All news with #security misconfiguration tag

🏭 The imminent retirement of experienced OT staff is causing a widespread loss of institutional knowledge that directly threatens operational continuity and cybersecurity in industrial environments. Successors often inherit undocumented legacy systems, hidden VLANs, bespoke protocol tweaks and undocumented routing rules that were never captured in official diagrams. That mismatch increases the risk of outages during modernization, lengthens implementation timelines and can unintentionally expand the attack surface through misconfigured segmentation or firewalls. Prioritizing structured knowledge transfer, thorough documentation and OT-aware security practices helps reduce single points of failure and vendor dependence.

⚠️ Microsoft confirmed that a shutdown bug first reported on Windows 11 also affects Windows 10 devices with Virtual Secure Mode (VSM) enabled after recent January updates. The issue was initially tied to Windows 11 23H2 with KB5073455 and System Guard Secure Launch; emergency patches were issued shortly afterward. Affected users can temporarily force a shutdown using the command shutdown /s /t 0 while Microsoft prepares a broader fix.

🔒 Microsoft has resolved a Windows 11 sign-in issue that caused the password icon to disappear from lock screen options after installing August 2025 updates and later. Affected users with multiple sign-in methods could still sign in by hovering over the placeholder to reveal the hidden button. The fix is included in the optional January 2025 KB5074105 preview update released January 29; install via Settings > Windows Update or the Microsoft Update Catalog.

🔒 NationStates has confirmed a data breach after taking its browser-based game offline following a player-reported vulnerability that resulted in remote code execution on the production server. The attacker exploited a double-parsing and input sanitization flaw in the Dispatch Search feature to copy application code and user data, including email addresses, MD5 password hashes, login IPs, and browser User-Agent strings. NationStates says telegram contents were likely partially exposed, is wiping and rebuilding the production environment, has reported the incident to authorities, and expects service to be restored within two to five days.

⚠️ Microsoft says recent Windows 11 boot failures following the January 2026 cumulative update are tied to earlier failed attempts to install the December 2025 security update, which left some systems in an "improper state." After applying KB5074109, affected devices showed a BSOD with stop error UNMOUNTABLE_BOOT_VOLUME. Microsoft is working on a partial resolution to prevent new no-boot cases, but it warns this fix will not repair devices already unable to boot or stop systems from entering the improper state. The company also says the issue appears limited to physical machines.

⚠️Microsoft is investigating reports that some Windows 11 devices fail to boot with the UNMOUNTABLE_BOOT_VOLUME stop error after installing the January 13, 2026 cumulative update KB5074109. Affected systems running Windows 11 25H2 and all editions of 24H2 display a black crash screen and cannot start without manual recovery. Microsoft says only physical devices are impacted so far and asks affected users to submit feedback via the Feedback Hub. The company also released emergency out‑of‑band updates to address an Outlook PST cloud storage freeze.

🧰 Intruder used AI to draft a honeypot for its Rapid Response service and deployed it as intentionally vulnerable infrastructure. Weeks later logs revealed attacker payloads where IP addresses should be, exposing that the AI trusted client-supplied IP headers. Static tools like Semgrep and Gosec did not flag the issue; the flaw required contextual human judgement. The incident underscores risks of over-relying on AI-generated code and the need to adapt code review and CI/CD practices.

🔒 New research from Pentera Labs shows that internal testing, demo, and training applications left in default or misconfigured states are being used as entry points into enterprise cloud environments. The team found popular vulnerable apps such as Hackazon, DVWA, and OWASP Juice Shop exposed on major cloud platforms and sometimes tied to overly permissive IAM roles. Attackers have leveraged these exposures to deploy crypto miners, webshells, and persistence mechanisms; Pentera recommends inventorying assets, enforcing least privilege, isolating labs from production, and expiring temporary test environments.

🔒 Unit 42 researchers discovered an Azure Private Endpoint DNS behavior that can unintentionally or deliberately produce denial-of-service conditions for Azure services. In several scenarios — accidental internal, accidental vendor, and malicious actor — linking a Private DNS zone to a virtual network can force name resolution to the private zone and fail when no A record exists, breaking connectivity to otherwise public endpoints. Microsoft documents a partial mitigation (fallback to internet); alternatives include manually adding DNS records and performing comprehensive discovery with Resource Graph.

⚠️ Organizations should treat the Y2K38 'Epochalypse' as an actionable vulnerability with a fixed deadline: 19 January 2038 at 03:14:07 UTC. Caused by 32‑bit signed Unix epoch counters overflowing, it can roll devices back to 1901 and disrupt payments, medical equipment, industrial control, and certificate validation. Effective mitigation requires a comprehensive inventory, vendor coordination, isolated testing, and migration to 64‑bit time or replacement.

🔒 Cloudflare patched a logic flaw in its ACME HTTP-01 handling that could disable certain WAF protections for specific challenge paths. The issue was reported by researchers from FearsOff through Cloudflare’s bug bounty program on October 13, 2025, and affected requests to /.well-known/acme-challenge/*. In some cases, challenge requests could reach customer origins when they should have been blocked because WAF features were incorrectly disabled. Cloudflare implemented a code change to ensure WAF disabling only occurs when Cloudflare will serve a valid ACME challenge response; no customer action is required and there is no known abuse.

🔊 Google acknowledged a software bug that causes volume buttons to control the device's Accessibility volume instead of the Media volume when the Select to Speak accessibility service is enabled. The issue also prevents using volume keys as a shutter shortcut in the Camera app. Google has not specified which Android versions or how many users are affected, nor provided an ETA for a permanent fix. A temporary workaround is to disable Select to Speak via Settings → Accessibility.

🔒 The Illinois Department of Human Services (IDHS) said that misconfigured privacy settings on a public mapping website exposed personal and health-related information for nearly 700,000 residents. Maps intended for internal resource planning were publicly accessible for years, revealing addresses, case numbers, demographics, and plan names for many Medicaid and Medicare Savings Program recipients, and additional identifying details for some rehabilitation services customers. IDHS restricted access, reviewed exposed maps, blocked future uploads of identifiable customer data to public mapping platforms, and has notified affected individuals and regulators.

⚠️ Multiple Cisco switch models are entering reboot loops after an apparent firmware bug in the internal DNS client began treating DNS lookup failures as fatal errors. The problem began around 2 AM and affected devices log fatal DNS_CLIENT errors (for example 'SRCADDRFAIL' when resolving 'www.cisco.com'), then reboot every few minutes, seriously disrupting network operations. Administrators report affected lines include CBS, SG and Catalyst C1200/C1300 series. Temporary mitigations include disabling DNS or SNTP on management interfaces or blocking outbound management access while Cisco investigates.

📧 Microsoft Threat Intelligence warns of a surge in phishing campaigns that exploit misconfigured mail routing and domain spoofing protections to make malicious messages appear internal to Microsoft 365 tenants. Attackers target users with HR- and IT-themed lures to steal credentials, often pairing the technique with phishing-as-a-service kits like Typhoon2FA. The vector depends on tenants whose MX records are not pointed directly at Office 365, bypassing built-in spoof detection. Organizations should correct MX configuration, enforce DMARC and deploy phishing-resistant MFA for privileged roles.

⚠️Logitech's Options+ and G HUB apps on macOS stopped launching after their code-signing certificate expired, preventing users from accessing custom gestures, button mappings, lighting presets, and other saved settings. Logitech acknowledged the outage on its support portal and said it will push a new macOS installer that preserves user profiles without changing the visible app version. Community-proposed workarounds include rolling the system date back, installing older builds, or blocking network access, but these are unverified and may have trade-offs. Until an official update is released, users are advised not to delete configuration files to avoid losing customizations.

🔒 A Qualys survey and analysis of roughly 44 million public-cloud VMs highlights widespread misconfiguration: 45% of AWS, 63% of GCP and 70% of Azure instances showed issues. Respondents reported breaches and identified misconfigured services as a leading cloud risk. Experts cite neglected logging, monitoring and MFA, rushed M&A integrations and understaffed small firms as common causes. The piece recommends concrete controls — from Infrastructure as Code and continuous scanning to private networking and least-privilege — to reduce exposure.

👁 Flock’s exposed livestreams show that its AI-enabled Condor pan-tilt-zoom (PTZ) cameras can automatically zoom in on and track people in public spaces. Reporters observed high-resolution footage capturing individuals on bike paths, in parking lots, at playgrounds, and at stoplights, with cameras following faces and recording close-up detail. These exposures underscore privacy and security risks from networked AI surveillance and inadequate access controls.

🔧Microsoft released an out-of-band update (KB5074976) via the Update Catalog to address issues introduced by the December 9, 2025 Windows 10 security update that broke Message Queuing (MSMQ). Affected systems may see inactive queues, resource errors, and failures writing to queues, particularly in clustered or high-load enterprise environments. The OOB is not distributed via Windows Update or WSUS; only devices enrolled for Windows 10 ESU should install it if impacted.

✈️ A man reportedly boarded a British Airways flight at London Heathrow without a ticket or passport. Sources say he tailgated through to the security screening area and passed screening without being detected carrying banned items. At check-in he allegedly deceived a BA agent by posing as a family member whose passports and boarding passes had already been inspected. Authorities are investigating potential procedural and access-control failures.