One issue would have allowed cross-tenant attacks, and another enabled access to a shared registry for container images; exploitation via an insecure Pickle file showcases emerging risks for AI-as-a-service more broadly.
Follow Dark Reading:
 April 08, 2024
LATEST SECURITY NEWS & COMMENTARY
Critical Bugs Put Hugging Face AI Platform in a 'Pickle'
One issue would have allowed cross-tenant attacks, and another enabled access to a shared registry for container images; exploitation via an insecure Pickle file showcases emerging risks for AI-as-a-service more broadly.
CISO Corner: Ivanti's Mea Culpa; World Cup Hack; CISOs & Cyber Awareness
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Dealing with a Ramadan cyber spike; funding Internet security; and Microsoft's Azure AI changes.
Panera Bread Fuels Ransomware Suspicions With Silence
The restaurant chain hasn't provided any information regarding what led to a widespread IT outage, and customers and employees are asking for answers.
Magecart Attackers Pioneer Persistent E-Commerce Backdoor
The infamous payment-skimmer cybercrime organization is exploiting CVE-2024-20720 in Magento for a novel approach to stealing card data.
White House's Call for Memory Safety Brings Challenges, Changes & Costs
Improving security in the applications that drive the digital economy is a necessary undertaking, requiring ongoing collaboration between the public and private sectors.
(Sponsored Article) See Your Attack Surface as Threat Actors Do With EASM and CNAPP
Layering external attack surface management with a cloud-native application protection platform gives visibility into unknown vulnerabilities.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection
A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.

How Soccer's 2022 World Cup in Qatar Was Nearly Hacked
A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says.

How CISOs Can Make Cybersecurity a Long-Term Priority for Boards
Cybersecurity is far more than a check-the-box exercise. To create companywide buy-in, CISOs need to secure board support, up their communication game, and offer awareness-training programs to fight social engineering and help employees apply what they've learned.

Feds to Microsoft: Clean Up Your Cloud Security Act Now
A federal review board demanded that the tech giant prioritize its "inadequate" security posture, putting the blame solely on the company for last year's Microsoft 365 breach that allowed China's Storm-0558 to hack the email accounts of key government officials.

MORE
PRODUCTS & RELEASES
Action1 Unveils 'School Defense' Program To Help Small Educational Institutions Thwart Cyberattacks
CyberRatings.org Announces Test Results for Cloud Network Firewall
More Than Half of Organizations Plan to Adopt AI Solutions in Coming Year, Reports Cloud Security Alliance and Google Cloud
TruCentive Enhances Privacy With HIPAA Compliant Personal Information De-identification
TAG Report Reveals Endpoint Backup Is Essential to Improving Data Resiliency
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
Ivanti Pledges Security Overhaul the Day After 4 More Vulns Disclosed
So far this year, Ivanti has disclosed a total of 10 flaws — many of them critical — in its remote access products, and one in its ITSM product.
LATEST FROM THE EDGE

How Do We Integrate LLMs Security Into Application Development?
Large language models require rethinking how to bake security into the software development process earlier.
LATEST FROM DR TECHNOLOGY

How to Tame SQL Injection
As part of its Secure by Design initiative, CISA urged companies to redouble efforts to quash SQL injection vulnerabilities. Here's how.
LATEST FROM DR GLOBAL

Solar Spider Spins Up New Malware to Entrap Saudi Arabian Financial Firms
An ongoing cyberattack campaign with apparent ties to China uses a new version of sophisticated JavaScript remote access Trojan JSOutProx and is now targeting banks in the Middle East.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us