IT Security Newsletter

IT Security Newsletter - 7/29/2024

Written by Cadre | Mon, Jul 29, 2024

97% of CrowdStrike systems are back online, Microsoft suggests Windows changes

CrowdStrike CEO George Kurtz said Thursday that 97 percent of all Windows systems running its Falcon sensor software were back online, a week after an update-related outage to the corporate security software delayed flights and took down emergency response systems, among many other disruptions. The update, which caused Windows PCs to throw the dreaded Blue Screen of Death and reboot, affected about 8.5 million systems by Microsoft's count, leaving roughly 250,000 that still need to be brought back online. READ MORE...

Microsoft admits 8.5 million CrowdStruck machines estimate was lowballed

Microsoft has admitted that its estimate of 8.5 million machines crashed by CrowdStrike's faulty software update was almost certainly too low, and vowed to reduce infosec vendors' reliance on the kernel drivers at the heart of the issue. Redmond posted an incident response blog on Saturday which explained how Microsoft measured the impact of the incident: by accessing crash reports shared by customers. READ MORE...

4.3 Million Impacted by HealthEquity Data Breach

HealthEquity is notifying 4.3 million individuals that their personal and health information was compromised in a data breach at a third-party vendor. The incident, the company said in a regulatory filing with the Maine Attorney General's Office, was identified on March 25 and required an "extensive technical investigation". According to the company, the data was exposed after attackers compromised a vendor's user accounts that had access to the online repository. READ MORE...

FBCS data breach impact now reaches 4.2 million people

Debt collection agency Financial Business and Consumer Solutions (FBCS) has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. FBCS is a US debt collection agency that collects unpaid debts from consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities. In late April, the firm reported that roughly 1.9 million people in the U.S. had sensitive personal information compromised. READ MORE...

X begins training Grok AI with your posts, here's how to disable

X has quietly begun training its Grok AI chat platform using members' public posts without first alerting anyone that it is doing it by default. As AI platforms war for dominance, they are constantly seeking data to train their large language models (LLMs). This makes your data very valuable. However, instead of asking for permission, most platforms use your data without notifying you or the sites they take it from. READ MORE...

Millions of Websites Susceptible to XSS Attack via OAuth Implementation Flaw

Salt Labs, the research arm of API security firm Salt Security, has discovered and published details of a cross-site scripting (XSS) attack that could potentially impact millions of websites around the world. This is not a product vulnerability that can be patched centrally. It is more an implementation issue between web code and a massively popular app: OAuth used for social logins. Most website developers believe the XSS scourge is a thing of the past, but Salt shows this is not necessarily so. READ MORE...

  • ...in 1588, the Spanish Armada is defeated off the coast of Gravelines, France by British naval forces.
  • ...in 1909, the Buick Motor Company acquires the Cadillac Motor Company on behalf of General Motors for $4.5 million.
  • ...in 1953, Rush lead singer and bassist Gary Lee Weinrib, AKA Geddy Lee, is born in North York, Ontario.
  • ...in 1958, the US space agency NASA (National Aeronautics and Space Administration) is created as the successor to the National Advisory Committee for Aeronautics (NACA).