1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Ray framework flaw exploited for hackers to breach servers

    From TechnologyDaily@1337:1/100 to All on Wed Mar 27 18:45:06 2024
    Ray framework flaw exploited for hackers to breach servers

    Date:
    Wed, 27 Mar 2024 18:38:12 +0000

    Description:
    When is a remote code execution considered a flaw? And when a feature?

    FULL STORY ======================================================================

    The Ray framework, an open source tool for AI and Python workload scaling, is vulnerable to half a dozen flaws that allow hackers to hijack the devices and steal sensitive data.

    This is according to cybersecurity researchers from Oligo, who published
    their findings on a new hacking campaign they dubbed ShadowRay.

    Apparently active since early September 2023, ShadowRays operators abused
    five distinct Ray vulnerabilities to target firms in education, cryptocurrency, biopharma, and other verticals. "Shadow vulnerability"

    Four of the vulnerabilities are tracked as CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, and CVE-2023-48023, and Anyscale, Rays developer, fixed them. The fifth one, deemed a critical remote code execution (RCE) flaw by researchers, and tracked as CVE-2023-48022, was not fixed.

    Anyscale argues that this was not a bug, but a feature: "The remaining CVE (CVE-2023-48022) - that Ray does not have authentication built in - is a long-standing design decision based on how Ray's security boundaries are
    drawn and consistent with Ray deployment best practices, though we intend to offer authentication in a future version as part of a defense-in-depth strategy," it said.

    As per the developers, this RCE flaw can only be abused in deployments that
    go against Anyscales recommendations and dont limit Rays use to a strictly controlled network environment.

    Oligo, on the other hand, says that by disputing the CVE, Anyscale is leaving many developers in the dark on the potential holes. "We have observed instances of CVE-2023-48022 being actively exploited in the wild, making the disputed CVE a "shadow vulnerability"a CVE that doesn't show up in static scans but can still lead to breaches and significant losses."

    The researchers said they observed hundreds of publicly exposed Ray servers, compromised via this vulnerability. As a result, threat actors were stealing sensitive data such as AI models, production database credentials, and more. In some instances they were even installing cryptominers.

    Via BleepingComputer More from TechRadar Pro AI models could be attacked, flawed by this Hugging Face security issue security worries add to AI concerns Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/ray-framework-flaw-exploited-for-hacker s-to-breach-servers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)