Today’s topics include Salesforce updating Commerce Cloud with AI-powered recommendations, and researchers revealing a security vulnerability with Play with Docker.
Looking to make a splash at the National Retail Federation conference in New York City this week, Salesforce previewed a major update to its Commerce Cloud platform set for general availability in the first half of this year.
A beta version of the Salesforce Commerce Cloud platform is now available and includes APIs, platform services and developer tools that give companies the ability to embed “intelligent commerce experiences” in every aspect of the shopping experience.
According to Vincent Panzanella, vice president of marketing and communications at Perry Ellis, “With Salesforce, Perry Ellis launched the ‘Ask Perry Ellis’ Skill, a voice-activated personal stylist powered by Amazon Alexa to provide fashion assistance and connect the shopper to the right outfit at the right time.”
Other key new features are advances in Salesforce’s Einstein AI software, including a new Einstein Recommendations API and the new Einstein Visual Search.
Security firm CyberArk reported on Jan. 14 that it discovered a security risk on the popular container Play-with-Docker site that could have enabled an attacker to get access to the host system’s resources.
CyberArk responsibly disclosed the issue to the Play-with-Docker maintainers, and the issue has now been fixed. With containers, applications are isolated within an operating system, and the general idea is that users aren’t supposed to be able to escape the confines of the container isolation and see the underlying host operating system.
The core issue that enabled CyberArk to escape the Play-with-Docker containers and access the underlying operating system has to do with the use of a privileged container, which has more rights and access than non-privileged ones do. According to CyberArk’s researcher, Play with Docker was using privileged containers but had not been properly securing them.