Ezweni elihlala livela lokuvikeleka ku-inthanethi, kuvela izinsongo ezintsha ezibekela inselelo izisekelo zengqalasizinda yethu yedijithali. Ingozi eyodwa enjalo, ebizwa ngokuthi i-ShadowRay, ifake ithunzi elimnyama ezinhlanganweni ezithembele kuhlaka lwe-AI lomthombo ovulekile we-Ray. Lo mkhankaso okhohlisayo uhlose ukuba sengozini okubalulekile (CVE-2023-48022) ngaphakathi kweRay, okubeka engcupheni enkulu ezinkulungwaneni zezinkampani emikhakheni eyahlukene. Naphezu kokuxhashazwa okuqhubekayo kulezi zinyanga eziyisikhombisa ezedlule, abathuthukisi be-Ray abakakanikezeli isiqephu, okushiya amabhizinisi engcupheni yokuxhashazwa kanye nokuphulwa kwedatha.
Umkhankaso we-ShadowRay: Ukuxhashazwa kanye Nemiphumela
Umkhankaso we-ShadowRay uncike ekusebenziseni i-CVE-2023-48022, ubungozi obubalulekile I-CVSS amaphuzu angu-9.8, okuvumela abahlaseli berimothi ukuthi basebenzise ikhodi engafanele nge-API yokuthunyelwa komsebenzi. Leli phutha lilulaza izilawuli zokuqinisekisa ngaphakathi kwezingxenye zedeshibhodi kaRay kanye neklayenti, linikeza ukufinyelela okungagunyaziwe kokuhambisa, ukususa, nokubuyisela imisebenzi, kanye nokukhipha imiyalo ekude.
Imiphumela yalokhu kuxhaphaza mibi. Abaduni bebugebengu bephule ngempumelelo amaqoqo amaningi e-Ray GPU, bafaka engozini idatha ebucayi njengamaphasiwedi esizindalwazi sokukhiqiza, okhiye be-SSH, amathokheni okufinyelela, kanye nekhono lokukhohlisa amamodeli e-AI. Amaseva awonakalisiwe aseyizinkundla zokuzalanisa abavukuzi be-cryptocurrency kanye namathuluzi asiza ukuphikelela okukude, okwenza kube kubi nakakhulu isimo sosongo.
Amasu Okuthola Nokususa
Ukuthola nokukhipha i-ShadowRay kuletha inselele enkulu ngenxa yemvelo yayo eyimfihlo kanye nezindlela zokugwema eziyinkimbinkimbi. Ngenkathi izixazululo zendabuko ze-antivirus zingase zibe nzima ukuhlonza usongo, kunezinyathelo ezimbalwa izinhlangano ezingazithatha ukunciphisa ubungozi:
- Ukuqapha kwenethiwekhi: Qaphela njalo izindawo zokukhiqiza kanye namaqoqo e-AI ukuze uthole okudidayo, ikakhulukazi ngaphakathi kohlaka lwe-Ray.
- Imithetho ye-Firewall kanye namaqembu okuphepha: Sebenzisa imithetho eqinile yohlelo lokuvikela noma amaqembu okuvikela ukuze uvimbele ukufinyelela okungagunyaziwe kumaqoqo akwaRay.
- Isendlalelo sokugunyazwa: Sebenzisa isendlalelo sokugunyaza phezu kwembobo ye-Ray Dashboard (okuzenzakalelayo: 8265) ukuze ubeke umkhawulo wokufinyelela futhi uvimbele ukuthunyelwa okungagunyaziwe.
- Isibopho se-IP: Gwema ukubopha uRay ku-0.0.0.0 ukuze kube lula; esikhundleni salokho, sebenzisa amakheli e-IP asuka kumanethiwekhi athembekile noma ama-VPC/VPN ayimfihlo.
- Ukuqapha Ngokuzenzakalelayo: Qinisekisa izilungiselelo kahle futhi ugweme ukuthembela kuphela ekucushweni okuzenzakalelayo, okungase kudalule ubungozi ungahlosile.
- Ukubuyekezwa Okujwayelekile Neziqephu: Hlala unolwazi mayelana nezibuyekezo zokuphepha namapeshi akhishwe i-Anyscale yohlaka lwe-Ray. Ngenkathi isiqeshana se-CVE-2023-48022 sisenzima, ukukhishwa okuzayo kungase kubhekane nalokhu kuba sengcupheni okubalulekile.
- Fundisa Abasebenzi: Qeqesha abasebenzi ngemikhuba emihle yokuphepha ku-inthanethi, okuhlanganisa ukuhlonza umsebenzi osolisayo kanye nokubika izinsongo zokuphepha ezingaba khona ngokushesha.
Izinyathelo Zokuvimbela kanye Nemikhuba Engcono Kakhulu
Ngokungeziwe kumasu okunciphisa ngokushesha, izinhlangano zingathatha izinyathelo ezisebenzayo ukuze zivikele ingqalasizinda yazo ye-AI ezinsongweni ezizayo:
- Ukuqeqeshwa Kokuqwashisa Ngezokuphepha: Fundisa abasebenzi ngemikhuba emihle ye-cybersecurity, okuhlanganisa ukuqwashisa ngobugebengu bokweba imininingwane ebucayi, ukuhlanzeka kwamaphasiwedi, nokubona umsebenzi osolisayo.
- Ukucwaningwa Kwamabhuku Okuvamile Nokuhlola: Yenza ukuhlolwa kokuphepha okujwayelekile kanye nokuhlolwa kwengqalasizinda ye-AI ukuze kuhlonzwe ubungozi futhi kulungiswe ngokushesha.
- Nciphisa Amalungelo Okufinyelela: Sebenzisa umgomo welungelo elincane ukukhawulela ukufinyelela kumasistimu abalulekile kanye nedatha, unciphise umthelela wokuphulwa okungenzeka okungenzeka.
- Secure Development Practices: Yamukela izinqubo zokubhala ezivikelekile futhi wenze ukubuyekezwa kwekhodi okuphelele ukuze unciphise ubungozi bokwethula ubungozi ezinhlelweni ze-AI.
- Ukulawulwa Kwengozi Yomthengisi: Hlola ukuma kokuvikeleka kwabathengisi bezinkampani zangaphandle kanye nezinhlaka zomthombo ovulekile njengoRay, uqinisekise ukuthi bathobela izindinganiso zokuphepha eziqinile.
Isiphetho
I-ShadowRay usongo lwe-cyber igcizelela ukubaluleka okubalulekile kokuvikela ingqalasizinda ye-AI ngokumelene nezinsongo ezivelayo. Ngokusebenzisa amasu okunciphisa aqinile, ukuhlala uziqaphele izimpawu zokuyekethisa, nokusebenzisa izinyathelo zokuphepha ezisebenzayo, izinhlangano zingaqinisa ukuzivikela futhi zinciphise ubungozi obulethwa i-ShadowRay nezinsongo ezifanayo ze-cyber. Njengoba isimo se-cybersecurity siqhubeka nokuvela, izinyathelo zokuvikela ezisebenzayo zihlala ziyisisekelo sokuma okusebenzayo kokuphepha ku-inthanethi.