Thursday, November 14, 2019

Malign Machine Learning Models and bad DICOM

Zeronighs 2019 AISec releases: how to insert malware into TensorFlow and PyTorch models and hack NVIDIA Clara ML pipeline with DICOM image.


Thursday, October 24, 2019

AISec on ZeroNights 2019

New AISec releases soon at Zeronights 2019.

Roman Palkin : "Malign Machine Learning Models"
Maria Nedyak : "Hacking Medical Imaging with DICOM"


See you there!

https://zeronights.ru/en/program-en/

Wednesday, October 16, 2019

Cyber Resilience of Railway Signaling Systems

Recently published information on the cybersecurity assessment of railway computer and communication-based control systems (CBCS) identified several weaknesses and vulnerabilities, which allow threat agents to not only degrade system reliability and bypass safety mechanisms, but to carry out attacks which directly affect the rail traffic safety. Despite these findings, remarkably these systems meet all relevant IT security and functional safety requirements and have the required international, national and industrial certificates.

Monday, October 14, 2019

HITB AISec slides and special release

Slides "AI for Security and Security for AI" talk by Sergey Gordeychik, as presented at HITB CyberWeek 2019, Abu Dhabi.



Machine learning technologies are turning from rocket science into daily engineering life. You no longer have to know the difference between Faster R-CNN and HMM to develop a machine vision system, and even OpenCV has bindings for JavaScript allowing to resolve quite serious tasks all the while remaining in front end. On other hand massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. In the broader context security is really all about trust.

Do we trust AI? I don’t, personally.

Thursday, October 10, 2019

DICOM to passwd. On security of ML pipelines

Machine Learning and Artificial Intelligence Pipelines are very useful tools. They help to concentrate on specific task without digging into implementation details. However, from design and security perspective these things are like Frankenstein.

Here is  an example


Sunday, September 29, 2019

Dangers of MLaaS

Dangers of MLaaS as present on Datafest Siberia by  @dnkolegov and Antoniy Nikolaev.

Download

Enjoy 

Wednesday, September 11, 2019

Silverpeak SD-WAN +7 CVE

Fixed (?) published. Kudos SD-WAN New Hop team: Sergey Gordeychick, Denis Kolegov, Maxim Gorbunov, Nikolay Tkachenko, Nikita Oleksov, Oleg Broslavsky, Antony Nikolaev