Critical Nvidia Container Flaw Exposes Cloud AI Systems to Host Takeover

September 26, 2024 at 01:12PM Nvidia’s Container Toolkit is vulnerable to a TOCTOU flaw (CVE-2024-0132) that could allow attackers to escape containers and take control of the host system, exposing cloud environments to code execution and data tampering. The flaw affects over 35% of cloud environments using Nvidia GPUs, posing a significant threat to AI … Read more

Time to Secure Cloud-Native Apps Is Now

January 24, 2024 at 08:30AM Cloud-native applications and APIs have led to numerous data breaches, including with TeslaMate and Sumo Logic. Such incidents emphasize the need for organizations to prioritize cybersecurity basics, manage security tools, and address misconfigurations and credential misuse. Despite security challenges, the benefits of cloud-native environments are leading enterprises to embrace them, … Read more

‘CacheWarp’ AMD VM Bug Opens the Door to Privilege Escalation

November 16, 2023 at 04:02PM Researchers have discovered a vulnerability in AMD CPUs that can be exploited to undermine memory protections in cloud environments. Known as CacheWarp, this vulnerability impacts first- through third-generation EPYC processors. Attackers can use the vulnerability to gain unauthorized access and perform privilege escalation. AMD has released a microcode patch for … Read more