Hello cyber pros! It's been a week of critical reminders about cloud security, diligent patching, and the evolving nature of warfare. Let's dive into the latest:

Salesforce Cloud Misconfigurations Under Attack ⚠️
- Threat actors are actively exploiting "overly permissive" guest user configurations in Salesforce Experience Cloud to steal sensitive data.
- This isn't a Salesforce platform vulnerability, but rather a customer misconfiguration. Attackers are using modified Aura Inspector tools to scan and extract data from public-facing sites.
- Actionable advice: audit guest user profiles, set company-wide defaults to "private", disable public APIs, restrict visibility, disable self-registration if not needed, and regularly review event monitoring logs.

👁️ Dark Reading | https://www.darkreading.com/application-security/overly-permissive-salesforce-cloud-configs-crosshairs

Microsoft's March Patch Tuesday 🛡️
- Microsoft released patches for 83 CVEs this month, with six identified as "more likely to exploit" and eight critical severity.
- A notable critical RCE (CVE-2027-21536, CVSS 9.8) in the Microsoft Devices Pricing Program was already patched and mitigated, uniquely identified by an AI agent.
- Two publicly known (zero-day) flaws, CVE-2026-26127 (.NET DoS) and CVE-2026-21262 (SQL Server EoP), are considered low threat despite public disclosure.
- Key EoP vulnerabilities include three in the Windows kernel (CVE-2026-24289, CVE-2026-26132, CVE-2026-24287) and others in SMB Server (CVE-2026-24294) and Microsoft Graphics Component (CVE-2026-23668), all with higher exploit likelihood.
- Two RCEs in Microsoft Office (CVE-2026-26113, CVE-2026-26110, CVSS 8.4) can be exploited via the Preview Pane without opening malicious files. Mitigate by disabling Preview Pane and restricting untrusted Office files.

👁️ Dark Reading | https://www.darkreading.com/application-security/microsoft-patches-83-cves-march-update

Cloud Resilience in Modern Warfare ☁️
- Recent Middle East conflicts saw physical attacks, including drone strikes, on AWS facilities in the UAE and Bahrain, causing significant structural damage and service disruptions.
- This highlights a critical shift: hyper-scale cloud data centres are now "Tier 1 strategic targets" in modern warfare, as militaries and governments increasingly rely on cloud infrastructure.
- Traditional cloud resilience strategies, designed for natural disasters, are insufficient against kinetic attacks that can permanently destroy hardware or sever physical connectivity.
- Organisations must rethink disaster recovery and data governance, especially for real-time, low-latency workloads. The concept of "Allied Data Sovereignty" may emerge, advocating for data backups in allied nations to ensure survival during crises.

👁️ Dark Reading | https://www.darkreading.com/cyber-risk/middle-east-conflict-highlights-cloud-resilience-gaps

#CyberSecurity #ThreatIntelligence #CloudSecurity #Salesforce #Misconfiguration #PatchTuesday #Microsoft #Vulnerabilities #RCE #EoP #CyberWarfare #CloudResilience #InfoSec

Lukasz Olejnik (@lukOlejnik)

OpenClaw 사용자가 브라우저를 인터넷(0.0.0.0)에 노출해 설정이 공개된 ATM처럼 동작, 신용카드가 지속 청구돼 한도 거의 초과된 사고 발생. 기본값 또는 잘못된 구성에서 OpenClaw 서비스가 모든 인터페이스에서 리스닝해 외부 접근 및 요금 피해에 취약하다는 보안 경고성 내용입니다.

https://x.com/lukOlejnik/status/2031673770448941252

#openclaw #security #devtools #misconfiguration

Cloudflare misconfiguration behind recent BGP route leak
https://www.bleepingcomputer.com/news/security/cloudflare-misconfiguration-behind-recent-bgp-route-leak/

#Infosec #Security #Cybersecurity #CeptBiro #Cloudflare #Misconfiguration #BGProuteLeak

📰 EY Leaks 4TB+ SQL Database Packed with Corporate Secrets via Cloud Misconfiguration

CRITICAL LEAK: Consulting giant EY exposed a 4TB+ unencrypted SQL database to the public internet. 😳 The backup file, found by researchers, contained API keys, passwords & other corporate secrets. #DataBreach #CloudSecurity #Misconfiguration

🔗 https://cyber.netsecops.io/articles/consulting-giant-ey-exposes-4tb-sql-database-to-internet/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

📰 Massive 70TB Data Leak at Tata Motors from Exposed AWS Keys

🚗 Massive 70TB data leak at Tata Motors! Exposed AWS keys on an e-commerce site led to the breach of customer PII, financial records & more. A stark reminder to secure cloud credentials. #DataBreach #AWS #CloudSecurity #Misconfiguration

🔗 https://cyber.netsecops.io/articles/tata-motors-exposes-70tb-of-data-via-misconfigured-aws-keys/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Cuba: 63,564 AIS Remittances Clients' information was exposed on an unsecured server.

What did the unsecured server expose?

Customer affidavits, IDs, and debit cards.

The affidavits contained:

This affidavit contained client information, such as: name, mobile phone number, telephone number, email address, address, country, province, city, town, postal code, date of birth, country of birth, passport number, country of issue, and expiration date.

You may also notice that there was a section called "Beneficiaries," which included the beneficiary's name, their ID number, and the reason for the transfer, which in all cases was "family support."

I tried to notify the company, but their aisremesascuba email address was unavailable. I notified CIMEX S.A., and within a few days, access was blocked.

Those affected (Customers) by this breach may be at risk of scams because the server has been exposed since March 2025.

https://www.security-chu.com/2025/10/AIS-Remesas-Cuba-%20expone-145GB-en-servidor-sin-seguridad.html

#Cuba #cybersecurity #databreach #misconfiguration

Интересное исследование (https://www.cs.ucr.edu/~zhiyunq/pub/oakland25_firewall_misconfig.pdf), демонстрирующее важность корректной настройки межсетевых экранов и механизма отслеживания состояния активных сетевых подключений (stateful inspection)

#firewall #misconfiguration #research #cve

В рамках работы авторы просканировали IPv4-пространство адресов по 15 наиболее популярным портам, подменив в запросах порт источника на 80 (TCP) и 53 (UDP).
Было обнаружено более 2 миллионов сервисов, распределенных по 15837 автономным системам и 221 стране и региону, которые были "скрыты" за NAT.

Результаты сканирования:

В сети интернет-провайдера Truespeed было обнаружено почти 11 тысяч кастомизированных маршрутизаторов Linksys, вероятно, имеющих дефектное правило iptables, которое позволяет входящим TCP-соединениям, инициированным с порта 80, обходить межсетевой экран. При дальнейшем анализе было установлено, что теоретически это позволяло проэксплуатировать RCE в прошивках таких роутеров.

Everyone breathes a sigh of relief when they hear "no customer data was exposed," but that's a big mistake. This recent Navy Federal Credit Union leak is a perfect example of why. Exposing 378 GB of internal Tableau data, user emails, and system configurations is like handing a burglar the architectural blueprints to your building. It tells them where the weak points are and who to target with spear phishing. Operational data is just as critical as customer data, and misconfiguration remains one of the most common, and avoidable, security failures.

TL;DR
📦 An unsecured server exposed 378 GB of the credit union's internal backup files.
🛡️ Fortunately, no sensitive customer PII was directly included in the leak.
🗺️ The data did, however, act as a "roadmap," revealing internal system structures and formulas.
🎯 This kind of operational data leak enables highly targeted phishing campaigns against employees.

https://hackread.com/misconfigured-server-navy-federal-credit-union-data-leak/
#misconfiguration #cybersecurity #datasecurity #riskmanagement #security #privacy #cloud #infosec

A #Misconfiguration That Haunts Corporate #Streaming Platforms Could Expose Sensitive Data

A #security researcher discovered that flawed #API configurations are plaguing corporate #livestreaming platforms, potentially #exposing internal company meetings—and he's releasing a tool to find them.
#privacy

https://www.wired.com/story/corporate-livestreams-exposed-search-tool/

Over 3.5 million customer records from Australian global fashion brand #SABO were exposed online containing over 292GB database without any security authentication or encryption.

🔗 https://hackread.com/global-fashion-label-sabo-customer-records-leaked

#CyberSecurity #Privacy #Australia #DataProtection #Misconfiguration