<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 8/7/2024

SHARE

Top News

CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash

Embattled cybersecurity vendor CrowdStrike on Tuesday released a root cause analysis detailing the technical mishap behind a software update crash that crippled Windows systems globally and blamed the incident on a confluence of security vulnerabilities and process gaps. The new CrowdStrike root cause analysis documents a combination of factors that caused the Falcon EDR sensor crash and a vow to work with Microsoft on secure and reliable access to the Windows kernel. READ MORE...


French Olympic venue and cultural site targeted in cyberattack

The Grand Palais Réunion des musées nationaux, a major cultural venue in Paris and host to several Olympic events, suffered a cyberattack over the weekend that authorities said did not result in lasting damage, contrary to press reports that venue data was encrypted as part of a ransomware attack. French news outlet Le Parisien reported Monday that unnamed attackers encrypted financial data associated with the venue, including the Louvre, and are holding it ransom. READ MORE...

Breaches

Ransomware Attack Cost LoanDepot $27 Million

Mortgage lender LoanDepot reported on Tuesday that the costs associated with the recent ransomware attack have reached nearly $27 million. The attack came to light in early January 2024, when the company took some systems offline in response to a cyberattack that involved the encryption of data. A few weeks later, LoanDepot informed authorities that the details of more than 16 million individuals may have been compromised. READ MORE...


Students scramble after security breach wipes 13,000 devices

Students in Singapore are scrambling after a security breach wiped notes and all other data from school-issued iPads and Chromebooks running the mobile device management app Mobile Guardian. According to news reports, the mass wiping came as a shock to multiple students in Singapore, where the Mobile Guardian app has been the country's official mobile device management provider for public schools since 2020. READ MORE...

Hacking

INTERPOL recovers over $40 million stolen in a BEC attack

A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore. INTERPOL says this is the largest recovery of funds stolen through a business email compromise (BEC) scam. BEC scams are a type of cyberattack in which cybercriminals attempt to redirect legitimate corporate payments to an attacker-controlled bank account. READ MORE...


Attackers Use Multiple Techniques to Bypass Reputation-Based Security

Reputation-based security controls may be less effective at protecting organizations against unsafe Web applications and content than many assume. A new study by researchers at Elastic Security found attackers have developed several effective techniques over the past few years to bypass mechanisms that block or allow applications and content based on their reputation and trustworthiness. READ MORE...

Software Updates

Android vulnerability used in targeted attacks patched by Google

Google has released patches for 46 vulnerabilities in Android, including a remote code execution (RCE) vulnerability that it says has been used in limited, targeted attacks. You can find your device's Android version number, security update level, and Google Play system level in your Settings app. You'll get notifications when updates are available for you, but you can also check for updates. READ MORE...

Information Security

Samsung to pay $1,000,000 for RCEs on Galaxy's secure vault

Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. The new 'Important Scenario Vulnerability Program (ISVP)' program focuses on vulnerabilities related to arbitrary code execution, the unlocking of devices, data extraction, arbitrary application installation, and bypassing device protections. READ MORE...

Exploits/Vulnerabilities

Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net

Researchers say cybercriminals can have fun bypassing one of Microsoft's anti-phishing measures in Outlook with some simple CSS tweaks. William Moody, IT security consultant at Certitude, blogged today about how First Contact Safety Tip - a banner displayed in Outlook when a user receives a message from an address that typically doesn't contact them - can be hidden (mostly) using CSS style tags. READ MORE...

Encryption

Preparing for the Future of Post-Quantum Cryptography

Quantum computing has been projected to enable market-defining and life-changing capabilities since its inception more than three decades ago. From financial portfolio optimization and improved electric vehicle (EV) battery production to enhanced drug discovery and advanced semiconductor manufacturing, quantum computers can perform complex calculations at faster speeds than both traditional and super computers. READ MORE...

On This Date

  • ...in 1944, IBM dedicates the first program-controlled calculator.
  • ...in 1959, from the Atlantic Missile Range in Cape Canaveral, Florida, the U.S. unmanned spacecraft Explorer 6 is launched into an orbit around the Earth.
  • ...in 1975, actress Charlize Theron ("Monster", "Mad Max: Fury Road") is born in Benoni, South Africa.
  • ...in 1990, President George H.W. Bush orders the organization of Operation Desert Shield in response to Iraq's invasion of Kuwait on August 2.