• Dev Notes
  • Posts
  • AWS Updates Amazon Bedrock with New Foundation Models, AI management Features

AWS Updates Amazon Bedrock with New Foundation Models, AI management Features

Good Morning! AWS expands generative AI offerings with new Amazon Bedrock capabilities, allowing developers to import custom models and compare performance across test prompts. Women Who Code, a non-profit supporting women in tech, shuts down unexpectedly after a decade of impact. A major antivirus vendor delivered malicious updates for 5 years, installing GuptiMiner malware linked to North Korea's Kimsuky hacking group.

AWS Updates Amazon Bedrock with New Foundation Models, AI management Features

Amazon Web Services continues expanding its generative AI offerings through Amazon Bedrock, a managed service that provides access to foundation models from leading AI companies. This allows developers to build generative AI applications without the overhead of managing underlying infrastructure.

Bedrock gained several major new capabilities in this latest release:

Developers can now import their own custom large language models (LLMs) into Bedrock. Initially supporting open architectures like Flan-T5, Llama, and Mistral, this enables teams to leverage proprietary models fine-tuned on their proprietary data.

A new systematic way to compare different models' performance across relevant test prompts and metrics such as accuracy or safety adherence. This can significantly accelerate the process of selecting the right model for a particular production use case.

The ability to apply custom filtering rules that block unsafe or undesirable outputs from models. It acts as an extra layer of protection, with rules targeting specific content types, personal information, profanity, and more.

On the model front:

  • AWS Titan Image Generator (for image editing/generation via natural language) is now generally available

  • The new Titan Text Embeddings V2 optimizes for retrieval-augmented generation tasks

  • Meta's Llama 3 and Cohere's Command R/R+ models joined Bedrock's third-party model catalog

Read More Here

Women Who Code Shuts Down Unexpectedly

Women Who Code (WWC) was a non-profit organization dedicated to supporting women in the technology industry. It provided networking opportunities, skill development resources, and mentorship programs for its members across 145 countries.

Since its start in 2011, WWC played a major role in uplifting women in a male-dominated field. With over 360,000 members, the organization provided a platform for:

  • Networking

  • Improving skills

  • Mentorship opportunities

While WWC's mission to create a more diverse and inclusive tech industry remains unfinished, the impact of their work over the past decade cannot be ignored. Many women in tech credit their success and growth to the support and resources provided by WWC.

Read More Here 

Major Antivirus Vendor Delivered Malicious Updates for 5 Years

Security researchers at Avast uncovered a crazy supply chain attack that allowed hackers to slip malware into eScan antivirus updates for at least 5 years. The attack exploited a major vulnerability - eScan delivered those updates over plain old HTTP instead of secure HTTPS. This allowed the bad guys to perform man-in-the-middle attacks, intercepting the legitimate updates and swapping in infected versions.

The malware installed was GuptiMiner, a nasty backdoor potentially linked to North Korea's notorious Kimsuky hacking gang. GuptiMiner used some advanced tricks:

  • Hijacking legitimate software components through DLL hijacking

  • Custom DNS trickery to resolve its command & control servers

  • Masking the actual IP addresses of those C2 servers

  • Delivering additional malicious modules like keyloggers and cryptocurrency miners

The Crazy Part: eScan failed to enforce code signing for its updates. So the infected files raised no red flags during installation. The Avast researchers think the attackers likely compromised some target networks already to pull off the man-in-the-middle attacks.

This whole eScan fiasco demonstrates how crucial it is for software vendors to:

  1. Encrypt their update channels using HTTPS

  2. Validate and cryptographically sign code before shipping it

Read More Here

🔥 More Notes

Youtube Spotlight

Why Airport Security Suddenly Got Better - Real Engineering

Click to Watch

Was this forwarded to you? Sign Up Here

Join the conversation

or to participate.