This week's articles
Hacking Formula 1: Accessing Max Verstappen's passport and PII through FIA bugs
Researchers discovered a critical vulnerability in FIA's driver categorization website that allowed privilege escalation to admin level. This enabled access to sensitive documents including passports, PII, and communications for F1 drivers like Max Verstappen through a simple HTTP PUT request manipulation.
#attack
#saas
ECS on EC2: Covering Gaps in IMDS Hardening
The article discusses securing ECS on EC2 by blocking IMDS access. IMDSv2 with hop limit 1 only blocks access in bridge mode but not in awsvpc or host modes. Different networking modes require specific configurations to protect against privilege escalation attacks like ECScape.
#aws
#containers
#defend
#iam
Google Confidential Space Security Assessment
During the spring of 2025, Google engaged NCC Group to conduct the security assessment of Confidential Space, a cloud-based system designed to provide isolated execution environments for sensitive workloads.
#defend
|