AWS patches worrying security flaw that could have led to account hijacking

March 25, 2024 Web Shared Hosting News 0

Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) carried a flaw which allowed threat actors to hijack people’s sessions and execute malicious code on underlying instances, remotely, experts have warned.

Cybersecurity researchers Tenable discovered the vulnerability and dubbed it FlowFixation, explaining the vulnerability stems from both session fixation on the AWS MWAA web management platform, and a misconfiguration in the AWS domain. These two open the doors for a cross-site scripting (XSS) attack.

Source link

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)

February 13, 2024 Web Shared Hosting News 0

On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild.

About CVE-2024-21412 and CVE-2024-21351

CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen security feature with booby-trapped Internet Shortcut files.

In late December 2023, Trend Micro researcher Peter Girnus and his colleagues in the ZDI Threat Hunting team discovered the Water Hydra APT leveraging the flaw to infect victims with the DarkMe malware.

(Several other researchers, including two from Google’s Threat Analysis Group, reported the same vulnerability to Microsoft.)

“Water Hydra deployed a spearphishing campaign on forex trading…

Source link

Hosting web shared vps dedicated cloud hosting

Tag Archives: patches