"Data Scientists, Watch Out: Attackers Have Your Number"

According to an advisory recently published by the cloud-protection firm Aqua Security, attackers are scanning for data-science applications such as Jupyter Notebook and JupyterLab, along with cloud servers and containers for misconfigurations. Aqua Security's researchers say the two popular data-science applications have a small fraction of misconfigured instances that could be exploited by attackers to access the servers without a password. The company also detected in-the-wild attacks attempting to install cryptomining tools and ransomware onto accessible software instances. Assaf Morag, the lead data analyst with Aqua Security, stresses that the targeting of data-science environments is concerning as the researchers who set up those environments are often found to be significantly uninformed about cybersecurity. This article continues to discuss the exploitation of popular data-science tools' vulnerabilities and misconfigurations by threat actors. 

Dark Reading reports "Data Scientists, Watch Out: Attackers Have Your Number"