Tag Archives: worrying

Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) carried a flaw which allowed threat actors to hijack people’s sessions and execute malicious code on underlying instances, remotely, experts have warned.

Cybersecurity researchers Tenable discovered the vulnerability and dubbed it FlowFixation, explaining the vulnerability stems from both session fixation on the AWS MWAA web management platform, and a misconfiguration in the AWS domain. These two open the doors for a cross-site scripting (XSS) attack. 

Top VPN provider ExpressVPN was notified of a bug in one of its products, and was forced to disable a popular feature until they can deploy a fix.

In a blog post, the company said Attila Tomaschek, a VPN expert and CNET’s staff writer, reached out recently after having observed DNS requests on his Windows computer not being redirected to ExpressVPN’s dedicated servers, as they should have been. Tomaschek was using the Version 12 app for windows, and had the split tunneling feature turned on.