Google fixed a vulnerability in Cloud Composer 2 that could have led to privilege escalation through exploitation of the default Cloud Build service account, Tenable researchers reported Tuesday.Cloud Composer is an Apache Airflow-based fully managed workflow orchestration service within the Google Cloud Platform that can be used to create, schedule and monitor data pipelines.Cloud Composer … Read more
By Jim Alcove The rise of AI co-pilots is exposing a critical security gap: sensitive data sprawl and excessive access permissions. Related: Weaponizing Microsoft’s co-pilot Until now, lackluster enterprise search capabilities kept many security risks in check—employees simply couldn’t find much of the data they were authorized to access. But Microsoft Copilot changes the game, … Read more
Nov 15, 2024Ravie LakshmananArtificial Intelligence / Vulnerability Cybersecurity researchers have disclosed two security flaws in Google’s Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. “By exploiting custom job permissions, we were able to escalate our privileges and gain unauthorized access to … Read more