MAL-2022-4255 Malicious code in lambda-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fcfc8dab942f75e3020e1a3939b715b6f0a52aae355e136cbac066d0796c42ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in lambda-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fcfc8dab942f75e3020e1a3939b715b6f0a52aae355e136cbac066d0796c42ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

lambda-bb.de Cross Site Scripting vulnerability OBB-2656108

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

LambdaGuard - AWS Serverless Security

AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. LambdaGuard is an AWS Lambda auditing tool designed to create asset...

lambda-tek.it Cross Site Scripting vulnerability OBB-2647949

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lambda-tek.fr Cross Site Scripting vulnerability OBB-2646912

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lambda-tek.it Cross Site Scripting vulnerability OBB-2641690

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

This Week in Spring - May 17th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! I am in beautiful Barcelona, Spain, this week, ahead of the upcoming Spring I/O show. I just spent a wonderful week in amazing England, meeting old friends, speaking at Devoxx UK, etc. A Bootiful Podcast: EasyMock contributor...

com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +14 more potentially affected by CVE-2015-8103 via org.jenkins-ci.main:cli (>=1.626 <=1.637)

org.jenkins-ci.main:cli MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0.18 and more Source cves: CVE-2015-8103 Source advisory: OSV:GHSA-WFW7-6632-XCV2...

com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +13 more potentially affected by CVE-2015-5326 via org.jenkins-ci.main:jenkins-core (>=1.626 <=1.637)

org.jenkins-ci.main:jenkins-core MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0, =2.0.27 Source cves: CVE-2015-5326 Source advisory: OSV:GHSA-5MWR-JG3R-JV66...

com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +13 more potentially affected by CVE-2015-5322 via org.jenkins-ci.main:jenkins-core (>=1.626 <=1.637)

org.jenkins-ci.main:jenkins-core MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0, =2.0.27 Source cves: CVE-2015-5322 Source advisory: OSV:GHSA-89VC-7FRQ-2RFJ...

com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +13 more potentially affected by CVE-2015-5318 via org.jenkins-ci.main:jenkins-core (>=1.626 <=1.637)

org.jenkins-ci.main:jenkins-core MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0, =2.0.27 Source cves: CVE-2015-5318 Source advisory: OSV:GHSA-3WMV-7PHP-RHG5...

com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +13 more potentially affected by CVE-2015-5323 via org.jenkins-ci.main:jenkins-core (>=1.626 <=1.637)

org.jenkins-ci.main:jenkins-core MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0, =2.0.27 Source cves: CVE-2015-5323 Source advisory: OSV:GHSA-X4M5-J4X4-4WJG...

Securing AWS Lambda function URLs

Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them...

lambda-tek.de Cross Site Scripting vulnerability OBB-2612484

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CloudGoat goes Serverless: A walkthrough of Vulnerable Lambda Functions

The post CloudGoat goes Serverless: A walkthrough of Vulnerable Lambda Functions appeared first on Rhino Security Labs...

CVE-2022-1420

A vulnerability was found in Vim. The issue occurs when using a number in a string for the lambda name, triggering an out-of-range pointer offset vulnerability. This flaw allows an attacker to trick a user into opening a crafted script containing an argument as a number and then using it as a...

Denonia cryptominer is first malware to target AWS Lambda

Security researchers at Cado Security, a cybersecurity forensics company, recently discovered the first publicly-known malware targeting Lambda, the serverless computing platform of Amazon Web Services AWS. Though Lambda has been around for less than ten years, serverless technology is considered...

First Malware Targeting AWS Lambda Serverless Platform Discovered

A first-of-its-kind malware targeting Amazon Web Services' AWS Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "the malware uses newer address resolution techniques for command and control traffic to evade...

How to Optimize Your Lambda Code

Learn how to make your code run more efficiently in AWS Lambda, so you can save money and time!...