Security News
Security researchers have discovered the first malware specifically developed to target Amazon Web Services Lambda cloud environments with cryptominers. AWS Lambda is a serverless computing platform for running code from hundreds of AWS services and software as a service apps without managing servers.
A first-of-its-kind malware targeting Amazon Web Services' Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "The malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls," Cado Labs researcher Matt Muir said.
Serverless is revolutionizing software development, allowing organizations to produce applications which consume cloud resources only when they need to. So it might come as a shock that while 70 per cent of respondents to the State of Serverless Application Security Report have six or more teams working on serverless development, they are also building up a worrying "Serverless security debt".
The serverless security market size to grow from $1.4 billion in 2021 to $5.1 billion by 2026, at a CAGR of 29.9% during the forecast period, according to MarketsandMarkets. AWS, Microsoft Azure, Google Cloud Platform with multiple offerings, and IBM are the major providers of FaaS. In security type, network security to grow at the highest CAGR. Network security is the technique of securing networks from advanced threats on the serverless architecture.
Amazon Web Services announced the general availability of AWS Proton, an application delivery service that makes it easier for customers to provision, deploy, and monitor the microservices that form the basis of modern container and serverless applications. AWS Proton is an application delivery service that helps platform teams provide an easy way for their developers to provision, deploy, and monitor applications when the unit of compute is dynamic, like with containers and serverless.
Imperva launches Imperva Serverless Protection, a new product built to secure organizations from vulnerabilities created by misconfigured apps and code-level security risks in serverless computing environments. Imperva Serverless Protection offers market-differentiated capabilities to help organizations manage the complex security risks that emerge in serverless functions.
Datadog announced the general availability of Datadog's AWS Lambda extension. "We are delighted to see Datadog's monitoring platform extend to support AWS Lambda extensions," said David Richardson, Vice President, Serverless, AWS. "AWS Lambda extensions make it even easier for developers to adopt their preferred monitoring and security tools, and we're excited to work with Datadog on the general availability launch of AWS Lambda extensions and of their monitoring extension."
Data Theorem introduced Cloud Secure, application-aware full stack cloud security product with attack surface management for protecting data in cloud-native apps, API services and serverless cloud functions. As Data Theorem's latest product powered by Analyzer Engine, Cloud Secure is available to identify and remediate potential data breaches found in public cloud services used to power today's modern web and mobile applications.
CTO.ai announced the launch of its serverless Kubernetes platform that makes it easy for developers to deploy and manage their cloud native applications. This powerful, yet easy-to-use, platform makes product delivery teams more efficient and eliminates the complexity experienced by developers when applications are deployed on top of a self-managed Kubernetes cluster.
March 2021 Patch Tuesday: Microsoft fixes yet another actively exploited IE zero-dayAs system administrators and security teams around the world worked on ascertaining whether they've been breached and compromised via vulnerable Microsoft Exchange Server installations, Microsoft has fixed additional CVEs, including an Internet Explorer memory corruption flaw that's being exploited in the wild and one Windows Win32k EoP flaw that is publicly known. Keeping your serverless architecture secureServerless architecture empowers organizations to build and deploy software at scale without in-house servers.