Security Bulletin: GO is suspectible for denial of service on IBM Watson Machine Learning on CP4D

Summary GO is suspectible for denial of service on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-16845 DESCRIPTION: Go Language is vulnerable to a denial of service, caused by an infinite read loop in ReadUvarint and ReadVarint in encoding/binary. By sending a...

Security Bulletin: Go can panic upon an attempt to process network traffic on IBM Watson Machine Learning on CP4D

Summary Go is vulnerable to a denial of service and can panic upon an attempt to process network traffic on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2019-17596 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when verifying invalid DSA publ...

Security Bulletin: TensorFlow is vulnerable to a heap-based buffer overflow on IBM Watson Machine Learning on CP4D

Summary TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by UnsortedSegmentSum on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2019-16778 DESCRIPTION: TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper...

Security Bulletin: Tensor Flow security vulnerabilities with denial of service on IBM Watson Machine Learning on CP4D

Summary TensorFlow is vulnerable to a denial of service .Remote attacker could exploit this vulnerability to cause a denial of service condition on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-15190 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused ...

Security Bulletin: GO is vulnerable to allows attacks on clients on IBM Watson Machine Learning on CP4D

Summary GO is vulnerable to to a denial of service and allows attacks on clients on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this...

Security Bulletin: Tensor Flow security vulnerabilities with segmentation fault on IBM Watson Machine Learning on CP4D

Summary TensorFlow is vulnerable to a denial of service and segmentation fault on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-5215 DESCRIPTION: Tensorflow is vulnerable to a denial of service, caused by a flaw when converting a string from Python to a tf.float16 valu...

Security Bulletin: Tensor Flow security vulnerabilities with denial of service on IBM Watson Machine Learning Server

Summary TensorFlow is vulnerable to a denial of service .Remote attacker could exploit this vulnerability to cause a denial of service condition on IBM Watson Machine Learning Server Vulnerability Details CVEID: CVE-2020-15190 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused b...

Security Bulletin: GO security vulnerabilities on IBM Watson Machine Learning Server

Summary Golang Go is vulnerable to a denial of service on IBM Watson Machine Learning Server Vulnerability Details CVEID: CVE-2020-15586 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a data race in some net/http servers. By sending specially-crafted HTTP requests, a remot...

Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT

Cryptocurrency mining—once considered no more than a nuisance, a relatively benign activity that was a drain on machine resources—has been on the rise in recent years. This increase in cryptocurrency mining activity is driven by the increasing value of cryptocurrencies like Bitcoin, the growth in...

Security Bulletin: Tensor Flow security vulnerabilities on IBM Watson Machine Learning Server

Summary TensorFlow is vulnerable to a heap-based buffer overflow and denial of service on IBM Watson Machine Learning Server Vulnerability Details CVEID: CVE-2020-15201 DESCRIPTION: TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the...

Improve Your Cyber Security Posture by Combining State of the Art Security Tools

Today there are plenty of cybersecurity tools on the market. It is now more important than ever that the tools you decide to use work well together. If they don't, you will not get the complete picture, and you won't be able to analyze the entire system from a holistic perspective. This means tha...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m keynoting the all-virtual RSA Conference 2021, May 17-20, 2021. I’m keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning via Zoom, July 8-9, 2021. I’ll be speaking at an Informa event on...

Network Detection & Response: The Next Frontier in Fighting the Human Problem

Last year, Gartner published a market guide on network detection and response NDR. Formerly known as network-traffic analytics, which I’ve spoken about in the past at length, NDR has adapted to not only play a major role in helping network and security teams identify threats, but it has enabled...

Gamifying machine learning for stronger security and AI models

To stay ahead of adversaries, who show no restraint in adopting tools and techniques that can help them attain their goals, Microsoft continues to harness AI and machine learning to solve security challenges. One area we’ve been experimenting on is autonomous systems. In a simulated enterprise...

Gamifying machine learning for stronger security and AI models

To stay ahead of adversaries, who show no restraint in adopting tools and techniques that can help them attain their goals, Microsoft continues to harness AI and machine learning to solve security challenges. One area we’ve been experimenting on is autonomous systems. In a simulated enterprise...

Columbo - A Computer Forensic Analysis Tool Used To Simplify And Identify Specific Patterns In Compromised Datasets

Columbo is a computer forensic analysis tool used to simplify and identify specific patterns in compromised datasets. It breaks down data to small sections and uses pattern recognition and machine learning models to identify adversaries behaviour and their possible locations in compromised Window...

How one data scientist is pioneering techniques to detect security threats

Data science is an increasingly popular field of study that’s relevant to every industry. When Maria Puertas Calvo was a student, she never imagined that one day she would pioneer data science techniques to detect security threats. She started her Microsoft career on the Safety Platform team,...

Newest Intel Side-Channel Attack Sniffs Out Sensitive Data

Intel processors are vulnerable to a new side-channel attack, which researchers said can allow attackers to steal sensitive information such as encryption keys or passwords. Unlike previous side-channel attacks, this attack does not rely on sharing memory, cache sets and other former tactics...

How to Combat Alert Fatigue With Cloud-Based SIEM Tools

Today’s security teams are facing more complexity than ever before. IT environments are changing and expanding rapidly, resulting in proliferating data as organizations adopt more tools to stay on top of their sprawling environments. And with an abundance of tools comes an abundance of alerts,...

6 strategies to reduce cybersecurity alert fatigue in your SOC

Today, organizations are faced with the increasingly difficult task of trying to protect their expanding digital estate from sophisticated cybersecurity threats. Migration to the cloud and a mobile workforce has dissolved the network boundary and projected the digital estate beyond its traditiona...