All articles tagged with #misconfiguration
Amazon disputes the Financial Times’ claim that an AI bot caused an AWS outage, saying the December disruption was due to a misconfigured access role affecting only Cost Explorer in one region, with no impact on core services like compute or AI; no customer inquiries were reported, and AWS added safeguards and follows its Correction of Error process to prevent recurrence.
Misconfigured Moltbot (formerly Clawdbot) control panels exposed hundreds of internet-facing dashboards, leaking API keys, private chats and other credentials. With autonomous agent capabilities, attackers could impersonate operators, inject messages, and even run commands with elevated privileges. The root cause was localhost-trust and reverse-proxy defaults; the project has rebranded Clawdbot to Moltbot (Molty) while keeping the same core functionality.
A misconfigured Microsoft app allowed anyone to modify Bing search results and inject XSS attacks, potentially breaching Office 365 user accounts. The issue was discovered by Wiz Research and reported to Microsoft, who confirmed it was fixed on March 28, 2023. The misconfiguration problem affects approximately 25% of multi-tenant apps, including some belonging to Microsoft. Microsoft has introduced security enhancements to prevent Azure AD misconfiguration issues from becoming a problem again and recommends developers and admins consult updated guidance on securing multi-tenant applications.