Security Bulletin: A security vulnerability has been identified in lodash shipped with PowerAI.

Summary Vulnerability CVE-2019-10744 found in lodash package. Vulnerability Details CVEID: CVE-2019-10744 DESCRIPTION: Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype...

Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI

Summary Vulnerability CVE-2019-8457 in SqLite package Vulnerability Details CVEID: CVE-2019-8457 DESCRIPTION: SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode function when handling invalid rtree tables. CVSS Base score: 5.3 CVSS Temporal Score:...

OS Identification: SinFP with Machine Learning

Binary data osfingerprintmlsinfp.nbin...

Security Bulletin: A security vulnerability has been identified in Werkzeug shipped with PowerAI.

Summary Vulnerability CVE-2019-14806 in Werkzeug package. Vulnerability Details CVEID: CVE-2019-14806 DESCRIPTION: Pallets Werkzeug versions prior to 0.15.3 used with Docker have insufficient debugger PIN randomness because Docker containers share the same machine ID. CVSS Base score: 7.5 CVSS...

Combining AI and Playbooks to Predict Cyberattacks

When organizations invest in AI, they are not only able to automate menial tasks like patching, but they can also create an automated system that looks for and discovers attacks, not only after the fact, but even before they occur. This predictive capability becomes increasingly necessary as...

Security Bulletin: Multiple vulenerabilities CVE-2019-0205, CVE-2019-0210 in thrift package

Summary Multiple vulenerabilities CVE-2019-0205, CVE-2019-0210 in thrift package Vulnerability Details CVEID: CVE-2019-0205 DESCRIPTION: In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue...

Design/Logic Flaw

This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID...

CVE-2019-8760

This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID...

CVE-2019-8760

CVE-2019-8760 concerns Face ID authentication on Apple iOS. Description and multiple sources confirm that a 3D model constructed to resemble the enrolled user could bypass Face ID. The issue is addressed by improving Face ID machine learning models and was fixed in iOS 13. Related entries in Red ...

Data governance and retention in your Microsoft 365 tenant—a secure and highly capable solution

Data governance has relied on transferring data to a third-party for hosting an archive service. Emails, documents, chat logs, and third-party data Bloomberg, Facebook, LinkedIn, etc. must be saved in a way that it can’t be changed and won’t be lost. Data governance is part of IT at the enterpris...

Finding a common language to describe AI security threats

As artificial intelligence AI and machine learning systems become increasingly important to our lives, it’s critical that when they fail we understand how and why. Many research papers have been dedicated to this topic, but inconsistent vocabulary has limited their usefulness. In collaboration wi...

Failure Modes in Machine Learning

Interesting taxonomy of machine-learning failures pdf that encompasses both mistakes and attacks, or -- in their words -- intentional and unintentional failure modes. It's a good basis for threat modeling...

Manipulating Machine Learning Systems by Manipulating Training Data

Interesting research: "TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents": Abstract:: Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-ti...

Gartner Names Microsoft a Leader in the 2019 Enterprise Information Archiving (EIA) Magic Quadrant

We often hear from customers about the explosion of data, and the challenge this presents for organizations in remaining compliant and protecting their information. We’ve invested in capabilities across the landscape of information protection and information governance, inclusive of archiving,...

Deployment Isn’t the Final Step – Monitoring Machine Learning Models in Production

Unless you’ve been living in a cave for the last decade, you’ve probably heard of the concept of a machine learning system at least once in your life. Whether it’s auto-translation, auto-completion, face or voice recognition, recommendation systems or autonomous driving, AI-based systems can be...

This Week in Security News: APT33 Botnets Used for Extreme Narrow Targeting and Microsoft’s Patch Tuesday Arrives with A Patch for An IE Zero-Day

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the APT33 threat group that is using live C&C servers for extremely narrow targeting. Also, read about Trend Micro’s complete...

azureml-designer-classic-modules (>=0.0.105 <=0.0.112), azureml-designer-core (>=0.0.21 <=0.0.29) +36 more potentially affected by CVE-2019-12410 via pyarrow (>=0.12.0 <=0.14.1)

pyarrow PYPI version =0.12.0, =0.0.105, =0.0.21, =0.0.17, =0.0.36, =0.0.9, =1.0.48.1, =0.1.0, =1.4.2, =3.0.20190405035157, =0.1.0, =0.1.1, =1.13.4, =1.15.1 and more Source cves: CVE-2019-12410 Source advisory: OSV:PYSEC-2019-196...

How Machine Learning is Changing the Face of Financial Services

Artificial intelligence AI has become integrated into our everyday lives. It powers what we see in our social media newsfeeds, activates facial recognition to unlock our smartphones, and even suggests music for us to listen to. Machine learning, a subset of AI, is progressively integrating into o...

Time for day 2 of briefings at BlueHat Seattle!

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent complete with toasted marshmallows. Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising...

Time for day 2 of briefings at BlueHat Seattle!

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent complete with toasted marshmallows. Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising...