Security news aggregator

Latest coverage for Misconfiguration

Misconfiguration exposes assets through unsafe settings, enabling unauthorized access or data loss; secure baselines, reviews, and least privilege reduce risk.

32 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Misconfiguration is an insecure or unintended setting in a system, application, network, cloud resource, or identity control. Examples include publicly accessible storage, default credentials, overly broad permissions, exposed management interfaces, unnecessary services, and weak encryption settings. Attackers can discover these conditions through scanning or by abusing access they already possess; depending on the asset and data involved, the result may be unauthorized access, data exposure, or expanded control of connected systems.

The main defense is to define and enforce secure configuration baselines: disable unused features, remove default accounts and secrets, restrict network exposure, apply least privilege, and protect sensitive data with appropriate access controls and encryption. Review configurations before deployment and monitor for drift afterward, including in infrastructure managed as code. Prioritize findings by internet exposure, privilege, data sensitivity, and exploitability, then verify that remediation actually restored the intended state.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 32 Filtered view
Bank Info Security 2 months, 3 weeks ago

A Token Flaw Turned Azure's AI Agent Into a Spy

Outsiders Could Exploit Misconfig to Stream Commands, CredentialsA misconfiguration in Microsoft's Azure SRE Agent may have allowed any Azure account holder from any company to tap into another organization's agent conversations in real time, watching commands, outputs and credentials, leaving no trace.

CISA: Iran-Linked Groups Actively Exploiting OT Exposure Risks, PLC ProgrammersFederal agencies are warning that Iranian-linked actors have begun actively exploiting internet-facing PLCs and misconfigured OT systems across U.S. critical infrastructure, enabling network access, lateral movement and potential disruption amid rising geopolitical tensions.

CRM-Obsessed ShinyHunters Gang Exploits Misconfigured Customer Experience PortalsA prolific and noisy cybercrime gang with a penchant for stealing Salesforce customers' data and holding it ransom is taking advantage of misconfigured guest accounts meant to provide public access to services meant to remain private, using a Google scanning tool to identify vulnerable accounts.

AI Fumbles, Not Hackers, Pose Next Shutdown Threat by 2028: GartnerA misconfigured artificial intelligence system could do what hackers have tried and failed to accomplish: shut down an advanced economy's critical infrastructure. The warning centers on scenarios where AI autonomously shuts down vital services, misinterprets sensor data or triggers unsafe actions.

Bank Info Security 5 months, 1 week ago

Moltbook Gave Everyone Control of Every AI Agent

Database Misconfiguration Exposed 1.5 million API TokensA misconfigured database at Moltbook, the viral social network for AI agents, exposed 1.5 million API authentication tokens, 35,000 email addresses and private messages. Security researchers discovered unauthenticated read and write access to all platform data within days of launch.

Varonis CEO Yaki Faitelson Warns Misconfigured AI Is an Accident Waiting to HappenVaronis has acquired AllTrue.ai to close visibility gaps in AI security. CEO Yaki Faitelson said enterprises are deploying AI agents that access vast datasets at high speed without understanding permissions identity context or abnormal behavior creating urgent demand for data-first AI security.

Varonis CEO Yaki Faitelson Warns Misconfigured AI Is an Accident Waiting to HappenVaronis has acquired AllTrue.ai to close visibility gaps in AI security. CEO Yaki Faitelson said enterprises are deploying AI agents that access vast datasets at high speed without understanding permissions identity context or abnormal behavior creating urgent demand for data-first AI security.

Bank Info Security 6 months, 1 week ago

Illinois Notifies 700,000 of Misconfiguration Breach

Mapping Platform Exposed Addresses and Medical Assistance PlansThe Illinois Department of Human Services is notifying more than 700,000 individuals of a breach involving "incorrect privacy settings" left in place for several year that exposed online data pertaining to Medicare, Medicaid and rehabilitation services recipients.

Misconfigured Customer Network Edge Devices' Under Fire, Warn ResearchersMisconfigured edge devices hosted in the cloud are giving nation-state hackers carte blanche to access Western critical infrastructure, warn threat intelligence experts at Amazon, who tied exploits of AWS customers' device administrator portals to Russia's GRU military intelligence agency.

Bank Info Security 7 months, 4 weeks ago

Misconfigured AI Agents Let Attacks Slip Past Controls

AppOmni Finds Now Assist Agents Could Trigger Unauthorized ActionsServiceNow's Now Assist agents could be manipulated through second-order prompt injection, enabling unauthorized record changes and data exposure despite protections, shows new research from AppOmni. The issue stemmed from default configurations that allow agents to invoke each other.

Bank Info Security 8 months, 3 weeks ago

AWS Partially Restores Service Affected by Global Outage

Cloud Giant Blames DNS MisconfigurationAmazon Web Services is recovering from a service outage that affected its own services and dozens of its clients on Monday including websites of the British government. The cloud computing giant - the world's largest - blamed a domain name system misconfiguration.

Bank Info Security 8 months, 3 weeks ago

AWS Partially Restores Service Impacted in Global Outage

Cloud Giant Blames DNS MisconfigurationAmazon Web Services is recovering from a service outage that impacted its own services and dozens of its clients on Monday including websites of the British government. The cloud computing giant - the world's largest - blamed a domain name system misconfiguration.

Startup Plans Unified Remediation for Misconfigurations and Patching, ComplianceRemedio has landed $65 million in funding to develop tools that go beyond detection and automate secure remediation. CEO Tal Kollender says the goal is faster growth, a bigger U.S. sales footprint, and delivering a platform that closes the gap between risk visibility and action.

Bank Info Security 10 months, 2 weeks ago

Exposed LLM Servers Expose Ollama Risks

Over 1,100 Ollama Servers Leave Enterprise Models Vulnerable: Cisco TalosMore than a thousand servers running Ollama, a tool that can deploy artificial intelligence models locally, are exposed to the open internet, leaving many of them vulnerable to misuse and potential attacks. The bulk are dormant, but could be exploited through misconfiguration, Cisco Talos said.

Also: Coinbase's Misconfigured Smart Contract, GMX Repayment PlansThis week, a Ponzi scammer must pay $228 million, Google clarified Play Store non-custodial wallet rules, Coinbase misconfiguration, GMX repayment, BtcTurk halted transfers, bank groups wrote lawmakers. Prosecutors seized funds. The Federal Reserve ended a special oversight program. Hong Kong published new rules.

Thousands of MCP Servers Leave AI Apps Open to Attack SurfacesHundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.

Open Garden Strategy, Automated Risk Remediation to Get a Boost With Veriti BuyCheck Point will fold Israeli firm Veriti into its Quantum suite following an acquisition aimed at streamlining automated security response across endpoints, firewalls and cloud environments. Veriti’s patented technology is seen as critical to reducing misconfigurations without business disruption.

Loading more headlines...