Google TensorFlow code issue vulnerability (CNVD-2021-48860)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A code issue vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which stems from tf.rawops.SdcaOptimizer triggering undefined behavior due to dereferencing a null pointer. No...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-48857)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which stems from the absence of loops between nodes of a TFlite graph. No detailed vulnerability details are...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-48855)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4, which stems from tf.rawops.QuantizeAndDequantizeV2 allows invalid values for the axis parameter:. No...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2021-48858)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4 suffers from an input validation error vulnerability that can be exploited by an attacker to cause a denial of service...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2021-48861)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which can be exploited by an attacker to cause a read to exceed the bounds of the heap allocation data...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-48866)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which can be exploited by an attacker to cause a denial of service via a failure from the implementation of CHECK...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-48863)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which can be exploited by an attacker to cause a denial of service by controlling the value of the num segments...

Google TensorFlow Numeric Error Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4 suffers from a number error vulnerability that can be exploited by an attacker to trigger undefined behavior via a null pointer bound to...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-48856)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4, which stems from a lack of validation in tf.rawops.RaggedTensorToTensor, and can be exploited by an...

Preparing for your migration from on-premises SIEM to Azure Sentinel

The pandemic of 2020 has reshaped how we engage in work, education, healthcare, and more, accelerating the widespread adoption of cloud and remote-access solutions. In today’s workplace, the security perimeter extends to the home, airports, the gym—wherever you are. To keep pace, organizations...

Preparing for your migration from on-premises SIEM to Azure Sentinel

The pandemic of 2020 has reshaped how we engage in work, education, healthcare, and more, accelerating the widespread adoption of cloud and remote-access solutions. In today’s workplace, the security perimeter extends to the home, airports, the gym—wherever you are. To keep pace, organizations...

Google TensorFlow code issue vulnerability (CNVD-2021-46656)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A code issue vulnerability exists in TensorFlow 2.4.2,2.3.3,2.2.3,2.1.4, which can be exploited by an attacker to cause a denial of service by exploiting a CHECK failure from the implementation...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-46658)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in TensorFlow 2.4.2,2.3.3,2.2.3, 2.1.4, which can be exploited by an attacker to trigger a heap buffer overflow in tf.rawops.QuantizedResizeBilinear...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-46659)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in TensorFlow 2.4.2,2.3.3,2.2.3,2.1.4, which stems from the fact that tf.rawops.SparseCountSparseOutput causes a segmentation error to be thrown from the standard...

Google TensorFlow Arbitrary File Overwrite Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an arbitrary file overwrite vulnerability, which originates from an issue caused when tf.keras.utils.getfile is used with extract=True, and can be exploited by an...

Do CAPTCHAs work and what’s the alternative?

We know youre busy, so the answer is “No”. Users want less friction, and a good bot detection and mitigation solution will do the job MUCH better. The first lesson on the first day of UI school is that users want the path of least resistance. While the gamification of cybersecurity does have a...

WAF-A-MoLE - A Guided Mutation-Based Fuzzer For ML-based Web Application Firewalls

A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al. Given an input SQL injection query, it tries to produce a semantic invariant query that is able to bypass the target WAF. You can use this tool for assessin...

Google now requires app developers to verify their address and use 2FA

Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification 2SV, provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards...

How to confuse antimalware neural networks. Adversarial attacks and protection

Introduction Nowadays, cybersecurity companies implement a variety of methods to discover new, previously unknown malware files. Machine learning ML is a powerful and widely used approach for this task. At Kaspersky we have a number of complex ML models based on different file features, including...

Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft

Flaws impacting millions of internet of things IoT devices running NVIDIA’s Jetson chips open the door for a variety of hacks, including denial-of-service DoS attacks or the siphoning of data. NVIDIA released patches addressing nine high-severity vulnerabilities including eight additional bugs of...