< ciso
brief />
Tag Banner

All news with #security misconfiguration tag

140 articles · page 6 of 7

Microsoft Blocks More Ways to Bypass Windows 11 MSA

🔒 Microsoft is removing further methods that allow creating local accounts and bypassing the Microsoft account requirement during Windows 11 setup. The change appears in Windows 11 Insider Preview Build 26220.6772 (KB5065797) on the Dev Channel and is expected to reach production releases. Microsoft said it will remove known mechanisms in the OOBE experience because they can skip critical setup screens and leave a device not fully configured. Going forward, OOBE will require internet access and a Microsoft account to complete setup.
read more →

Cloud and Application Security: Awareness Best Practices

🔐 The 2025 State of Cloud Security Report from Fortinet and Cybersecurity Insiders highlights how accelerating cloud adoption and a widespread cybersecurity skills shortage are expanding organizational risk across SaaS, APIs, and hybrid environments. Many incidents result from human error — misconfigurations, exposed APIs, and overprivileged accounts — rather than sophisticated targeted attacks. The post recommends five practical measures, including embracing shared responsibility, enforcing MFA and least privilege, integrating security into CI/CD, automating configuration management, and monitoring SaaS and APIs, and stresses that tools must be paired with user awareness and cultural change.
read more →

Microsoft Outlook stops displaying inline SVG images

🔒 Microsoft will no longer display inline SVG images in Outlook for Web and the new Outlook for Windows; users will instead see blank spaces where those images would have appeared. The global rollout began in early September 2025 and is expected to complete by mid‑October 2025, with Microsoft estimating the change will affect less than 0.1% of images. SVG files sent as classic attachments will continue to be viewable from the attachment well to limit user disruption.
read more →

Microsoft Defender Bug Triggers False BIOS Update Alerts

⚠️ Microsoft is addressing a logic bug in Microsoft Defender for Endpoint that causes some Dell devices' BIOS firmware to be incorrectly marked as outdated, prompting unnecessary update alerts to users. The company says a fix has been developed and is being prepared for deployment, but it has not disclosed the regions or number of customers affected. Microsoft also recently resolved macOS black screen crashes linked to a deadlock in the Apple enterprise security framework and has been correcting several anti-spam and machine-learning false positives impacting Teams and Exchange Online.
read more →

Adobe Analytics ingestion bug leaked customer data

⚠️ Adobe warns that a performance optimization change to Adobe Analytics data collection introduced an ingestion bug on September 17, 2025 at 12:20 UTC that caused some organizations' tracking fields to be overwritten with values from other customers' streams. Adobe reverted the change on September 18 at 11:00 UTC, said the issue was not caused by malicious activity, and reported roughly 3–5% of collected rows were corrupted. Impacted channels include Data Feeds, Live Stream, scheduled reports, and downstream products; Adobe has instructed affected customers to immediately delete any data received during the incident window while engineering teams cleanse impacted datasets.
read more →

Microsoft Partially Resolves DRM Video Playback Issue

🔧 Microsoft says it has partially resolved an issue that caused DRM-protected video playback failures on Windows 11 24H2 systems after the August preview update (KB5064081) or later. Affected applications using Enhanced Video Renderer with HDCP enforcement or DRM for digital audio experienced freezes, black screens, and copyright protection errors. The September preview update KB5065789 contains fixes, though Microsoft warns some audio DRM problems may continue for certain applications.
read more →

Safe in the Sandbox: Security Hardening for Workers

🔒 Cloudflare describes recent security hardening applied to Cloudflare Workers, combining V8 runtime changes with CPU features to strengthen isolation of customer scripts. The post highlights use of memory protection keys (PKU) assigned per-isolate, adoption of V8's sandbox and compressed pointers to confine heap corruption, and custom memory placement to pack sandboxes efficiently. Together these mitigations improve defense-in-depth and reduce opportunities for cross-isolate data leaks.
read more →

Microsoft: Updates Causing DRM Video Playback Issues

🎬 Microsoft confirmed a known issue that prevents some apps from playing DRM-protected video content or from displaying and recording live TV on Windows 11 24H2 systems after installing the August non-security preview update (KB5064081) or later. Applications using Enhanced Video Renderer with HDCP enforcement or DRM for digital audio may encounter copyright protection errors, frequent playback interruptions, freezing, or black screens. The vendor is working on a fix that will be delivered in a future Windows update.
read more →

Microsoft 365: Why Its Dominance Creates Major Risk

🔒 Microsoft 365 has become the central nervous system of modern business, and its market dominance has turned the platform into a lucrative target for attackers. With over 400 million paid seats and tightly integrated apps like Outlook, SharePoint, Teams and OneDrive, a single compromise can cascade across services. Organizations must close backup gaps, adopt zero trust, enforce MFA and deploy cross-application threat detection to reduce catastrophic exposure.
read more →

Microsoft removes upgrade block for Windows 11 audio

🔧 Microsoft has removed a safeguard hold that blocked upgrades to Windows 11 24H2 on devices running Dirac audio enhancement software after reports that the component cridspapo.dll caused integrated speakers and Bluetooth audio devices to stop working. A new driver is available via Windows Update and Microsoft recommends installing the latest security update; restarting the device may speed the offering. The safeguard hold was lifted on September 11, 2025, but other upgrade blocks remain for unrelated driver and software incompatibilities.
read more →

Microsoft: September Windows Updates Break SMBv1 Shares

⚠️Microsoft confirmed that the September 2025 Windows security updates can break connections to SMBv1 shares when NetBIOS over TCP/IP (NetBT) is used. The issue affects client releases (Windows 11 24H2/23H2/22H2, Windows 10 22H2/21H2) and server releases (Windows Server 2025, 2022) and may occur if either the SMB client or server has the update. As a temporary workaround, administrators are advised to allow SMB traffic on TCP port 445 so Windows can switch from NetBT to TCP. Microsoft is investigating and developing a fix.
read more →

Cursor AI IDE auto-runs tasks, exposing developers worldwide

⚠️ A default configuration in Cursor, an AI-powered fork of VS Code, automatically executes tasks when a project folder is opened because Workspace Trust is disabled. Oasis Security demonstrated that a malicious .vscode/tasks.json can run arbitrary commands without user action, risking credential theft and environment takeover. Cursor intends to keep the autorun behavior and advises enabling Workspace Trust manually or using a different editor for untrusted repos.
read more →

Secure-by-Default: Simple Defaults to Shrink Attack Surface

🔒 This article argues that adopting a security-by-default mindset—setting deny-by-default policies, enforcing MFA, and employing application Ringfencing™—can eliminate whole categories of risk early. Simple changes like disabling Office macros, removing local admin rights, and blocking outbound server traffic create a hardened environment attackers can’t easily penetrate. The author recommends pairing secure defaults with continuous patching and monitored EDR/MDR for comprehensive defense.
read more →

Detecting and Preventing Data Leaks Before Disaster

🔒 In January 2025 Wiz Research discovered a publicly accessible ClickHouse database belonging to Chinese AI firm DeepSeek, exposing over one million log streams that included chat histories and secret keys. The issue was reported and quickly closed, but the event highlights how misconfigurations and human error can expose sensitive data. To reduce risk, organisations should adopt least-privilege access, deploy DLP solutions, classify high-risk data and provide ongoing staff training.
read more →

Langflow Misconfiguration Exposes Data of Pakistani Insurers

🔓 UpGuard secured a misconfigured Langflow instance that exposed data for roughly 97,000 insurance customers in Pakistan, including 945 individuals marked as politically exposed persons. The instance was used by Pakistan-based Workcycle Technologies to build AI chatbots for clients such as TPL Insurance and the Federal Board of Revenue. Exposed materials included PII, confidential business documents and credentials; access was removed after notification and UpGuard found no evidence of exploitation.
read more →

Langflow Misconfiguration Exposes 97,000 Pakistani Records

🔒 UpGuard secured an internet-exposed Langflow instance leaking data on roughly 97,000 Pakistani insurance customers, including 945 individuals flagged as politically exposed persons (PEPs). The instance—used by Pakistan-based consultants Workcycle Technologies to build AI chatbots for clients such as TPL Insurance and the Federal Board of Revenue—contained PII, confidential documents, and plaintext credentials. Access was removed after disclosure; UpGuard found no evidence of active exploitation.
read more →

Public Exposure of Tetrad Consumer Data Sets in S3

🔓 UpGuard Research discovered a publicly accessible Amazon S3 bucket containing detailed consumer data attributed to Tetrad, including files derived from Experian Mosaic, Claritas/PRIZM, and client-supplied datasets covering over 120 million U.S. household records. The exposure included full names, addresses, gender, Mosaic codes, and retailer account and purchase information. UpGuard notified Tetrad in early February and, after repeated contact, the company removed public access and secured the bucket. The dataset's breadth raises significant privacy and targeted-risk concerns for individuals and communities.
read more →

Spartan Technology S3 Exposure of South Carolina Arrests

🔒 UpGuard Research discovered a publicly accessible AWS S3 bucket containing roughly 60 GB of MSSQL backups uploaded by a Spartan Technology employee, exposing South Carolina justice-system records spanning 2008–2018. The dataset included about 5.2 million arrest-event rows, tens of millions of related records, and sensitive PII such as names, dates of birth, driver’s license numbers and roughly 17,000 Social Security numbers. Permissions included the "AuthenticatedUsers" group, enabling broad access; Spartan removed public access the same day after notification.
read more →

AggregateIQ Files Part Three: Monarch and Saga Tools

🔎 The UpGuard Cyber Risk Team details a public discovery of AggregateIQ repositories that exposed sophisticated political targeting tools. The report highlights project families Monarch and Saga, describing ad-scraping scripts, pixel trackers, and ingestion services that link Facebook ad activity to web behavior. Exposed credentials and AWS assets amplify privacy and oversight concerns.
read more →

111 GB Customer Data Exposure at National Credit Federation

🔓UpGuard discovered 111 GB of internal customer records from National Credit Federation stored in a publicly accessible Amazon S3 bucket, including names, addresses, dates of birth, scanned driver’s licenses and Social Security cards, full bank and credit card numbers, and complete credit reports. The repository contained personalized credit blueprints and videos showing employee access. UpGuard notified the company, which promptly secured the bucket. The case highlights the need for rigorous cloud permission controls and continuous configuration monitoring.
read more →