Tag: ml

SIEM-Kaufratgeber

Mar 4, 2025 6:34 AM

Tags: access, ai, api, business, cloud, compliance, container, cyberattack, data, detection, DSGVO, encryption, framework, HIPAA, infrastructure, least-privilege, mail, microsoft, mitre, ml, monitoring, open-source, saas, service, siem, skills, soar, software, threat, tool

Die kontextuellen Daten, die SIEM-Lösungen liefern, sind eine grundlegende Komponente moderner Security-Stacks.Protokoll-Daten zu auditieren, zu überprüfen und zu managen, ist alles andere als eine glamouröse Aufgabe aber ein entscheidender Aspekt, um ein sicheres Unternehmensnetzwerk aufzubauen. Schließlich schaffen Event Logs oft eine sekundäre Angriffsfläche für Cyberkriminelle, die damit ihre Aktivitäten verschleiern wollen.Vorgängen wie diesen treten Netzwerksicherheitsexperten…
Die besten XDR-Tools

Mar 3, 2025 6:34 AM

Tags: attack, business, cloud, computing, container, crowdstrike, cyberattack, detection, edr, endpoint, firewall, google, Hardware, ibm, identity, incident response, infrastructure, mail, malware, marketplace, microsoft, ml, network, office, okta, risk, security-incident, service, siem, soar, software, tool, vulnerability

Lesen Sie, worauf Sie in Sachen XDR achten sollten und welche Lösungen sich in diesem Bereich empfehlen.Manuelles, siloartiges Management ist in der modernen IT-Welt unangebracht. Erst recht im Bereich der IT-Sicherheit: Der Umfang von modernem Enterprise Computing und State-of-the-Art-Application-Stack-Architekturen erfordern Sicherheits-Tools, die:Einblicke in den Sicherheitsstatus von IT-Komponenten ermöglichen,Bedrohungen in Echtzeit erkennen, undAspekte der Bedrohungsabwehr automatisieren.Diese…
DEF CON 32 Incubated ML Exploits: Backdooring ML Pipelines With Input Handling Bugs

Feb 22, 2025 11:24 AM

Tags: conference, exploit, ml

Authors/Presenters: Suha Hussain Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/def-con-32-incubated-ml-exploits-backdooring-ml-pipelines-with-input-handling-bugs/
Deutsche Unternehmen: KI als Herausforderung im Kampf gegen Betrug

Feb 15, 2025 9:11 AM

Tags: ai, fraud, ml

Eine aktuelle Studie zeigt: 61 Prozent der deutschen Unternehmen haben 2024 mehr Geld durch Betrug verloren als im Vorjahr. Hauptprobleme sind fehlende KI-gestützte Lösungen und der Mangel an ML-Modellen (Machine Learning. 43 Prozent der Befragten priorisieren daher deren Einsatz im kommenden Jahr. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/security-management/deutsche-unternehmen-ki-als-herausforderung-im-kampf-gegen-betrug/
DLP solutions vs today’s cyberthreats: The urgent need for modern solutions

Feb 14, 2025 12:48 AM

Tags: access, ai, awareness, breach, business, cloud, corporate, data, data-breach, detection, email, endpoint, finance, malicious, ml, network, risk, risk-management, saas, threat, tool, unauthorized

The limitations of traditional data loss prevention solutions One of the biggest challenges is that legacy data loss prevention (DLP) tools struggle to meet modern data security needs. Their dependence on lengthy processes”, data discovery, classification, and policy creation”, results in slow time to value. As a result, organizations can face months of delays before…
Hugging Face: Bösartige ML-Modelle auf Entwicklungsplattform aufgedeckt

Feb 11, 2025 3:55 PM

Tags: ai, ml

Auf der KI-Entwicklungsplattform Hugging Face haben IT-Forscher bösartige ML-Modelle entdeckt. Angreifer könnten damit Befehle einschleusen. First seen on heise.de Jump to article: www.heise.de/news/Hugging-Face-Boesartige-ML-Modelle-auf-Entwicklungsplattform-aufgedeckt-10278387.html
Malicious ML models found on Hugging Face Hub

Feb 10, 2025 3:37 PM

Tags: malicious, ml

Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/10/malicious-ml-models-found-on-hugging-face-hub/
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Feb 8, 2025 8:06 AM

Tags: cybersecurity, detection, hacker, malicious, ml

Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of “broken” pickle files to evade detection.”The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file,” ReversingLabs researcher Karlo Zanki said in a report shared with The…
Attackers hide malicious code in Hugging Face AI model Pickle files

Feb 7, 2025 9:06 PM

Tags: ai, data, github, malicious, ml, open-source, programming, remote-code-execution, risk, service, software, threat, tool, vulnerability

Like all repositories of open-source software in recent years, AI model hosting platform Hugging Face has been abused by attackers to upload trojanized projects and assets with the goal of infecting unsuspecting users. The latest technique observed by researchers involves intentionally broken but poisoned Python object serialization files called Pickle files.Often described as the GitHub…
Developers Beware! Malicious ML Models Found on Hugging Face Platform

Feb 7, 2025 11:06 AM

Tags: ai, attack, cyber, malicious, ml, vulnerability

In a concerning development for the machine learning (ML) community, researchers from ReversingLabs have uncovered malicious ML models on the Hugging Face platform, a popular hub for AI collaboration. Dubbed “nullifAI,” this novel attack method leverages vulnerabilities in the widely used Python Pickle serialization format to execute malicious code on unsuspecting systems. The discovery highlights…
Anomalies are not Enough

Feb 5, 2025 5:12 AM

Tags: ai, attack, ciso, communications, country, cybersecurity, data, data-breach, defense, email, government, LLM, mail, marketplace, mitre, ml, network, resilience, risk, service, siem, threat, tool

Mitre Att&ck as Context Introduction: A common theme of science fiction authors, and these days policymakers and think tanks, is how will the humans work with the machines, as the machines begin to surpass us across many dimensions. In cybersecurity humans and their systems are at a crossroads, their limitations daily exposed by ever more innovative,…
Hackers impersonate DeepSeek to distribute malware

Feb 4, 2025 2:12 PM

Tags: access, ai, api, attack, automation, breach, china, cloud, computer, credentials, cyberattack, data, hacker, infrastructure, leak, LLM, malicious, malware, ml, pypi, threat, tool, vulnerability

To make things worse than they already are for DeepSeek, hackers are found flooding the Python Package Index (PyPI) repository with fake DeepSeek packages carrying malicious payloads.According to a discovery made by Positive Expert Security Center (PT ESC), a campaign was seen using this trick to dupe unsuspecting developers, ML engineers, and AI enthusiasts looking…
A pickle in Meta’s LLM code could allow RCE attacks

Jan 27, 2025 2:03 PM

Tags: ai, attack, breach, cve, cvss, data, data-breach, exploit, flaw, framework, github, LLM, malicious, ml, network, open-source, rce, remote-code-execution, software, supply-chain, technology, theft, vulnerability

Meta’s large language model (LLM) framework, Llama, suffers a typical open-source coding oversight, potentially allowing arbitrary code execution on servers leading to resource theft, data breaches, and AI model takeover.The flaw, tracked as CVE-2024-50050, is a critical deserialization bug belonging to a class of vulnerabilities arising from the improper use of the open-source library (pyzmq)…
Automating endpoint management doesn’t mean ceding control

Jan 23, 2025 6:22 PM

Tags: ai, automation, business, compliance, control, cybersecurity, data, endpoint, governance, intelligence, ml, risk, security-incident, skills, threat, tool, vulnerability

Beset with cybersecurity risks, compliance regimes, and digital experience challenges, enterprises need to move toward autonomous endpoint management (AEM), the next evolution in endpoint management and security solutions. CSO’s Security Priorities Study 2024 reveals that 75% of security decision-makers say that understanding which security tools and solutions fit best within their company is becoming more complex. Many are…
How organizations can secure their AI code

Jan 20, 2025 8:22 AM

Tags: ai, application-security, awareness, backdoor, breach, business, chatgpt, ciso, compliance, control, credentials, crime, cybersecurity, data, data-breach, finance, github, healthcare, LLM, malicious, ml, open-source, organized, programming, risk, risk-management, software, startup, strategy, supply-chain, technology, tool, training, vulnerability

In 2023, the team at data extraction startup Reworkd was under tight deadlines. Investors pressured them to monetize the platform, and they needed to migrate everything from Next.js to Python/FastAPI. To speed things up, the team decided to turn to ChatGPT to do some of the work. The AI-generated code appeared to function, so they…
How AI and ML are transforming digital banking security

Jan 14, 2025 8:46 AM

Tags: ai, banking, cybersecurity, group, ml

In this Help Net Security interview, Nuno Martins da Silveira Teodoro, VP of Group Cybersecurity at Solaris, discusses the latest advancements in digital banking security. He … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/14/nuno-martins-da-silveira-teodoro-solaris-ai-digital-banking-security/
New Research Highlights Vulnerabilities in MLOps Platforms

Jan 7, 2025 7:17 PM

Tags: ai, google, intelligence, ml, risk, vulnerability

New research by Security Intelligence has revealed security risks in MLOps platforms including Azure ML, BigML and Google Vertex AI First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/vulnerabilities-mlops-platforms/
Anomaly Detection for Cybersecurity

Dec 29, 2024 7:43 PM

Tags: ai, cisa, cybersecurity, data, data-breach, defense, detection, gartner, iot, ml, network, threat, training

A long promising approach comes of age I won’t revisit the arguments for anomaly detection as a crucial piece of cybersecurity. We’ve seen waves of anomaly detection over the years”Š”, “Šand CISA, DARPA, Gartner, and others have explained the value of anomaly detection. As rules-based detections show their age and attackers adopt AI to accelerate their…
Top 7 zero-day exploitation trends of 2024

Dec 23, 2024 10:42 AM

Tags: access, ai, attack, authentication, backdoor, botnet, breach, bug-bounty, business, china, ciso, cloud, computing, control, corporate, cve, cyberespionage, cybersecurity, data, data-breach, defense, email, endpoint, exploit, firewall, flaw, framework, github, google, government, group, hacker, identity, infrastructure, injection, Internet, ivanti, kev, leak, linux, malicious, malware, ml, monitoring, moveIT, network, north-korea, open-source, password, programming, pypi, ransomware, remote-code-execution, risk, service, software, sql, supply-chain, tool, training, unauthorized, update, vpn, vulnerability, windows, zero-day

Zero-day vulnerabilities saw big growth once again in 2024. With no patch available, zero-day flaws give attackers a significant jump on cybersecurity defense teams, making them a critical weapon for attacking enterprise systems.But while all zero-days are essential for CISOs and their team to be aware of, and for vendors to remedy in a timely…
Neue Schwachstellen in Machine-Learning-Systemen – JFrog-Analyse zeigt Risiken auf

Dec 20, 2024 11:43 AM

Tags: ml, risk, vulnerability

Um Risiken zu minimieren, empfiehlt das JFrog-Team, keine nicht-vertrauenswürdigen ML-Modelle zu laden auch nicht in scheinbar sicheren Formaten wie Safetensors. Unternehmen sollten ihre ML-Nutzer für die Gefahren sensibilisieren und Sicherheitsrichtlinien entsprechend anpassen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/neue-schwachstellen-in-machine-learning-systemen-jfrog-analyse-zeigt-risiken-auf/a39362/
Die 10 häufigsten LLM-Schwachstellen

Dec 19, 2024 6:42 AM

Tags: access, ai, api, application-security, awareness, breach, cloud, control, cyberattack, data, detection, dos, encryption, injection, least-privilege, LLM, ml, monitoring, privacy, RedTeam, remote-code-execution, risk, service, tool, update, vulnerability, zero-trust
Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage

Dec 17, 2024 2:42 PM

Tags: access, ai, attack, authentication, breach, business, cloud, compliance, computer, computing, credentials, crypto, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, dora, encryption, framework, hacker, infrastructure, international, law, ml, monitoring, network, nis-2, nist, PCI, phishing, privacy, regulation, resilience, risk, risk-management, service, skills, social-engineering, software, strategy, supply-chain, technology, threat, tool, vulnerability, zero-trust

Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage madhav Tue, 12/17/2024 – 05:10 Cybersecurity is a remarkably dynamic industry. New trends, technologies, and techniques reshape the landscape at an extraordinary pace, meaning keeping up can be challenging. Protecting data, the driving force of modern businesses, will continue to be the primary…
The 7 most in-demand cybersecurity skills today

Dec 12, 2024 12:05 PM

Tags: access, ai, api, application-security, attack, backup, best-practice, breach, business, cloud, compliance, computing, control, cyber, cyberattack, cybersecurity, data, defense, encryption, exploit, framework, gartner, GDPR, google, governance, grc, group, hacker, Hardware, healthcare, incident response, infrastructure, injection, intelligence, jobs, LLM, malicious, mitigation, ml, network, penetration-testing, phishing, privacy, ransomware, risk, risk-analysis, risk-assessment, risk-management, saas, service, skills, social-engineering, software, spear-phishing, strategy, technology, threat, tool, training, update, vulnerability, zero-trust

Cybersecurity teams find themselves understaffed, overburdened, and rushing to keep up with a rapidly changing threat landscape, as cyberattackers continually devise new ways to attack organizations, and organizations accelerate their embrace of the latest technologies.As a result, security professionals must continually upskill themselves to ensure they keep pace with organizations’ latest skill demands. Unfortunately, deciding…
ML clients, ‘safe’ model formats exploitable through open-source AI vulnerabilities

Dec 7, 2024 10:07 PM

Tags: ai, ml, open-source, vulnerability

First seen on scworld.com Jump to article: www.scworld.com/news/ml-clients-safe-model-formats-exploitable-through-open-source-ai-vulnerabilities
Neue AWS-KI-Rezepte gegen Cloud-Bedrohungen

Dec 4, 2024 4:48 PM

Tags: ai, cloud, computing, cyber, incident response, ml, network, security-incident, service, tool
AWS launches tools to tackle evolving cloud security threats

Dec 2, 2024 2:28 PM

Tags: access, ai, api, attack, cio, ciso, cloud, credentials, cyber, data, detection, exploit, finance, framework, healthcare, incident response, metric, mitre, ml, ransomware, security-incident, service, tactics, theft, threat, tool, update

The increasing sophistication and scale of cyber threats pose a growing challenge for enterprises managing complex cloud environments. Security teams often face overwhelming volumes of alerts, fragmented workflows, and limited tools to identify and respond to attack patterns spanning multiple events.Amazon Web Services (AWS) is addressing these challenges with two significant updates to its cloud…
JFrog fördert sichere KI-Entwicklung mit Integration von Databricks MLflow

Dec 1, 2024 7:27 PM

Tags: ai, data, ml, open-source, software

Die neue JFrog Artifactory-Integration bietet Entwicklern und Data Scientists eine Open Source Software-Lösung, um die Entwicklung von ML-Modellen zu … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-foerdert-sichere-ki-entwicklung-mit-integration-von-databricks-mlflow/a37220/
JFrog übernimmt Qwak AI Rationalisierung von KI- & ML-Modellen

Dec 1, 2024 6:27 PM

Tags: ai, ml

Als Teil der JFrog-Plattform wird die Qwak-Technologie eine unkomplizierte und problemlose Überführung von Modellen in die Produktion bieten, basiert … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-uebernimmt-qwak-ai-rationalisierung-von-ki-ml-modellen/a37667/
It’s Near-Unanimous: AI, ML Make the SOC Better

Nov 21, 2024 2:53 PM

Tags: ai, cybersecurity, intelligence, ml, soc

Efficiency is the name of the game for the security operations center, and 91% of cybersecurity pros say artificial intelligence and machine learning are winning that game. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/survey-report-ai-ml-make-soc-better
Researchers Warn of Privilege Escalation Risks in Google’s Vertex AI ML Platform

Nov 15, 2024 2:53 PM

Tags: access, ai, cybersecurity, data, exploit, flaw, google, jobs, malicious, ml, network, risk, service, unauthorized

Cybersecurity researchers have disclosed two security flaws in Google’s Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud.”By exploiting custom job permissions, we were able to escalate our privileges and gain unauthorized access to all data services in the project,” Palo Alto…