This week's articles
Zero-Day Clickjacking Vulnerabilities in Major Password Managers
At DEF CON 33 a security researcher unveiled a series of unpatched zero-day clickjacking security vulnerabilities impacting the browser-based plugins for a wide range of password managers including: 1Password, Bitwarden, Dashlane, Enpass, iCloud Passwords, Keeper, LastPass, LogMeOnce, NordPass, ProtonPass, and RoboForm.
#attack
#saas
Another ECS Privilege Escalation Path
Post covering a privilege escalation vector which relies on using functionality designed for the ECS agent to self-register a compromised EC2 and override a task definition.
#attack
#aws
|