deep-floorplan (=0.0.0), mpunet (=0.2.9) +1 more potentially affected by CVE-2021-37660 via tensorflow-gpu (>=2.3.0 <=2.3.2)

tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2021-37660 Source advisory: OSV:PYSEC-2021-771...

merge-change 软件包安全漏洞

merge-change is an open source simple library for deep merging of objects and other types, also for patching and immutable new. The merge-change package has a security vulnerability that makes the package susceptible to prototype contamination via the utils.set function...

Black Hat: Scaling Automated Disinformation for Misery and Profit

LAS VEGAS – Researchers recently demonstrated the weaponization of deep neural networks that can be used to shape public opinion, enrage people on Twitter and possibly spark QAnon 2.0. The research, presented last week at Black Hat by Drew Lohn, senior fellow at the Center for Security and...

Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques

Today’s cybersecurity threats continue to find ways to fly and stay under the radar. Cybercriminals use polymorphic malware because a slight change in the binary code or script could allow the said threats to avoid detection by traditional antivirus software. Threat actors customize their wares...

Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques

Today’s cybersecurity threats continue to find ways to fly and stay under the radar. Cybercriminals use polymorphic malware because a slight change in the binary code or script could allow the said threats to avoid detection by traditional antivirus software. Threat actors customize their wares...

In0ri - Defacement Detection With Deep Learning

In0ri is a defacement detection system utilizing a image-classification convolutional neural network. Introduction When monitoring a website, In0ri will periodically take a screenshot of the website then put it through a preprocessor that will resize the image down to 250x250px and numericalize t...

OESA-2021-1268 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light & Magic for use in computer imaging applications. Security Fixes: There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a craft...

Why I Love (Breaking Into) Your Security Appliances

Amid the Colonial Pipeline and JBS ransomware attacks that sparked shockwaves among media worldwide, news broke that attackers were able to compromise Colonial Pipeline through a legacy VPN account. The account lacked multifactor authentication MFA and wasn’t in active use within the business, a...

DEBIAN-CVE-2021-3598

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability...

record-like-deep-assign code issue vulnerability

record-like-deep-assign is a package. A code issue vulnerability exists in record-like-deep-assign that stems from a prototype contamination affecting key functionality within the plugin. No details of the vulnerability are provided at this time...

CVE-2021-23402

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality...

Design/Logic Flaw

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality...

CVE-2021-23402

CVE-2021-23402 affects the npm package record-like-deep-assign. All versions are vulnerable to prototype pollution via the main functionality, as shown in public advisories. The root cause involves unsafe handling of object merges or path-based assignments that can pollute Object.prototype, enabl...

CVE-2021-23402

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality...

record-like-deep-assign 代码问题漏洞

record-like-deep-assign is a package. A code issue vulnerability exists in record-like-deep-assign that stems from a prototype contamination affecting key functionality within the plugin. No details of the vulnerability are provided at this time...

Unspecified vulnerability in deep-override (CNVD-2021-47378)

deep-override is a software application. Provides a recursive object extension and override. A security vulnerability exists in deep-override versions 1.0.0 through 1.0.1, which can be exploited by an attacker to cause a denial of service and potentially lead to remote code execution...

Unspecified vulnerability in deep-override

deep-override is a software application. Provides a recursive object extension and override. A security vulnerability exists in deep-override versions 1.0.0 through 1.0.1, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...

Friday Squid Blogging: Video of Giant Squid Hunting Prey

Fantastic video of a giant squid hunting at depths between 1,827 and 3,117 feet. This is a follow-on from this post. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Microsoft announces recipients of academic grants for AI research on combating phishing

Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the...

Microsoft announces recipients of academic grants for AI research on combating phishing

Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the...