Tag Archives: worrying

Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) carried a flaw which allowed threat actors to hijack people’s sessions and execute malicious code on underlying instances, remotely, experts have warned.

Cybersecurity researchers Tenable discovered the vulnerability and dubbed it FlowFixation, explaining the vulnerability stems from both session fixation on the AWS MWAA web management platform, and a misconfiguration in the AWS domain. These two open the doors for a cross-site scripting (XSS) attack. 

Top VPN provider ExpressVPN was notified of a bug in one of its products, and was forced to disable a popular feature until they can deploy a fix.

In a blog post, the company said Attila Tomaschek, a VPN expert and CNET’s staff writer, reached out recently after having observed DNS requests on his Windows computer not being redirected to ExpressVPN’s dedicated servers, as they should have been. Tomaschek was using the Version 12 app for windows, and had the split tunneling feature turned on. 

Data shared exclusively with TechRadar Pro by Similarweb shows that the website builder and web hosting industry is reeling from a shocking post-COVID hangover. The web analytics company looked at the website traffic of some of the biggest names in that vertical and the results were telling.

WordPress.com is still the world’s biggest website builder platform but it is also the biggest loser of all the companies covered, both in percentage (-27.4%) and absolute visitor numbers (about 107 million) between June 2021 and May 2023. Its non-commercial counterpart, WordPress.org, is operated as open-source project by parent company, Auttomatic and powers 43% of the open web according to latest figures.