IT Security Newsletter

IT Security Newsletter - 7/24/2024

Written by Cadre | Wed, Jul 24, 2024

CrowdStrike blames a test software bug for that giant global mess it made

CrowdStrike has blamed a bug in its own test software for the mass-crash-event it caused last week. A Wednesday update to its remediation guide added a Preliminary Post Incident Review (PIR) that offers the vendor's view of how it brought down 8.5 million Windows boxes. The explanation opens by detailing that CrowdStrike's Falcon Sensor ships with "Sensor Content" that defines its capabilities. READ MORE...

CrowdStrike says flawed update was live for 78 minutes

CrowdStrike's ill-fated update was live for 78 minutes, the company said in new details shared Monday in a filing with the Securities and Exchange Commission. The defective software update it deployed Friday quickly rendered global IT networks non-operational. The sensor configuration update for CrowdStrike's Falcon sensor software was released at 4:09 UTC on Friday, shortly after midnight in the Eastern time zone, the company said in the SEC filing. READ MORE...

Phish-Friendly Domain Registry ".top" Put on Notice

The Chinese company in charge of handing out domain names ending in ".top" has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in ".com." READ MORE...

Windows July security updates send PCs into BitLocker recovery

Microsoft warned that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates. The BitLocker Windows security feature mitigates the risk of data theft or information exposure from lost, stolen, or inappropriately decommissioned devices by encrypting the storage drives. Windows computers can automatically enter BitLocker recovery mode following various events, including hardware and firmware upgrades or changes to the Trusted Platform Module. READ MORE...

Navigating the Complex Landscape of Web Browser Security

With an increasing reliance on the cloud, Web browsers are mission-critical applications for organizations. This not only means that people and organizations are using browsers more frequently and intensively than before, but also that more critical systems and data are accessed through browsers. All of this puts Web browser security at the forefront of organizational cybersecurity concerns. READ MORE...

How did a CrowdStrike config file crash millions of Windows computers? We take a closer look at the code

Last week, at 0409 UTC on July 19, 2024, antivirus maker CrowdStrike released an update to its widely used Falcon platform that caused Microsoft Windows machines around the world to crash. The impact was extensive. Supply chain firm Interos estimates 674,620 direct enterprise customer relationships of CrowdStrike and Microsoft were affected. Microsoft said 8.5 million Windows machines failed. READ MORE...

Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication

Microsoft's Windows Hello for Business (WHfB) default phishing-resistant authentication model recently was found susceptible to downgrade attacks, allowing threat actors to crack into even biometrically protected PCs and laptops. WHfB authentication, which uses cryptographic keys embedded in a computer's Trusted Platform Module (TPM) and enabled by biometric or PIN-based verification, can be bypassed by altering the parameters within an authentication request. READ MORE...

Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android

ESET researchers discovered a zero-day exploit that targets Telegram for Android, which appeared for sale for an unspecified price in an underground forum post from June 6th, 2024. Using the exploit to abuse a vulnerability that we named EvilVideo, attackers could share malicious Android payloads via Telegram channels, groups, and chat, and make them appear as multimedia files. We were able to locate an example of the exploit and report it to Telegram on June 26th, 2024. READ MORE...

  • ...in 1911, American archeologist Hiram Bingham re-discovers the lost Incan citadel of Machu Picchu in the Peruvian mountains.
  • ...in 1943, WWII's Operation Gomorrah begins, with UK and American bombers raiding Hamburg over the course of four months.
  • ...in 1958, US Vice President Richard Nixon and Soviet Premier Nikita Khrushchev have their famous "Kitchen Debate" at the American National Exhibition in Moscow.
  • ...in 1969, Apollo 11 splashes down safely in the Pacific Ocean. Two years later, Mission Commander Neil Armstrong becomes a professor at the University of Cincinnati.