Windows TCO: 10 Cautionary New Tales About Using Microsoft
-
The Register UK ☛ Bad apps bypass Windows alerts for six years using LNK files
Elastic Security Labs has lifted the lid on a slew of methods available to attackers who want to run malicious apps without triggering Windows' security warnings, including one in use for six years.
The research focused on ways to bypass Windows SmartScreen and Smart App Control (SAC), the go-to built-in protections against running potentially nasty software downloaded from the web in Windows 8 and 11 respectively.
-
Security Week ☛ French Museum Network Hit by Ransomware Attack, but No Disruptions Are Reported at Olympic Events
The attack, detected on Sunday, hit data systems used by around 40 museums across France.
-
Security Week ☛ Fighting Back Against Multi-Staged Ransomware Attacks Crippling Businesses
Ransomware actors commonly dwell in the victim’s environment anywhere from 24 hours to 10 days, but it can be far longer. During this time, they eavesdrop on email correspondence, explore the victim’s environment and identify mission-critical data suitable for exfiltrated. Once the crown jewels are identified and exfiltration is complete, attackers begin encrypting computers and ask for a ransom.
-
The Record ☛ NHS software supplier Advanced faces £6m fine over ransomware attack failings
The company hit by a ransomware attack that disrupted Britain’s National Health Service (NHS) back in August 2022 is facing a data protection fine of over £6 million ($7.6 million) for failing to protect the personal information of tens of thousands of people.
Advanced, a company providing IT services to numerous healthcare providers in the United Kingdom, allowed hackers to steal “phone numbers and medical records” belonging to 82,946 people, according to the UK’s Information Commissioner’s Office (ICO).
-
US News And World Report ☛ Microsoft Hits Back at Delta After the Airline Said Last Month's Tech Outage Cost It $500 Million
Delta CEO Ed Bastian said last week that the global technology outage that started with a faulty upgrade from CrowdStrike to machines running on Microsoft Windows cost the airline $500 million. Bastian raised the threat of legal action.
On Tuesday, Delta said it has a long record of investing in reliable service including ”billions of dollars in IT capital expenditures” since 2016 and billions more in annual IT costs. It declined further comment.
-
The Register UK ☛ Florida firm sued over theft of 2.9B personal records
California resident Christopher Hofmann filed the potential class-action complaint against Jerico Pictures, doing business as National Public Data, a Coral Springs-based firm that provides APIs so that companies can perform things like background checks on people and look up folks' criminal records. As such National Public Data holds a lot of highly personal information, which ended up being stolen in a cyberattack.
According to the suit [PDF], filed in a southern Florida federal district court, Hofmann is one of the individuals whose sensitive information was pilfered by crooks and then put up for sale for $3.5 million on an underworld forum in April.
-
The Register UK ☛ Sneaky SnakeKeylogger slithers into Windows email inboxes
Criminals are preying on Windows users yet again, this time in an effort to hit them with a keylogger that can also steal credentials and take screenshots.
In an alert this month, Fortinet's FortiGuard Labs warned of an uptick in SnakeKeylogger infections. Once running on someone's PC, this malware records the victim's keystrokes as they log into things, fishes usernames and passwords out of their files, and takes screenshots to snoop on people, and then sends all that sensitive info to fraudsters.
-
India Times ☛ CrowdStrike is sued by fliers after massive outage disrupts air travel
In a proposed class action filed in the Austin, Texas, federal court, three fliers blamed CrowdStrike's negligence in testing and deploying its software for the outage, which also disrupted banks, hospitals and emergency lines around the world.
The plaintiffs said that as fliers scrambled to get to their destinations, many spent hundreds of dollars on lodging, meals and alternative travel, while others missed work or suffered health problems from having to sleep on the airport floor.
-
The Register UK ☛ CrowdStrike hits back at Delta over litigation threat
That's according to a letter, seen by The Reg and sent to David Boies, partner at the law firm Delta hired to investigate the airline's legal options after it struggled more than most to bring its systems back online, leading to a sprawling list of flight cancellations.
The Falcon vendor reiterated its apology to Delta and the wider customer base. It then went on to remind Boies, known for his work as special counsel during the 1990s US antitrust trial against Microsoft, that it had been proactive in reaching out to Delta, offering support to the airline "within hours" of the incident unfolding.
-
Scoop News Group ☛ Intelligence bill would elevate ransomware to a terrorist threat
When the Senate Intelligence Committee earlier this summer advanced its annual measure to authorize the work of the U.S. intelligence community, it also advanced a controversial proposal to deal with ransomware: treating it like terrorism.
Sponsored by committee chairman Mark Warner (D-VA), the bill contains novel language regarding ransomware that seeks to address increasingly rampant and damaging ransomware attacks by calling out ransomware gangs by name and branding them as “hostile foreign cyber actors”; designating nations that harbor ransomware actors as “state sponsors of ransomware” and slapping such states with sanctions; and granting the US intelligence community greater legal authority to go after ransomware actors by elevating ransomware to the level of a national intelligence priority.