Supply chain attacks possible with TensorFlow CI/CD misconfigurations

20 January 2024

TensorFlow instances on GitHub and PyPi could have been subjected to supply chain attacks involving the exploitation of continuous integration and continuous delivery vulnerabilities within the open-source machine learning framework, reports The Hacker News. Aside from enabling malicious GitHub deployments, successful attacks could also facilitate remote code execution on self-hosted GitHub runners, as well as GitHub Personal Access Token retrieval, according to a report from Praetorian.

Source: SC Magazine

Date:

20 January 2024

Categorie(s):

NEWS

Tag(s):

CI/CD, DevSecOps, IT, Supply, TensorFlow

Harnessing the Power of Data and AI – Sivan Tehila – FS #15 November 2024
A Kansas pig butchering: CEO who defrauded bank, church, friends gets 24 years5 November 2024
Canada Arrests Suspected Hacker Linked to Snowflake Data Breaches5 November 2024
Amazon Inspector suppression rules best practices for AWS Organizations5 November 2024
Building Cybersecurity Resilience: Strategies, Technologies, and Best Practices from Industry Leaders5 November 2024