amazon

CVE-2021-3062: CVE-2021-3062 PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users

An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls. Prisma Access customers are not impacted by this issue.

3 years ago

CVE

Open in Source

#vulnerability #web #amazon #js #aws #auth

CVE-2021-3062: CVE-2021-3062 PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users

An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls. Prisma Access customers are not impacted by this issue.

3 years ago

CVE

Open in Source

#vulnerability #amazon

Phishing Attack Blends Spoofed Amazon Order and Fraudulent Customer Service Agents

It's the latest in a series of clever brand impersonation scams that use multiple vectors to lure victims.

3 years ago

DARKReading

Open in Source

#amazon

Coalfire Expands Application Security Vision With Major Upgrade to Application Security Platform, ThreadFix

ThreadFix v3.1 delivers fastest speed for AppSec automation and remediation.

3 years ago

DARKReading

Open in Source

#amazon #oracle #oracle

How to Avoid Another Let's Encrypt-Like Meltdown

Experts weigh in on steps network and security administrators need to take before the next time a root certificate expires.

3 years ago

DARKReading

Open in Source

#amazon #oracle #oracle

Office 365 Phishing Campaign Uses Kaspersky’s Amazon SES Token

It's a legitimate access token, stolen from a third-party contractor, that lets the attackers send phishing emails from kaspersky.com email addresses.

3 years ago

Threatpost

Open in Source

#Hacks #Web Security #amazon #git

Office 365 Phishing Campaign Abuses Stolen Amazon SES Token

Stolen access token leveraged in phishing campaign that spoofs brand name email addresses.

3 years ago

Threatpost

Open in Source

#Cryptography #Web Security #Government #Malware #Mobile Security #Vulnerabilities #android #google #Malware #Vulnerabilities #Web Security #mac #apple #Hacks #Web Security #amazon

Pirate Sports Streamer Gets Busted, Pivots to MLB Extortion

An alleged sports content pirate is accused of not only hijacking leagues' streams but also threatening to tell reporters how he accessed their systems.

3 years ago

Threatpost

Open in Source

#Hacks #Web Security #amazon #git #Vulnerabilities #Web Security

Name That Edge Toon: Parting Thoughts

Feeling creative? Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

3 years ago

DARKReading

Open in Source

#vulnerability #vulnerability #web #amazon

‘Trojan Source’ Hides Invisible Bugs in Source Code

The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware.