This posting is here to collect cyber security news in July 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in July 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
322 Comments
Tomi Engdahl says:
This was posted the night before.. The comments are gold.
https://www.reddit.com/r/wallstreetbets/comments/1e6ms9z/crowdstrike_is_not_worth_83_billion_dollars/
Tomi Engdahl says:
A lot to be said for sticking to the old tried and true?
https://www.forbes.com/sites/tedreed/2024/07/20/meltdown-what-meltdown-southwest-flew-on-time-all-day/
Tomi Engdahl says:
Food for thought for those who will cry about Windows being the root problem here. Is there a Windows concern? Sure, but most of that concern is due to its ubiquity, which is a different kind of issue.
https://www.neowin.net/news/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/
(FWIW, I do personally prefer and use Linux in most scenarios, I just refuse to be trapped in the idiotic fanboy drama.)
Tomi Engdahl says:
https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/?fbclid=IwZXh0bgNhZW0CMTEAAR0Lgsxjmf-4FT4boIpe-ltYRf5tusYvyCTl8zJR9-ZbYnIab6wd_mLhsmg_aem__J-KihRr772RsxLHvLoVNw
Tomi Engdahl says:
So, hold on a second, CrowdStrike *wasn’t*a DNS issue? But it’s ALWAYS DNS
The correct DNS settings could have prevented auto update from messing up your environment. You can twist it to be a “DNS was the problem” thing.
blocking crowdstrike’s domain from dns would probably have prevented it
Almost always DNS, this was the “almost”
If your DNS was running on Windows then technically it was a DNS issue.
It was: it was a Distributed Non Service update..
Enterprises were affected, even if it was just by something upstream or downstream. Some companies’ AzureAD and M365 couldn’t authenticate for example, as Microsoft’s DNS and activate.microsoft.com were struggling (apparently not directly affected either but they have dependencies too). The media image of it being PCs just shows what the media understands about computing.
I had a manager suggest that if we didn’t have servers on prem it wouldn’t have affected us. The wax crayons came out on Monday.
Turns out it wasn’t a loose nut between the chair and the screen either.
No, it was a “turn if off, turn it on again” issue
Technically speaking it was DNS on the basis of the DNS wasn’t available
See this is why we rarely ever do a zero day update. These type of updates are scheduled for weeks during the night.
The update caused DNS to bsod, it’s always dns
‘Did Not Serve’
Well, to be fair, a lot of DNS-Servers are now non-functional as well
Could be the devs DNS that pointed him to the wrong repo when he pushed his code, so that’s not ruled out I guess
If they tell you it was NOT dns it was definitely DNS!
It was a channel file push that the kernel did not like and blue screened the box. It became a race condition to get a different channel file before it would BSOD again which os why it required multiple reboots.
A dns issue would have saved the world. Never when you need it
about to get a null pointer exception over this discrepancy
https://www.facebook.com/share/p/v4QhNQ72pxsGVpXH/
Tomi Engdahl says:
The CrowdStrike IT outage is a good reminder that if you don’t have a disaster recovery (DR) plan in place, there will be consequences as we saw it so far. Now, there will be many meetings and discussions about the need for DR, but by the end of the year, it will likely be forgotten amidst the usual job cuts, new priorities, and questions about IT budgets. This cycle will continue until another IT outage strikes. I speak the truth and nothing else. If I’m wrong, correct me below.
Tomi Engdahl says:
FBI korkkasi Trump-ampujan puhelimen tavalla, jota ei ole ennen nähty
FBI käytti Cellebriten julkaisematonta teknologiaa puhelimen avaamisessa.
https://www.iltalehti.fi/digiuutiset/a/ac431d7a-73c5-4bfc-a183-50dbfba6b492
Tomi Engdahl says:
FBI Used New Cellebrite Software to Crack Trump Shooter’s Phone
Initial attempt to access newer Samsung model didn’t work
Cellebrite sent FBI technical support, unreleased software
https://www.bloomberg.com/news/articles/2024-07-18/fbi-used-new-cellebrite-software-to-access-trump-shooter-s-phone
Tomi Engdahl says:
404 Media uutisoi torstaina Cellebriten pystyvän parhaillaan murtautumaan suurimpaan osaan Android-puhelimista: poikkeuksia ovat sellaiset puhelimet joiden käyttöjärjestelmä on edelleen Android 6 (mutta ei uudempi versio) sekä Pixel-puhelimen mallit 6, 7 ja 8, mikäli niiden virta on sammutettu. Applen puolelta taas Cellebrite ei pysty murtautumaan sellaisiin iPhoneihin, joissa on iOS 17.4 tai uudempi.
https://www.iltalehti.fi/digiuutiset/a/ac431d7a-73c5-4bfc-a183-50dbfba6b492
Tomi Engdahl says:
https://www.404media.co/leaked-docs-show-what-phones-cellebrite-can-and-cant-unlock/
Tomi Engdahl says:
They had a bug that crashed the Linux kernel in the last six months.
https://www-neowin-net.cdn.ampproject.org/c/s/www.neowin.net/amp/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/
Tomi Engdahl says:
CEO had earlier experience: Friday’s CrowdStrike outage is the second major tech meltdown that founder and CEO George Kurtz has been involved in. He was also the Chief Technology Officer of McAfee in 2010, when a security update from the antivirus firm crashed tens of thousands of computers.
Source: https://www.hindustantimes.com/trending/crowdstrike-ceo-george-kurtz-was-cto-of-mcafee-in-2010-global-tech-disaster-101721471586633.html
Tomi Engdahl says:
The world as we know it increasingly relies on digital connectivity that, for the most part, works quietly and invisibly in the background. So how did a single software update bring down half the internet?
The global IT outage on 19 July serves as a stark reminder of our vulnerability to technological failures. Triggered by a single faulty software update provided by the cybersecurity firm, CrowdStrike, this had a disastrous impact on airlines, media outlets, banks, and retailers worldwide, particularly businesses that use Microsoft Windows operating systems.
https://theconversation.com/microsoft-crowdstrike-outage-how-a-single-software-update-was-able-to-cause-it-chaos-across-the-globe-235165
This incident, described as the “largest IT outage in history”, reminds us of the extensive web of IT interconnections that sustain our digital infrastructure – and of the potential for far-reaching consequences when something goes wrong.
What started with delays at airports turned into widespread flight cancellations. The disruption in airline systems doesn’t just disrupt flight schedules, it also affected global supply chains reliant on air cargo, demonstrating the multifaceted nature of modern IT ecosystems. Meanwhile, broadcasts were interrupted at numerous TV and radio stations and operations at supermarkets and banks were brought to a standstill.
Preliminary analyses suggests the chaos stemmed from a software update from CrowdStrike’s Falcon Sensor security software that was applied to Microsoft Windows operating systems. Workers in companies using CrowdStrike were met with the “blue screen of death” (a screen with an error message indicating a systems crash) when they tried to log in.
Countries with strong ties to Microsoft and CrowdStrike felt the brunt of the impact, but businesses in countries like China, with their relatively insulated and controlled IT infrastructures, appear to have been less affected.
With growing geopolitical tensions in recent years, China and a growing number of other countries have actively developed their own cybersecurity measures and digital infrastructures, which may have mitigated the effects of this incident.
China’s focus on using indigenous technology and reducing their dependency on foreign technology may have also contributed to the lesser impact on their systems.
Recovery and implications
How the affected sectors have managed this crisis reflects both the strength and vulnerabilities of their own security and disaster recovery strategies. The primary issue has been identified and reportedly rectified. The slow recovery process ahead will show the significant challenges to come in restoring service continuity within our complex, deeply interconnected digital ecosystems.
It’s particularly surprising that despite numerous past lessons, like the TSB IT migration disaster in 2018 that affected millions of customers of the UK bank, a staggered software rollout was not employed.
The absence of this step, a fundamental yet critical strategy in IT management, exposed the fragility of systems that many presumed robust. It has also raised serious questions about the resilience of both the Windows operating systems and the cybersecurity measures by CrowdStrike that are supposed to protect them
In addition, the episode highlighted the strategic risks of relying on a single source of technology. This global outage showed how important it is to have diverse technological alliances to enhance national security and economic stability, while raising concerns about the potential for hostile states to exploit such vulnerabilities. This incident will add a new layer of urgency to international cybersecurity collaborations and policy interventions.
As services begin to stabilise and resume, this outage should serve as a wake-up call for IT professionals, business leaders, and policymakers alike. The pressing need to reassess and even overhaul existing cybersecurity strategies and IT management practices is clear. Improving system resilience to withstand large scale disruptions must be a priority.
The global IT outage marks a timely reminder and a critical juncture for discussions on digital resilience and the future of technology governance at the business, infrastructure and policy levels.
What about AI?
Something else we don’t know the answer to yet is this: if a single software bug can take down airlines, banks, retailers, media outlets and more around the world, are our systems ready for AI?
Perhaps we need to invest more in improving software reliability and methodology, rather than rushing out chatbots. An unregulated AI industry is going to be a recipe for disaster
Tomi Engdahl says:
How did CrowdStrike go down?
CrowdStrike launched a sensor configuration update to Microsoft Windows systems — something that’s done regularly across the Falcon platform. This time, though, the update sparked a logic error. The result was a system crash, leading to the blue screens seen by customers around the world.
After the Biggest IT Outage in History, Is CrowdStrike a Stock to Avoid…or a Bad-News Buy?
https://www.nasdaq.com/articles/after-biggest-it-outage-history-crowdstrike-stock-avoidor-bad-news-buy
Tomi Engdahl says:
As of the end of the first quarter, 62 of the Fortune 100 companies were using CrowdStrike as their choice of cybersecurity provider. The company recently said deals involving modules such as Falcon Next-Gen SIEM more than doubled year over year, and it’s been signing some of its biggest contracts ever.
Fast-forward to the early morning hours of July 19. CrowdStrike launched a sensor configuration update to Microsoft Windows systems — something that’s done regularly across the Falcon platform. This time, though, the update sparked a logic error. The result was a system crash, leading to the blue screens seen by customers around the world.
CrowdStrike quickly fixed the software error, but as mentioned above, the need for manual reboots means it will take time for all systems to return to normal operations. The impact has been broad-based — from canceled flights and surgeries to TV channels being unable to broadcast.
Potential impact on CrowdStrike
Now, let’s consider the potential impact on CrowdStrike. First, here’s a very important point: The troubles weren’t linked to a cyberattack. They were simply the result of a faulty software update. This is key because it doesn’t call into question CrowdStrike’s ability to do its job of protecting companies from such attacks. And though this software bug created chaos, unfortunately these sorts of events do happen from time to time — and have happened to other companies.
Of course, the outage is still likely to have some financial impact on CrowdStrike, but it’s too early to determine exactly how much. A look at the company’s terms and conditions shows it limits its liability to “fees paid” by the customer — which could greatly reduce potential damages.
CrowdStrike may have negotiated other terms with certain clients, and the company still could face the threat of lawsuits or the loss of contracts.
https://www.nasdaq.com/articles/after-biggest-it-outage-history-crowdstrike-stock-avoidor-bad-news-buy
Tomi Engdahl says:
https://youtu.be/-UuPN-jJVFA?si=_CKTwtoVomnKu4ua
Tomi Engdahl says:
How to fix the Crowdstrike thing:
1. Boot Windows into safe mode
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Delete C-00000291*.sys
4. Repeat for every host in your enterprise network including remote workers
5. If you’re using BitLocker jump off a bridge
Tomi Engdahl says:
Suuren verkkolaitevalmistajan tuotteissa paha haavoittuvuus – päivitä heti
19.7.202407:45
Haavoittuvuus koskee Cisco Async OS:n kaikkia versioita ennen 15.5.1-055 -versiota.
https://www.mikrobitti.fi/uutiset/suuren-verkkolaitevalmistajan-tuotteissa-paha-haavoittuvuus-paivita-heti/5a4f50f1-9e87-4e27-8d05-28c157f394b4
Cisco Secure Email Gatewaysta on löytynyt kriittinen haavoittuvuus, tiedottaa Kyberturvallisuuskeskus.
Cisco on julkaissut päivityksen, joka korjaa haavoittuvuuden.
Kyberturvallisuuskeskus kertoo, että haavoittuvuus johtuu käyttäjän antaman syötteen virheellisestä validoinnista. Haavoittuvuus mahdollistaa muun muassa pääsyn arkaluontoisiin tietoihin ja konfiguraation muokkaamisen.
”Haavoittuvuuden hyväksikäyttö mahdollistaa hyökkääjälle mielivaltaisen tiedostojen ylikirjoittamisen käyttöjärjestelmätasolla”, Kyberturvallisuuskeskus kertoo tiedotteessaan.
Cisco Secure Email Gateway on altis haavoittuvuudelle, jos Content Scanner Tools -versio on vanhempi kuin 23.3.0.4823 ja sähköpostissa on käytössä joko tiedoston analysointi – tai sisällön suodatusominaisuus.
Tomi Engdahl says:
IT Risk Assessment Checklist
Identify your risks to jump-start an A-class risk mitigation program
https://www.netwrix.com/ch_risk_assessment_checklist.html?cID=701Qk000007Lw0qIAC&sID=6302279554554&creative_id=6302279555154&placement_id=Facebook_Mobile_Feed&fbclid=IwZXh0bgNhZW0BMAABHbPKk-6FrkN_uC8Qgx1m8gd_6DAT_UZaB0-MattG5WDYm4yGKdO72Sy-9g_aem_d7bOsUNgRRUwE3kW1X4OIw
Tomi Engdahl says:
Sadattuhannet tietokoneet lakosivat ympäri maailman: yksi valtava toimenpide yhä edessä
Ongelman korjaaminen voi olla hidasta, BBC kertoo.
https://www.is.fi/digitoday/art-2000010575405.html
Tomi Engdahl says:
https://www.tomshardware.com/software/windows/windows-31-saves-the-day-during-crowdstrike-outage
Tomi Engdahl says:
New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints
https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
Tomi Engdahl says:
Update Caused Outage For 8.5 Million Windows Devices
BY KYLE ALSPACH
JULY 20, 2024, 5:25 PM EDT
Major airlines reported progress on recovery from the outage Saturday.
https://www.crn.com/news/security/2024/microsoft-crowdstrike-update-caused-outage-for-8-5-million-windows-devices
Microsoft disclosed Saturday that 8.5 million Windows devices were impacted by CrowdStrike’s disastrous update, while major airlines reported progress on recovery from the massive outage.
The CrowdStrike Falcon update led to the “blue screen of death” for Windows systems worldwide on Friday and hobbled much of what the modern world depends on, from air travel to health care to banking and beyond. Experts have called it the largest IT outage of all time.
In a post Saturday, Microsoft offered a sense of the scale of the outage caused by the CrowdStrike update.
“We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices, or less than 1 percent of all Windows machines,” Microsoft said.
“While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services,” Microsoft said.
CRN has reached out to CrowdStrike for comment.
Meanwhile, major airlines that have been affected by the outage reported that the recovery is well underway.
Tomi Engdahl says:
Helping our customers through the CrowdStrike outage
https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/
Tomi Engdahl says:
Microsoft outage cause explained: What is CrowdStrike and why users are getting Windows’ blue screen of death?
https://m.economictimes.com/magazines/panache/microsoft-outage-cause-explained-what-is-crowdstrike-and-why-users-are-getting-windows-blue-screen-of-death/articleshow/111858827.cms#amp_ct=1721666236340&_tf=L%C3%A4hde%3A%20%251%24s&aoh=17216661887996&referrer=https%3A%2F%2Fwww.google.com&share=https%3A%2F%2Fm.economictimes.com%2Fmagazines%2Fpanache%2Fmicrosoft-outage-cause-explained-what-is-crowdstrike-and-why-users-are-getting-windows-blue-screen-of-death%2Farticleshow%2F111858827.cms
Tomi Engdahl says:
Major Microsoft 365 outage caused by Azure configuration change
https://www.bleepingcomputer.com/news/microsoft/major-microsoft-365-outage-caused-by-azure-configuration-change/#amp_ct=1721666319770&_tf=L%C3%A4hde%3A%20%251%24s&aoh=17216661887996&referrer=https%3A%2F%2Fwww.google.com&share=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fmicrosoft%2Fmajor-microsoft-365-outage-caused-by-azure-configuration-change%2F
Tomi Engdahl says:
Microsoft’s Global IT Outage Causes Major Disruptions – July 19, 2024
On July 19, 2024, a significant IT outage linked to Microsoft caused widespread disruptions across various industries worldwide. This blog post will explain what happened, how different sectors were impacted, and what businesses can do to prevent such issues in the future.
https://www.server-parts.eu/post/microsoft-it-outage-july-2024-impact-prevention
Tomi Engdahl says:
Crowdstrike – “Keeping you so secure, you can’t even use your own systems!”
Tomi Engdahl says:
Crowdstrike Insiders Sold Stock Before the Microsoft Windows Outage : https://www.barrons.com/articles/crowdstrike-insiders-sold-stock-cac5e509 #Microsoft #Windows #outage Comments: https://news.ycombinator.com/item?id=41013688
But planned transactions were set a year ago
Tomi Engdahl says:
“It all started with delayed flights and chaos at the airports. The day Skynet became aware of itself was Friday…”
An entry in John Connor’s diary.
Terminator
Tomi Engdahl says:
Asiantuntija selittää puhelinten oikuttelun itärajalla: ”Venäjä ampuu niin suurella teholla…”
Suomessa sijaitsevat puhelimet voivat ajoittain eksyä Venäjän verkkoon.
Asiantuntija selittää puhelinten oikuttelun itärajalla: ”Venäjä ampuu niin suurella teholla…”
https://www.is.fi/digitoday/mobiili/art-2000010574693.html
Tomi Engdahl says:
Nooran puhelin loikkasi Venäjälle kesken WhatsApp-rupattelun – sitten hän kuuli erikoisen selityksen
https://www.is.fi/digitoday/mobiili/art-2000010570922.html
Tomi Engdahl says:
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
Tomi Engdahl says:
Impact
Customers running Falcon sensor for Windows version 7.11 and above, that were online between Friday, July 19, 2024 04:09 UTC and Friday, July 19, 2024 05:27 UTC, may be impacted.
Systems running Falcon sensor for Windows 7.11 and above that downloaded the updated configuration from 04:09 UTC to 05:27 UTC – were susceptible to a system crash.
The impacted Channel File in this event is 291 and will have a filename that starts with “C-00000291-” and ends with a .sys extension. Although Channel Files end with the SYS extension, they are not kernel drivers.
Channel File 291 controls how Falcon evaluates named pipe1 execution on Windows systems. Named pipes are used for normal, interprocess or intersystem communication in Windows.
The update that occurred at 04:09 UTC was designed to target newly observed, malicious named pipes being used by common C2 frameworks in cyberattacks. The configuration update triggered a logic error that resulted in an operating system crash.
Channel File 291
CrowdStrike has corrected the logic error by updating the content in Channel File 291. No additional changes to Channel File 291 beyond the updated logic will be deployed. Falcon is still evaluating and protecting against the abuse of named pipes.
This is not related to null bytes contained within Channel File 291 or any other Channel File.
Root Cause Analysis
We understand how this issue occurred and we are doing a thorough root cause analysis to determine how this logic flaw occurred. This effort will be ongoing.
https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
Tomi Engdahl says:
Experts: Crowdstrike Update, That Led To Global IT Outage, Likely Skipped Checks
CrowdStrike’s routine cybersecurity software update caused a global IT outage on Friday, likely due to insufficient quality checks. Three security experts have pointed this out. The new Falcon Sensor software version aimed to enhance security against hacking. However, faulty code in the update led to one of the biggest tech outages for companies using Microsoft’s Windows system. One expert mentioned that frequent updates by companies like CrowdStrike to fight malware might have led to less thorough testing. The outage made air passengers worldwide experience flight delays and cancellations. The outage also impacted banks, hospitals, and government offices. Microsoft reported that around 8.5 million of its devices were affected, less than one percent of all Windows machines. CrowdStrike provided a fix, but experts noted that restoring systems would take time as it required manually removing the faulty code.
https://youtu.be/AdG_oUj1hEg?si=JZV27mqZ6xGf_teH
Tomi Engdahl says:
According to SFGATE, the airline has not confirmed that they use 1992′s Windows 3.1 in their systems, but speculation remained high. As per the publication, SouthWest Airlines’s outdated tech has led to a bunch of problems for the airline before,
https://www.sportskeeda.com/pop-culture/fact-check-did-southwest-airlines-post-look-needs-ol-southwest-tweet-amid-microsoft-s-global-outage-viral-post-debunked
Tomi Engdahl says:
Home > Windows > No, Southwest Airlines is not still using Windows 3.1
No, Southwest Airlines is not still using Windows 3.1
https://www.osnews.com/story/140301/no-southwest-airlines-is-not-still-using-windows-3-1/
A story that’s been persistently making the rounds since the CrowdStrike event is that while several airline companies were affected in one way or another, Southwest Airlines escaped the mayhem because they were still using windows 3.1. It’s a great story that fits the current zeitgeist about technology and its role in society, underlining that what is claimed to be technological progress is nothing but trouble, and that it’s better to stick with the old. At the same time, anybody who dislikes Southwest Airlines can point and laugh at the bumbling idiots working there for still using Windows 3.1. It’s like a perfect storm of technology news click and ragebait.
Too bad the whole story is nonsense.
But how could that be? It’s widely reported by reputable news websites all over the world, shared on social media like a strain of the common cold, and nobody seems to question it or doubt the veracity of the story. It seems that Southwest Airlines running on an operating system from 1992 is a perfectly believable story to just about everyone, so nobody is questioning it or wondering if it’s actually true. Well, I did, and no, it’s not true.
Let’s start with the actual source of the claim that Southwest Airlines was unaffected by CrowdStrike because they’re still using Windows 3.11 for large parts of their primary systems. This claim is easily traced back to its origin – a tweet by someone called Artem Russakovskii, stating that “the reason Southwest is not affected is because they still run on Windows 3.1”. This tweet formed the basis for virtually all of the stories, but it contains no sources, no links, no background information, nothing. It was literally just this one line.
It turned out be a troll tweet. A reply to the tweet by Russakovskii a day later made that very lear: “To be clear, I was trolling last night, but it turned out to be true. Some Southwest systems apparently do run Windows 3.1. lol.”
These few paragraphs do not say that Southwest is still using ancient Windows versions; it just states that the systems they developed internally, SkySolver and Crew Web Access, look “historic like they were designed on Windows 95”. The fact that they are also available as mobile applications should further make it clear that no, these applications are not running on Windows 3.1 or Windows 95. Southwest pilots and cabin crews are definitely not carrying around pocket laptops from the ’90s.
These paragraphs were then misread, misunderstood, and mangled in a game of social media and bad reporting telephone, and here we are. The fact that nobody seems to have taken the time to click through a few links to find the supposed source of these claims, instead focusing on cashing in on the clicks and rage these stories would illicit, is a rather damning indictment of the state of online (tech) media. Many of the websites reporting on these stories are part of giant media conglomerates, have a massive number of paid staff, and they’re being outdone by a dude in the Arctic with a small Patreon, minimal journalism training, and some common sense.
This story wasn’t hard to debunk – a few clicks and a few minutes of line searching is all it took. ask yourself – why do these massive news websites not even perform the bare minimum?
Tomi Engdahl says:
CrowdStrike’s faulty update crashed 8.5 million Windows devices, says Microsoft / The global IT outage on Friday resulted from a sensor configuration update to CrowdStrike’s Falcon platform that caused a Windows logic error.
https://www.theverge.com/2024/7/20/24202527/crowdstrike-microsoft-windows-bsod-outage?fbclid=IwZXh0bgNhZW0CMTEAAR3tRVTlBFI81b5o3BdOomipfZrMjqsKKOLGhFlnU4QzIPPl3Fc0TT1AZGE_aem_232v05vCDYyY7bX2aCg0_A
Tomi Engdahl says:
CrowdStrike’s Falcon Sensor also linked to Linux kernel panics and crashes : https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/ #Linux #Kernel Comments: https://news.ycombinator.com/item?id=41030352
Tomi Engdahl says:
Microsoft blames global Crowdstrike meltdown on a deal made in 2009
A Microsoft spokesperson has blamed the recent CrowdStrike-Windows outage on a regulatory deal struck with the European Union in 2009.
VIEW GALLERY – 2
Jak Connor
@JakConnorTT
Published Jul 23, 2024 8:02 AM CDT
1 minute & 24 seconds read time
Microsoft has connected a deal struck in 2009 with the recent CrowdStrike meltdown that knocked 8.5 million Windows machines offline.
2
VIEW GALLERY – 2 IMAGES
For those that don’t know, CrowdStrike rolled out an update to its cybersecurity software that contained files that resulted in kernel-level failures on Windows machines. A kernel-level failure crashes the boot-up of the machine, causing a blue screen of death. Since CrowdStrike’s software is marked as a “boot-start driver” machines were thrown into a blue screen of death boot loop.
Popular Now: Starlink’s new mobile community gateway tested: 8Gbps down with ‘no land in sight’
CrowdStrike is definitely responsible for pushing out a faulty driver update to its customers, but Microsoft is also responsible for giving CrowdStrike, and seemingly third-party security vendors, access to kernel mode in Windows customers’ machines. Speaking to The Wall Street Journal, a Microsoft spokesperson placed the blame of the access at the feet of a deal struck in 2009 between the Redmond company and the European Union.
The deal echoes similar problems Apple has experienced with the European Union regulators, which recently forced Apple to adopt USB-C charging ports after the European regulators ruled lighting connectors were anti-compete. The 2009 deal was for Microsoft to grant third-party vendors the same level of access as it does to a machine, which in this sense would be kernel-level access.
This deal was pushed through under anti-compete arguments, which are typically good, but, unfortunately, opened the door to software flaws, potential security flaws, and critical errors.
Read more: What caused the CrowdStrike Windows BSOD issue, and why it led to total system crashes
$10 -PlayStation Store Gift Card [Digital Code]
Today 30 days ago
$10.00
$10.00
Buy
$10.00
$10.00
Buy
* Prices last scanned on 7/23/2024 at 11:55 am CDT – prices may not be accurate, click links above for the latest price. We may earn an affiliate commission.
NEWS SOURCES:cointelegraph.com, wsj.com
Jak Connor
Jak joined the TweakTown team in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak’s love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms. Instead of typical FPS, Jak holds a very special spot in his heart for RTS games.
What’s in Jak’s PC?
CPU: AMD Ryzen 5 5600X
MOTHERBOARD: ASUS ROG Crosshair VIII HERO (WiFi)
RAM: G.Skill Trident Z Neo 32GB CL16 DDR4 3600MHz 32GB (2 x 16GB)
GPU: NVIDIA GeForce RTX 4090 Founders Edition
SSD: GALAX HOF Pro SSD PCI-E M.2 2TB, Samsung SSD 850 EVO 250GB
OS: Windows 11 Pro
COOLER: NZXT Kraken 360mm AIO
CASE: Lian Li Lancool III
PSU: Corsair RM1000x SHIFT 80 PLUS Gold
KEYBOARD: Logitech G915 LIGHTSPEED
MOUSE: Logitech G PRO Wireless
MONITOR: MSI MAG 274UPF 4K 144Hz
Newsletter Subscription
Similar News
NVIDIA CEO Jensen Huang and Mark Zuckerberg to explore future of AI at SIGGRAPH 2024
Call of Duty negotiations likely to end mutually, Sony needs COD and Microsoft needs Sony
Brazilian regulators have myopic view on subscriptions like Game Pass
FTC explains how Microsoft-Activision merger will harm consumers and competition
Sony was ‘thrilled’ to sign Call of Duty deal with Microsoft
10-year ABK deal should include Steam to make full impact
Related Tags
MicrosoftCrowdStrikeWindowsWindows outagecybersecurityEuropean UnionCrowdStrike outageApple
Read more: https://www.tweaktown.com/news/99472/microsoft-blames-global-crowdstrike-meltdown-on-deal-made-in-2009/index.html?utm_source=dlvr.it&utm_medium=facebook&fbclid=IwZXh0bgNhZW0CMTEAAR1mfLLaBaf3vxHjL2k5B3p_nX-VtY7_kxsqCMhcuHTHgWf_FsyCwuwZEYg_aem_T9ZTzUmEbH4p97FTMatd0g
CrowdStrike is definitely responsible for pushing out a faulty driver update to its customers, but Microsoft is also responsible for giving CrowdStrike, and seemingly third-party security vendors, access to kernel mode in Windows customers’ machines. Speaking to The Wall Street Journal, a Microsoft spokesperson placed the blame of the access at the feet of a deal struck in 2009 between the Redmond company and the European Union.
The deal echoes similar problems Apple has experienced with the European Union regulators, which recently forced Apple to adopt USB-C charging ports after the European regulators ruled lighting connectors were anti-compete. The 2009 deal was for Microsoft to grant third-party vendors the same level of access as it does to a machine, which in this sense would be kernel-level access.
Read more: https://www.tweaktown.com/news/99472/microsoft-blames-global-crowdstrike-meltdown-on-deal-made-in-2009/index.html?utm_source=dlvr.it&utm_medium=facebook&fbclid=IwZXh0bgNhZW0CMTEAAR1mfLLaBaf3vxHjL2k5B3p_nX-VtY7_kxsqCMhcuHTHgWf_FsyCwuwZEYg_aem_T9ZTzUmEbH4p97FTMatd0g
Tomi Engdahl says:
https://www.euronews.com/next/2024/07/22/microsoft-says-eu-to-blame-for-the-worlds-worst-it-outage
It’s EU problem
Tomi Engdahl says:
https://www.facebook.com/share/p/wL132oy7pgssFRhx/
Oops, they did it again!
Did you know the McAfee PC meltdown and the Microsoft-CrowdStrike outage have a common link?
Back In 2010:
McAfee released an antivirus update that mistakenly deleted a key Windows XP file, causing endless reboots and no network access.
What Happened?
- A false positive marked a regular Windows file, “svchost. exe,” as a virus.
- Systems showed blue screens and shut down.
- The problem spread quickly through a network tool called “ePolicyOrchestrator.”
Solution:
- McAfee removed the faulty update.
- They provided a new definition of the virus to fix it.
Interesting Fact:
- George Kurtz, now CEO of CrowdStrike, was McAfee’s CTO during this 2010 glitch.
- The incident was so costly that Intel bought McAfee in 2011.
Tech issues happen, but it’s all about how we handle them.
#McAfee #Intel #CyberSecurity #CrowdStrike #Microsoft
Tomi Engdahl says:
So he learned nothing (repeating a similar mistake). Microsoft learned nothing (it should protect is core from such issues better, like others do) and the consumers (big companies) learned nothing not having redundant systems and blindly rolling out any update (even security updates) in production without at least a limited test update…
Tomi Engdahl says:
Krisztian Pal Kaszas the same thing has happened to Linux aswell it recent months. Just the use case of crowdstrike on Linux is much smaller so not really talked about. It has also effect macs in recent years. Just this time in was MS tern to take a hit and unfortunately it makes headlines because it’s embedded everywhere.
Tomi Engdahl says:
By Taras Buria – Microsoft released a new tool to help IT admins fix over 8 millions of Windows PCs hit by the recent CrowdStrike outage. With the help of a USB drive, it can automate and speed up the recovery. #CrowdStrike #Microsoft
https://www.neowin.net/news/microsoft-released-a-tool-for-auto-fixing-crowdstrike-blue-screens-of-death-on-windows-pcs/?fbclid=IwZXh0bgNhZW0CMTEAAR2bBOux1oN4jawhKEakkJw2WxPB6B_SlUPOQOqhKRyEDuaPLlsKEVN8NU0_aem_QNn3t1gMRac1D0iWl8FmQQ
Tomi Engdahl says:
https://www.neowin.net/news/crowdstrike-finally-explains-in-brief-what-caused-the-global-windows-blue-screen-outage/
Tomi Engdahl says:
CrowdStrike, the cybersecurity firm that crashed millions of computers with a botched update all over the world last week, is offering its partners a $10 Uber Eats gift card as an apology, according to several people who say they received the gift card, as well as a source who also received one.
On Tuesday, a source told TechCrunch that they received an email from CrowdStrike offering them the gift card because the company recognizes “the additional work that the July 19 incident has caused.”
.
https://techcrunch.com/2024/07/24/crowdstrike-offers-a-10-apology-gift-card-to-say-sorry-for-outage/?fbclid=IwZXh0bgNhZW0CMTEAAR3bnuK0j1-2_Ba4oH58b-WoozpEh5O0nhavrGRbBaUsK4Gcw7gFE56VJ0A_aem_FnnHr8ei-H7UNv5i17Y6nw
Tomi Engdahl says:
NEO can create DoS for IoT devices: https://ie.social/NKK78
Tomi Engdahl says:
CrowdStrike Offers $10 Gift Card as Apology for Shutting Down Basically the Whole Earth
byVictor Tangermann
Jul 24, 4:28 PM EDT
Getty / Futurism
“To express our gratitude, your next cup of coffee or late night snack is on us!”
https://futurism.com/the-byte/crowdstrike-10-gift-card-apology?fbclid=IwY2xjawEQDGdleHRuA2FlbQIxMQABHeC-FiapzvrvUblapK6cHy4i_kQ4agJ8USoZr7Y5tdM_iFLjpLRVqcWt2g_aem_uzeb6txAlww2Ww5lFVyGOw
CrowdStrike, the cybersecurity firm behind last week’s epic global computer meltdown — seemingly the largest IT outage in history — is offering its partners a hilariously inadequate mea culpa: a $10 Uber Eats gift card in apology.
It’s a hilariously inadequate gesture for a slip-up that cost Fortune 500 companies more than $5 billion in direct losses, according to a new analysis by insurance firm Parametrix, and forced countless IT professionals to work around the clock over the weekend.
An unnamed source told TechCrunch that they had received an email with the amended gift card to make up for the “additional work that the July 19 incident has caused.”
Tomi Engdahl says:
Hmmm. More usb exploit tools… I mean fixes
https://www.neowin.net/news/microsoft-released-a-tool-for-auto-fixing-crowdstrike-blue-screens-of-death-on-windows-pcs/?fbclid=IwY2xjawEQDiRleHRuA2FlbQIxMQABHToFP8Ux6E6tdwFhx0viXTB30WavNHhnG7s2_MYHbuTDe0w3IWcuXpXdAg_aem_I_8MTxgO9xsN9YakkmAtsQ