Critical Flaw in Replicate AI Platform Exposes Proprietary Data

The finding underscores the challenges of protecting data from multiple customers across AI-as-a-service solutions, especially in environments that run AI models from untrusted sources. [TechWeb]( Follow Dark Reading: [RSS]( May 24, 2024 LATEST SECURITY NEWS & COMMENTARY [Critical Flaw in Replicate AI Platform Exposes Proprietary Data]( The finding underscores the challenges of protecting data from multiple customers across AI-as-a-service solutions, especially in environments that run AI models from untrusted sources. [Courtroom Recording Platform JAVS Hijacked in Supply Chain Attack]( With more than 10,000 installations across prisons, courts, and governments, impacted Justice AV Solutions users are urged to re-image affected endpoints and reset credentials. [MIT Brothers Charged With Exploiting Ethereum to Steal $25 Million]( The two MIT graduates discovered a flaw in a common trading tool for the Ethereum blockchain. Does it presage problems ahead for cryptocurrency? [New Gift Card Scam Targets Retailers, Not Buyers, to Print Endless $$$]( Microsoft researchers discover an old-timey scam with a facelift for the cloud era: hacking retailers' portals to make it rain gift cards. [New Mindset Needed for Large Language Models]( With the right mix of caution, creativity, and commitment, we can build a future where LLMs are not just powerful, but also fundamentally trustworthy. [Stalkerware App With Security Bug Discovered on Hotel Systems]( The spyware is able to capture screenshots of a user's device every few seconds from any location globally. [(Sponsored Article) How to Avoid a SolarWinds-Style Malware Attack]( The SEC says SolarWinds was impacted by a supply chain attack, but the evidence may not support that. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [US Pumps $50M Into Better Healthcare Cyber Resilience]( Upgrade, an ARPA-H program, will focus on automating cybersecurity for healthcare institutions so that providers can focus on patient care. [Trends at the 2024 RSA Startup Competition]( Startups at Innovation Sandbox 2024 brought clarity to artificial intelligence, protecting data from AI, and accomplishing novel security solutions with new models. [GitHub Authentication Bypass Opens Enterprise Server to Attackers]( The max-severity bug affects versions using the SAML single sign-on mechanism. [MORE]( PRODUCTS & RELEASES [Bugcrowd Acquires Informer to Enhance Attack Surface Management, Penetration Testing]( [SOCRadar Secures $25.2M in Funding to Combat Multibillion-Dollar Cybersecurity Threats]( [Concentric AI to Unveil Data Security Remediation and Compliance Reporting Capabilities at Infosecurity Europe 2024]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE LATEST FROM THE EDGE [Seizing Control of the Cloud Security Cockpit]( Much like an airplane's dashboard, configurations are the way we control cloud applications and SaaS tools. It's also the entry point for too many security threats. Here are some ideas for making the configuration process more secure. LATEST FROM DR TECHNOLOGY [CyberArk Goes All In on Machine Identity with Venafi Deal]( CyberArk's $1.54 billion agreement to buy Venafi is a sign of how human and machine identities will converge with certificate lifecycle management. LATEST FROM DR GLOBAL [China APT Stole Geopolitical Secrets From Middle East, Africa & Asia]( One of China's biggest espionage operations owes its success to longstanding Microsoft Exchange bugs, open source tools, and old malware. WEBINARS - [Extending Access Management: Securing Access for all Identities, Devices, and Applications]( - [Assessing Software Supply Chain Risk]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights]( - [SecOps Checklist]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( - [The Future of Cloud Security: Attack Paths & Graph-based Technology]( [View More White Papers >>]( FEATURED REPORTS - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( - [Zero-Trust Adoption Driven by Data Protection]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123674&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_05.24.24&sp_cid=53645&utm_content=DR_NL_Dark%20Reading%20Daily_05.24.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#e9 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)