Kumhlaba osoloko uvela wokhuseleko lwe-cybersecurity, kuvela izoyikiso ezitsha ezicela umngeni kwiziseko zethu zedijithali. Olunye uloyiko olunjalo, olubizwa ngokuba nguShadowRay, lufake isithunzi esimnyama kwimibutho exhomekeke kwisakhelo se-AI somthombo ovulekileyo weRay. Eli phulo likhohlisayo lijolise kumngcipheko obalulekileyo (CVE-2023-48022) ngaphakathi kweRay, ibeka umngcipheko omkhulu kumawaka eenkampani kumacandelo awohlukeneyo. Nangona uxhatshazo oluqhubekayo kwiinyanga ezisixhenxe ezidlulileyo, abaphuhlisi emva kukaRay abakanikezeli isiqwenga, beshiya amashishini esengozini yokuxhatshazwa kunye nokuphulwa kwedatha.
Iphulo leShadowRay: Ukusetyenziswa kunye neziphumo
Iphulo le-ShadowRay lixhomekeke ekusebenziseni i-CVE-2023-48022, ubuthathaka obubalulekileyo kunye CVSS inqaku le-9.8, livumela abahlaseli abakude ukuba benze ikhowudi engafanelekanga nge-API yokungeniswa komsebenzi. Esi siphene sijongela phantsi ulawulo loqinisekiso ngaphakathi kwiDashboard kaRay kunye namacandelo oMthengi, ukunika ukufikelela okungagunyaziswanga ukungenisa, ukucima, nokubuyisela imisebenzi, kunye nokwenza imiyalelo ekude.
Imiphumo yoku kuxhaphaza imbi. Abahlaseli baphule ngempumelelo amaqela amaninzi eRay GPU, bebeka esichengeni idatha enovakalelo efana neephasiwedi zedatha yemveliso, izitshixo ze-SSH, iithokheni zokufikelela, kunye nokukwazi ukwenza iimodeli ze-AI. Iiseva ezichaphazelekileyo ziye zaba ziindawo zokuzalana kwabasebenzi basezimayini be-cryptocurrency kunye nezixhobo eziququzelela ukufikelela okuthe gqolo ukude, nto leyo eyenza mandundu imeko yomhlaba.
UbuCwangciso bokuFumana nokuSuswa
Ukubona kunye nokususa i-ShadowRay kunika umngeni omkhulu ngenxa yendalo yayo efihlakeleyo kunye neendlela ezintsonkothileyo zokuphepha. Ngelixa izisombululo ze-antivirus zemveli zinokusokola ukuchonga isoyikiso, kukho amanyathelo aliqela anokuthathwa yimibutho ukunciphisa umngcipheko:
- Uhlolo lweNethiwekhi: Jonga rhoqo imeko yemveliso kunye namaqela e-AI kwizinto ezingaqhelekanga, ngakumbi ngaphakathi kwesakhelo seRay.
- Imithetho yeFirewall kunye namaQela oKhuseleko: Sebenzisa imithetho engqongqo yefirewall okanye amaqela okhuseleko ukuthintela ukufikelela okungagunyaziswanga kumaqela eRay.
- Uluhlu loGunyaziso: Faka isigunyaziso umaleko phezu kwezibuko iRay Dashboard (ehlala ikho: 8265) ukuze uthintele ufikelelo kunye nokuthintela ukungeniswa okungagunyaziswanga.
- IP Ukubophelela: Kuphephe ukubophelela uRay ku-0.0.0.0 ukuze kube lula; endaweni yoko, sebenzisa iidilesi ze-IP ezivela kuthungelwano oluthembekileyo okanye iiVPC/VPNs zabucala.
- Ukuphaphama kunye nokungagqibekanga: Qinisekisa iisetingi ngocoselelo kwaye uphephe ukuthembela kuphela kuhlengahlengiso olungagqibekanga, olunokuthi ngempazamo luveze ubuthathaka.
- Uhlaziyo rhoqo kunye neePatches: Hlala unolwazi malunga nohlaziyo lokhuseleko kunye neepatches ezikhutshwe yi-Anyscale ye-Ray framework. Ngelixa isiqwenga se-CVE-2023-48022 sihlala sinqabile, ukukhutshwa kwexesha elizayo kunokulungisa obu buthathaka bubalulekileyo.
- Fundisa Abasebenzi: Qeqesha abasebenzi ngezona ndlela zibalaseleyo zokhuseleko lwe-intanethi, kuquka ukuchonga izinto ezikrokrelekayo kunye nokuxela ngokoyikeka okunokwenzeka kokhuseleko kwangoko.
Amanyathelo oThintelo kunye neZenzo ezilungileyo
Ukongeza kwizicwangciso zokunciphisa kwangoko, imibutho inokwamkela amanyathelo asebenzayo ukukhusela iziseko zabo ze-AI kwiisoyikiso ezizayo:
- Uqeqesho loKwazisa ngoKhuseleko: Ukufundisa abasebenzi ngezona ndlela zibalaseleyo zokhuseleko lwe-intanethi, kuquka ulwazi lokukhohlisa, ucoceko lwephasiwedi, kunye nokuqaphela izinto ezikrokrisayo.
- UPhicotho lwarhoqo kunye noVavanyo: Yenza uphicotho lwesiqhelo lokhuseleko kunye novavanyo lweziseko zophuhliso ze-AI ukuchonga ubuthathaka kunye nokujongana nabo ngokukhawuleza.
- Nciphisa amaLungelo oFikelelo: Ukusebenzisa umgaqo welona lungelo lincinci ukukhawulela ukufikelela kwiinkqubo ezibalulekileyo kunye neenkcukacha, ukunciphisa impembelelo yokuphulwa okunokwenzeka.
- Iindlela zoPhuhliso eziKhuselekileyo: Yamkela iindlela ezikhuselekileyo zekhowudi kwaye wenze uphononongo olucokisekileyo lwekhowudi ukunciphisa umngcipheko wokwazisa ubuthathaka kwizicelo ze-AI.
- Ulawulo loMngcipheko womthengisi: Vavanya ukuma kokhuseleko lwabathengisi beqela lesithathu kunye nesikhokelo somthombo ovulekileyo njengoRay, ukuqinisekisa ukuba bathobela imigangatho yokhuseleko oluqinileyo.
isiphelo
I-ShadowRay isoyikiso se-cyber igxininisa ukubaluleka kokhuseleko lweziseko ezingundoqo ze-AI ngokuchasene nosongelo oluvelayo. Ngokuphumeza amaqhinga angqongqo okunciphisa, ukuhlala uyiphaphele imiqondiso yokulalanisa, kunye nokwamkela amanyathelo okhuseleko asebenzayo, imibutho inokomeleza ukhuseleko lwayo kwaye ithobe umngcipheko owenziwe yi-ShadowRay kunye nezoyikiso ezifanayo ze-cyber. Njengoko imeko ye-cybersecurity iqhubeka nokuvela, amanyathelo okhuselo ahlala esisiseko sokuma okusebenzayo kwe-cybersecurity.