Jira Vulnerability and AI poisoning
CyberInsights #41
Jira Authentication Bypass
A bug has been discovered in the near ubiquitous Jira software.
It has a CVSS score of 9.9 according to The Hacker News. The NVD site, however, says that the vulnerability is awaiting analysis.
Of course, you might want to do your own scoring. CVSS scores are organisation dependent. There is no one-score-to-rule-them-all.
Take Action:
If you are using self hosted Jira, update them. If you are using cloud versions, you might be safe, but it is a good idea to check with the vendor anyway.
Useful? CyberInsights is a weekly post about two new items in cybersecurity which helps the cybersecurity professional think. Subscribe to it here.
Is your AI poisoned?
AI poisoning is an interesting new attack vector.
According to this article by Bloomberg, AI poisoning can be achieved by just 0.7 of poisoned training data. This means you only need 7 poisoned entries in a 1000 data points to poison the AI.
When creating an AI, developers tend to use something known as ‘public datasets’, to see how the algorithm they built performs. The most popular among them, the Iris dataset, which has been used by statisticians even before AI / ML has about 150 data elements. You see the risk?
Take Action:
If your firm is doing work related to AL / ML, review how the training dataset is obtained and how the integrity of the dataset is ensured. If your team is using a public dataset, you have to consider the risks associated with that.
Know someone who would find this useful? Share this post here: