All news with #security misconfiguration tag

⚠️ Microsoft’s October Windows 11 updates (notably KB5066835 and the September preview KB5065789) have disrupted HTTP/2 connections to localhost (127.0.0.1), preventing local services and developer tools from completing requests. Users report errors such as "ERR_CONNECTION_RESET" and "ERR_HTTP2_PROTOCOL_ERROR" when applications attempt to connect to the loopback interface. Affected software includes Visual Studio debugging, SSMS Entra ID authentication, and Duo Desktop; community workarounds include disabling HTTP/2 via Registry entries or uninstalling the problematic updates.

🔒 Amazon Elastic Container Service (Amazon ECS) now lets you run Firelens containers as a non-root user by specifying a numeric user ID in the user field of your Task Definition. Running Firelens as non-root reduces the potential attack surface and helps meet security and compliance requirements, including checks surfaced by AWS Security Hub. This capability replaces the previous default of "user": "0" and is available in all AWS Regions. See the Firelens documentation for configuration details.

⚠️ The article warns that unmonitored JavaScript on e-commerce sites is the single biggest holiday security risk, enabling attackers to steal payment data while server-side defenses like WAFs and intrusion detection systems remain blind. It reviews major 2024 incidents, including the Polyfill.io and Cisco Magecart campaigns, and highlights a dramatic uptick in attacks during peak shopping windows. Recommended mitigations emphasize closing visibility gaps with real-time client-side monitoring, maintaining strict third-party script inventories, and deploying Content Security Policy (initially in report-only mode) using nonces rather than weakening directives.

🔒 This article catalogs 15 frequently overlooked security blind spots that quietly increase organizational risk across six domains: time & telemetry, identity & edge, configuration & crypto, DNS & web trust, cloud & SaaS sprawl, and software supply chain & recovery readiness. It explains how mundane issues — NTP drift, orphaned DNS records, default IoT credentials, stale backups — become high-impact failures. The piece recommends immediate inventories, enforced baselines and a 90-day action plan to measure and close these gaps, and highlights metrics to track such as log coverage, patching cadence and backup restore success.

🔒 Microsoft is removing further methods that allow creating local accounts and bypassing the Microsoft account requirement during Windows 11 setup. The change appears in Windows 11 Insider Preview Build 26220.6772 (KB5065797) on the Dev Channel and is expected to reach production releases. Microsoft said it will remove known mechanisms in the OOBE experience because they can skip critical setup screens and leave a device not fully configured. Going forward, OOBE will require internet access and a Microsoft account to complete setup.

🔐 The 2025 State of Cloud Security Report from Fortinet and Cybersecurity Insiders highlights how accelerating cloud adoption and a widespread cybersecurity skills shortage are expanding organizational risk across SaaS, APIs, and hybrid environments. Many incidents result from human error — misconfigurations, exposed APIs, and overprivileged accounts — rather than sophisticated targeted attacks. The post recommends five practical measures, including embracing shared responsibility, enforcing MFA and least privilege, integrating security into CI/CD, automating configuration management, and monitoring SaaS and APIs, and stresses that tools must be paired with user awareness and cultural change.

🔒 Microsoft will no longer display inline SVG images in Outlook for Web and the new Outlook for Windows; users will instead see blank spaces where those images would have appeared. The global rollout began in early September 2025 and is expected to complete by mid‑October 2025, with Microsoft estimating the change will affect less than 0.1% of images. SVG files sent as classic attachments will continue to be viewable from the attachment well to limit user disruption.

⚠️ Microsoft is addressing a logic bug in Microsoft Defender for Endpoint that causes some Dell devices' BIOS firmware to be incorrectly marked as outdated, prompting unnecessary update alerts to users. The company says a fix has been developed and is being prepared for deployment, but it has not disclosed the regions or number of customers affected. Microsoft also recently resolved macOS black screen crashes linked to a deadlock in the Apple enterprise security framework and has been correcting several anti-spam and machine-learning false positives impacting Teams and Exchange Online.

⚠️ Adobe warns that a performance optimization change to Adobe Analytics data collection introduced an ingestion bug on September 17, 2025 at 12:20 UTC that caused some organizations' tracking fields to be overwritten with values from other customers' streams. Adobe reverted the change on September 18 at 11:00 UTC, said the issue was not caused by malicious activity, and reported roughly 3–5% of collected rows were corrupted. Impacted channels include Data Feeds, Live Stream, scheduled reports, and downstream products; Adobe has instructed affected customers to immediately delete any data received during the incident window while engineering teams cleanse impacted datasets.

🔧 Microsoft says it has partially resolved an issue that caused DRM-protected video playback failures on Windows 11 24H2 systems after the August preview update (KB5064081) or later. Affected applications using Enhanced Video Renderer with HDCP enforcement or DRM for digital audio experienced freezes, black screens, and copyright protection errors. The September preview update KB5065789 contains fixes, though Microsoft warns some audio DRM problems may continue for certain applications.

🔒 Cloudflare describes recent security hardening applied to Cloudflare Workers, combining V8 runtime changes with CPU features to strengthen isolation of customer scripts. The post highlights use of memory protection keys (PKU) assigned per-isolate, adoption of V8's sandbox and compressed pointers to confine heap corruption, and custom memory placement to pack sandboxes efficiently. Together these mitigations improve defense-in-depth and reduce opportunities for cross-isolate data leaks.

🎬 Microsoft confirmed a known issue that prevents some apps from playing DRM-protected video content or from displaying and recording live TV on Windows 11 24H2 systems after installing the August non-security preview update (KB5064081) or later. Applications using Enhanced Video Renderer with HDCP enforcement or DRM for digital audio may encounter copyright protection errors, frequent playback interruptions, freezing, or black screens. The vendor is working on a fix that will be delivered in a future Windows update.

🔒 Microsoft 365 has become the central nervous system of modern business, and its market dominance has turned the platform into a lucrative target for attackers. With over 400 million paid seats and tightly integrated apps like Outlook, SharePoint, Teams and OneDrive, a single compromise can cascade across services. Organizations must close backup gaps, adopt zero trust, enforce MFA and deploy cross-application threat detection to reduce catastrophic exposure.

🔧 Microsoft has removed a safeguard hold that blocked upgrades to Windows 11 24H2 on devices running Dirac audio enhancement software after reports that the component cridspapo.dll caused integrated speakers and Bluetooth audio devices to stop working. A new driver is available via Windows Update and Microsoft recommends installing the latest security update; restarting the device may speed the offering. The safeguard hold was lifted on September 11, 2025, but other upgrade blocks remain for unrelated driver and software incompatibilities.

⚠️Microsoft confirmed that the September 2025 Windows security updates can break connections to SMBv1 shares when NetBIOS over TCP/IP (NetBT) is used. The issue affects client releases (Windows 11 24H2/23H2/22H2, Windows 10 22H2/21H2) and server releases (Windows Server 2025, 2022) and may occur if either the SMB client or server has the update. As a temporary workaround, administrators are advised to allow SMB traffic on TCP port 445 so Windows can switch from NetBT to TCP. Microsoft is investigating and developing a fix.

⚠️ A default configuration in Cursor, an AI-powered fork of VS Code, automatically executes tasks when a project folder is opened because Workspace Trust is disabled. Oasis Security demonstrated that a malicious .vscode/tasks.json can run arbitrary commands without user action, risking credential theft and environment takeover. Cursor intends to keep the autorun behavior and advises enabling Workspace Trust manually or using a different editor for untrusted repos.

🔒 This article argues that adopting a security-by-default mindset—setting deny-by-default policies, enforcing MFA, and employing application Ringfencing™—can eliminate whole categories of risk early. Simple changes like disabling Office macros, removing local admin rights, and blocking outbound server traffic create a hardened environment attackers can’t easily penetrate. The author recommends pairing secure defaults with continuous patching and monitored EDR/MDR for comprehensive defense.

🔒 In January 2025 Wiz Research discovered a publicly accessible ClickHouse database belonging to Chinese AI firm DeepSeek, exposing over one million log streams that included chat histories and secret keys. The issue was reported and quickly closed, but the event highlights how misconfigurations and human error can expose sensitive data. To reduce risk, organisations should adopt least-privilege access, deploy DLP solutions, classify high-risk data and provide ongoing staff training.

🔓 UpGuard secured a misconfigured Langflow instance that exposed data for roughly 97,000 insurance customers in Pakistan, including 945 individuals marked as politically exposed persons. The instance was used by Pakistan-based Workcycle Technologies to build AI chatbots for clients such as TPL Insurance and the Federal Board of Revenue. Exposed materials included PII, confidential business documents and credentials; access was removed after notification and UpGuard found no evidence of exploitation.

🔒 UpGuard secured an internet-exposed Langflow instance leaking data on roughly 97,000 Pakistani insurance customers, including 945 individuals flagged as politically exposed persons (PEPs). The instance—used by Pakistan-based consultants Workcycle Technologies to build AI chatbots for clients such as TPL Insurance and the Federal Board of Revenue—contained PII, confidential documents, and plaintext credentials. Access was removed after disclosure; UpGuard found no evidence of active exploitation.