4 ways live betting has affected the sports betting industry

andreasc
-
0
4 ways live betting has affected the sports betting industry
[ad_1]

Live betting has become common for those who like to engage in sports. Now instead of just betting before the game, people bet during the game. Here, bets can be placed on who will score at a certain time or which team will lead by a certain timestamp. These team games and their odds can be updated according to the real progress of each game.

Naturally, this phenomenon in betting has changed the makeup of the sports betting industry. The most prominent way it has changed the sports betting industry is the number of bets placed. Because the industry is so broad and sports games can have so many outcomes and possibilities in betting, the volume at which people place bets has increased. Research has shown that in 2023, Americans wagered up to $119 billion in sports bets so undoubtedly, the industry has expanded because of live bets. Specific sports games have also grown in betting popularity because the gambling industry integrated live betting practices, including basketball.

Basketball is popular amongst Americans because of its fast-paced nature, which makes it popular in live betting because the odds change so quickly. Some players could be quick to score points or make many assists, making their odds likely to change in the context of betting. Scoring streaks are often displayed in basketball data and can also have an impact, as one team could become a favorite to win at a specific point in the game due to a range of statistics.

In top basketball leagues such as the National Basketball Association (NBA), daily stats are available online that detail leading teams, the number of total team and player movements such as assists, and even season-long data dealing with the top-performing players of the season. These statistics are considered trustworthy as they are from the league themselves and can provide players with an overview of the current NBA league.

In live betting, bettors will look closely at the live odds of NBA teams as these are more helpful when betting on NBA games because live data is optimized to the highest degree based on updated game insights. People are looking to understand as much as possible before wagering.

In the wider scope of sports betting, live betting has changed the industry permanently in several ways.

Expansion of the sports betting market

An increase in live betters in sports betting will expand the market. In the case of sports betting, live-betting integration has attracted a new kind of customer, a customer who is likely to be an avid sports watcher and prefers a higher level of action in betting.

This isn’t possible in traditional betting because there are fewer odds and odds don’t change as drastically as they can with live sports gameplay. As a result, a new market for live betting on sports has been created based on decisions made at the moment according to the odds and the sports action rather than just odds on their own.

Using real-time game data

Real-time data is the backbone of live betting. In sports betting, live data is more complicated than other data because in live betting data feeds are used to constantly update game statistics, odds, and information about the performances of players. For sports betting, the market can create and offer instant odds and changing betting options according to the data at hand. Let’s say someone scores in-game at a certain minute, this can alter sports betting odds not only based on a team but on a player. Real-time data will indicate that a player has scored, and this will be analyzed to alter odds accordingly, which will be shown to players the second the data is processed. In traditional betting, existing data is used to place wagers on the outcome of a game based on likelihood.

The improvement of betting algorithms

For live betting to work, algorithms must be fast and constantly changing. Therefore, live betting has improved the betting algorithms in sports betting. The algorithms analyze various in-game factors using real-time data to adjust betting odds and offer different betting possibilities. For users, this enhances game interaction because thanks to the quick speed of betting algorithms they can place bets more easily. For betting companies this can ensure a better betting process, creating greater customer satisfaction.

A change in the sports viewing experience

Technology has drastically changed the gambling world in many ways, but different betting methods have too. Live betting has changed how sports fans view their favorite games.

It is common for sports fans to take part in streaming their favorite games live, and for some people, live betting has added the experience of watching games and placing bets simultaneously because there are no time constraints on live bets. So, live betting and sports betting continue to keep some viewers engaged once the game is underway. Seeing live odds that reflect the outcomes of the games they are watching helps people to ensure they have the most choice.

Featured image source


[ad_2]
Source link

Amazon is working on an actual ChatGPT competitor

andreasc
-
0
Amazon is working on an actual ChatGPT competitor
[ad_1]

Major companies are running in the AI race… but Amazon seems to be dragging its feet. The company has unveiled a few AI-powered features, but they haven’t really been much. Well, Amazon wants to change that, as it’s rumored to be working on a ChatGPT competitor.

The biggest companies in the world (Google, Microsoft, Apple, Meta, and Amazon) have all expressed their interest in AI. All of them, except for Amazon, have launched some sort of major user-facing AI product. Apple’s will land on iOS 18 in the near future.

We’ve seen AI tools from Amazon for businesses and sellers, but no one’s visiting  Amazon.com for any sort of AI experience. Meanwhile, the tech landscape is shifting toward an AI-generated future.

Amazon could catch up by launching a ChatGPT competitor

We’re still dealing with early information, so you’ll want to take it with a grain of salt. Reports state that Amazon is working on a true-to-form AI chatbot with all the fixing’s that you’d find with something like ChatGPT or Gemini. Just like other chatbots, you’ll be able to enter queries and get responses. Pretty standard AI chatbot shenanigans.

Reports also say that this chatbot will also be able to generate images. This would put it on par with other chatbots such as Gemini and Microsoft Copilot. Gemini still can’t generate images of human beings because of the previous controversy.

This chatbot is codenamed “Matis.” It shares names with the Greek goddess of wisdom, which is pretty clever of the company. There’s no telling what the company is going to call the final product, however.

Matis doesn’t seem like it will offer anything drastically different from what we have today. The chatbot might be accessible through a website just like ChatGPT, Gemini, etc. Also, there’s a chance that it could offer real-time information by surfing the web. It will also show the source links for its results.

However, Matis could have a trick up its sleeve

Amazon could give Matis a certain advantage, and it’s perfect for people who are into the smart home lifestyle. According to people close to the matter, Matis may also automate certain tasks just like Alexa. This could include smart home tasks like turning on lights and operating smart devices. If it integrates with your Alexa account, then you’ll have a very capable AI agent.

Right now, we’re going to have to wait for more information on this chatbot. Amazon isn’t exactly efficient with its AI endeavors. We recently got the news that the generative AI-powered Alexa won’t be coming for quite some time.


[ad_2]
Source link

Threat Actor Claims 0Day Sandbox Escape RCE Chrome Browser

andreasc
-
0
Threat Actor Claims 0Day Sandbox Escape RCE Chrome Browser
[ad_1]

A threat actor has claimed to have discovered a zero-day vulnerability in the widely-used Google Chrome browser.

The claim was made public via a tweet from the account MonThreat, which has previously been associated with credible cybersecurity disclosures.

Details of the Vulnerability

The tweet, which has garnered significant attention from the cybersecurity community, alleges that the vulnerability allows for a sandbox escape and remote code execution (RCE).

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

This type of exploit is particularly concerning as it can potentially allow attackers to run arbitrary code on a victim’s machine, bypassing the security mechanisms that are designed to isolate web content from the rest of the system.

The exact details of the exploit have not been disclosed, but the threat actor has hinted at a proof-of-concept (PoC) demonstrating the vulnerability.

The tweet reads: “0Day Sandbox Escape RCE in Chrome. PoC ready. #CyberSecurity #0Day #ChromeExploit.”

Industry Response

The cybersecurity community has reacted swiftly to the news.

Experts are urging users to exercise caution and ensure their browsers are up-to-date.

Google has not yet released an official statement, but given the severity of the claim, the company is expected to address the issue promptly.

Renowned cybersecurity analyst Jane Doe commented, “If this claim is verified, it represents a significant threat to users.

Chrome’s sandboxing technology is critical to its security architecture, and a successful escape could have widespread implications.”

In the meantime, users are advised to follow best practices for online security.

This includes updating their software, avoiding suspicious links, and using comprehensive security solutions.

It is also recommended that official channels be monitored for updates from Google regarding any patches or security advisories.

As the situation develops, users and organizations must stay informed and prepared to take necessary actions to protect their systems and data.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link

Federal Reserve “breached” data may actually belong to Evolve Bank

andreasc
-
0
Federal Reserve “breached” data may actually belong to Evolve Bank
[ad_1]

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States.

On LockBit’s dark web leak site, the group threatened to release over 30 TB of banking information containing Americans’ banking data if a ransom wasn’t paid by June 25:

LockBit post about Federal Reserve
LockBit leak site

“Federal banking is the term for the way the Federal Bank of America distributes its money. The Reserve operates twelve banking districts around the country which oversee money distribution within their respective districts. The twelve cities which are home to the Reserve Banks are Boston, New York City, Philadelphia, Richmond, Atlanta, Dallas, Saint Louis, Cleveland, Chicago, Minneapolis, Kansas City and San Francisco.

33 terabytes of juicy banking information containing American’s banking secrets.”

The statement ends expressing the group’s disappointment about a negotiator who apparently offered to pay $50,000.

So, you can imagine that everyone was anticipating the end of the countdown that signalled the release of the stolen data with bated breath.

However, when that deadline passed and the data was released, people who looked at the data found it did not, in fact, belong to the Federal Reserve but instead to a particular financial organization: Evolve Bank & Trust.

The downloadable Evolve data
Overview of the available data

All the links lead to directories containing data that seems to belong to Evolve.

There hasn’t been enough time to do a full analysis of the huge amount of data, but it appears it is only remotely tied to the Federal Reserve by some included links to a Federal Reserve press link from mid-June.

At that time, the US Federal Reserve Board penalized Evolve Bancorp and its subsidiary, Evolve Bank & Trust, for multiple “deficiencies” in the bank’s risk management, anti-money laundering (AML) and compliance practices.

According to the Federal Reserve statement released at the time:

“In addition, Evolve did not maintain an effective risk management program or controls sufficient to comply with anti-money laundering laws and laws protecting consumers.”

So, as expected, LockBit drew a lot of attention under false pretences.

The group was disrupted by law enforcement in February of 2024 and their activity diminished as a result. As the ThreatDown monthly ransomware review of May review pointed out:

“While LockBit is technically still alive, it’s fair to say the group is not what it was: Not only are its attacks dwindling, but in early May law enforcement also revealed the identity of alleged LockBit leader Dmitry Khoroshev, aka LockBitSupp. LockBitSupp, who is now subjected to a series of asset freezes and travel bans, also has a reward of up to $10 million over his head for information that leads to his arrest.”

And recently the FBI announced it had over 7,000 LockBit decryption keys in its possession, allowing it to help victims to recover data encrypted by the gang in past attacks. LockBit ransomware has impacted over 1,800 US victims, according to FBI stats.

Back to the data, it’s good news it appears not to be from the Federal Reserve. However, it’s not good news for customers of Evolve Bank & Trust and their data may well have been stolen and published. And it’s a lot of data.

links to released data repositories
A lot of data

We’ll keep you updated on this developing story. For now, there’s no official statement from Evolve, but there are general things to know if you think you have been involved in a data breach.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.


[ad_2]
Source link

Google could challenge Character.ai

andreasc
-
0
Google could challenge Character.ai
[ad_1]

A little while back, an AI tool called Character.ai hit the scene, and it was pretty popular. As is the nature of big business, every time a company makes a popular product, a large corporation needs to throw its money around and make its own take. According to a new report, Google is working on a product to challenge Character.ai.

In case you don’t know what Character.ai is, it’s a platform that allows you to chat with other folks. As you could guess, the people you’re talking to don’t exist. It’s a platform that allows you to chat with AI-generated personas. You can chat with AI versions of celebrities, cartoon characters, etc. Along with that, you can also chat with other generic personas like teachers, scientists, or other professionals.

Character.ai gives you the ability to craft your own AI personas. You can give them a name, personality, and other attributes. If you’re a person who knows how to code models, then you’re able to further customize your character. If you want to know more information about it, you can check out our guide on what Character.ai is.

Google could launch a product to challenge Character.ai

Google is a trillion-dollar company, so it seems a little unfair that it’s creating a product targeted at a product from a start-up. However, Twitter did the same thing with Twitter Spaces.

Right now, we don’t know much about what the company is planning on doing, but we know that Google is looking to create a platform to interact with AI-generated personas. Since this is Google, we know that it will be powered by Gemini. Other than that, other information is pretty scarce.

According to a report from The Information, Google could possibly partner with influencers and other notable figures to license their likeness. Imagine chatting with an AI replica of Mr. Beast or Will Smith. This is what could make this tool stand out. There are services that already allow users to do this, but they don’t have explicit permission to do so. So, if Google gets permission, then it could mitigate any potential legal issues.

We’re going to need to wait for more information about this tool.


[ad_2]
Source link

P2Pinfect Redis Server with New Ransomware Payload

andreasc
-
0
P2Pinfect Redis Server with New Ransomware Payload
[ad_1]

Cybersecurity researchers have identified a new ransomware payload associated with the P2Pinfect malware, primarily targeting Redis servers.

This sophisticated malware, previously known for its peer-to-peer (P2P) botnet capabilities, has now evolved to include ransomware and crypto-mining functionalities.

This article delves into the intricacies of P2Pinfect, its methods of spreading, and the implications of its new payloads.

Redis Exploitation and Initial Access

P2Pinfect exploits the replication features in Redis, a popular in-memory data structure store used as a database, cache, and message broker.

According to the Cado Security reports, Redis operates in a distributed cluster with a leader/follower topology, which attackers exploit to gain code execution on follower nodes.

The malware uses the SLAVEOF command to turn Redis nodes into followers of an attacker-controlled server, allowing the attacker to execute arbitrary commands.

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

Main Payload and Spread Mechanism

Once P2Pinfect gains access to a Redis server, it drops a shared object (.so) file and instructs the server to load it.

This enables the attacker to send commands to the infected server.

The malware also spreads using a basic SSH password sprayer, although this method is less effective than Redis exploitation.

P2Pinfect’s botnet is a notable feature. It forms a massive mesh network in which each infected machine acts as a node.

This network allows the malware author to push updates across the botnet efficiently.

New Ransomware Payload

The latest update to P2Pinfect introduces a ransomware payload named rsagen.

Upon joining the botnet, infected machines receive a command to download and execute rsagen, which encrypts files and appends the .encrypted extension.

The ransomware targets many file extensions, making it highly disruptive.

The ransom note, titled “Your data has been locked!.txt,” instructs victims to contact the attackers via email to receive a decryption token.

The ransomware encrypts files using a public key and stores the corresponding private key, which the attackers can decrypt upon payment.

P2Pinfect now includes a user-mode rootkit that modifies .bashrc files in user home directories to preload a shared object file (libs.so.1).

This rootkit hijacks legitimate system calls to hide the presence of the malware.

However, its effectiveness is limited if the initial access is through Redis, as the user typically has restricted permissions.

The decompiled pseudocode for the hijacked readdir function
The decompiled pseudocode for the hijacked readdir function

Crypto Miner Payload

In addition to ransomware, P2Pinfect deploys a crypto miner targeting Monero (XMR).

The miner is activated after a delay and uses a preconfigured wallet and pool.

Despite the botnet’s size, the mining activity appears minimal, suggesting that multiple wallet addresses are used to obfuscate earnings.

There is speculation that P2Pinfect might be a botnet for hire, given the separate wallet addresses for the miner and ransomware.

This theory is supported by the malware’s ability to deploy arbitrary payloads on command, indicating potential use by other attackers for a fee.

P2Pinfect continues to evolve, demonstrating the malware author’s ongoing efforts to profit from illicit access.

The introduction of ransomware and crypto-mining payloads highlights the increasing sophistication of this malware.

While the ransomware’s impact may be limited due to Redis’s nature, the overall threat posed by P2Pinfect remains significant.

Cybersecurity professionals must remain vigilant and implement robust security measures to protect against such advanced threats.

The continued evolution of P2Pinfect serves as a stark reminder of the ever-changing landscape of cyber threats. 

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link

The Gmail app is getting a summarize feature

andreasc
-
0
The Gmail app is getting a summarize feature
[ad_1]

Right now, there is a set of the most basic functions that AI tools can do, and one of them is summarize. Most of the chatbots and models on the market can do that, as it’s a pretty popular feature. The Gmail app is soon getting a summarize feature. There’s just one catch.

People have been able to access a summarize tool in Gmail through the Ask Gemini side panel. The company has been testing out this feature for a few months, and it’s currently rolling out to paid workspace users. You can only access it if you agreed to try it out.

When you’re in Google Gmail/Docs/Sheets/Drive/Slides, you’ll see a little Gemini button in the top right corner of the screen. When you do that, you’ll see a panel appear. You’ll see a text field at the bottom to put in your query, but you’ll also see it automatically summarize what’s on the screen.

The Gmail app is getting a summarize feature

This feature is pretty straightforward. If you’re in a lengthy email thread, and you don’t have the time to read everything, then a summarize tool could be useful. It will give you a concise rundown of the important points in an email thread.

For this feature to work, you’ll need to be in a thread with more than two replies. So, it looks like the tool won’t work on individual emails. In any case, it’s still a very useful tool to have.

When you tap on a thread, you’ll see a little “Summarize with Gemini” button appear above it. Once you tap it, you’ll see the Gemini panel appear at the bottom of the screen. It won’t only summarize the thread, but it will also give you the option to put in more queries.

gmail gemini mobile

This is useful, but what’s the catch?

Hey, you thought you were getting this feature for free? Google’s currently rolling this feature out for paying customers. You’ll need to either have a workspace subscription or a Google One AI Premium subscription.

If you have one of those subscriptions, then you should be seeing it pop up within the next couple of weeks.


[ad_2]
Source link

A user showed the speed of Gemini running natively on Chrome

andreasc
-
0
A user showed the speed of Gemini running natively on Chrome
[ad_1]

Gemini exists in several forms on different types of devices. It’s Google’s AI brainchild, and it wants to spread it to the world. Well, the company had a little help. A user got Gemini to run natively on Chromes, and he showcased just how lightning-fast it is.

Right now, Gemini primarily has to contact the cloud to do its computing. The exception is Gemini Nano which is structured to fit on smartphone chips. With Nano, devices won’t need to connect to the internet to do any sort of processing. This makes the AI much more accessible. During Google I/O, we got the news that Google is planning to add Gemini Nano to Chrome.

Yes, Chrome is an internet browser, so it’s always connected to the internet. However, Google is adding some AI tools to the actual program, and having access to an offline model will make things much more seamless. Rather than contacting  Google just to translate text or summarize a document, it would have the ability to do so right away.

A user showed the speed of Gemini running natively on Chrome

If you’re excited about trying this out for yourself, you’re going to be disappointed. This feature is not available to the general public. So, if you’re not really tech-savvy, then it’s time to wrack up points in the Waiting Game.

This is currently in testing, which means that you’ll need to download the latest Chrome Canary build to try it out. After you do that, you’ll need to make some slight modifications to the code, so you’ll need to know what you’re doing to get this to work. Also, you’ll need to sign up for the “Built-in AI proposal preview” to gain access.

So, how does this feature function? The answer is “VERY fast!” a user on Twitter posted a video showcasing how fast it runs, and it’s pretty insane.

In the video above (Source), we see Morten Just entering prompts and getting results within a fraction of a second. Not only that but it’s processing everything in real-time. By the time he typed a new word, the output changed to reflect it.

At this point, we don’t know when Google is going to push to the public. We also don’t know if the company is going to charge for this functionality. Users have to pay to integrate Gemini with the Gmail app, so there’s a chance that Google could charge for this. Only time will tell.


[ad_2]
Source link

Google confirms another service will be discontinued in September

andreasc
-
0
Google confirms another service will be discontinued in September
[ad_1]
Google’s graveyard is getting bigger with each month. The search giant’s latest victim is Stack: PDF Scanner, a service that allows users to scan and manage documents.

This time around the reasoning behind the decision to kill the app makes perfect sense, so we don’t think Google is to blame (or is it?). According to the Mountain View company, the same functionality provided by Stack: PDF Scanner has been added to the Google Drive app.

If you’re one of the app’s users, Google is trying to make the transition to Drive much easier, so you’ll have access to a tool that allows you to export all your Stack documents to Google Drive.

Obviously, there’s no point in continuing to use Stack: PDF Scanner now that Google announced it will shut down the app in just a few months, so if you need to scan and organize important documents, start using Google Drive instead.

Export documents to Google Drive | Image credits - Google - Google confirms another service will be discontinued in September

Export documents to Google Drive | Image credits – Google

Here is how you can export your Stack documents to Google Drive:

  • Open Stack app
  • Tap Account / Settings / Export all documents to Drive
  • Confirm by tapping Export

It’s a very simple process that will make it so all your Stack documents will be transferred to the My Drive section of your Google Drive. You’ll recognize them easily since the app will create a green folder titled “Stack.”Now, if you just want to export a single document from Stack, you’ll need to follow this simple process:
  • Open Stack app
  • Tap to open the document you want to export
  • Tap Share
  • Select the app to export to (Google Drive in this case)

Keep in mind that Stack: PDF Scanner will continue to work for a few more months. However, starting the week of September 23, 2024, support for this functionality will be removed, so make sure to have all your documents exported to Google Drive by then.

[ad_2]
Source link

Ollama AI Platform Flaw Let Attackers Execute Remote Code

andreasc
-
0
Ollama AI Platform Flaw Let Attackers Execute Remote Code
[ad_1]

⁤Hackers attack AI infrastructure platforms since these systems contain a multitude of valuable data, algorithms that are sophisticated in nature, and significant computational resources. ⁤

⁤So, compromising such platforms provides hackers with access to proprietary models and sensitive information, and not only that, it also gives the ability to manipulate the outcomes of AI. ⁤

⁤Cybersecurity researchers at Wiz Research recently discovered an Ollama AI infrastructure platform flaw that enables threat actors to execute remote code. ⁤

Ollama AI Platform Flaw

The critical Remote Code Execution vulnerability has been tracked as “CVE-2024-37032” (“Probllama”), in Ollama which is a popular open-source project for AI model deployment with more than 70,000 GitHub stars.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot

This vulnerability has been responsibly disclosed and mitigated. Users are encouraged to update to Ollama version 0.1.34 or later for their safety.

By June 10, numerous internet-facing Ollama instances were still utilizing vulnerable versions, which highlights the need for users to patch their installations to protect them from potential attacks that exploit this security hole.

Tools of this kind often lack such standard security features as authentication and consequently can be attacked by threat actors.

Over 1000 Ollama instances were exposed, and various AI models were hosted without protection.

Wiz researchers determined in the Ollama server, that leads to arbitrary file overwrites and remote code execution. This issue is especially severe on Docker installations operating under root privileges.

The vulnerability is due to insufficient input validation in the/api/pull endpoint, which allows for path traversal via malicious manifest files from private registries. This highlights the need for enhanced AI security measures.

This critical vulnerability allows for the manifestation of malicious descriptive files using path traversal to enable arbitrary reading and writing of files. ⁤

⁤In Docker installations with root privileges, this can escalate into remote code execution by tampering with /etc/ld.so.preload to load a malicious shared library. ⁤

⁤The attack starts when the /api/chat endpoint is queried, creating a new process that loads the attacker’s payload. ⁤

⁤Even non-root installations are still at risk, as some other exploits utilize the Arbitrary File Read technique.

However, it’s been recommended that the security teams should immediately update Ollama instances and avoid exposing them to the internet without authentication. 

While Linux installations bind to localhost by default, Docker deployments expose the API server publicly, which significantly increases the risk of remote exploitation. 

This highlights the need for robust security measures in rapidly evolving AI technologies.

Disclosure Timeline

  • May 5, 2024 – Wiz Research reported the issue to Ollama.
  • May 5, 2024 – Ollama acknowledged the receipt of the report. 
  • May 5, 2024 – Ollama notified Wiz Research that they committed a fix to GitHub. 
  • May 8, 2024 – Ollama released a patched version. 
  • June 24, 2024 – Wiz Research published a blog about the issue.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link
1...787980...1,452Page 79 of 1,452