31 matches found
Scientists Need a Positive Vision for AI
For many in the research community, it's gotten harder to be optimistic about the impacts of artificial intelligence. As authoritarianism is rising around the world, AI-generated "slop" is overwhelming legitimate media, while AI-generated deepfakes are spreading misinformation and parroting...
CVE-2024-47833
Taipy (Python library) is affected by a vulnerability where session cookies are served without Secure and HTTPOnly flags in affected versions prior to 4.0.0. The issue is documented across multiple sources (CVE record, Red Hat, OSV, GitHub GHSA advisory) and is explicitly addressed in release 4.0...
CVE-2024-47833 Session Cookie without Secure and HTTPOnly flags in taipy
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...
Wiz extends its AI-SPM offering to OpenAI platform
Wiz becomes the first CNAPP to provide AI security for OpenAI, allowing data scientists and developers to detect and mitigate risk in their OpenAI organization with a new OpenAI SaaS connector...
Friday Squid Blogging: Strawberry Squid in the Galápagos
Scientists have found Strawberry Squid, "whose mismatched eyes help them simultaneously search for prey above and below them," among the coral reefs in the Galápagos Islands. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my...
Friday Squid Blogging: New Squid Species
An ancient squid: New research on fossils has revealed that a vampire-like ancient squid haunted Earths oceans 165 million years ago. The study, published in June edition of the journal Papers in Palaeontology, says the creature had a bullet-shaped body with luminous organs, eight arms and sucker...
CVE-2023-43640
TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database including the users table. This issue...
The Low-Stakes Race to Crack an Encrypted German U-Boat Message
A ramshackle team of American scientists scrambled to decode the Nazi cipher before the time ran out. Luckily, they had a secret weapon...
Wiz helps organizations innovate with AI securely and responsibly, launching support for Google Cloud Vertex AI
Wiz protects AI infrastructure against cloud attacks, allowing data scientists and engineers to focus on deploying more AI applications...
Friday Squid Blogging: Squid-Inspired Hydrogel
Scientists have created a hydrogel "using squid mantle and creative chemistry." As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...
Friday Squid Blogging: Breeding the Oval Squid
Japanese scientists are trying to breed the oval squid in captivity. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...
How we took part in MLSEC and (almost) won
This summer Kaspersky experts took part in the Machine Learning Security Evasion Competition MLSEC — a series of trials testing contestants ability to create and attack machine learning models. The event is comprised of two main challenges — one for attackers, and the other for defenders. The...
Machine Learning Testing for Data Scientists
In one software development project after another, it has been proven that testing saves time. Does this hold true for machine learning projects? Should data scientists write tests? Will it make their work better and/or faster? We believe the answer is YES! In this post we describe a full...
Far-Right Platform Gab Has Been Hacked—Including Private Data
The transparency group DDoSecrets says it will make the 70 GB of passwords, private posts, and more available to researchers, journalists, and social scientists...
Collaborative innovation on display in Microsoft’s insider risk management strategy
The disrupted work environment, in which enterprises were forced to find new ways to enable their workforce to work remotely, changed the landscape for operations as well as security. One of the top areas of concern is managing insider risks, a complex undertaking even before the pandemic, and ev...
Friday Squid Blogging: Editing the Squid Genome
Scientists have edited the genome of the Doryteuthis pealeii squid with CRISPR. A first. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
KLA11788 Multiple vulnerabilities in Mpmtp installer
Absolutely unique vulnerability was found in mpmtp system installer. Vulnerability can be exploited different ways, but the easiest way is running installer with /dos switch which leading to a blue screen of death and the need to reinstall Windows due to a failure of the system kernel driver. Thi...
Friday Squid Blogging: How Scientists Captured the Giant Squid Video
In June, I blogged about a video of a live juvenile giant squid. Here's how that video was captured. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Friday Squid Blogging: Why Mexican Jumbo Squid Populations Have Declined
A group of scientists conclude that it's shifting weather patterns and ocean conditions. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Hackers bypassed Gmail & Yahoo’s 2FA to target US officials
By Waqas The attack was carried out by Iran-backed charming kitten hackers and victims include dozens of US government officials. Private emails of US sanctions officials and nuclear scientists have been breached by Iranian state-sponsored hackers. As per the data obtained by Certfa, a...