Daffodil International University
Faculty of Science and Information Technology => Recent Technologies and Trends in Software Engineering => Software Engineering => Cyber and Software Security => Topic started by: maruf.swe on March 30, 2019, 02:29:57 AM
-
(https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/18164023/padlock-e1529354441282.jpeg)
The flaw opened a hole in IBM’s serverless Cloud Functions platform, potentially exposing confidential customer data.
Apache and IBM have patched a critical vulnerability that allows attackers to replace a company’s serverless code with their own malicious script.
Once running, the bad code could then be used for a range of nefarious tasks, including extracting confidential customer data such as passwords or credit-card numbers, modifying or deleting data, mining cryptocurrencies or launching a DDoS attack.
The vulnerability originally discovered by researchers at PureSec, was found in Apache OpenWhisk, the open-source serverless platform that IBM uses to run cloud functions. IBM has patched the issue, but other implementations at other vendors could also be flawed.
Serverless computing is a cloud-computing execution model in which cloud providers dynamically allocate machine resources; the name comes from the fact that the actual server management and capacity-planning decisions are completely hidden from the developer or operator.
For More Details : https://threatpost.com/apache-ibm-patch-critical-cloud-vulnerability/134341/ (https://threatpost.com/apache-ibm-patch-critical-cloud-vulnerability/134341/)