Ray deployments are not intended to connect to the internet, but AI developers are doing so anyway and leaving their servers vulnerable.
The proof-of-concept exploit is easy to execute, and could foretell wider targeting of the Fortinet vulnerability by attackers.
The sophisticated campaign gives attackers wide access under the guise of legitimate remote support software.
Some of the flaws outlined in 15 advisories could result in remote code execution on industrial control systems.
The VBScript-based attack chain is initiated from LNK files, and multiple stages are downloaded from legitimate cloud services.
Researchers from SpecterOps have put together a comprehensive resource that catalogs SCCM attacks and provides defensive strategies and hardening guidance.
Attackers can abuse YAML configuration files to execute malicious commands in Windows hosts.
This new technique to monetize cryptojacking avoids traditional detection methods that rely on monitoring CPU cycles and RAM usage.