Mastodawn

ShadowRay 2.0 demonstrates how attackers are now leveraging AI-generated tooling to exploit exposed Ray clusters and create a globally distributed botnet.

Highlights:
• CVE-2023-48022 exploited across thousands of Ray servers
• LLM-generated scripts tailored to victim environments
• Region-aware updates via GitLab + GitHub
• Hidden GPU mining (A100 clusters)
• Competing cryptominers battling for compute
Thoughts on the broader implications for AI security?

Boost, reply, and follow @technadu for more deep-dive threat research.

#Infosec #CyberSecurity #ShadowRay #AIThreats #RayFramework #Botnet #ThreatHunting #CloudSecurity

The New Oil Nov 19

New #ShadowRay attacks convert Ray clusters into #crypto miners

https://www.bleepingcomputer.com/news/security/new-shadowray-attacks-convert-ray-clusters-into-crypto-miners/

#cybersecurity

New ShadowRay attacks convert Ray clusters into crypto miners

A global campaign dubbed ShadowRay 2.0 hijacks exposed Ray Clusters by exploiting an old code execution flaw to turn them into a self-propagating cryptomining botnet.

BleepingComputer

83r71n Aug 9, 2024

Oligo Security's research team has identified a significant vulnerability named "0.0.0.0 Day" that affects all major web browsers, allowing malicious websites to interact with local network services. This vulnerability arises from inconsistent security implementations across browsers and the lack of standardization in the browser industry. The IP address 0.0.0.0, typically used to denote all available network interfaces on a device, can be exploited by attackers to gain unauthorized access and execute code on local services, including those for development, operating systems, and internal networks. This issue has wide-ranging implications for both individuals and organizations, with active exploitation campaigns like ShadowRay highlighting the urgency of resolving this vulnerability.

https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser

#cybersecurity #0000day #vulnerability #browser #http #rfc #chrome #safari #firefox #fingerprinting #edge #ssl #https #pna #shadowray

0.0.0.0 Day: Exploiting Localhost APIs From the Browser

Oligo Security's research team recently disclosed the “0.0.0.0 Day” vulnerability. This vulnerability allows malicious websites to bypass browser security and interact with services running on an organization’s local network

Oligo Security

83r71n Mar 26, 2024

Researchers have warned about a vulnerability in the Ray framework, an open-source AI tool used by major tech companies for Python applications, including machine learning and data processing. This vulnerability, known as CVE-2023-48022 or ShadowRay, allows hackers to take control of companies' computing power and leak sensitive data. Thousands of Ray servers worldwide were compromised, affecting organizations across various industries, including medical companies, video analytics firms, and educational institutions. The vulnerability was not promptly fixed and is considered a "shadow vulnerability" due to its controversial status. Hackers exploited the flaw for cryptocurrency mining, with the total value of compromised machines and compute power estimated at nearly a billion dollars.

https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild

#cybersecurity #ray #framework #vulnerability #ai #shadowray #cve #servers

ShadowRay: First Known Attack Campaign Targeting AI Workloads Exploited In The Wild | Oligo Security

The Oligo research team discovered a live crypto miner campaign targeting a vulnerability in Ray, a widely used open-source AI framework.