All news with #security misconfiguration tag

🔒 Amazon DynamoDB Streams now supports AWS PrivateLink for FIPS endpoints in AWS GovCloud (US) Regions. This enables private connectivity between VPCs and DynamoDB Streams FIPS endpoints, keeping traffic off the public internet for agencies and organizations with federal compliance requirements. The capability simplifies compliant architectures for real-time data processing, CDC, and event-driven applications while maintaining enhanced security and privacy.

🔔 Microsoft confirmed a known issue where domain controller discovery may fail on Windows Server 2016 after installing the KB5087537 May 2026 security update. The problem affects only systems whose hostnames are exactly 15 characters long, causing DCLocator calls to return ERROR_INVALID_PARAMETER. This can prevent applications and admin tools from locating domain controllers and may disrupt administrative scenarios such as DFS Namespace management.

🔒 Amazon Aurora MySQL-Compatible Edition now supports community MySQL 8.4, aligning Aurora version numbers with community releases and managing underlying patches for customers. The release enforces stronger security defaults—TLS 1.2/1.3 only and caching_sha2_password for new accounts—and offers customizable password validation via DB cluster parameter groups. Automated upgrade prechecks reduce upgrade risk, and multiple upgrade and migration paths are supported, including Blue/Green Deployments and AWS DMS.

🔒 An update resolves multiple vulnerabilities in B&R Automation Runtime SDM prior to 6.4 that could allow session takeover, reflected XSS, or CSV formula injection. The vendor corrected the issues in Automation Runtime 6.4 and notes SDM is disabled by default in AR 6. Customers should apply the update based on risk assessment and follow recommended network isolation and access-control practices.

🔧 Microsoft is launching the Driver Quality Initiative to raise the bar for Windows 11 drivers, emphasizing security, stability, and performance across media, display, camera, audio, connectivity, and peripherals. The initiative centers on four pillars: moving drivers from kernel to user mode or Microsoft class drivers; stricter partner verification and automated checks; improved Windows Update catalog hygiene; and expanded telemetry on stability, performance, battery and thermal impact. Microsoft says it will work closely with OEMs and silicon partners including AMD and Intel, and the changes will be phased in across 2026 as WinHEC resumes. The company frames this as a partnership to restore trust in Windows quality after recent criticism.

🔧 Microsoft warns that Windows Update may fail on restricted networks after installing the January 2026 optional preview updates, producing error code 0x80010002. Affected devices may download the February security update but then fail to retrieve March or later releases via the Windows Update settings. The issue stems from tightened download timeout requirements and does not affect installation capability. Admins can apply Known Issue Rollback (KIR) group policies and restart devices to work around the problem.

⚠️ Dell confirmed that its SupportAssist Remediation update is causing blue-screen crashes on some Windows systems after user reports of random reboots began Friday. Dell says version 5.5.16.0 of the Dell SupportAssist Remediation or Alienware SupportAssist Remediation service can trigger 0xEF_DellSupportAss_BUGCHECK_CRITICAL_PROCESS errors and recommends disabling or uninstalling the service as a workaround. Uninstall via Windows Settings (Apps > Installed apps) but note this may remove repair points created by Dell OS SupportAssist Recovery; contact Dell Support if problems persist.

⚠️ ABB reported a vulnerability in the Windows Gateway component of Automation Builder that leaves its TCP listener bound to all interfaces by default on port 1217, enabling remote discovery of AC500 PLCs. The gateway may be installed standalone or bundled with other setups such as CODESYS, and unauthenticated actors can scan for PLCs; PLC user management normally prevents control unless disabled. ABB advises restricting access by setting [CmpGwCommDrvTcp] LocalAddress=127.0.0.1 in Gateway.cfg and restarting the gateway, or upgrading to Automation Builder 2.9.0 where the default is local-only.

🔍 Intruder scanned over 1 million exposed AI services and found pervasive, critical misconfigurations and insecure defaults. Many deployments were reachable with no authentication, exposing chat histories, API keys, and management consoles. Exposed agent platforms (including n8n and Flowise) and thousands of Ollama APIs responded without auth, some wrapping paid frontier models. The findings highlight insecure-by-design defaults, hardcoded credentials, and real risks of code execution, data exfiltration, and abuse.

🛡️ Microsoft Defender began flagging legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha after a signature update on April 30, producing widespread false positives and, in some cases, removing certificates from Windows trust stores. Microsoft issued Security Intelligence updates 1.449.430.0 and 1.449.431.0 to resolve the detections and reportedly restore removed certificates. Administrators can force an update via Windows Security > Virus and threat protection > Protection updates.

⚠ Microsoft confirmed a display bug causing newly introduced Windows security warnings to render incorrectly when opening Remote Desktop (RDP) files. The issue affects all supported Windows releases updated in April 2026 (including Windows 11 KB5083768 & KB5083769, Windows 10 KB5082200, and Windows Server KB5082063) and appears when multiple monitors use different scaling settings, producing overlapping text and misplaced buttons. These dialogs — deployed to warn users about unsigned or unverified RDP files and to show resource redirection settings — can become difficult or impossible to interact with until Microsoft provides a fix.

⚠️ Microsoft has traced an ongoing Universal Print sharing failure to a code change in the Microsoft Graph API, which increased Entra ID directory replication latency and exposed a pre-existing race condition that causes intermittent “Sharing Print Failed” errors when creating certain printer shares. The issue (UP1287359) affects shares created with the "Allow all users in my organization" toggle or when specific users/groups are selected. Microsoft is deploying a corrective code change and published a 13-step workaround that involves creating the share without assigning members initially, waiting for propagation, and then adding users or security groups manually.

⚠️ Cisco issued an IOS XE library update that causes a specific log file on many Catalyst and Wi‑Fi 6 access points to grow by about 5MB per day, potentially filling flash and preventing future firmware upgrades. Administrators should run Cisco’s WLANPoller tool or manually inspect the boot partition with show boot and perform mandatory prechecks close to maintenance windows. If flash is already exhausted an AP may require reboot, manual cleanup, vendor emergency script, or physical intervention to avoid being bricked.

🛡️ A security researcher says Microsoft’s Windows Recall feature remains vulnerable to quiet exfiltration of everything it captures by malware running in the same user context. Alexander Hagenah published a proof-of-concept called TotalRecall Reloaded and disclosed the issue to Microsoft on March 6; Microsoft reviewed and closed the report April 3, calling the behavior "by design." Hagenah says the gap lies not in encryption but in how decrypted screenshots and text are handled and displayed in an unprotected process, allowing same-user code to read Recall data without admin rights or kernel exploits.

🔒 The ShinyHunters extortion group has published data tied to 13.5 million McGraw Hill user accounts after exploiting a misconfiguration in a Salesforce-hosted webpage. McGraw Hill confirmed unauthorized access to a limited set of data and said its internal systems, courseware and customer databases were not affected. Leaked files — over 100GB by Have I Been Pwned — contain names, email addresses, phone numbers and physical addresses that could be used for targeted spear‑phishing.

🔐 Microsoft confirmed that some Windows Server 2025 devices may boot into BitLocker recovery after installing the April 2026 security update KB5082063. The issue affects very specific enterprise configurations where a Group Policy or registry setting includes PCR7 in the TPM platform validation profile while System Information reports Secure Boot State PCR7 Binding as 'Not Possible' and the Windows UEFI CA 2023 certificate is present but the 2023-signed Boot Manager is not yet running. Microsoft says the recovery key entry is required only once and has published workarounds: remove the Group Policy before deployment or apply a Known Issue Rollback (KIR) to prevent triggering BitLocker recovery.

🔒 McGraw-Hill says unauthorized actors accessed a limited set of data hosted on a Salesforce webpage after a platform misconfiguration. The company emphasized this did not involve unauthorized entry to its Salesforce accounts, customer databases, courseware, or internal systems, and that exposed information was non-sensitive. McGraw-Hill secured the pages, engaged external cybersecurity experts, and is working with Salesforce to strengthen protections amid an extortion claim by ShinyHunters.

🚨 An internal late-2024 government report reviewed by ProPublica found that Microsoft’s Government Community Cloud High lacked “proper detailed security documentation,” leaving evaluators with “a lack of confidence” in assessing the platform. One reviewer called the package “a pile of shit.” Despite those findings, FedRAMP authorized the product with a buyer-beware notice, a decision that helped Microsoft expand a multibillion-dollar federal cloud business.

⚠️ Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects, blocking them from publishing Windows builds and security patches without prior notice or a quick reinstatement path. Affected projects include WireGuard, VeraCrypt, MemTest86, and Windscribe. Maintainers report no emails, warnings, or clear appeals process and say they can still publish Linux and macOS updates but not Windows releases. Microsoft said accounts were automatically suspended for failing mandatory verification for the Windows Hardware Program and that outreach and press attention have prompted follow-up from company representatives.

🧩 Commercial off-the-shelf (COTS) cybersecurity tools promise rapid deployment and mature capabilities, but over time they frequently become architectural anchors that are costly and risky to replace. Embedded business logic, vendor-shaped workflows, platform-native customizations, and data entanglement all accrue to create deep vendor lock-in that slows change and raises ongoing costs. The article warns that the next wave—AI-driven security—adds fresh switching costs as models, threat feeds, and baselines become proprietary, and it prescribes architectural patterns—anti-corruption layers, process abstraction, event-driven integration, the strangler fig, and data sovereignty—to keep systems replaceable and preserve strategic flexibility.