US Patent Office Hacked, Trademark Apps Accessed
Misconfiguration exposed the physical addresses of 60,000 patent filers over three years.
Misconfiguration exposes assets through unsafe settings, enabling unauthorized access or data loss; secure baselines, reviews, and least privilege reduce risk.
Search across headline titles and summaries.
Background for this topic.
Misconfiguration is an insecure or unintended setting in a system, application, network, cloud resource, or identity control. Examples include publicly accessible storage, default credentials, overly broad permissions, exposed management interfaces, unnecessary services, and weak encryption settings. Attackers can discover these conditions through scanning or by abusing access they already possess; depending on the asset and data involved, the result may be unauthorized access, data exposure, or expanded control of connected systems.
The main defense is to define and enforce secure configuration baselines: disable unused features, remove default accounts and secrets, restrict network exposure, apply least privilege, and protect sensitive data with appropriate access controls and encryption. Review configurations before deployment and monitor for drift afterward, including in infrastructure managed as code. Prioritize findings by internet exposure, privilege, data sensitivity, and exploitability, then verify that remediation actually restored the intended state.
Misconfiguration exposed the physical addresses of 60,000 patent filers over three years.
Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems
By leveraging misconfigured DLLs instead of EDR-monitored APIs, this new technique injects malicious code into running processes, completely evading endpoint security.
As the business environment becomes increasingly connected, organizations’ attack surfaces continue to expand, making it challenging to map and secure both known and unknown assets. In particular, unknown assets present security challenges related to shadow IT, misconfigurations, ineffective scan coverage, among others. Given attack surface sprawl and evolving threats, many organizations are