SecurityWeek
Vulnerability Allowed One-Click Takeover of AWS Service Accounts
AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack.
SC Magazine
AWS fixes 1-click account takeover flaw exposing cloud services to XSS risk
Several AWS, Azure and Google Cloud domains were found to lack a key guardrail against XSS.
SC Magazine
AWS fixes 1-click Apache Airflow session hijack flaw
Several AWS, Azure and Google Cloud domains were found to lack a key guardrail against XSS.
Trend Micro
Threat Actors Target AWS EC2 Workloads to Steal Credentials
We found malicious samples attempting to steal Amazon Elastic Compute Cloud (EC2) Workloads' access keys and tokens via typosquatting and the abuse of legitimate tools.
The DFIR Report
BumbleBee: Round Two
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. BumbleBee has been identified as an initial access vector utilized by several ransomware affiliates. …
DataBreaches
Illuminate breach victims are still first being notified
Spotted today: a notification by the Renton School District in Washington that they notified 20,509 Washington residents on June 17 dues to a breach that...
Bleeping Computer
Malware infiltrates Microsoft Store via clones of popular games
A malware named Electron Bot has found its way into Microsoft's Official Store through clones of popular games such as Subway Surfer and Temple Run, leading to the infection of 5,000 computers in Sweden, Israel, Spain, and Bermuda.
ThreatPost
Shlayer and Bundlore MacOS Malware Strains – How Uptycs EDR Detection Can Help
Ashwin Vamshi Adware strains Shlayer and Bundlore are the most common malware in macOS – although they have slight variations, they have long invaded and bypassed Xprotect, Notarization, Gatekeeper, and File Quarantine, all security features pre-built into macOS. The Uptycs threat research team has tracked these threats, along with 90% of macOS malware in routine