SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Stormcast Tuesday Feb 19th: ModelScan AI Model Security; OpenSSH Vuln; Juniper Patches; Dell BIOS Vulnerability
Feb 19, 2025
Discover how ModelScan combats deserialization attacks on AI models, ensuring safety against malicious code. Learn about critical vulnerabilities in OpenSSH that could lead to server impersonation, emphasizing the importance of timely updates. Juniper fixes significant authentication bypass issues, while Dell addresses privilege escalation in BIOS across its product line. Each topic highlights the ongoing battle to secure our digital landscape.
06:55
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- ModelScan effectively mitigates risks associated with machine learning model serialization attacks by detecting malicious code that could execute harmful commands.
- Recent vulnerabilities in OpenSSH highlight critical server security concerns that require timely updates to prevent potential impersonation attacks and denial of service issues.
Deep dives
Risks of Malicious Machine Learning Models
Downloading machine learning models, particularly from sites like HackingFace, poses significant risks due to the nature of pickle files, which execute Python code during instantiation. This execution can allow malicious code to run on the system, potentially leading to harmful actions such as executing operating system commands. To mitigate these risks, a tool called ModelScan has been introduced, which scans machine learning models for any suspicious code. The tool demonstrated its effectiveness by identifying malicious code that could execute harmful commands, highlighting ongoing challenges between defenders and attackers as they adapt their techniques.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
