• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

IBM fixes flaw that let hackers replace its serverless code with their own

July 24th, 2018 Waqas Security 0 comments
IBM fixes flaw that let hackers replace its serverless code with their own
Share on FacebookShare on Twitter

This is the first publicly-disclosed vulnerability in a serverless platform.

Experts at IBM (The International Business Machines Corporation) have patched a critical vulnerability in its Cloud Functions which if exploited could allow remote malicious hackers to replace company’s serverless code with their own.

Once the changes took effect, hackers could have extracted sensitive customer data including login credentials, credit card numbers, delete or modify data, conducting distributed denial-of-service (DDoS) attacks, and even use the server to mine cryptocurrencies.

The vulnerability was identified [PDF] and reported by IT security researchers at an Israeli serverless security provider PureSec. The vulnerability existed in Apache OpenWhisk, a serverless, open source cloud platform used by thousands of renowned companies around the globe including IBM.

“An attacker that manages to overwrite or modify the code of the serverless function can then perform further actions such as leaking sensitive data during subsequent executions, which may belong to other end-users,” said PureSec’s CTO Ory Segal.

Tracked as CVE-2018-11756 and CVE-2018-11757, the vulnerability is the first publicly-disclosed one in a serverless platform. The good news, however, is that not only IBM has patched the vulnerability before it could be exploited, PureSec researchers also informed OpenWhisk team with a suggested fix, which mitigates the risk. As a result, Apache has also released a patch while researchers suggest that Apache Openwhisk users should update to the latest version immediately.

“Upon receiving and validating the details on this weakness from PureSec, the Apache OpenWhisk team reviewed and pushed a fix which mitigates the risk for OpenWhisk users,” said RODRIC RABBAH, creator of Apache OpenWhisk project. “We would like to thank PureSec, their contribution to serverless security has helped to make the OpenWhisk platform more secure.”

“The security of functions is an important tenet of serverless computing. The Apache OpenWhisk community thanks PureSec and its research team for improving the OpenWhisk platform and making it more secure,” added Rabbah.

PureSec has also made a video showing the vulnerability in action:

More: IBM Sent Off USB Sticks Infected with Malware

Image credit: Depositphotos

  • Tags
  • Apache
  • Cryptocurrency
  • Cyber Attack
  • DDOS
  • hacking
  • IBM
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Exposed: 157 GB of sensitive data from Tesla, GM, Toyota & others
Next article Update your devices: New Bluetooth flaw lets attackers monitor traffic
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Botnet Abusing Bitcoin Blockchain To Evade Detection

Botnet Abusing Bitcoin Blockchain To Evade Detection

Mozilla releases Firefox 86 equipped with ‘Total Cookie Protection’

Mozilla releases Firefox 86 equipped with ‘Total Cookie Protection’

Deleted Keybase chat images retrievable on Windows, macOS, Linux

Deleted Keybase chat images retrievable on Windows, macOS, Linux

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Cryptocurrency exchange in liquidation due to hack, hacked again
Hacking News

Cryptocurrency exchange in liquidation due to hack, hacked again

5G Promises to Increase Adoption of Cryptocurrency Investing
Technology News

5G Promises to Increase Adoption of Cryptocurrency Investing

Botnet Abusing Bitcoin Blockchain To Evade Detection
Cyber Crime

Botnet Abusing Bitcoin Blockchain To Evade Detection

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us