Design/Logic Flaw

An issue was discovered in function synctree in heterodecisiontreeguest.py in WeBank FATE Federated AI Technology Enabler 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling...

CVE-2020-25459

CVE-2020-25459 affects WeBank FATE (Federated AI Technology Enabler) versions 0.1–1.4.2, via the function sync_tree in hetero_decision_tree_guest.py, allowing an attacker to read sensitive information during training. Connected advisories corroborate the issue and note patches in affected project...

Attacking the Performance of Machine Learning Systems

Interesting research: "Sponge Examples: Energy-Latency Attacks on Neural Networks": Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs. While such devices enable us to train large-scale neural networks in...

PacketStreamer - Distributed Tcpdump For Cloud Native Environments

Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence's ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Primary design goals: Stay light, capture and stream, n...

Security Bulletin: Watson Machine Learning Accelerator is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary Watson Machine Learning Accelerator is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast t...

Managed detection and response in 2021

Kaspersky Managed Detection and Response MDR helps organizations to complement existing detection capabilities or to expand limited in-house resources to protect their infrastructure from the growing number and complexity of threats in real time. We collect telemetry from clients networks and...

Manipulating Machine-Learning Systems through the Order of the Training Data

Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order. So what happens if the bad guys can cause the order to be not rando...

Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room

A group of academics has devised a system that can be used on a phone or a laptop to identify and locate Wi-Fi-connected hidden IoT devices in unfamiliar physical spaces. With hidden cameras being increasingly used to snoop on individuals in hotel rooms and Airbnbs, the goal is to be able to...

DroidDetective - A Machine Learning Malware Analysis Framework For Android Apps

A machine learning malware analysis framework for Android apps. DroidDetective is a Python tool for analysing Android applications APKs for potential malware related behaviour and configurations. When provided with a path to an application APK file Droid Detective will make a prediction using it'...

How to Develop Machine Learning Skills for Every Employee in Your Company

Everyone loves Artificial Intelligence AI and Data Science DS, and it’s probably not going to change for the next decade or so. Even so, most people only have the general idea what data science is and what machine learning or AI algorithms can do. This is quite normal and a common phenomenon for...

Google TensorFlow has an unspecified vulnerability

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from an invalid resource handle provided to the application when , multiple tensorflow...

Google TensorFlow Input Validation Error Vulnerability (CVE-2022-29192)

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to an input validation error in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which originates in tf.rawops QuantizeAndDequantizeV4Grad does not fully validate the input parameters and c...

Google TensorFlow code issue vulnerability (CNVD-2022-44164)

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to a code issue in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from tf.rawops. SparseTensorDenseAdd has incomplete validation for the input parameters. No detailed...

Google TensorFlow Denial of Service Vulnerability (CNVD-2022-44165)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from an application calling a tf .compat.v1. operation. An attacker could exploit this...

Google TensorFlow Denial of Service Vulnerability (CNVD-2022-44170)

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4 due to a vulnerability in tf.rawops. UnsortedSegmentJoin has incomplete validation of the input parameters. An attacker could use this...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2022-44210)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow version 2.8.0, which stems from the TensorKey hash function using the very poorly implemented constant hash function AllocatedBytes for total...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44174)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from the fact that tf.rawops.SparseTensorToCSRSparseMatrix does not ful...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2022-44211)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from incorrect logic when comparing sizet when writi...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44209)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from the presence of a non-numeric...

Google TensorFlow Code Injection Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A code injection vulnerability exists in TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, with no detailed vulnerability details provided at this time...