CVE-2024-49361 Potential Vulnerability in ACON Library: Improper Input Validation Leading to Malicious Code Execution

ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit...

What I’ve learned in my first 7-ish years in cybersecurity

When I first interviewed with Joel Esler for my position at Cisco Talos, I remember when the time came for me to ask questions, one thing stood out. I asked what resources were available to me to learn about cybersecurity, because I was totally new to the space. His answer: The people. When I ask...

The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short

In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit...

Imperva Adaptive Threshold for Layer 7 DDoS Attacks Reduces Risk of Business Disruption

Today’s fast-paced digital landscape demands an optimized user experience that is always available to engage end users. However, businesses are constantly under threat from a variety of attacks that seek to disrupt that experience, including DDoS attacks. And the risk is growing. According to the...

The Value of AI-Powered Identity

Introduction Artificial intelligence AI deepfakes and misinformation may cause worry in the world of technology and investment, but this powerful, foundational technology has the potential to benefit organizations of all kinds when harnessed appropriately. In the world of cybersecurity, one of th...

Finding a needle in a haystack: Machine learning at the forefront of threat hunting research

Introduction In the ever-evolving landscape of cybersecurity, logs, that is information collected from various sources like network devices, endpoints, and applications, plays a crucial role in identifying and responding to threats. By analyzing this data, organizations can detect anomalies,...

CVE-2024-40442

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request...

CVE-2024-40441

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the modelattribs parameter...

CBL Mariner 2.0 Security Update: tensorflow (CVE-2023-33976)

The version of tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-33976 advisory. - TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a...

KB5042215 - Description of the security update for SQL Server 2017 CU31: September 10, 2024

KB5042215 - Description of the security update for SQL Server 2017 CU31: September 10, 2024 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More...

Division By Zero Error

TensorFlow is vulnerable to a division by zero error. The vulnerability is due to insufficient handling of cases where the input's fourth dimension is zero in the DepthwiseConv TFLite operator, which can allows to execution issues or crashes in machine learning models...

Black Hat USA 2024: Key Takeaways and Industry Trends

What a week! As Hacker Summer camp shifts into the rearview, it’s time to take a moment to reflect on the week, what we learned and the people we had the pleasure of meeting while out in Las Vegas. As is always the case at Black Hat 2024, the cybersecurity community was buzzing with the latest...

Imperva Security Efficacy and Operational Efficiency Leads the Industry in SecureIQLab’s Cloud WAAP Comparative Report

In the 2024 Cloud Web Application and API Protection WAAP CyberRisk Comparative Validation Report from SecureIQLab, Imperva outperformed all other vendors in both security efficacy and operational efficiency. This comprehensive report, based on third-party testing, demonstrates Imperva's commitme...

The vulnerabilities of the ML connector functions and the Alerting service of the Kibana data visualization service allow a perpetrator to execute arbitrary code.

The vulnerability of the ML connector functions and the Alerting service of the Kibana data visualization service is related to uncontrolled changes in object prototype attributes. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

PT-2024-5372 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 8.14.2 Kibana versions prior to 7.17.23 Description: A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to interna...

Kibana 8.14.2 / 7.17.23 Security Update (ESA-2024-22)

Kibana arbitrary code execution via prototype pollution ESA-2024-22 A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability,...

PT-2024-25059 · Qualcomm · Snapdragon +159

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue occurs when a driver accesses the ML IE memory and the offset value is incremented beyond the ML IE length, resulting in a transient Denial of...

Obfuscation: There Are Two Sides To Everything

How to detect and prevent attackers from using these various techniques Obfuscation is an important technique for protecting software that also carries risks, especially when used by malware authors. In this article, we examine obfuscation, its effects, and responses to it. What Is Obfuscation?...

BIT-TENSORFLOW-2023-33976 TensorFlow segfault in array_ops.upper_bound

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

CVE-2023-33976

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...