Critical flaw in AI testing framework MLflow can lead to server and data compromise

March 23, 2023

Read Time:37 Second

MLflow, an open-source framework that’s used by many organizations to manage their machine-learning tests and record results, received a patch for a critical vulnerability that could allow attackers to extract sensitive information from servers such as SSH keys and AWS credentials. The attacks can be executed remotely without authentication because MLflow doesn’t implement authentication by default and an increasing number of MLflow deployments are directly exposed to the internet.

“Basically, every organization that uses this tool is at risk of losing their AI models, having an internal server compromised, and having their AWS account compromised,” Dan McInerney, a senior security engineer with cybersecurity startup Protect AI, told CSO. “It’s pretty brutal.”

To read this article in full, please click here

Hackers exploit little-known WordPress MU-plugins feature to hide malware

Cyber Security and Resilience Bill Will Apply to 1000 UK Firms

New Malware Variant RESURGE Exploits Ivanti Vulnerability

ClickFake Interview Campaign by Lazarus Targets Crypto Job Seekers

The Signal Chat Leak and the NSA

EU Commission to Invest €1.3bn in Cybersecurity and AI

NCSC Urges Users to Patch Next.js Flaw Immediately

US Seizes $8.2m from Romance Baiting Scammers

How Each Pillar of the 1st Amendment is Under Attack