Nov 15, 2024Ravie LakshmananArtificial Intelligence / VulnerabilityCybersecurity researchers have disclosed two security flaws in Google's Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud."By exploiting custom job permissions, we were able to escalate our privileges and gain unauthorized access to all data services in the project," Palo Alto Networks Unit 42 researchers Ofir Balassiano and Ofir Shaty said in an analysis published earlier this week."Deploying a poisoned model in Vertex AI led to the exfiltration of all other fine-tuned models, posing a serious proprietary and sensitive data exfiltration attack risk."Vertex AI is Google's ML platform for training and deploying custom ML models and artificial intelligence (AI) applications at scale. It was first introduced in May 2021.Crucial to leveraging the privilege escalation flaw is a feature called Vertex AI Pipelines, which allows users to automate and monitor MLOps workflows to train and tune ML models using custom jobs.Unit 42's research found that by manipulating the custom job pipeline, it's possible to escalate privileges to gain access to otherwise restricted resources. This is accomplished by creating a custom job that runs a specially-crafted image designed to launch a reverse shell, granting backdoor access to the environment.The custom job, per the security vendor, runs in a tenant project with a service agent account that has extensive permissions to list all service accounts, manage storage buckets, and access BigQuery tables, which could then be abused to access internal Google Cloud repositories and download images.The second vulnerability, on the other hand, involves deploying a poisoned model in a tenant project such that it creates a reverse shell when deployed to an endpoint, abusing the read-only permissions of the "custom-online-prediction" service account to enumerate Kubernetes clusters and fetch their credentials to run arbitrary kubectl commands."This step enabled us to move from the GCP realm into Kubernetes," the researchers said. "This lateral movement was possible because permissions between GCP and GKE were linked through IAM Workload Identity Federation."The analysis further found that it's possible to make use of this access to view the newly created image within the Kubernetes cluster and get the image digest which uniquely identifies a container image using them to extract the images outside of the container by using crictl with the authentication token associated with the "custom-online-prediction" service account.On top of that, the malicious model could also be weaponized to view and export all large-language models (LLMs) and their fine-tuned adapters in a similar fashion.This could have severe consequences when a developer unknowingly deploys a trojanized model uploaded to a public repository, thereby allowing the threat actor to exfiltrate all ML and fine-tuned LLMs. Following responsible disclosure, both the shortcomings have been addressed by Google."This research highlights how a single malicious model deployment could compromise an entire AI environment," the researchers said. "An attacker could use even one unverified model deployed on a production system to exfiltrate sensitive data, leading to severe model exfiltration attacks."Organizations are recommended to implement strict controls on model deployments and audit permissions required to deploy a model in tenant projects.The development comes as Mozilla's 0Day Investigative Network (0Din) revealed that it's possible to interact with OpenAI ChatGPT's underlying sandbox environment ("/home/sandbox/.openai_internal/") via prompts, granting the ability to upload and execute Python scripts, move files, and even download the LLM's playbook.That said, it's worth noting that OpenAI considers such interactions as intentional or expected behavior, given that the code execution takes place within the confines of the sandbox and is unlikely to spill out."For anyone eager to explore OpenAI's ChatGPT sandbox, it's crucial to understand that most activities within this containerized environment are intended features rather than security gaps," security researcher Marco Figueroa said."Extracting knowledge, uploading files, running bash commands or executing python code within the sandbox are all fair game, as long as they don't cross the invisible lines of the container."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

With uncertainty about how a new Trump Administration will handle the $52.7 billion program, the outgoing administration is under pressure to make good on one of its signature legislative wins.

John Edwards, Technology Journalist & AuthorNovember 15, 20245 Min ReadSasin Paraksa via Alamy Stock PhotoIn their never-ending quest to improve efficiency and productivity, a rapidly growing number of enterprises are currently building, or planning to build, augmented-connected workforces. An augmented-connected workforce allows humans and machines to work together in close partnership. The goal is people and devices functioning more productively and efficiently than when working in isolation.An augmented-connected workforce can be defined as a tech-enabled workforce of humans that have access to next-generation technologies, such as AI, IoT, and smart devices, to do their day-to-day jobs, says Tim Gaus, a principal and smart manufacturing business leader with Deloitte Consulting, in an online interview. "These technologies add a level of intelligence and efficiency for employees by providing skills that humans dont possess while allowing workers to focus on higher level, strategic work." In general, augmented-connected workforces allow for a more dynamic, connected work environment that prepares human team members to work seamlessly with high technology devices.Building the CaseToday's workforce is moving rapidly toward an integrated, interconnected ecosystem of workers and technology. "By evolving our mindset on what a workforce is, it becomes clear that an augmented-connected workforce provides the most potential," Gaus says.Related:An augmented-connected workforce's benefits vary significantly depending on the type of augmentation being applied, says Melissa Korzun, vice president of customer experience operations at technology services firm Kantata. On the whole, however, it can reduce errors, decrease costs, improve quality, and even contribute to safer working conditions in manufacturing sectors, she notes in an email interview.Other potential benefits include faster training and upskilling, improved safety, enhanced efficiency, and better cost management. "In manufacturing, for example, as businesses look to expand production capabilities, using innovative tools designed for workers can help streamline processes, leading to faster time-to-market," Gaus explains.Korzun notes that in the business sector an augmented-connected workforce promises to build significant administrative efficiency. It can, for example, reduce the time needed to process large volumes of information while creating the ability to summarize unstructured data sets. Companies that take advantage of these new assistive capabilities will benefit from improved productivity, increased quality, and less burnout in their workforce, she says.Related:As organizations continue to scale their augmented-connected workforces, additional benefits are likely to emerge. "Life sciences, for example, has seen a huge benefit in leveraging computers to expedite data analysis and then pairing humans to use these discoveries to create new therapies for diseases," Gaus says. He expects that many other discoveries will emerge across industries over time, leading to innovations as well as new opportunities to engage customers.Virtual AssistanceAn augmented workforce can work faster and more efficiently thanks to seamless access to real-time diagnostics and analytics, as well as live remote assistance, observes Peter Zornio, CTO at Emerson, an automation technology vendor serving critical industries. "An augmented-connected workforce institutionalizes best practices across the enterprise and sustains the value it delivers to operational and business performance regardless of workforce size or travel restrictions," he says in an email interview.An augmented-connected workforce can also help fill some of the gaps many manufacturers currently face, Gaus says. "There are many jobs unfilled because workers aren't attracted to manufacturing, or lack the technological skills needed to fill them," he explains.Related:Building a PlanTo keep pace with competitors, businesses should develop a comprehensive strategy for utilizing new technologies, including establishing a cross-functional team that's dedicated to identifying critical areas where technology augmentation can help solve core business challenges, Korzun says. "There are lots of shiny objects out there to chase right now -- focus on applying new tech capabilities to your most critical business issues." To assist with planning, she advises IT leaders to talk with their vendors about their current augmented-connected workforce technologies and their roadmaps for the future.For enterprises that have already invested in advanced digital technologies, the path leading to an augmented-connected workforce is already underway. The next step is ensuring a holistic approach when looking at tangible ways to achieve such a workforce. "Look at the tools your organization is already using -- AI, AR, VR, and so on -- and think about how you can scale them or connect them with your human talent," Gaus says. Yet advanced technologies alone aren't enough to guarantee long-term success. "Innovative tools are the starting point, but finding ways to make human operations more efficient will lead to true impact."Final ThoughtsWhile many enterprises have already begun integrating emerging technologies into routine tasks, innovation alone without considering the role humans will play within the new model can lead to slower progress in an augmented-connected model, Gaus warns. "Humans are much more likely to engage with and utilize technology they understand and trust." The other piece of the puzzle is ensuring that workers are appropriately skilled in the new technologies entering the business.Businesses must continue to embrace technology and digital transformation in order to build the most dynamic workforce possible, Gaus states. "Doing so will maximize their technology investment and create a more connected, reliable workforce."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

You know what they say about making a good first impression. For a movie, that first impression usually comes in the form of a title, which can immediately entice or immediately turn off a potential viewer. DoesBack to the Future become a defining movie of the 80s with its first title,Space Man From Pluto? I guess its possible, but I doubt it.Today were looking at great movie titles and specifically, great titles for movie sequels. As with sequels themselves, sequel titles cango one of two ways: Obvious and low-effort (think of any sequel with the number2at the end of the title) or inventive and original. Below, Ive picked 25 sequel titlesthat emphaticallybelong tothe latter category.Theyre ranked in ascending order, with the #25 as the least impressive and #1 claiming the title of the greatest sequel title ever. (Yes, a title for titles.) Butthis is all subjective. You might think #18 is the best title on the list. (Its certainly a very good choice.) You might wonder why your favorite got left off entirely. (Im sorry,Live Free or Die Hard! You just missed the cut.) Again, this is just one mans list, and there are a lot of good sequel titles out there. (There are also a lot ofbad sequel titles out there as you can see on ourprevious list of the dumbest sequel subtitles in history.)Without any additional rambling, and with a tip of the cap to the space man from Pluto, here are my picks for the best sequel titles...The 25 Best Sequel TitlesThese sequels all share one thing in common: They all have really good titles.READ MORE: 20 Sequels That You Forgot ExistedThe Least Likely Sequels That Actually HappenedWe cannot believe these sequels exist.

Friday Night Lights may be returning to television.The beloved show never quite a smash on broadcast TV but one of the bigger cult hits of the last 25 years is reportedly under development once again, with Universal looking to make a new version of the series, which focused on the ups and downs of the players and coaches of a Texas high school football team.According toThe Hollywood Reporter, two of thee original shows executive producers showrunner Jason Katims and Brian Grazer of Imagine Entertainment are involved in the new version. Sources say the reboot would focus on new characters rather than returning to Kyle Chandler- and Connie Britton-led cast of the original.Friday Night Lights Movie Dead Peter BergNBCloading...READ MORE: Shocking TV Twists That Fans Actually PredictedFriday Night Lightsbegan as a non-fiction book by H.G. Bissinger about a real high school football program in Texas. It was then adapted into a short-lived TV show (calledAgainst the Grain, starring a young Ben Affleck) and then into a successful film, directed by Peter Berg, starring Billy Bob Thornton as the teams coach.Berg then developed the material again, this time for television, with Kyle Chandler playing the role of inspirational coach, Eric Taylor. (His famous catchphrase: Clear eyes, full hearts, cant lose.) This version ofFriday Night Lights aired for five seasons on NBC and DirecTV in the late 2000s and early 2010s. The series never topped ratings charts, but it wonseveral awards, and routinely appeared on lists of the best TV shows of the era. It also launched numerous careers; its young ensemble cast included Taylor Kitsch, Jesse Plemmons, Zach Gilford, Minka Kelly, Adrianne Palicki and, in later years, Michael B. Jordan and Jurnee Smollett.Football is possibly even more popular now than it was when Bissinger wrote his book; football ratings on TV are just about the only thing that continues to draw huge mass audiences these days. So the impulse tobring back a beloved football show makes a lot of sense, even if the show was never hugely popular the first time around.Get our free mobile app10 TV Shows People Love That Are Actually BadSometimes we have to admit to ourselves that our faves are not that great.Filed Under: Friday Night Lights, Peter BergCategories: TV News

About SyncWithSyncWith is a small, passionate, engineering-led company on a mission to simplify data access for marketers, product managers and business owners everywhere. We help teams connect their data with tools they already know, like Google Sheets and Looker Studio, giving them the power to see all their key metrics in one place. Since our start in 2020, over 1,500 marketing teams have chosen SyncWith to keep their data accessible and actionable. We're growing fast, profitable and looking for talented people who love building software that makes an impact.The RoleWere looking for a Senior Full Stack Engineer who thrives on crafting intuitive web experiences and wants to take on a lead role in building out our user-facing products. Youll be hands-on, working across our stack (Typescript, Node, Remix, React, Tailwind) to bring features from idea to launch. If youre someone who enjoys the challenge of creating great software without red tape, values clear communication and wants to work directly with a small, tight-knit team, this might be the perfect fit.What Youll DoLead Development: Take charge of our web applications, driving new features and improvements that make a real difference to our users.Full Stack Ownership: Youll work across front-end and back-end, taking responsibility for delivering features that meet user needs from start to finish.Impactful Engineering: Ship code thats maintainable, well-tested, and loved by users, adapting based on feedback from analytics and real-world use.Develop Features to Grow User Base: Engage users by developing and iterating on new features, running experiments to drive success.Data Processing Optimization: Improve and scale our data processing infrastructure to enhance speed, cost-efficiency, and robustness.Collaborative Culture: Youll work closely with the founders and the team, contributing to the companys growth with your ideas and skills.About YouExperienced and Efficient: Youre a senior engineer whos shipped robust, maintainable software in fast-paced environments.UI/UX Enthusiast: You appreciate good design and know how to build intuitive, user-friendly interfaces that look great and perform well.Problem Solver: Youre a skilled debugger with a knack for diving deep to identify and resolve root causes of issues.Clear Communicator: You can articulate complex ideas clearly, debate solutions constructively, and collaborate effectively with teammates.Self-Starter: You take ownership of your work, enjoy working autonomously and get excited about seeing your code in the hands of users.Passionate Builder: You care deeply about building software that makes an impact.Relevant Bachelors Degree: You hold a degree in computer science, computer engineering or related field.Our Tech StackFrontend: Remix, React, Typescript, Tailwind, FigmaBackend: Node/Express, TypescriptData: Postgres for primary storage, SQLite for aggregationHosting: Render.com, AWS, and GCPTools: Amplitude Analytics, Sentry, Linear, Slack, GitHubAPIs: Integrations with platforms like Facebook Ads, Google Analytics, and ShopifyWhy SyncWith?Competitive Compensation: $175,000 - $200,000 CAD per year, plus options, a health spending account and 4 weeks of vacation.Flexible Work Environment: Work fully remotely within PST/EST time zones, enjoying flexible hours, minimal meetings and plenty of autonomy to focus on meaningful work.Impact-Driven Culture: Be part of a small, dynamic team where your work directly impacts our users and the company's success.Growth Opportunities: Collaborate closely with founders, contribute to the company's direction and shape a product that helps teams harness the power of their data.Autonomy and Efficiency: We value end-to-end ownership, efficiency and meaningful contributions without the red tape.What's Next?Excited to build impactful solutions with a passionate team? Wed love to hear from you! Apply using the link below.Our Streamlined Interview ProcessHeres what you can expect as we get to know you better:Application Submission: Start by completing the application form to share an overview of your experience and skills.Video Submission: Record a brief 1-2 minute video introducing yourself, your background and why youre excited about joining SyncWith.Phone Screen: Join us for a quick 15-minute chat to explore your fit for the role and learn more about your goals.Final Interview: Engage in a deeper conversation with our founder to discuss your experience and technical skills.Were excited to meet you and explore how you can make an impact at SyncWith!

As an ML Engineer at Greenscreens.ai, you will play a crucial role in advancing logistics technology by developing and optimizing ML models that address new business challenges. You will be responsible for ensuring the efficiency and accuracy of our deployed models, scaling their performance, and automating ML pipelines. Your work will involve building and managing the infrastructure for training models, conducting research, and applying findings directly to improve client solutions. Additionally, you will enhance our predictive models, explore new features to refine predictions, and integrate complex business logic into our processes. Your contributions will shape the future of our ML-based solutions and drive innovation in the logistics industry.ResponsibilitiesResearch and identify new business features to enhance prediction accuracyEnhance Rate Engine through algorithm manipulation, feature experimentation, and research to optimize data filtering and predictive model quality.Monitor and maintain deployed ML models, ensuring accuracy and efficiencyAutomate ML pipelines and manage the entire model lifecycle.Develop complex business logic in Python to integrate models into a company's processes.Scale and optimize the performance of existing models (RPS, memory consumption)The primary focus of your work will be on tabular dataRequirements3+ years of experience as a Data Scientist, ML Engineer, or in a similar role.Python, SQL,GitNeural networks, time series, gradient boosting, and random forest.Linear algebra, probability, statistics, optimizationUpper-intermediate English and Russian proficiency for effective communication in the teams.Advanced proficiency in both Russian and English is requiredno exceptions.Desirable Technical skillsUnit testingAWS S3, Docker, KubernetesExperience in logisticsActive engagement with industry articles and research papersParticipation in competitions (e.g., Kaggle)Hyperparameter tuning methodsAnomaly detectionQualificationsBachelor's or Master's degree in Computer Science, Engineering, Mathematics, or a related field.BenefitsRemote Work: Ability to work from anywhere in the world or in our office in Vilnius. However, please note that there are restrictions on working from Russia and Belarus.Options Program: Participate in our options program, allowing you to share in the growth and success of our startup.Annual private health insurance allowancePTO: Up to four weeks of fully paid leave per calendar year Related Jobs See more All Other Remote jobs

La stratgie perturbante des lunettes de Meta

Coding Will NEVER Be The Same - Insane New AI Code Editor

Tutorial: F-string debugging