MLflow, an open-source framework that’s used by many organizations to manage their machine-learning tests and record results, received a patch for a critical vulnerability that could allow attackers to extract sensitive information from servers such as SSH keys and AWS credentials. The attacks can be executed remotely without authentication because MLflow doesn’t implement authentication by default and an increasing number of MLflow deployments are directly exposed to the internet.
“Basically, every organization that uses this tool is at risk of losing their AI models, having an internal server compromised, and having their AWS account compromised,” Dan McInerney, a senior security engineer with cybersecurity startup Protect AI, told CSO. “It’s pretty brutal.”
To read this article in full, please click here
More Stories
Thread Hijacking: Phishes That Prey on Your Curiosity
Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into...
US Treasury Urges Financial Sector to Address AI Cybersecurity Threats
The US Treasury report sets out recommendations for financial institutions on addressing immediate AI-related operational risk, cybersecurity and fraud challenges...
Sellafield nuclear waste dump faces prosecution over cybersecurity failures
The UK's Office for Nuclear Regulation (ONR) has started legal action against the controversial Sellafield nuclear waste facility due to...
NIST Unveils New Consortium to Operate its National Vulnerability Database
After weeks of speculation, NIST has finally confirmed its intention to establish an industry consortium to develop the NVD in...
Teen Slang – What You Need To Know To Understand Your Teen
Got any ‘rizz’? Did you ‘slay’ that dinner? Is the ‘cozzie livs’ stressing you out? If you do not comprehendo,...
17 Billion Personal Records Exposed in Data Breaches in 2023
Flashpoint recorded a 34.5% rise in reported data breaches in 2023, with ransomware a major driver of this increase Read...