Cybersecurity risks increased due to wrongly configured Kubeflow workloads

19
Cybersecurity risks increased due to wrongly configured Kubeflow workloads

Kubeflow is a new machine learning (ML) toolkit for Kubernetes that has been targeted by new attack vectors. It was discovered by Microsoft’s Azure Security Center. In April, a single public repository has distributed a dubious Kubeflow image to thousands of clusters. Researchers have stated that the image uses open-source crypto jacking malware.

Organizations should be careful of users/clusters access to registries that they download from.

Source: Securitymagazine