This week’s cybersecurity news highlights include the Amazon ECS privilege escalation attack, a major data breach at Alera Group, and the urgent response to a Microsoft Exchange vulnerability. These stories underscore the ongoing threats and industry responses within the cybersecurity landscape. #ECScape #AleraGroup #MicrosoftExchange
Keypoints
- An attack method named ECScape enables privilege escalation in Amazon ECS containers, but AWS does not label it a vulnerability.
- Alera Group experienced a data breach exposing sensitive information of 155,000 clients and employees.
- Nvidia emphasizes that its chips do not contain backdoors or kill switches to prevent malicious exploitation.
- Chanel was targeted through a third-party service, with other fashion brands also affected by the ShinyHunters group.
- CISA issued an emergency directive for a Microsoft Exchange privilege escalation vulnerability impacting federal agencies.