Apache, IBM Patch Critical Cloud Vulnerability

July 25, 2018

Apache and IBM have patched a critical vulnerability that allows attackers to replace a company’s serverless code with their own malicious script.

Once running, the bad code could then be used for a range of nefarious tasks, including extracting confidential customer data such as passwords or credit card numbers, modifying or deleting data, mining cryptocurrencies or launching a DDoS attack.

The vulnerability (seen in action in this video), originally discovered by researchers at PureSec, was found in Apache OpenWhisk, the open-source serverless platform that IBM uses to run cloud functions. IBM has patched the issue, but other implementations at other vendors could also be flawed.

Read More on Threat Post