The Cyber Express
‘IntelBroker’ Claims Access to Database Belonging to England and Wales Cricket Board (ECB)
A cybercriminal going by the name 'IntelBroker' has asserted responsibility for an alleged data breach targeting the European Central Bank
The Hacker News
AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking
A now-patched vulnerability in AWS Managed Workflows for Apache Airflow (MWAA) could have allowed attackers to hijack sessions & execute code remotely
DarkReading
1-Click Takeover Bug in AWS Apache Airflow Reveals Larger Risk
A bug exposed users of an AWS workflow management service to cookie tossing. Behind the scenes lies an even deeper issue across all of the top cloud services.
SecurityWeek
Vulnerability Allowed One-Click Takeover of AWS Service Accounts
AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack.
SC Magazine
AWS fixes 1-click account takeover flaw exposing cloud services to XSS risk
Several AWS, Azure and Google Cloud domains were found to lack a key guardrail against XSS.
SC Magazine
AWS fixes 1-click Apache Airflow session hijack flaw
Several AWS, Azure and Google Cloud domains were found to lack a key guardrail against XSS.
The Cyber Express
Pakistan Super League Ticketing Website Down: Cyberattack Halts Online Sales
With the highly anticipated season nine of the Pakistan Super League (PSL) just around the corner, organizers and fans have
Ars Technica
Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back
Will new TLDs will undo decades of work to stop malicious links?
Bleeping Computer
New ZIP domains sparks debate among cybersecurity experts
Cybersecurity researchers and IT admins have raised concerns over Google's new ZIP and MOV Internet domains, warning that threat actors could use them for phishing attacks and malware delivery.
Bleeping Computer
New ZIP domains spark debate among cybersecurity experts
Cybersecurity researchers and IT admins have raised concerns over Google's new ZIP and MOV Internet domains, warning that threat actors could use them for phishing attacks and malware delivery.
Naked Security
Serious Security: Learning from curl’s latest bug update
Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world.
DataBreaches
UK: Tens of thousands of NHS patients’ private medical information leaked in shocking data breach
Michael Powell reports: Private medical information about tens of thousands of NHS patients has been leaked in a shocking data breach, The Mail on Sunday can...
Bleeping Computer
Mozilla flooded with requests after Apple privacy changes hit Facebook
Mozilla volunteers have recently been flooded with requests by online merchants and marketers for their domains to be added to what's called a Public Suffix List (PSL) due to recent privacy changes brought forth by Apple's iOS 14.5.