All news with #security misconfiguration tag

⚠️ Microsoft has paused the rollout of a Windows 11 preview update, KB5079391, after reports that installations fail with error 0x80073712. The optional cumulative update targeted Windows 11 24H2 and 25H2 and bundled 29 changes, including Smart App Control, display improvements, improved Windows Hello fingerprint reliability, and Windows RE stability for x64 apps on ARM64 devices. To prevent further impact, Microsoft has temporarily limited the update's availability through Windows Update while it investigates and said the issue will most likely be resolved before the April 14 Patch Tuesday, though no firm timeline was provided.

🔒 Cloud virtual machines deliver speed, scale and agility, but uncontrolled VM sprawl creates persistent security gaps. Many instances are provisioned quickly and then left unmanaged—missing OS updates, scoped permissions and continuous monitoring—so they can be abused for lateral movement or used as throwaway attack infrastructure. Organizations should inventory VMs, tighten workload identities and apply continuous, identity‑aware monitoring to reduce risk.

🔊 Denver's newly installed pedestrian audio units on East Colfax Avenue were hijacked over the weekend to broadcast explicit anti-Trump messages in a robotic voice, startling pedestrians. Officials report the devices were activated while still using factory-default credentials; passwords have since been changed and police are investigating. The tampering created a safety hazard for people with visual impairments and echoes prior incidents involving Polara crosswalk systems.

🔒 CISA urged U.S. organizations to strengthen Microsoft Intune administrative controls after a cyberattack exploited Intune to wipe devices at medical technology firm Stryker. Attackers allegedly created a new Global Administrator account, exfiltrated data, then used Intune’s built‑in wipe to erase nearly 80,000 devices. CISA recommended least‑privilege RBAC, enforced MFA via Microsoft Entra, privileged‑access hygiene, and multi‑admin approval for sensitive actions to reduce similar risks.

🔒 Most major cloud breaches in recent years have stemmed from basic misconfigurations rather than sophisticated zero-days or custom malware. The article highlights incidents such as Snowflake (2024), AT&T, Ticketmaster and Capital One to show how exposed credentials, public storage buckets and missing controls led to vast data exposure. Immediate actions recommended are enabling MFA everywhere, enforcing account-level public access blockers, activating comprehensive logging across AWS/Azure/GCP, and prioritizing remediation of exposed buckets and keys, while longer-term fixes include CSPM tools and infrastructure-as-code security checks.

🔒 CISA warns of malicious activity targeting endpoint management systems following the March 11, 2026 attack against Stryker Corporation that affected its Microsoft environment. The agency urges organizations to harden endpoint management configurations and adopt Microsoft’s newly released best practices for securing Microsoft Intune, while applying those principles to other endpoint management tools. Key recommended controls include RBAC-based least-privilege administrative roles, phishing-resistant MFA and privileged access hygiene using Microsoft Entra ID, and configuring Multi Admin Approval policies for high-impact actions such as device wipes, application and script changes, and RBAC modifications.

🔒 The Federal Office for Information Security (BSI) has warned that software used in medical practices, clinics and long-term care needs stronger protections to safeguard sensitive patient data. In tests of standard configurations, the agency described the IT security of healthcare software as in need of improvement, finding chains of vulnerabilities in three of four representative practice management systems that could be exploited from the Internet. Outdated encryption algorithms were specifically cited; manufacturers were informed and issued timely fixes.

⚠️ Microsoft removed the Samsung Galaxy Connect app from the Microsoft Store after a joint investigation concluded the app (used for screen mirroring, file sharing and data transfer) was triggering "C:\ is not accessible – Access denied" errors on certain Windows 11 Samsung Galaxy Book 4 and desktop models. Affected users reported blocked applications, failure to access files, and privilege elevation problems that impeded diagnostics. Samsung republished a stable previous version to stop further occurrences, but recovery options for impacted devices remain limited. Microsoft and Samsung have not published a workaround yet; users should contact Samsung for device-specific support.

🔒 Google is testing a change in Android 17 Beta 2 within its Advanced Protection Mode that blocks apps not designated as accessibility tools from using the system Accessibility Services API. Apps without the isAccessibilityTool="true" flag will have existing permissions revoked when AAPM is active, and users cannot grant new access until the mode is turned off. Verified assistive tools such as screen readers and Braille programs remain exempt.

⚠️Microsoft is investigating reports that some Samsung laptops running Windows 11 lose access to the C:\ drive after installing the February 2026 security updates. Affected users encounter the error 'C:\ is not accessible - Access denied' and cannot launch applications such as Outlook, Office apps, web browsers, and system utilities. Microsoft says it is working with Samsung and that the problem may be related to the Samsung Share application, but no official workaround has been provided.

🔍Salesforce has warned that a threat actor is using a customized version of the open-source tool AuraInspector to mass-scan publicly accessible Experience Cloud sites and exploit overly permissive guest user configurations. The modified tool can both identify vulnerable API endpoints and extract data from misconfigured environments without authentication. Salesforce says the activity targets customer configuration weaknesses rather than a platform flaw and urges customers to review guest user settings and follow recommended configuration guidance.

🔒 Google patched a high-severity WebView policy enforcement bug, CVE-2026-0628 (CVSS 8.8), in early January 2026 that could let a malicious extension inject scripts or HTML into the browser's new Gemini side panel. Discovered by Palo Alto Networks Unit 42 researcher Gal Weizman, the flaw could have enabled privilege escalation to access local files, take screenshots, and turn on camera or microphone without consent. The fix shipped in Chrome 143.0.7499.192/.193 (Windows/Mac) and 143.0.7499.192 (Linux).

🔒 Microsoft is rolling out Windows 11 Insider Preview builds that introduce a secure processing mode for batch files and CMD scripts. Administrators can enable the feature via the LockBatchFilesInUse registry value under HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor or via the LockBatchFilesWhenInUse manifest control. When enabled, batch files cannot be modified while executing and signature validation runs once rather than per statement, improving both security and performance for scripted enterprise workflows.

🔒 New research examines whether cloud-based password managers can be misused by those controlling servers. Researchers reverse-engineered and closely analyzed Bitwarden, Dashlane, and LastPass, finding that features such as account recovery, shared vaults, and group organization can be abused so a server operator or a compromised server can extract credentials or entire vaults. The study also describes protocol-level attacks that can weaken encryption, potentially converting ciphertext into plaintext. The author contrasts these cloud models with Password Safe, a local-only manager that avoids recovery features and the cloud.

🔓 PayPal is notifying customers that a software error in its PayPal Working Capital loan application exposed sensitive personal information, including Social Security numbers, for nearly six months. The company says the issue, present from July 1 to December 13, 2025, was caused by a code change that was rolled back after discovery on December 12. PayPal has reset passwords for affected accounts, refunded unauthorized transactions for some users, and is offering two years of Equifax credit monitoring.

⚠️ Microsoft says a software error in its email security system incorrectly flagged thousands of legitimate URLs as phishing links, preventing users from opening messages across Exchange Online and Teams. The issue, which began on February 5 and persisted until February 12, caused some emails to be quarantined and generated false "potentially malicious URL click" alerts for administrators. Microsoft traced the fault to a logic error in heuristic detection rules intended to catch credential phishing and said it will publish a final report after full remediation.

⚠️ Koi Security found that an abandoned Outlook add-in, AgreeTo, was hijacked to run phishing kits that captured roughly 4,000 Microsoft account credentials. The attacker claimed an orphaned Vercel subdomain referenced in the add-in’s XML manifest and replaced live content with a fake sign-in page while retaining mailbox permissions. Microsoft had validated and signed the original manifest but does not re-review hosted content fetched at runtime. Users should remove AgreeTo and reset affected passwords immediately.

⚠️ New York’s 2026–2027 executive budget bill proposes a blocking technology requirement for all 3D printers sold or delivered in the state. The provision would require firmware or software to scan every print file with a firearms blueprint detection algorithm and refuse prints flagged as potential firearms or components. While intended to curb illicit weapon production, critics say it resembles DRM, will be technically ineffective, and would impose significant burdens on makers, educators, and small manufacturers.

🔓 Pentera Labs identified nearly 2,000 intentionally vulnerable training and demo applications exposed on public cloud infrastructure, many linked to active cloud identities and overly permissive roles. Tools such as OWASP Juice Shop and DVWA were frequently deployed with default settings and minimal isolation, allowing attackers to install crypto-miners, webshells, and persistence tooling. The findings warn that labeling environments as training does not remove their real-world risk when they are publicly accessible and integrated with privileged cloud accounts.

🔐 Microsoft will introduce smartphone-style permission prompts in Windows 11 to request user consent before apps access sensitive resources such as files, cameras, and microphones. The company is also launching a Windows Baseline Security Mode to enable runtime integrity safeguards by default while still permitting targeted overrides for specific apps. These changes are part of the Secure Future Initiative and will roll out in phases with developer, enterprise, and ecosystem feedback. Users and IT administrators will be able to view, grant, or revoke app permissions and will receive clearer prompts when apps attempt to install unwanted software or access protected data.