The Future of Machine Learning and Cybersecurity

The Center for Security and Emerging Technology has a new report: "Machine Learning and Cybersecurity: Hype and Reality." Heres the bottom line: The report offers four conclusions: Machine learning can help defenders more accurately detect and triage potential attacks. However, in many cases thes...

Microsoft announces recipients of academic grants for AI research on combating phishing

Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the...

Microsoft announces recipients of academic grants for AI research on combating phishing

Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the...

Akamai Platform Update: New Security Enhancements That Intelligently Automate Application and API Security, Mitigate Online Fraud, and Reduce Burden on Security Professionals

Today is Day 2 of Akamai's Platform Update. Yesterday, we talked about the acceleration of modern app development and how we're empowering users to shift more compute and data to the edge. From the core to the cloud to the edge, the applications and APIs that power modern web experiences must als...

Security Bulletin: IBM Waston Machine Learning Acclerator is affected by an OpenSSL 1.0.2k vulnerability

Summary There is a vulnerability in OpenSSL 1.0.2k used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator has addressed the applicable CVE: CVE-2020-1968. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: IBM Waston Machine Learning Acclerator is affected by OpenSSL vulnerabilities

Summary There are vulnerabilities in OpenSSL used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator has addressed the applicable CVEs: CVE-2021-23839, CVE-2021-23840, CVE-2021-23841. Vulnerability Details Refer to the security bulletins listed in the...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Ill be part of a European Internet Forum virtual debate on June 17, 2021. The topic is "Decrypting the encryption debate: How to ensure public safety with a privacy-preserving and secure Internet?" I’m speaking at the all-online...

Mozilla Says Google's New Ad Tech—FLoC—Doesn't Protect User Privacy

Google's upcoming plans to replace third-party cookies with a less invasive ad targeted mechanism have a number of issues that could defeat its privacy objectives and allow for significant linkability of user behavior, possibly even identifying individual users. "FLoC is premised on a compelling...

Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances

Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official...

The Supreme Court Narrowed the CFAA

In a 6-3 ruling, the Supreme Court just narrowed the scope of the Computer Fraud and Abuse Act: In a ruling delivered today, the court sided with Van Buren and overturned his 18-month conviction. In a 37-page opinion written and delivered by Justice Amy Coney Barrett, the court explained that the...

Security Bulletin: IBM Waston Machine Learning Acclerator is affected by a Python vulnerability

Summary There is a vulnerability in Python used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator havs addressed the applicable CVE, CVE-2021-3177 by upgrade python to version 3.7.10 Vulnerability Details Refer to the security bulletins listed in the...

Building Multilayered Security for Modern Threats

Considering recent announcements of major attacks caused by external malicious actors, including a ransomware attack on a U.S. gasoline pipeline, the need for increased security posture is as important as ever, and multilayered security remains the key. With rampant ransomware attacks and other...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2021-48869)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow 2.4.2, 2.3.3 suffers from a buffer overflow vulnerability that stems from the RaggedBincount's split parameter not specifying a valid SparseTensor, which can be exploited by an...

Google TensorFlow code issue vulnerability (CNVD-2021-48868)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A code issue vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which stems from tf.rawops.FusedBatchNorm demonstrating undefined behavior by dereferencing null pointers to...

Building SIEM for Today’s Threat Landscape

It’s easy to see how the changing security landscape has shaped the evolution of the security information and event management SIEM practice area — and how it continues to. But architecting an effective SIEM approach requires a well-thought-out strategy. A combination of security information...

aiproteomics (=0.2.1), alpharing (>=1.0.0 <=2.0.0) +26 more potentially affected by CVE-2021-29618 via tensorflow-cpu (>=1.15.0 <=2.1.0)

tensorflow-cpu PYPI version =1.15.0, =1.0.0, =0.0.1, =1.0.0.4, =0.1.0, =0.2.3, =0.0.5, =0.1.2, =1.0.0, =1.8.2, =1.6.1, =1.8.3 - netfl =1.5.0 and more Source cves: CVE-2021-29618 Source advisory: OSV:GHSA-XQFJ-CR6Q-PC8W...

aiproteomics (=0.2.1), alpharing (>=1.0.0 <=2.0.0) +26 more potentially affected by CVE-2021-29615 via tensorflow-cpu (>=1.15.0 <=2.1.0)

tensorflow-cpu PYPI version =1.15.0, =1.0.0, =0.0.1, =1.0.0.4, =0.1.0, =0.2.3, =0.0.5, =0.1.2, =1.0.0, =1.8.2, =1.6.1, =1.8.3 - netfl =1.5.0 and more Source cves: CVE-2021-29615 Source advisory: OSV:GHSA-QW5H-7F53-XRP6...

Email Campaign Spreads StrRAT Fake-Ransomware RAT

An email campaign is delivering a Java-based remote access trojan RAT that can not only steal credentials and take control of systems, but also presents as fake ransomware, Microsoft researchers have discovered. The Microsoft Security Intelligence MSI team has outlined details of a “massive email...

Google TensorFlow Denial of Service Vulnerability (CNVD-2021-37608)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow. An attacker can exploit this vulnerability to cause a denial of service situation...

Google TensorFlow tf.raw_ops.FractionalMaxPoolGraddenial Denial of Service Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow tf.rawops.FractionalMaxPoolGraddenial. A local attacker can exploit this vulnerability to cause a denial of service...