Windows TCO: 10 Stories and Cautionary Tales
-
The Register UK ☛ Delta: CrowdStrike’s offer for help too little, too late
Last month, CrowdStrike pushed out a flawed update to its Falcon threat-detection system that crashed and disabled more than 8 million Microsoft Windows machines worldwide. That figure included more than 37,000 Delta computers, disrupting more than 1.3 million people's travel plans, according to a Thursday letter from Delta's attorney David Boies to CrowdStrike's lawyer Michael Carlinsky.
-
Cyble Inc ☛ North Miami City Hall Cyber Incident Leads To Temporary Closure
Mayor Alix Desulme took to X (formerly known as Twitter) to address the situation directly with residents. “Dear North Miami Residents, We know that many of you prefer to visit City Hall to conduct city business in person. Unfortunately, due to unexpected issues with our IT infrastructure, we cannot welcome in-person visitors at this time. Rest assured, we are working hard to address and resolve these challenges. Thank you for your understanding and patience,” he tweeted.
-
Cyble Inc ☛ Microsoft Entra ID Vulnerability Allows Unauthorized Access
This Entra ID vulnerability highlights how invisible authentication mechanisms within Microsoft’s systems can be exploited, leading to “Unauthorized access” and posing a substantial threat to organizational security. At the recent Black Hat conference, Eric Woodruff, Senior Cloud Security Architect at Semperis, unveiled a critical issue concerning Microsoft Entra ID. This vulnerability allows users with admin-level access to exploit layered authentication mechanisms to gain extensive global administrator privileges.
-
Cyble Inc ☛ Windows Downdate Downgrades Windows Systems For Exploit
A researcher at SafeBreach identified the potential threat within the heart of the Windows Update process’s architecture. The Windows update flow involves several steps, including the client requesting an update, the server validating the integrity of the update folder, and the server saving an action list that is executed during the reboot process.
-
Cyble Inc ☛ SEC Ends Probe Into Progress Software Over MOVEit Attack
The attack, which was carried out by the Cl0p ransomware group, exploited a zero-day vulnerability in the MOVEit Transfer managed file transfer (MFT) product. This flaw, known as CVE-2023-34362, allowed the attackers to gain unauthorized access and steal sensitive data from a wide range of organizations worldwide.
-
The Record ☛ SEC decides against penalizing MOVEit software maker
Cybersecurity firm Emsisoft estimates that 2,773 organizations were impacted by the attacks on MOVEit, and the records of nearly 96 million people were exposed and stolen by the group behind the exploitation.
The incident caused international outrage as dozens of government agencies, Fortune 500 companies and more confirmed that troves of data had been stolen by hackers connected to the Clop ransomware gang.
In an SEC filing in May, the company said it has spent about $4.2 million related to the MOVEit incident, much of which will be covered by its $15 million cyber insurance policy.
-
The Register UK ☛ Microsoft punches back against Delta's legal threats
Microsoft's letter follows a similar missive CrowdStrike sent to Boies yesterday that also claimed the embattled airline refused its offer of on-site help, and accused Delta of making poor IT decisions that ultimately led to its delayed recovery.
-
Scoop News Group ☛ Easterly: Potential Chinese cyberattack could unfold like CrowdStrike error
Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, told a large crowd at the annual Black Hat cybersecurity conference that the fallout of the CrowdStrike situation — which disrupted medical care, canceled flights and shuttered retailers — showed what effects Chinese-linked activity tracked as Volt Typhoon could generate.
“What was going through my mind was that, oh, this is exactly what China wants to do, but without rolling back the updates such that we could all reboot our systems,” Easterly said during a keynote address alongside top cybersecurity officials from the U.K. and Europe.
-
Cyble Inc ☛ New BlackSuit Ransomware Threat Evolve: FBI, CISA Warn
This FBI and CISA advisory includes details on the indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with BlackSuit ransomware, as identified through FBI threat response activities and third-party reporting as recently as July 2024.
BlackSuit ransomware is an evolution of the previously known Royal ransomware, which was active from September 2022 through June 2023. BlackSuit shares numerous coding similarities with Royal ransomware but has demonstrated enhanced capabilities. This evolution signifies a significant threat as BlackSuit continues to target organizations through sophisticated attack vectors.
-
Cyble Inc ☛ Six Iranian Hackers Wanted: US Offer $10 Million Reward
They are accused of compromising industrial control systems, specifically targeting the Vision series of programmable logic controllers (PLCs) manufactured by Israel-based Unitronics. These PLCs are widely used in various industries, including water and wastewater, energy, food and beverage, manufacturing, and healthcare.