Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police c...

Attack Analytics Multi-Sensor Integrations Provide Unmatched Visibility

Since debuting Attack Analytics back in 2018, this groundbreaking security analytics functionality has come a long way. Time and again our customers have told us how powerful they find the tool and how much time it saves them. Attack Analytics better positions Imperva’s customers to focus on what...

Kubernetes Falls to Cryptomining via Machine-Learning Framework

A unique cyberattack campaign that targets Kubeflow, a machine-learning toolkit for Kubernetes, has affected large swathes of container clusters, according to Microsoft. The Kubeflow open-source project is a popular framework for running machine-learning ML tasks in Kubernetes. According to an...

Misconfigured Kubeflow workloads are a security risk

Azure Security Center ASC monitors and defends thousands of Kubernetes clusters running on top of AKS. Azure Security Center regularly searches for and research for new attack vectors against Kubernetes workloads. We recently published a blog post about a large scale campaign against Kubernetes...

Availability Attacks against Neural Networks

New research on using specially crafted inputs to slow down machine-learning neural network systems: Sponge Examples: Energy-Latency Attacks on Neural Networks shows how to find adversarial examples that cause a DNN to burn more energy, take more time, or both. They affect a wide range of DNN...

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack

Machine learning ML is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud,...

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack

Machine learning ML is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud,...

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack

Machine learning ML is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud,...

Facebook Announces Messenger Security Features that Don't Compromise Privacy

Note that this is "announced," so we don't know when it's actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provid...

Long Tail Analysis: A New Hope in the Cybercrime Battle

Our hyper-connected world and its ever-faster network speeds have resulted in mountains of diverse data that needs to be processed. It has also resulted in an ever-expanding attack surface, requiring cybersecurity solutions to scale like never before. These days, scale is about more than traffic...

Microsoft researchers work with Intel Labs to explore new deep learning approaches for malware classification

The opportunities for innovative approaches to threat detection through deep learning, a category of algorithms within the larger framework of machine learning, are vast. Microsoft Threat Protection today uses multiple deep learning-based classifiers that detect advanced threats, for example,...

Fooling NLP Systems Through Word Swapping

MIT researchers have built a system that fools natural-language processing systems by swapping words with synonyms: The software, developed by a team at MIT, looks for the words in a sentence that are most important to an NLP classifier and replaces them with a synonym that a human would find...

Deepfakes and AI: Fighting Cybersecurity Fire with Fire

Today, the most successful and damaging cyberattacks are executed by highly professional criminal networks rather than “lone-wolf” hackers. These criminal organizations have also become highly adept at leveraging artificial intelligence AI and machine learning ML tools, making it extremely hard f...

Vulnerability Finding Using Machine Learning

Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn't just apply mo...

Secure the software development lifecycle with machine learning

Every day, software developers stare down a long list of features and bugs that need to be addressed. Security professionals try to help by using automated tools to prioritize security bugs, but too often, engineers waste time on false positives or miss a critical security vulnerability that has...

CVE-2019-20634

An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails tha...

CVE-2019-20634

An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails tha...

Code injection

An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails tha...

CVE-2019-20634

CVE-2019-20634 concerns Proofpoint Email Protection (through 2019-09-08). The issue enables an attacker to collect scores from Proofpoint email headers to build a copy-cat machine learning classification model and extract insights. Using those insights, the attacker can craft emails that receive ...

PT-2020-10610 · Proofpoint · Proofpoint Email Protection

Name of the Vulnerable Software and Affected Versions: Proofpoint Email Protection versions prior to 2019-09-08 Description: An issue was discovered in Proofpoint Email Protection. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classificati...