All news with #security misconfiguration tag

⚠️ Multiple Cisco switch models are entering reboot loops after an apparent firmware bug in the internal DNS client began treating DNS lookup failures as fatal errors. The problem began around 2 AM and affected devices log fatal DNS_CLIENT errors (for example 'SRCADDRFAIL' when resolving 'www.cisco.com'), then reboot every few minutes, seriously disrupting network operations. Administrators report affected lines include CBS, SG and Catalyst C1200/C1300 series. Temporary mitigations include disabling DNS or SNTP on management interfaces or blocking outbound management access while Cisco investigates.

📧 Microsoft Threat Intelligence warns of a surge in phishing campaigns that exploit misconfigured mail routing and domain spoofing protections to make malicious messages appear internal to Microsoft 365 tenants. Attackers target users with HR- and IT-themed lures to steal credentials, often pairing the technique with phishing-as-a-service kits like Typhoon2FA. The vector depends on tenants whose MX records are not pointed directly at Office 365, bypassing built-in spoof detection. Organizations should correct MX configuration, enforce DMARC and deploy phishing-resistant MFA for privileged roles.

⚠️Logitech's Options+ and G HUB apps on macOS stopped launching after their code-signing certificate expired, preventing users from accessing custom gestures, button mappings, lighting presets, and other saved settings. Logitech acknowledged the outage on its support portal and said it will push a new macOS installer that preserves user profiles without changing the visible app version. Community-proposed workarounds include rolling the system date back, installing older builds, or blocking network access, but these are unverified and may have trade-offs. Until an official update is released, users are advised not to delete configuration files to avoid losing customizations.

🔒 A Qualys survey and analysis of roughly 44 million public-cloud VMs highlights widespread misconfiguration: 45% of AWS, 63% of GCP and 70% of Azure instances showed issues. Respondents reported breaches and identified misconfigured services as a leading cloud risk. Experts cite neglected logging, monitoring and MFA, rushed M&A integrations and understaffed small firms as common causes. The piece recommends concrete controls — from Infrastructure as Code and continuous scanning to private networking and least-privilege — to reduce exposure.

👁 Flock’s exposed livestreams show that its AI-enabled Condor pan-tilt-zoom (PTZ) cameras can automatically zoom in on and track people in public spaces. Reporters observed high-resolution footage capturing individuals on bike paths, in parking lots, at playgrounds, and at stoplights, with cameras following faces and recording close-up detail. These exposures underscore privacy and security risks from networked AI surveillance and inadequate access controls.

🔧Microsoft released an out-of-band update (KB5074976) via the Update Catalog to address issues introduced by the December 9, 2025 Windows 10 security update that broke Message Queuing (MSMQ). Affected systems may see inactive queues, resource errors, and failures writing to queues, particularly in clustered or high-load enterprise environments. The OOB is not distributed via Windows Update or WSUS; only devices enrolled for Windows 10 ESU should install it if impacted.

✈️ A man reportedly boarded a British Airways flight at London Heathrow without a ticket or passport. Sources say he tailgated through to the security screening area and passed screening without being detected carrying banned items. At check-in he allegedly deceived a BA agent by posing as a family member whose passports and boarding passes had already been inspected. Authorities are investigating potential procedural and access-control failures.

🔒 Cybernews reports researchers found an unsecured 16 TB MongoDB instance exposing roughly 4.3 billion personal and professional records. The dataset included names, emails, phone numbers, LinkedIn profile details, employment history, education, social accounts and profile images — data consistent with large-scale LinkedIn scraping. The operator secured the database two days after discovery on 25 November 2025, but ownership and the full exposure window remain unknown.

⚠️ Microsoft warns a December security update (KB5071546) can cause MSMQ to become inactive in enterprise and clustered environments, disrupting applications that rely on queued messaging. Reported symptoms include IIS failures with resource errors, applications unable to write to queues, and misleading log entries about disk space. Microsoft says a workaround exists but directs admins to contact Support for Business; community responders have recommended temporarily granting write access to C:\Windows\System32\msmq or rolling back the update until an official fix is issued. Affected systems include Windows Server 2012/2012 R2/2016/2019 and several Windows 10 builds.

⚠ Microsoft has asked enterprise customers to contact support for guidance after a Message Queuing (MSMQ) change in recent December 2025 updates caused applications and IIS sites to fail. The bug, affecting Windows 10 22H2, Windows Server 2019, and 2016 systems with KB5071546/KB5071544/KB5071543 installed, alters NTFS permissions on C:\Windows\System32\MSMQ\storage, requiring write access and causing resource errors. Microsoft is investigating and advising businesses to seek tailored mitigations or consider rolling back updates.

🔒 Users accessing SoundCloud through many VPN services are currently blocked and receive a 403 'forbidden' server response. The problem has persisted for four days and was independently confirmed after multiple Reddit reports. SoundCloud's senior director of communications said configuration changes caused temporary connectivity issues and the company is working on a fix with no timeline given. Some VPN providers or server locations continue to work for certain users.

🔧 Microsoft warns that recent Windows 11 updates, starting with the KB5067036 October 28, 2025 non-security update and including later releases such as KB5072033, can break VPN networking for enterprise users running WSL with mirrored mode enabled. Affected users report "No route to host" errors inside WSL because some third-party VPN virtual interfaces (for example OpenVPN and Cisco Secure Client) do not respond to ARP requests and so fail to resolve IP-to-MAC mappings. Microsoft is investigating the issue but has not provided a workaround or ETA for a fix.

⚠️ Microsoft has confirmed that its December 2025 security updates are breaking Message Queuing (MSMQ) on affected systems. Machines with KB5071546, KB5071544, or KB5071543 installed — including Windows 10 22H2, Windows Server 2019, and Windows Server 2016 — can experience inactive queues, IIS sites failing with 'insufficient resources', and applications unable to write to queues. Microsoft attributes the failures to security model and NTFS permission changes that require MSMQ users to have write access to C:\Windows\System32\MSMQ\storage; a timeline for a fix has not been provided.

🔒 UpGuard's analysis found thousands of publicly accessible Streamlit applications exposing PII and confidential business data due to default public hosting and common misconfiguration. Using internet scans in October 2025, researchers identified nearly 15,000 IPs running Streamlit and more than ten thousand self-hosted apps reachable without authentication, while Community Cloud counts were substantially larger. The report warns that shadow AI—unsanctioned, persistent apps—can massively expand the attack surface and recommends inventory, access controls, authentication by default, and continuous monitoring.

⚠️ On December 5, 2025 a configuration change to Cloudflare’s Web Application Firewall (WAF) triggered an error in a subset of proxies, causing HTTP 500 responses for affected customers. The change — increasing WAF request-body buffering to mitigate CVE-2025-55182 — was rolled out gradually, but a separate global configuration update disabled an internal tool and propagated immediately. That global change caused a Lua runtime nil lookup in the older FL1 proxy when a killswitch skipped an execute action in a ruleset; the change was reverted within 25 minutes and the incident was not caused by malicious activity.

🔒 Microsoft warned that updates to Windows 11 released since August may make the password sign‑in icon invisible on the lock screen for systems with multiple sign‑in options. The button remains functional — hovering over the blank space reveals the password control. The issue is tied to the non‑security preview KB5064081 and later releases on 24H2/25H2. Microsoft has provided no timeline for a fix and offers no workaround beyond the hover action.

⚠️ Festo has disclosed two critical vulnerabilities affecting multiple Compact Vision System, control block, controller, and operator unit products, with CVSS ratings up to 9.8. One issue stems from an insecure default that allows remote, unauthenticated access if passwords are not enabled; the other permits an authenticated attacker to read or modify configuration files. Festo and CERT@VDE recommend enabling password protection, using online user management where applicable, and minimizing network exposure of affected devices.

⚠️ Microsoft confirmed a Windows 11, version 24H2 bug in cumulative updates released since July 2025 that causes XAML dependency packages not to register in time, leading Explorer, StartMenuExperienceHost, ShellHost.exe and other shell components to crash or fail to initialize. Microsoft provided three PowerShell Add-AppxPackage commands as a temporary workaround and says a restart is required after running them. Organizations using non-persistent VDI should run a logon script to provision the packages before Explorer launches; a permanent fix is in development with no timeline.

🔒 AWS Organizations Tag Policies introduces Reporting for Required Tags, a validation check that ensures IaC deployments include mandatory tags. You define a tag policy specifying required keys and enable validation for CloudFormation, Terraform, or Pulumi workflows. Validation is implemented by activating the AWS::TagPolicies::TaggingComplianceValidator Hook in CloudFormation, adding plan-time checks in Terraform, or enabling the aws-organizations-tag-policies policy pack in Pulumi. The feature is available via the AWS Management Console, AWS CLI, and AWS SDK in supported Regions.

🔒 Enterprises continue to struggle with cloud misconfigurations that expose sensitive data, according to recent industry reporting and a Qualys study. The report cites a 28% breach rate tied to cloud or SaaS services over the past year and high misconfiguration rates across AWS (45%), GCP (63%) and Azure (70%). Experts blame permissive provider defaults, shadow IT and rapid business-driven deployments, and recommend controls such as MFA everywhere, private networking, encryption, least-privilege and infrastructure-as-code.