aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6636 items

CVE-2020-26271: In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memo

mediumvulnerability
security
Dec 10, 2020
CVE-2020-26271

TensorFlow has a vulnerability where loading a saved model can access uninitialized memory (data that hasn't been set to a known value) when building a computation graph. The bug occurs in the MakeEdge function, which connects parts of a neural network together, because it doesn't verify that array indices are valid before accessing them, potentially allowing attackers to leak memory addresses from the library.

Fix: This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. Users should update to one of these patched versions.

NVD/CVE Database

Actively protecting pen testers and pen testing assets

infonews
security
Dec 8, 2020

FireEye, a major security company, was attacked and adversaries accessed their internal red teaming tools (software used to test security by simulating attacks). The post warns that red teams are attractive targets for attackers and recommends implementing protective measures like honeypot machines (fake systems designed to detect intruders) and monitoring login attempts to quickly detect when attackers are trying to compromise their systems.

CVE-2020-29374: An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (

lowvulnerability
security
Nov 28, 2020
CVE-2020-29374

A bug was found in the Linux kernel before version 5.7.3 in the get_user_pages function (a mechanism that allows programs to access memory pages), where it incorrectly grants write access when it should only allow read access for copy-on-write pages (memory regions shared between processes that are copied when modified). This happens because the function doesn't properly respect read-only restrictions, creating a security vulnerability.

Machine Learning Attack Series: Overview

infonews
securityresearch

Machine Learning Attack Series: Generative Adversarial Networks (GANs)

infonews
securityresearch

Assuming Bias and Responsible AI

infonews
safetypolicy

Abusing Application Layer Gateways (NAT Slipstreaming)

infonews
security
Nov 24, 2020

NAT Slipstreaming is a technique where visiting a malicious website can punch a hole through your router's firewall by exploiting the Application Layer Gateway (ALG, a feature that helps protocols like SIP, Session Initiation Protocol, work with firewalls). The attack works because the ALG is designed to allow devices inside a network to open firewall ports, but an attacker can abuse this intended functionality.

CVE-2020-28975: svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cau

highvulnerability
security
Nov 21, 2020
CVE-2020-28975

A vulnerability in Libsvm v324 (a machine learning library used by scikit-learn 0.23.2) allows attackers to crash a program by sending a specially crafted machine learning model with an extremely large value in the _n_support array, causing a segmentation fault (a type of crash where the program tries to access memory it shouldn't). The scikit-learn developers noted this only happens if an application violates the library's API by modifying private attributes.

Machine Learning Attack Series: Repudiation Threat and Auditing

infonews
securityresearch

Video: Building and breaking a machine learning system

infonews
securityresearch

Machine Learning Attack Series: Image Scaling Attacks

infonews
securityresearch

Leveraging the Blue Team's Endpoint Agent as C2

infonews
security
Oct 26, 2020

During a Red Team Operation (a simulated attack where security testers try to break into a company's systems), researchers discovered that Blue Team infrastructure, like endpoint agents (software that monitors and controls devices on a network), can be exploited for remote code execution (running commands on systems without authorization) if not properly protected. Companies often lack adequate security controls like MFA (multi-factor authentication, requiring multiple verification steps) and monitoring to prevent unauthorized access to these agents.

Machine Learning Attack Series: Adversarial Robustness Toolbox Basics

infonews
researchsecurity

CVE-2020-15266: In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the

lowvulnerability
security
Oct 21, 2020
CVE-2020-15266

TensorFlow versions before 2.4.0 have a bug in the `tf.image.crop_and_resize` function where very large values in the `boxes` argument are converted to NaN (a special floating point value meaning "not a number"), causing undefined behavior and a segmentation fault (a crash from illegal memory access). This vulnerability affects the CPU implementation of the function.

CVE-2020-15265: In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequan

mediumvulnerability
security
Oct 21, 2020
CVE-2020-15265

In TensorFlow before version 2.4.0, an attacker can provide an invalid `axis` parameter (a setting that specifies which dimension of data to work with) to a quantization function, causing the program to access memory outside the bounds of an array, which crashes the system. The vulnerability exists because the code only uses DCHECK (a debug-only validation that is disabled in normal builds) rather than proper runtime validation.

Hacking neural networks - so we don't get stuck in the matrix

infonews
securityresearch

What does an offensive security team actually do?

infonews
security
Oct 19, 2020

Offensive security teams are groups that test and challenge an organization's defenses by simulating attacks from an adversary's perspective. Rather than debating terminology like 'red team' or 'pentest' (security testing where authorized people attempt to break into systems), the source suggests defining these teams by the services they provide to customers within the organization, including business groups, defensive teams, developers, and employees.

CVE 2020-16977: VS Code Python Extension Remote Code Execution

highnews
security
Oct 14, 2020

The VS Code Python extension had a vulnerability where HTML and JavaScript code could be injected through error messages (called tracebacks, which show where a program failed) in Jupyter Notebooks, potentially allowing attackers to steal user information or take control of their computer. The vulnerability occurred because strings in error messages were not properly escaped (prevented from being interpreted as code), and could be triggered by modifying a notebook file directly or by having the notebook connect to a remote server controlled by an attacker.

Machine Learning Attack Series: Stealing a model file

mediumnews
security
Oct 10, 2020

Attackers can steal machine learning model files through direct approaches like compromising systems to find model files (often with .h5 extensions), or through indirect approaches like model stealing where attackers build similar models themselves. One specific attack vector involves SSH agent hijacking (exploiting SSH keys stored in memory on compromised machines), which allows attackers to access production systems containing model files without needing the original passphrases.

Coming up: Grayhat Red Team Village talk about hacking a machine learning system

infonews
securityresearch
Previous318 / 332Next

Fix: The source explicitly recommends several protective measures: (1) Create honeypot machines with fake credentials and trigger notifications and alerts when accessed; (2) Set up notifications for logon attempts and successful logons via email and forward events to the blue team (defensive security team); (3) Disable remote management endpoints and allow list source IP addresses in the firewall; (4) Lock down machines by blocking all inbound connections while allowing outbound ones using Windows command 'netsh advfirewall set allprofiles firewallpolicy blockinboundalways,allowoutbound' or Linux commands 'sudo ufw enable', 'sudo ufw default deny incoming', and 'sudo ufw default allow outgoing'; (5) Perform red vs. red testing (security assessments where one red team tests another) to verify the red team has proper security controls in place.

Embrace The Red

Fix: Update the Linux kernel to version 5.7.3 or later. A patch is available at https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f. Debian users should refer to security updates referenced in the Debian mailing list announcements and DSA-5096.

NVD/CVE Database
Nov 26, 2020

This is an index page summarizing a series of blog posts about machine learning security from a red teaming perspective (testing a system by simulating attacker behavior). The posts cover ML basics, threat modeling, practical attacks like adversarial examples (inputs designed to fool AI models), model theft, backdoors (hidden malicious code inserted into models), and how traditional security attacks (like weak access control) also threaten AI systems.

Embrace The Red
Nov 25, 2020

This post describes how Generative Adversarial Networks (GANs, a type of AI system where two neural networks compete to create realistic fake images) can be used to generate fake husky photos that trick an image recognition system called Husky AI into misclassifying them as real huskies. The author explains they investigated this attack method and references a GAN course to learn more about the technique.

Embrace The Red
Nov 24, 2020

AI and machine learning systems have caused serious problems in real-world situations, including Amazon's recruiting tool that discriminated against women, Microsoft's chatbot that became racist and sexist, IBM's cancer treatment recommendation system that doctors criticized, and Facebook's AI that made incorrect translations leading to someone's arrest. These examples show that AI systems can develop and spread biased predictions and failures with harmful consequences. The article highlights the importance of addressing bias when building and deploying AI systems responsibly.

Embrace The Red
Embrace The Red

Fix: A patch is available in scikit-learn at commit 1bf13d567d3cd74854aa8343fd25b61dd768bb85 on GitHub, as referenced in the source material.

NVD/CVE Database
Nov 10, 2020

Repudiation is a security threat where someone denies performing an action, such as replacing an AI model file with a malicious version. The source explains how to use auditd (a Linux auditing tool) and centralized monitoring systems like Splunk or Elastic Stack to create audit logs that track who accessed or modified files and when, helping prove or investigate whether specific accounts made changes.

Fix: To mitigate repudiation threats, the source recommends: (1) installing and configuring auditd on Linux using 'sudo apt install auditd', (2) adding file monitoring rules with auditctl (example: 'sudo auditctl -w /path/to/file -p rwa -k keyword' to audit read, write, and append operations), and (3) pushing audit logs to centralized monitoring systems such as Splunk, Elastic Stack, or Azure Sentinel for analysis and visualization.

Embrace The Red
Nov 5, 2020

This is a YouTube talk about building and breaking machine learning systems, presented at a security conference (GrayHat Red Team Village). The speaker is exploring whether to develop this content into a hands-on workshop where participants could practice these concepts.

Embrace The Red
Oct 28, 2020

This post introduces image scaling attacks, a type of adversarial attack (manipulating inputs to fool AI systems) that targets machine learning models through image preprocessing. The author discovered this attack concept while preparing demos and references academic research on understanding and preventing these attacks.

Embrace The Red
Embrace The Red
Oct 22, 2020

This post demonstrates how to use the Adversarial Robustness Toolbox (ART, an open-source library created by IBM for testing machine learning security) to generate adversarial examples, which are modified images designed to trick AI models into making wrong predictions. The author uses the FGSM attack (Fast Gradient Sign Method, a technique that slightly alters pixel values to confuse classifiers) to successfully manipulate an image of a plush bunny so a husky-recognition AI misclassifies it as a husky with 66% confidence.

Embrace The Red

Fix: Upgrade to TensorFlow version 2.4.0 or later, which contains the patch. TensorFlow nightly packages (development builds) after commit eccb7ec454e6617738554a255d77f08e60ee0808 also have the issue resolved.

NVD/CVE Database

Fix: The issue is patched in commit eccb7ec454e6617738554a255d77f08e60ee0808. Upgrade to TensorFlow 2.4.0 or later, or use TensorFlow nightly packages released after this commit.

NVD/CVE Database
Oct 20, 2020

This item is promotional content for a conference talk about attacking and defending machine learning systems, presented at GrayHat 2020's Red Team Village. The speaker created an introductory video for a session titled 'Learning by doing: Building and breaking a machine learning system,' scheduled for October 31st, 2020.

Embrace The Red
Embrace The Red

Fix: Microsoft Security Response Center (MSRC) confirmed the vulnerability and fixed it, with the fix released in October 2020 as documented in their security bulletin.

Embrace The Red
Embrace The Red
Oct 9, 2020

This is an announcement for a conference talk about attacking and defending machine learning systems, covering practical threats like brute forcing predictions (testing many inputs to guess outputs), perturbations (small changes to data that fool AI), and backdooring models (secretly poisoning training data). The speaker will discuss both ML-specific attacks and traditional security breaches, as well as defenses to protect these systems.

Embrace The Red