Security and Windows TCO Stories
-
Bryan Lunduke ☛ Severe (9.9 / 10) GNU/Linux Vulnerability Announced, Details Kept Secret
More critical than Heartbleed, Spectre, or Meltdown? We'll find out on October 6th when the details are publicly disclosed.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (booth), Gentoo (Xpdf), Oracle (go-toolset:ol8, golang, grafana, grafana-pcp, kernel, libnbd, openssl, pcp, and ruby:3.3), Red Hat (container-tools:rhel8, go-toolset:rhel8, golang, kernel, and kernel-rt), SUSE (apr, cargo-audit, chromium, obs-service-cargo, python311, python36, quagga, traefik, and xen), and Ubuntu (intel-microcode, linux-azure-fde-5.15, and puma).
-
Windows TCO
-
Bruce Schneier ☛ New Windows Malware Locks Computer in Kiosk Mode
I’m sure this works often enough to be a useful ploy.
-
Tech Central (South Africa) ☛ CrowdStrike apologises for Windows IT disaster
The 19 July incident led to worldwide flight cancellations and impacted industries around the globe including banks, healthcare, media companies and hotel chains. South African companies were also impacted, including Capitec Bank. The outage disrupted internet services, affecting 8.5 million Microsoft Windows devices.
-
Cisco Systems Inc ☛ TALOS-2024-2008
A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability.
-
The Record ☛ CISA warns of continuing attacks on water systems after Kansas town reports incident
The notice from the Cybersecurity and Infrastructure Security Agency (CISA) came two days after Arkansas City, Kansas reported a cybersecurity issue that forced them to switch to manual operations.
-
VOA News ☛ CrowdStrike executive apologizes to Congress for July global tech outage
The Tennessee Republican likened the impact of the outage to an attack "we would expect to be carefully executed by a malicious and sophisticated nation-state actor."
"We're deeply sorry and we are determined to prevent this from ever happening again," Meyers told lawmakers while laying out the technical missteps that led to the outage of about 8.5 million computers running Microsoft's Windows operating system.
-
The Record ☛ CrowdStrike tells Congress of two process changes to address July outage incident
The company previously admitted that validators used for dozens of updates over the last decade failed to catch the faulty update that disabled more than 8.5 million Windows devices around the world.
Devices that are integral to thousands of critical systems across the world – including airlines, hospitals and banks – were running CrowdStrike’s Falcon endpoint sensor for protection.
-