CVE-2021-37653 Division by 0 in `ResourceGather` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...

CVE-2021-37642 Division by 0 in `ResourceScatterDiv` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

CVE-2021-37642

CVE-2021-37642 involves TensorFlow’s tf.raw_ops.ResourceScatterDiv, where an implementation division-by-zero can occur in affected builds. Public details confirm this is rooted in the shared binary-ops class and that a patch was applied in GitHub commit 4aacb30888638da75023e6601149415b39763d76, w...

CVE-2021-37640

CVE-2021-37640 affects TensorFlow and relates to the SparseReshape path. The issue arises when tf.raw_ops.SparseReshape can trigger a division by zero due to the reshape functor not validating that both input and target shapes have a non-zero element count. This can lead to an integral division b...

CVE-2021-37640 Integer division by 0 in sparse reshaping in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseReshape can be made to trigger an integral division by 0 exception. The implementation calls the reshaping functor whenever there is at least an index in the input but...

CVE-2021-37636 Floating point exception in `SparseDenseCwiseDiv` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

CVE-2021-37636

CVE-2021-37636 concerns TensorFlow with a vulnerability in tf.raw_ops.SparseDenseCwiseDiv where division by zero can occur due to how a shared binary-ops class handles this case. The issue affects affected TensorFlow versions and has been addressed by patching the underlying code in a GitHub comm...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc...

How profiling employee working hours helps to detect security incidents

At the TimeMachine company there are two special old friends Bob and Alice. Bob, as a team manager, usually has a very busy schedule filled with meetings all day long. You can even find him working late into the night trying to catch up on email he received during the day. Alice on the other hand...

Apple to Scan Every Device for Child Abuse Content — But Experts Fear for Privacy

Apple on Thursday said it's introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material CSAM in the U.S. To that effect, the iPhone maker said it intends to begin client-side scanning of images shared via every...

Spotting brand impersonation with Swin transformers and Siamese neural networks

Every day, Microsoft Defender for Office 365 encounters millions of brand impersonation emails. Our security solutions use multiple detection and prevention techniques to help users avoid divulging sensitive information to phishers as attackers continue refining their impersonation tricks. In thi...

How to manage a side-by-side transition from your traditional SIEM to Azure Sentinel

With every week bringing new headlines about crippling cyberattacks, and with organizations growing increasingly distributed, security teams are constantly asked to do more with less. Moving to cloud-native security information and event management SIEM can help security teams analyze data with t...

Security Bulletin: Netty Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-21409)

Summary Netty is vulnerable to request smuggling, caused by improper validation of request, caused by missing validation of content-length on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-21409 DESCRIPTION: Netty is vulnerable to request smuggling, caused by improper...

Security Bulletin: Golang Go Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2020-29652)

Summary Golang Go is vulnerable to a denial of service, caused by a NULL pointer dereference on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-29652 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a NULL pointer dereference in the...

Security Bulletin: akka-http-core Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-23339)

Summary akka-http-core allows is vulnerable to allow multiple Transfer-Encoding headers on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-23339 DESCRIPTION: com.typesafe.akka:akka-http-core is vulnerable to request smuggling, caused by improper validation of request. By...

Attack AI systems in Machine Learning Evasion Competition

Today, we are launching MLSEC.IO, an educational Machine Learning Security Evasion Competition MLSEC for the AI and security communities to exercise their muscle to attack critical AI systems in a realistic setting. Hosted and sponsored by Microsoft, alongside NVIDIA, CUJO AI, VM-Ray, and MRG...

Attack AI systems in Machine Learning Evasion Competition

Today, we are launching MLSEC.IO, an educational Machine Learning Security Evasion Competition MLSEC for the AI and security communities to exercise their muscle to attack critical AI systems in a realistic setting. Hosted and sponsored by Microsoft, alongside NVIDIA, CUJO AI, VM-Ray, and MRG...

Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques

Today’s cybersecurity threats continue to find ways to fly and stay under the radar. Cybercriminals use polymorphic malware because a slight change in the binary code or script could allow the said threats to avoid detection by traditional antivirus software. Threat actors customize their wares...

Security Bulletin: Netty Vulnerability Affects IBM Watson Machine Learning on CP4D ( CVE-2021-21290)

Summary Netty could allow a local authenticated attacker to obtain sensitive information, caused by an insecure temp file in Unix-like systems on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-21290 DESCRIPTION: Netty could allow a local authenticated attacker to obtain...

Microsoft to acquire RiskIQ to strengthen cybersecurity of digital transformation and hybrid work

Organizations are increasingly using the cloud to reimagine every facet of their business. Hybrid work has accelerated this digital transformation, and customers are challenged with the increasing sophistication and frequency of cyberattacks. Today, Microsoft is announcing that we have entered in...