Supply chain attacks possible with TensorFlow CI/CD misconfigurations

20 January 2024

TensorFlow instances on GitHub and PyPi could have been subjected to supply chain attacks involving the exploitation of continuous integration and continuous delivery vulnerabilities within the open-source machine learning framework, reports The Hacker News. Aside from enabling malicious GitHub deployments, successful attacks could also facilitate remote code execution on self-hosted GitHub runners, as well as GitHub Personal Access Token retrieval, according to a report from Praetorian.

Source: SC Magazine

Date:

20 January 2024

Categorie(s):

NEWS

Tag(s):

CI/CD, DevSecOps, IT, Supply, TensorFlow

Dropbox dropped the ball on security, haemorrhaging customer and third-party info2 May 2024
Block accused of mass compliance failures that saw digi-dollars reach terrorists2 May 2024
Smashing Security podcast #370: The closed loop conundrum, default passwords, and Baby Reindeer1 May 2024
Cyberattack against United Russia claimed by Ukraine1 May 2024
US jails former NSA employee for attempting secret sale to Russia1 May 2024