

It's no secret that the job of SOC teams continues to become increasingly difficult. Increased volume and sophistication of attacks are plaguing under-resourced teams with false positives and analyst burnout. However, like many other industries, cybersecurity is now beginning to lean on and benef...

scikit-learn: Denial of Service

Background scikit-learn is a machine learning library for Python. Description When supplied with a crafted model SVM, predict can result in a null pointer dereference. Impact An attcker capable of providing a crafted model to scikit-learn can result in denial of service. Workaround There is no...

Recovering Smartphone Voice from the Accelerometer

Yet another smartphone side-channel attack: "EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers": Abstract: Eavesdropping from the users smartphone is a well-known threat to the users safety and privacy. Existing studies show that loudspeaker reverberatio...

Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report

We’re excited to announce that Microsoft is named a Leader in The Forrester Wave: Security Analytics Platforms, Q4 2022. Microsoft achieved the highest possible score in 17 different criteria, including partner ecosystem, innovation roadmap, product security, case management, and architecture. Wi...

ai.djl.spring:djl-spring-boot-starter-tensorflow-auto (>=0.15 <=0.18), ai.djl.tensorflow:tensorflow-api (>=0.15.0 <=0.18.0) +7125 more potentially affected by CVE-2022-3510 via com.google.protobuf:protobuf-java (>=3.17.0 <=3.19.5)

com.google.protobuf:protobuf-java MAVEN version =3.17.0, =0.15, =0.15.0, =0.15.0, =0.15.0, =3.32.1.6, =3.32.1.6-1-2.1, =3.32.1.6-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.0.1, =2.8.4-alpha1, =3.0.1-alpha1 and more Source cves: CVE-2022-3510...

Google TensorFlow buffer overflow vulnerability (CNVD-2023-03936)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in versions prior to Google TensorFlow 2.11.0, which can be exploited by attackers to cause out-of-bounds memory reads or crashes...

CVE-2022-41910

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...