Critical flaw in AI testing framework MLflow can lead to server and data compromise

March 23, 2023

Read Time:37 Second

MLflow, an open-source framework that’s used by many organizations to manage their machine-learning tests and record results, received a patch for a critical vulnerability that could allow attackers to extract sensitive information from servers such as SSH keys and AWS credentials. The attacks can be executed remotely without authentication because MLflow doesn’t implement authentication by default and an increasing number of MLflow deployments are directly exposed to the internet.

“Basically, every organization that uses this tool is at risk of losing their AI models, having an internal server compromised, and having their AWS account compromised,” Dan McInerney, a senior security engineer with cybersecurity startup Protect AI, told CSO. “It’s pretty brutal.”

To read this article in full, please click here

Active Lumma Stealer Campaign Impacting U.S. SLTTs

BlackLock ransomware: What you need to know

FishMonger APT Group Linked to I-SOON in Espionage Campaigns

Critical GitHub Attack

Rooted Devices 250 Times More Vulnerable to Compromise

Smashing Security podcast #409: Peeping perverts and FBI phone calls

UK CNI Security Leaders Express Confidence in Cybersecurity, Despite 95% Breach Rate

UK Police Arrest 422 in Major Fraud Crackdown

Over Half a Million Hit by Pennsylvania Schools Union Breach