AI EXPRESS
  • AI
    In tech, reliability comes before innovation

    In tech, reliability comes before innovation

    Google Cloud expands contact center automation offerings with third-party integrations

    New threat intelligence solution launched by Google Cloud  

    Intel VP talks AI strategy as company takes on Nvidia

    Intel VP talks AI strategy as company takes on Nvidia

    Cloudera

    Cloudera claims its new ‘all-in-one’ data lakehouse cuts ownership costs by up to 35%

    DARPA seeks AI solutions for sourcing critical minerals

    DARPA seeks AI solutions for sourcing critical minerals

    Who owns DALL-E images? Legal AI experts weigh in

    Who owns DALL-E images? Legal AI experts weigh in

  • ML
    AWS Localization uses Amazon Translate to scale localization

    AWS Localization uses Amazon Translate to scale localization

    Announcing the launch of the model copy feature for Amazon Rekognition Custom Labels

    Announcing the launch of the model copy feature for Amazon Rekognition Custom Labels

    Use deep learning frameworks natively in Amazon SageMaker Processing

    Intelligent document processing with AWS AI services: Part 2

    Customize your recommendations by promoting specific items using business rules with Amazon Personalize

    Customize your recommendations by promoting specific items using business rules with Amazon Personalize

    Amazon SageMaker JumpStart solutions now support custom IAM role settings

    Amazon SageMaker JumpStart solutions now support custom IAM role settings

    Amazon SageMaker Automatic Model Tuning now supports SageMaker Training Instance Fallbacks

    Amazon SageMaker Automatic Model Tuning now supports SageMaker Training Instance Fallbacks

    Build a GNN-based real-time fraud detection solution using Amazon SageMaker, Amazon Neptune, and the Deep Graph Library

    Build a GNN-based real-time fraud detection solution using Amazon SageMaker, Amazon Neptune, and the Deep Graph Library

    Build an air quality anomaly detector using Amazon Lookout for Metrics

    Build an air quality anomaly detector using Amazon Lookout for Metrics

    Use computer vision to measure agriculture yield with Amazon Rekognition Custom Labels

    Use computer vision to measure agriculture yield with Amazon Rekognition Custom Labels

  • NLP
    Central Park in New York City

    Researchers Track Twitter to Learn What People Value in New York City Parks

    A Little More Conversation: How Programmatic Is Driving Podcast Ad Innovation

    A Little More Conversation: How Programmatic Is Driving Podcast Ad Innovation

    Historical costume descriptors bridge gap between past and present | VTx

    Historical costume descriptors bridge gap between past and present | VTx

    Maritime industry to spend $931 mln on AI solutions in 2022

    Maritime industry to spend $931 mln on AI solutions in 2022

    IonQ Announces Second Quarter 2022 Financial Results

    PatientMetRx Patient Opinion Map

    Through a glass, (more) clearly – PharmaLive

    Researchers Develop DL-GuesS: A Deep Learning and Sentiment Analysis-Based Framework For Cryptocurrency Price Prediction

    Researchers Develop DL-GuesS: A Deep Learning and Sentiment Analysis-Based Framework For Cryptocurrency Price Prediction

    Busting homophobic, anti-queer bias in AI language models

    Busting homophobic, anti-queer bias in AI language models

    IATA Launches Online Platform to Help Identify Security Risks

    IATA Launches Online Platform to Help Identify Security Risks

  • Vision
    Seoul Robotics Helps Cars Move, Park on Their Own

    Seoul Robotics Helps Cars Move, Park on Their Own

    Pattern Recognition With Geometric Model Finder

    Pattern Recognition With Geometric Model Finder

    The Top 10 Applications of Computer Vision in Aviation

    The Top 10 Applications of Computer Vision in Aviation

    YOLOv7: The Fastest Object Detection Algorithm (2022)

    YOLOv7: The Fastest Object Detection Algorithm (2022)

    Progressive Growing Generative Adversarial Networks

    Progressive Growing Generative Adversarial Networks

    Deep Learning for Image Dehazing- The What, Why, and How

    Deep Learning for Image Dehazing- The What, Why, and How

    How to train and use a custom YOLOv7 model

    How to train and use a custom YOLOv7 model

    viso.ai Logo

    Deep Learning for Person Re-Identification (2022)

    NVIDIA Jetson AGX Orin 32GB Production Modules Now Available; Partner Ecosystem Appliances and Servers Arrive

    NVIDIA Jetson AGX Orin 32GB Production Modules Now Available; Partner Ecosystem Appliances and Servers Arrive

  • Robotics
    zoox taxi

    How Zoox robotaxis make predictions while on the road

    seoul robotics

    Seoul Robotics makes regular cars autonomous with LV5 CTRL TWR

    scan&sand

    GrayMatter Robotics’ sanding solution brings in $20M

    pitchfire

    Pitchfire startup competition submissions open

    sprout

    Muddy Machines brings in $1.8M for asparagus harvesting robot Sprout

    Levita Magnetics raises $26M for Magnetic-Assisted Robotic Surgery platform

    Levita Magnetics raises $26M for Magnetic-Assisted Robotic Surgery platform

    Marc Raibert Atlas dancing

    Hyundai launches Boston Dynamics AI Institute

    programmable material

    MIT CSAIL creates materials that can sense the way they move

    robotics investments and business opportunities

    The state of robotics investment

  • RPA
    How to Create a Rock Solid Technology Portfolio with Hyperautomation?| AutomationEdge

    How to Create a Rock Solid Technology Portfolio with Hyperautomation?| AutomationEdge

    Unlocking the Top Healthcare Automation Trends with Use Cases that Rule the World| AutomationEdge

    Unlocking the Top Healthcare Automation Trends with Use Cases that Rule the World| AutomationEdge

    Staying Ahead of the Time with AI-Powered Customer Experience

    Staying Ahead of the Time with AI-Powered Customer Experience| AutomationEdge

    Why is Developing Decision Intelligence with AI Support Crucial in Healthcare?

    Why is Developing Decision Intelligence with AI Support Crucial in Healthcare?

    Robotic Process Automation using Blue Prism

    Robotic Process Automation using Blue Prism

    AI- The Tech Medicine Ameliorating the Healthcare Industry?

    AI- The Tech Medicine Ameliorating the Healthcare Industry?| AutomationEdge

    Take employee experience into hyperdrive with Hyperautomation

    Hyperautomation- Your Answer to Enhance Employee Experience| AutomationEdge

    Know Why Automation Now Resides in the Heart of Customer Contact Centers| AutomationEdge

    Know Why Automation Now Resides in the Heart of Customer Contact Centers| AutomationEdge

    Conversational AI, Healing the Healthcare Industry| AutomationEdge

    Conversational AI, Healing the Healthcare Industry| AutomationEdge

  • Gaming
    Images from the set of Amazon's Fallout series have leaked

    Images from the set of Amazon’s Fallout series have leaked

    Random: Kirby Café Rustles Up A New Dessert To Celebrate Kirby's Dream Buffet

    Random: Kirby Café Rustles Up A New Dessert To Celebrate Kirby’s Dream Buffet

    Dying Light 2's first story DLC, Bloody Ties, to be revealed at gamescom Opening Night Live

    Dying Light 2’s first story DLC, Bloody Ties, to be revealed at gamescom Opening Night Live

    Why 4 million people – and counting – are flocking to Korea’s hottest battle royale

    Why 4 million people – and counting – are flocking to Korea’s hottest battle royale

    Saints Row trailer gives you a taste of the story

    Saints Row trailer gives you a taste of the story

    Advance Wars 1+2: Re-Boot Camp Scheduled Maintenance Spotted

    Advance Wars 1+2: Re-Boot Camp Scheduled Maintenance Spotted

    MultiVersus datamine suggests Beetlejuice and Oz’s Wicked Witch of the West are coming to the game

    MultiVersus datamine suggests Beetlejuice and Oz’s Wicked Witch of the West are coming to the game

    Call of Duty: Modern Warfare 2 open beta and multiplayer reveal dated

    Call of Duty: Modern Warfare 2 open beta and multiplayer reveal dated

    Xbox Game Pass is losing some brilliant games soon

    Xbox Game Pass is losing some brilliant games soon

  • Investment
    MiAlgae Raises £2.3M in Funding

    MiAlgae Raises £2.3M in Funding

    Skedda Receives Investment From Five Elms Capital

    Skedda Receives Investment From Five Elms Capital

    Stage 2 Capital

    Stage 2 Capital Closes $150M Fund III

    Shima Capital Closes $200M Maiden Fund to Support Web3 Founders

    Shima Capital Closes $200M Maiden Fund to Support Web3 Founders

    accenture

    Accenture Completes Acquisition of The Stable

    IsoTalent Raises USD5M in Seed Funding

    IsoTalent Raises USD5M in Seed Funding

    Arine Raises $29M in Series B Funding

    Arine Raises $29M in Series B Funding

    threatx

    ThreatX Raises $30M in Series B Funding

    VidMob Raises $110M in Series D Funding Round

    VidMob Raises $110M in Series D Funding Round

  • More
    • Data analytics
    • Apps
    • No Code
    • Cloud
    • Quantum Computing
    • Security
    • AR & VR
    • Esports
    • IOT
    • Smart Home
    • Smart City
    • Crypto Currency
    • Blockchain
    • Reviews
    • Video
No Result
View All Result
AI EXPRESS
No Result
View All Result
Home Security

First malware targeting AWS Lambda serverless platform disclosed

by
April 6, 2022
in Security
0
First malware targeting AWS Lambda serverless platform disclosed
0
SHARES
2
VIEWS
Share on FacebookShare on Twitter

We’re excited to carry Remodel 2022 again in-person July 19 and nearly July 20 – August 3. Be a part of AI and information leaders for insightful talks and thrilling networking alternatives. Be taught extra about Remodel 2022


Researchers at Cado Security say they’ve found the primary publicly recognized malware particularly focused at Amazon Net Companies’ serverless computing platform, AWS Lambda — signaling a newly rising cloud menace that companies ought to turn out to be conscious of.

“With serverless being a comparatively new know-how, it’s maybe neglected by way of safety measures,” stated Matt Muir, one of many researchers at Cado Safety who found the malware concentrating on AWS Lambda.

The researchers have dubbed the malware “Denonia” — the title of the area that the attackers communicated with — and say that it was utilized to allow cryptocurrency mining.

However the arrival of malware concentrating on AWS Lambda means that cyberattacks towards the service that carry better injury are inevitable, as effectively.

Cado Safety stated it has reported its findings to AWS. In an announcement in response to an inquiry concerning the reported malware discovery, AWS stated that “Lambda is safe by default, and AWS continues to function as designed.”

“Clients are in a position to run quite a lot of purposes on Lambda, and that is in any other case indistinguishable to discovering the power to run related software program in different on-premises or cloud compute environments,” AWS stated within the assertion — including that the corporate’s acceptable use coverage prohibits the violation of the safety of any of its techniques.

See also  Apple Lockdown mode adds ‘extreme’ protection to your iPhone, iPad and Mac

Detection missing

Cado Safety cofounder and CTO Chris Doman stated that companies ought to anticipate that serverless environments will observe the same menace trajectory to that of container environments, which he famous are actually generally impacted by malware assaults.

Amongst different issues, that implies that menace detection in serverless environments might want to catch up, Doman stated.

“The brand new manner of operating code in serverless environments requires new safety instruments, as a result of the present ones merely don’t have that visibility. They gained’t see what’s occurring,” Doman stated. “It’s simply so completely different.”

Cado Safety, which provides a platform for investigation and response to cloud cyber incidents, doesn’t itself provide detection instruments for serverless environments.

Many organizations have probably had the notion that “simply because one thing is serverless, which means it’s fully protected. However that isn’t the case,” Doman stated. “Should you can run code [on it] — significantly if it’s a well-liked service — then there’s most likely an avenue for an attacker to get in.”

The Cado researchers haven’t pinpointed who could have been liable for the Denonia malware, because the attackers left few clues behind. The assault leveraged unusual strategies round tackle decision to obfuscate domains, making it simpler for the malware to speak with different servers whereas evading detection, in keeping with the researchers.

This lack of clues and use of bizarre strategies — on high of the truth that malware concentrating on AWS Lambda hasn’t been recognized to exist beforehand — counsel the menace actors behind the assault are in possession of superior data, the Cado researchers stated.

See also  No-code automation platform Skael raises $38M to streamline enterprise processes

The assault additionally most probably concerned a compromise of an AWS account, Muir stated.

A much bigger goal

Along with the rising reputation of AWS Lambda for operating software code — with out the necessity to provision or handle servers — there are different causes that companies can anticipate Lambda to be more and more focused by menace actors going ahead.

The difficulty of misconfigurations that expose information in Amazon S3 buckets has gotten much less extreme lately, partly via warnings from AWS itself when a consumer is about to make this type of mistake, Doman stated. However that’s not the one manner for a malicious actor to entry an S3 bucket; the opposite manner is to realize entry by way of a service that connects to S3.

And it’s “quite common” for Lambda to be given permissions to entry S3 — suggesting that attackers could, sooner or later, try to make use of Lambda as an avenue into accessing S3 bucket information, Doman stated. Such information typically consists of personally identifiable data (PII), corresponding to bank card data, he stated.

“If that was breached [via Lambda], then you would lose some essential information,” Doman stated.

Source link

Tags: AWSdisclosedLambdamalwareplatformserverlessTargeting
Previous Post

Evernow Raises $28.5M in Series A Funding

Next Post

The Spirit And The Mouse, A “Ratatouille-Esque” Adventure, Scampers To Switch This Fall

Next Post
The Spirit And The Mouse, A "Ratatouille-Esque" Adventure, Scampers To Switch This Fall

The Spirit And The Mouse, A "Ratatouille-Esque" Adventure, Scampers To Switch This Fall

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Newsletter

Popular Stories

  • Cilium launches eBPF-powered Kubernetes service mesh

    Don’t overengineer your cloud architecture

    0 shares
    Share 0 Tweet 0
  • DeepFace – Most Popular Deep Face Recognition in 2022 (Guide)

    0 shares
    Share 0 Tweet 0
  • How to train and use a custom YOLOv7 model

    0 shares
    Share 0 Tweet 0
  • YOLOv7: The Fastest Object Detection Algorithm (2022)

    0 shares
    Share 0 Tweet 0
  • LG TV Owners Can Get 90 Days Of Stadia Pro For Free

    0 shares
    Share 0 Tweet 0

Security Jobs

View 115 Security Jobs at Tesla

View 165 Security Jobs at Nvidia

View 105 Security Jobs at Google

View 135 Security Jobs at Amamzon

View 131 Security Jobs at IBM

View 95 Security Jobs at Microsoft

View 205 Security Jobs at Meta

View 192 Security Jobs at Intel

Accounting and Finance Hub

Raised Seed, Series A, B, C Funding Round

Get a Free Insurance Quote

Try Our Accounting Service

AI EXPRESS

AI EXPRESS is a news site that covers the latest developments in Artificial Intelligence, Data Analytics, ML & DL, Algorithms, RPA, NLP, Robotics, Smart Homes & Cities, Cloud & Quantum Computing, AR & VR and Blockchains

Categories

  • AI
  • Ai videos
  • Apps
  • AR & VR
  • Blockchain
  • Cloud
  • Computer Vision
  • Crypto Currency
  • Data analytics
  • Esports
  • Gaming
  • Gaming Videos
  • Investment
  • IOT
  • Iot Videos
  • Low Code No Code
  • Machine Learning
  • NLP
  • Quantum Computing
  • Robotics
  • Robotics Videos
  • RPA
  • Security
  • Smart City
  • Smart Home

Quick Links

  • Reviews
  • Deals
  • Best
  • AI Jobs
  • AI Events
  • AI Directory
  • Industries

© 2021 Aiexpress.io - All rights reserved.

  • Contact
  • Privacy Policy
  • Terms & Conditions

No Result
View All Result
  • AI
  • ML
  • NLP
  • Vision
  • Robotics
  • RPA
  • Gaming
  • Investment
  • More
    • Data analytics
    • Apps
    • No Code
    • Cloud
    • Quantum Computing
    • Security
    • AR & VR
    • Esports
    • IOT
    • Smart Home
    • Smart City
    • Crypto Currency
    • Blockchain
    • Reviews
    • Video

© 2021 Aiexpress.io - All rights reserved.