This posting is here to collect cyber security news in July 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in July 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
322 Comments
Tomi Engdahl says:
https://thehackernews.com/2024/07/palo-alto-networks-patches-critical.html
Tomi Engdahl says:
https://www.darkreading.com/vulnerabilities-threats/cisa-fbi-warn-of-os-command-injection-vulnerabilities
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/hackers-target-wordpress-calendar-plugin-used-by-150-000-sites/#amp_tf=L%C3%A4hde%3A%20%251%24s&aoh=17209597770106&referrer=https%3A%2F%2Fwww.google.com&share=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-target-wordpress-calendar-plugin-used-by-150-000-sites%2F
Tomi Engdahl says:
https://www.tomshardware.com/tech-industry/research-team-working-on-building-a-dna-hard-drive-within-three-years-team-plans-to-build-a-working-dna-micro-factory-for-data-archiving
Tomi Engdahl says:
https://www.forbes.com/sites/zakdoffman/2024/07/11/microsoft-warning-21-days-to-update-or-stop-using-windows/
Tomi Engdahl says:
https://www.csoonline.com/article/2516651/known-ssh-snake-bites-more-victims-with-multiple-oss-exploitation.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/hackers-use-poc-exploits-in-attacks-22-minutes-after-release/
Tomi Engdahl says:
Maailmanlaajuinen IT-kaaos – Lentokoneet pysyvät maassa, vaikutusta myös pankkeihin
Laajat tietotekniikkaongelmat aiheuttavat parhaillaan ongelmia ympäri maailman.
https://www.iltalehti.fi/digiuutiset/a/bc5f77a6-5317-48ff-86ad-adf3faba35c2
Muun muassa Ison-Britannian yleisradioyhtiö BBC uutisoi laajojen IT-ongelmien häiritsevän parhaillaan muun muassa lentoyhtiöiden, pankkien ja uutismedioiden toimintaa.
Berliinin lentokentällä kaikki saapuvat ja lähtevät lennot jouduttiin väliaikaisesti perumaan ennen kello 11 Suomen aikaa, kertovat muun muassa Bild ja Tagesspiegel. Berliinissä on juuri alkanut kesälomakausi.
Uutistoimisto Reutersin mukaan ongelmia on myös Amsterdamin Schipholin ja Brysselin lentokentillä. Matkustajia on ohjeistettu olemaan yhteydessä omiin lentoyhtiöihinsä.
Yhdysvalloissa Alaskan osavaltion pelastusviranomaiset ovat varoittaneet ongelmien vaikutuksesta myös pelastustoimeen. Muun muassa hätänumeron toiminnassa on ollut ongelmia.
Yhdysvalloissa myös Delta Airlinesin, United Airlinesin ja American Airlinesin lentokoneet pysyvät toistaiseksi maassa. Syyksi on uutiskanava CNN:n mukaan kerrottu kommunikaatio-ongelmat.
Ongelmien kerrotaan vaikuttavan myös Lontoon pörssin toimintaan.
Ongelmat näyttävät liittyvän yhdysvaltalaisen tietoturvayhtiö Crowdstrikeen.
Microsoft tiedotti ongelmista aiemmin tänään viestipalvelu X:ssä, mutta kertoi sittemmin BBC:lle, että valtaosa ongelmista on saatu korjattua.
Mass IT outage affects airlines, media and banks
https://www.bbc.com/news/articles/cv2g5lvwkl2o
A raft of global institutions – including major banks, media outlets and airlines – have reported a mass IT outage, affecting their ability to offer services.
Several airlines have grounded flights around the world and many more are reporting delays.
The US state of Alaska has warned its emergency services are affected, supermarkets in Australia have been crippled, and media outlets in several countries have been left scrambling as systems failed, with Sky News in the UK temporarily forced off air.
Tomi Engdahl says:
Delta, United and American Airlines flights grounded due to communication issue, FAA says
https://www.cnn.com/2024/07/19/business/delta-american-airlines-flights-outage-intl-hnk/index.html
Tomi Engdahl says:
Frontier and other airlines were at a standstill for hours after a massive Microsoft outage
https://www.cnn.com/2024/07/18/business/frontier-airlines-microsoft-outage/index.html
Tomi Engdahl says:
Maailmanlaajuinen IT-kaaos aiheuttaa kaaosta tärkeissä järjestelmissä – Australian hallitus: hätäkokous
https://www.iltalehti.fi/digiuutiset/a/bc5f77a6-5317-48ff-86ad-adf3faba35c2
https://www.iltalehti.fi/digiuutiset/a/bc5f77a6-5317-48ff-86ad-adf3faba35c2
Tomi Engdahl says:
Näin IT-kaaos näkyy Suomessa – OP kertoo ongelmasta palvelussaan
https://www.iltalehti.fi/digiuutiset/a/08908d8a-16f3-4720-b60e-c017c01d602b
Tomi Engdahl says:
Crowdstrike, blame the Australians
7/18/24 10:20PM PT – Hello everyone – We have widespread reports of BSODs on windows hosts, occurring on multiple sensor versions. Investigating cause. TA will be published shortly. Pinned thread.
SCOPE: EU-1, US-1, US-2 and US-GOV-1
Edit 10:36PM PT – TA posted: https://supportportal.crowdstrike.com/s/article/Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19
Edit 11:27 PM PT:
CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.
Workaround Steps:
1. Boot Windows into Safe Mode or the Windows Recovery Environment
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
3. Locate the file matching “C-00000291*.sys”, and delete it.
4. Boot the host normally.
Tomi Engdahl says:
Valtava tietoliikennekaaos: Lennot jäivät maahan, hätäpuheluissa vikaa, kaupoissa ongelmia
https://www.is.fi/digitoday/art-2000010574834.html
Tomi Engdahl says:
https://www.facebook.com/share/p/xo3UWzsDzZdzbeLs/
Not a Humour or Meme lol, But in relation to Crowdstrike there is a fix.
Click See Advanced Repair Options
Click Troubleshoot
Click Command prompt and enter the following
pushd C:\Windows\System32\drivers\Crowdstrike
del “C-00000291*.sys”
exit
Click continue, system should reboot normally
Tomi Engdahl says:
Jay Criste maybe try : boot on safe mode
Go to command prompt
Rename CSAGENT.SYS to CSAGENT_OLD.SYS in windows/system32/drivers/Crowdstrike/CSAGENT.SYS
Tomi Engdahl says:
Meneillään olevan Windows-ohjelman päivityksen tuhoja: TV-lähetykset poikki, lentoja peruttu, junat eivät kulje, kaupat kiinni
https://dawn.fi/uutiset/2024/07/19/crowdstrike-vaikutukset?fbclid=IwZXh0bgNhZW0CMTEAAR177dNNyNw_P3vjPWSTfGlYo9klBQSHGaBLVLemxEof-uzBaYNmo4Kk3wQ_aem_o7VB_LOGkv5IwNxKGxXWDg
Viime yönä tapahtuneen epäonnisen tietoturvaohjelmiston päivityksen jälkipyykki näyttää kasvavan hurjaksi.
Päivitys CrowdStrike-yhtiön tietoturvaohjelmistossa, jota käytetään laajalti yrityksissä ja palvelimilla, aiheuttaa Windowsin “kuolemanruudun”. Eli tietokoneet, joihin päivitys on ehtinyt asentua, kaatuvat välittömästi ja niihin tulee näkyviin Windowsin sininen virheilmoitus, joka kertoo tietokoneen kaatuneen.
Britanniassa päivitys on kerännyt laajaa tuhoa: Yahoo Newsin mukaan Ryanairin lentoja on jouduttu perumaan päivityksen aiheuttamien ongelmien vuoksi, samoin Britannian isoin rautatieyhtiö on perunut useita vuoroja ja kertonut syyksi “laajat IT-ongelmat”.
Myös brittiläiset pankit ja kauppaketjut ovat joutuneet sulkemaan osia toiminnoistaan.
Yhdysvalloissa suurimmat lentoyhtiöt ovat nekin peruneet laajasti lentojaan, antaen selitykseksi “tietoliikenneongelmat”, vaikkakaan yhtiöt eivät ole täsmentäneet sitä, onko syynä CrowdStriken Falcon Sensor -ohjelmiston päivityksen aiheuttamat ongelmat.
Britanniassa myös Sky News -tv-kanavan lähetykset katkesivat samaisen päivityksen vuoksi aiemmin tänä aamuna.
Ohjelmistolle ei ole vielä saatu julkaistua ongelman korjaavaa päivitystä. Mutta isoin haaste tulee olemaan se, miten yritysten IT-tuki saa asennettua päivityksen tietokoneisiin, jotka kaatuvat välittömästi käynnistymisensä jälkeen. Etänä temppu tuskin tulee onnistumaan, joten tulevista päivistä saattaa tulla hyvinkin kiireinen yritysten IT-tukihenkilöille.
https://dawn.fi/uutiset/2024/07/19/crowdstrike-falcon-sensor-windows-sininen-ruutu-korjaus
Tomi Engdahl says:
https://www.euronews.com/business/2024/07/19/microsoft-and-crowdstrike-shares-fall-pre-market-trading-as-it-outage-hits
Tomi Engdahl says:
https://en.m.wikipedia.org/wiki/CrowdStrike
Tomi Engdahl says:
On July 19, 2024, CrowdStrike released a software update to the vulnerability scanner Falcon Sensor. Flaws in the update caused blue screens of death on Microsoft Windows machines, disrupting millions of Windows computers worldwide.[42][43] Affected machines were forced into a bootloop, making them unusable. The downtime caused a widespread global impact, grounding commercial airline flights, temporarily taking Sky News offline, and disrupting 911 emergency call centers.[44][45] By the end of the day, CrowdStrike’s share price had dropped $38.09, or 11.10%, to $304.96.
https://en.m.wikipedia.org/wiki/CrowdStrike
Tomi Engdahl says:
Microsoft outages caused by CrowdStrike software glitch paralyze airlines, other businesses. Here’s what to know.
https://www.cbsnews.com/news/microsoft-internet-outages-reported-worldwide/
Tomi Engdahl says:
The “largest IT outage in history,” briefly explained
Airlines, banks, and hospitals saw computer systems go down because of a CrowdStrike software glitch.
https://www.vox.com/technology/361740/crowdstrike-outage-windows
Airlines, banks, and retailers across the globe were among the many businesses that ground to a halt on Friday due to a flawed software update that led to massive delays and service disruptions.
According to CrowdStrike, the Texas-based cybersecurity firm behind the glitch, the issue was caused by a faulty update in its software for Microsoft Windows users, a problem it’s actively working to address. Mac and Linux users were not affected.
“This is not a security incident or cyberattack,” CrowdStrike CEO George Kurtz emphasized in a post on X, formerly known as Twitter. Kurtz added that the fix for the problem had already been “deployed,” but noted in a CNBC interview that it could take “some time” before it goes into effect for everyone experiencing the outage.
While people await a fix, thousands across the world are grappling with long waits at airports and trains, issues logging into their bank accounts, and challenges reaching key services, including first responders.
The tech error spotlights how central these systems have become to key day-to-day activities, including travel and financial transactions, and how vulnerable they can be to simple human mistakes.
What happened?
Early Friday morning, businesses from Europe to Asia to the US began experiencing problems with their Microsoft computer systems, with many suddenly seeing the dreaded “blue screen of death”: an error page that signals that a Windows machine is inoperable.
Since then, a wide range of services have been affected in what was described by Troy Hunt, a cybersecurity expert, as the “largest IT outage in history.”
More than 2,000 flights have been canceled in numerous airports. American Airlines, Delta, and United were just a few of the major operators forced to ground their flights globally for part of Friday.
A staggering graphic from Colin McCarthy, an atmospheric science student at UC Davis, captures how flight traffic slowed considerably in the wake of the tech snafu. Passengers at numerous airports documented the chaos while computers were down, and little information was available about updates or alternatives.
Beyond the travel hiccups it caused, the software problem has led to hospitals canceling elective surgeries, 911 operators experiencing glitches, and banks unable to provide customer information online.
How did this happen?
The problem was caused by “a defect found in a single content update of its software on Microsoft Windows operating systems,” Kurtz wrote on X. As The Verge notes, it appears the company was trying to update a driver in its Falcon offering, which is a cloud-based product that scans for potential hackers.
What is CrowdStrike?
CrowdStrike is an Austin, Texas-based cybersecurity firm that produces software to identify and stymie hacking threats. Its products are utilized by roughly 29,000 companies worldwide including hospitals, banks, and numerous Fortune 500 companies.
It has previously helped look into breaches at Sony as well as the Democratic National Committee.
How did CrowdStrike become so important?
Founded in 2011, CrowdStrike quickly became an industry leader in cybersecurity and has only grown in popularity in recent years as demand for such services has increased.
It has made an aggressive marketing push that included Super Bowl ads and has worked to tailor its products to the needs of large organizations with complex security. At least one 2023 analysis, from Canalys, found the company controls roughly 20 percent of the cybersecurity market.
When will the outage be fixed?
Kurtz, CrowdStrike’s CEO, has stressed that the team has identified the issue and is working to solve it, though it could take more time for some systems to recover.
The company has already worked to pull back the update, he noted, meaning certain organizations might be able to address the problem by simply rebooting their systems. For others that have been unable to fix the issue in this way, “it could be hours, it could be a bit longer,” Kurtz told CNBC. Some cybersecurity experts have said “a bit longer” could mean days.
Some systems could need a manual update, for instance
Tomi Engdahl says:
Microsoft-CrowdStrike issue causes ‘largest IT outage in history’
https://www.cnbc.com/2024/07/19/latest-live-updates-on-a-major-it-outage-spreading-worldwide.html
The outage came as cybersecurity giant CrowdStrike experienced a major disruption early Friday following an issue with a recent tech update.
CrowdStrike CEO George Kurtz has since said that the company is “actively working with customers impacted by a defect found in a single content update for Windows hosts,” stressing that Mac and Linux hosts are not affected.
“This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,” he said on social media.
https://www.cnbc.com/2024/07/19/crowdstrike-suffers-major-outage-affecting-businesses-around-the-world.html
An update by cybersecurity firm CrowdStrike led to a major IT outage on Friday, impacting businesses around the world.
“The issue has been identified, isolated and a fix has been deployed,” CrowdStrike CEO George Kurtz said in a statement on X.
Tomi Engdahl says:
What is Crowdstrike? The $80 billion company linked to largest IT outage in history
An update to a system to protect computers meant that many of them have simply broken
https://www.independent.co.uk/tech/crowdstrike-what-is-explained-edr-microsoft-b2582527.html
Before this week, CrowdStrike was known for finding the cause of problems. The company – headquartered in Texas but with a reach across the world – was most famous for having investigated large scale hacks, such as those on Sony Pictures and a run of breaches at the Democratic National Committee that it blamed on Russian spies.
It has built a huge business out of that and other work. It was worth $80bn (£62bn) when trading on the Nasdaq closed on Thursday – though its share price has since fallen by 20 per cent. It reported revenues of $3bn in the last year.
CrowdStrike has now become one of the most highly valued and widely used cybersecurity companies. But as with many of its competitors, it is known primarily to IT professionals and investors – until the chaos of the outage on Friday, perhaps the most prominent place that CrowdStrike appears is its sponsorship of the “halo” that protects Lewis Hamilton in the event of a crash during Formula One races.
On Friday, as the problems began, it was not initially clear what had caused them. But it was clear that there was a big issue: computers across the world, relied on for some of our most central infrastructure, would not turn on properly and instead showed the “blue screen of death” that indicates something drastic has gone wrong.
However, as the hours passed it became clear that the problem was linked to CrowdStrike. Specifically, all of the computers suffering issues had been running its “Falcon” software, a product that is intended to keep computers safe.
Falcon provides “endpoint detection and response” technology that spots attacks on users. It is intended to keep computers safe by running on them so that it can spot threats and block them.
To do so, however, it requires two very powerful things. Firstly it must be updated regularly, so that it is ready to respond to new threats as they arrive; secondly, it needs wide-ranging and “privileged” access to a device, so that its protection can run even in the most central and sensitive parts of the computer.
Those two things appear to be behind CrowdStrike and the world’s problems on Friday. A new update brought with it a “defect”, the company has said – and because the software has such wide-ranging access, that single update was enough to disable the computer.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted,”
“This is not a security incident or cyberattack.”
Tomi Engdahl says:
It’s the auto-updates of the CrowdStrike antivirus software only on Windows machines that got everyone in trouble
And yes, it is important to use auto-updates on systems like POS checkins for airlines or sea port traffic, but the specific and already-noted drawback of having such a large structure that you physically CAN’T service it with humans is specifically this exact failure. This is the specific reason a lot of people choose NOT to auto-update their personal devices.
Tomi Engdahl says:
London’s stock markets closed in the red on Friday, affected by a significant global IT outage and a drop in UK retail sales.
As suggested by a Facebook discussion: it’s the Fire Sale from Die Hard 4: 911 infrastructure down across the the country for various reasons, ground stop at airports, banks not running deposits, and London Stock Exchange was offline.
On Friday, a number of technological issues halted services at airlines, banks, and the London Stock Exchange, triggering an unexpected cascade of failures that spread from the United States to Asia following Microsoft Corp.’s announcement of an outage across its online services, as per various media reports.
https://www.livemint.com/market/stock-market-news/london-stock-exchange-services-impacted-due-microsoft-outage-11721374533490.html
Tomi Engdahl says:
Crowdstriken osake syöksyy – Tällainen on yhtiö, joka sai maailman järjestelmät sekaisin
Tietojärjestelmät|Maailmanlaajuisen tietoliikennehäiriön aiheuttanut yhdysvaltalainen Crowdstrike on yksi maailman johtavia tietoturvayrityksiä. Se on tunnettu erityisesti osallistumisestaan korkean profiilin kyberhyökkäysten selvittämiseen.
https://www.hs.fi/talous/art-2000010575228.html
Tomi Engdahl says:
HYPPÖNEN arvioi HS:lle, että massiivinen ongelma tulee epäilemättä näkymään pörssiyhtiön tulevaisuudessa.
”Siellä on varmaan kaikenlaisia sopimuksia asiakkaiden kanssa toimitusvarmuudesta, jotka nyt on rikottu. Taloudellisia seuraamuksia tulee varmasti”, Hyppönen sanoo.
Häiriö on jo saanut useiden eurooppalaisten lentoyhtiöiden osakkeiden hinnat laskuun.
https://www.hs.fi/talous/art-2000010575228.html
Tomi Engdahl says:
It-ekspertti arvioi, miten maailmaa lamauttanut Microsoft-kaaos pääsi syntymään – ”Tämä on se iso kysymys”
Tietoturva-asiantuntija Petteri Järvisen mukaan maailmanlaajuisen kaaoksen aiheuttaneessa ohjelmistoviassa voi olla kyse tahallisesta teosta.
https://www.kauppalehti.fi/uutiset/kl/892a1768-f435-470e-bd64-44047660d743
Microsoftin maailmanlaajuinen tietoliikennehäiriö aiheuttaa tällä hetkellä ongelmia niin lentoyhtiöiden, pankkien, pörssien kuin uutismedioidenkin toiminnassa.
Microsoftin kyberuhkien tunnistamisesta vastaava johtaja Brody Nisbet vahvisti viestipalvelu X:ssä, että laajat tietoliikennehäiriöt liittyvät kyberturvallisuusyhtiö Crowdstriken järjestelmäpäivitykseen.
”Pidän todennäköisimpänä vaihtoehtona, että Crowdstrikea tietoturvaohjelmanaan käyttävissä yrityksissä tietoturvaohjelman päivitys on rikkonut päätelaitteet eli pöytäkoneet tai mobiililaitteet”, hän selittää.
”Tämä selittäisi sen, minkä takia Suomessa ole ollut kovin paljon ongelmia. Meillä yritykset ovat sen verran pienempiä, ettei laajaa korporaatiotason Crowdstrike-ohjelmaa juurikaan käytetä”, hän jatkaa.
Hänen mukaansa askarruttavin kysymys tällä hetkellä on se, onko viallisessa päivityksessä ollut kyse tahallisesta vai tahattomasta teosta.
Voivatko häiriöt laajeta entisestään?
”Maailmalla infrastruktuuri ja peruspalvelut ovat häiriintyneet, mutta en usko, että ongelmat tästä enää paljon laajenevat, kun tiedetään, mistä etsiä vikaa”, Järvinen vastaa.
”Mutta kyllähän tämä jälleen kerran kertoo siitä, miten haavoittuvaisia me länsimaiset yhteiskunnat olemme. Yhdellä hakkeroinnilla voi olla arvaamattomia vaikutuksia, jos joku pääsee kriittiseen paikkaan tekemään hakkeroinnin. Kyse ei ole murtautumisesta sataan eri yritykseen. Se riittää, kun murtaudutaan johonkin sopivan kriittiseen paikkaan ja vaikutus heijastuu kaikkialle”, hän jatkaa.
Järvinen myös huomauttaa, kuinka jo pitkään on varoiteltu mahdollisesta ongelmista, jos kaikilla yrityksillä on samanlaiset tietoturvaohjelmat ja sovellukset käytössään.
”Tämä monokulttuuri. On varoitettu siitä, että jos kaikilla on samanlaiset windowsit, samanlaiset tietoturvaohjelmat ja sovellukset, yksi vika voi pysäyttää kaiken. Olisi erittäin terveellistä, että käytössä olisi erilaisia ympäristöjä, versioita ja eri palveluntarjoajia. Se, että kaikki on yhdenmukaista, on kustannustehokasta. Tällaisissa tilanteissa se kuitenkin kostautuu”, hän pohtii.
Tomi Engdahl says:
Technically CrowdStrike is doing its job. Your data is still secure. Even from you.
Tomi Engdahl says:
CrowdStrike fixes start at “reboot up to 15 times” and get more complex from there
Admins can also restore backups or manually delete CrowdStrike’s buggy driver.
https://arstechnica.com/information-technology/2024/07/crowdstrike-fixes-start-at-reboot-up-to-15-times-and-get-more-complex-from-there/?fbclid=IwZXh0bgNhZW0CMTEAAR0NX3dPUxldz0TJ4WNHHMw4NdKlkLKIvwqhNQiqb50hmo3QGqWzydKW9SM_aem_MGVKyx9ow-ODueKapRfOrg
Airlines, payment processors, 911 call centers, TV networks, and other businesses have been scrambling this morning after a buggy update to CrowdStrike’s Falcon security software caused Windows-based systems to crash with a dreaded blue screen of death (BSOD) error message.
We’re updating our story about the outage with new details as we have them. Microsoft and CrowdStrike both say that “the affected update has been pulled,” so what’s most important for IT admins in the short term is getting their systems back up and running again. According to guidance from Microsoft, fixes range from annoying but easy to incredibly time-consuming and complex, depending on the number of systems you have to fix and the way your systems are configured.
Microsoft’s Azure status page outlines several fixes. The first and easiest is simply to try to reboot affected machines over and over, which gives affected machines multiple chances to try to grab CrowdStrike’s non-broken update before the bad driver can cause the BSOD. Microsoft says that some of its customers have had to reboot their systems as many as 15 times to pull down the update.
If rebooting doesn’t work
If rebooting multiple times isn’t fixing your problem, Microsoft recommends restoring your systems using a backup from before 4:09 UTC on July 18 (just after midnight on Friday, Eastern time), when CrowdStrike began pushing out the buggy update. Crowdstrike says a reverted version of the file was deployed at 5:27 UTC.
If these simpler fixes don’t work, you may need to boot your machines into Safe Mode so you can manually delete the file that’s causing the BSOD errors. For virtual machines, Microsoft recommends attaching the virtual disk to a known-working repair VM so the file can be deleted, then reattaching the virtual disk to its original VM.
Tomi Engdahl says:
Suomi säästyi pahimmalta tietoliikennekaaokselta – ja siihen on yksi syy
Päivitysongelma koski lähinnä suuryhtiöitä, jotka ovat yhdysvaltalaisen tietoturvayrityksen asiakkaita. Niitä ei Suomessa paljoa ole, mutta vaikutukset heijastuivat meille asti.
https://yle.fi/a/74-20100548
Tomi Engdahl says:
https://yle.fi/a/74-20100448
Ohjelmistovirhe sotki maailmalla lentoja, maksuja ja sairaanhoitoa – suomalaisasiantuntija: ”Ihan uudella levelillä”
Useilla lentokentillä on kerrottu olevan teknisiä häiriöitä. Yhdysvalloissa ongelmat ulottuvat lentoyhtiöiden lisäksi sairaaloihin. Perjantaina iltapäivällä kerrottiin, että ongelma on korjattu.
Tomi Engdahl says:
Hackers can’t get in if your shit doesn’t boot in the first place, right?
It’s effective! Can’t be hacked if it doesn’t boot!
Tomi Engdahl says:
Crowdstruck
Tomi Engdahl says:
[Verse]
Woke up to the screams in the night
Digital storm crashin’ fright
Windows broken data gone
Crowdstruck hittin’ everyone
[Verse 2]
No gate no shops not our flights
Software brewin’ chaos they feastin’
Corporate giants trembling fallin’
Microsoft broken they’re callin’
[Chorus]
Crowdstruck the walls come down
Crowdstruck the sirens sound
Crowdstruck we lost control
Crowdstruck it’s takin’ its toll
[Verse 3]
Fingers pointin’ no one’s safe
Shadow codes like ghosts they rave
Bug is spreadin’ panic all over
Blue screens crash hard can’t recover
[Verse 4]
Promises crumblin’ shattered trust
Digital wasteland turned to dust
Bleedin’ bits of broken dreams
Cyber siege the system screams
[Chorus]
Crowdstruck the walls come down
Crowdstruck the sirens sound
Crowdstruck we lost control
Crowdstruck it’s takin’ its toll
Tomi Engdahl says:
RGE = resume generating event
Tomi Engdahl says:
Claim from
https://www.facebook.com/share/p/PKcj4PMVyTWCVMcX/
I was curious about this too. I initially slammed them for bad internal quality assurance. But it appears that the file was corrupted en route from devs to the update server. The file is all 000s, totally blank. Not sure how that occurs as it’s not an issue I’ve had to deal with…ever lol
Tomi Engdahl says:
If you survived Y2K, Log4j, and today’s Crowdstrike outage you’ve been doing this sheyt for too long
Tomi Engdahl says:
A defective CrowdStrike driver update due to gross negligence caused Windows to crash (blue screen). Every single affected device requires ON-SITE repair unless they have console access such as iDRAC. IT is overwhelmed and it will be weeks before they can fix everything.
Tomi Engdahl says:
It really was an update that went bad. I don’t know this guy, but I like his tweet:
“This is a wake up reminder that you shouldn’t have an internet connected privileged binary running on your production systems. What was a bad update could have easily been a massive adversary backdoor. A third party vendor will always be the weakest link. Isolate critical systems”
https://x.com/cstanley/status/1814366321510916570
Tomi Engdahl says:
A Reminder that updates need to be tested in a lab environment prior to being implemented in production.
Tomi Engdahl says:
https://gbhackers.com/crowdstrike-update-triggers-widespread/?fbclid=IwZXh0bgNhZW0CMTEAAR3BuAUsHPO8i_nr5oKFatGCWjSSblYlJ15CgnPGLb8Q9NyowjfnIkcH5Cs_aem_i5yUaF_3XcFSIlc4Wk5tzg
Tomi Engdahl says:
Luděk Kvapil it looks like they didn’t test it in ANY device because the failure is 100% on ANY Windows device, not just some corner cases with odd configuration. I suppose the Windows update is only for Windows (not same for other OSes) so it is 100% failure. It could have been detected had they just tried to update it in some random Windows machine so they had not done ANY testing at all.
Luděk Kvapil shouldn’t this have been solved by restoring from a restore point?
Tomi Engdahl says:
CrowdStrike, a company that provides cybersecurity software, released an update to improve their protection tools. Unfortunately, this update caused a significant problem, leading many Windows computers using their services to crash and continuously restart. This issue affected crucial services such as airlines and emergency systems. Not all Windows users were affected—only those whose companies use CrowdStrike’s security software; but because this is a popular cybersecurity solution for businesses, millions were effected.
To fix the problem, users had to manually re-boot each effected computer into Safe Mode and delete specific files located in the C:\Windows\System32\drivers\CrowdStrike directory. This action stopped the faulty part of the software from running, allowing the computers to function normally again. Their stock took a huge dip yesterday after the news hit.
Tomi Engdahl says:
They pushed an update with a content file with all zeros in it. The crowdstrike kernel module (piece of code with subroutines that can include a lot of different very low level actions) was not equipped to handle a file full of null values, so it just kept crashing every time it tried to read it, sending the windows OS into a boot loop.
Tomi Engdahl says:
Best explanation I’ve seen… https://youtube.com/watch?v=pCxvyIx922A&si=2FhKXdYhAxb1SsaB
Tomi Engdahl says:
The worst nightmare for any Cybersecurity person …. a massive outage due to an ‘insider threat’.
Technically though it falls under the category of supply chain.
Crowdstrike ran a patch without testing before production and deployment.
Tomi Engdahl says:
One CrowdStrike dev, one faulty update, global chaos. Proof that one person *can* change the world (even if not in the way they intended).
Tomi Engdahl says:
This isn’t just a CrowdStrike issue. It’s endemic in IT. Everything is JFDI priority 1. Real engineering takes a back seat to delivery and immediate stakeholder value because senior leadership treats teams like tech bros facing shareholders. Short-term fixes over long-term solutions lead to technical debt and burnout, no doubt combined with understaffing. We can all point and laugh but if you work in IT engineering I guarantee you are in a similar if smaller boat.