A newly identified zero-day flaw linked to the 0.0.0.0 IP address has been exploited by hackers, placing users of major web browsers on macOS and Linux at risk. This vulnerability has been observed in popular browsers like Safari, Chrome, and Firefox, which could potentially allow unauthorised access to private networks. Although Windows users are unaffected, other browsers like Microsoft Edge, Brave, and Opera, which are based on Chromium, are also vulnerable.
The cybersecurity firm Oligo has reported that this flaw enables hackers to communicate with local software on Mac or Linux systems. By using the 0.0.0.0 address instead of localhost, public websites might execute arbitrary code on a visitor’s device, bypassing long-standing security measures. Oligo researchers have estimated that around 100,000 websites could facilitate this attack, which has already been used in targeted strikes on AI workloads.
In response to the threat, Apple has promised to address the issue in the upcoming macOS 15 Sequoia beta by blocking the 0.0.0.0 address. An update to Safari’s WebKit will also block connections to this IP. Chrome is considering a similar approach to ensure that users cannot bypass its Private Network Access protection. Mozilla, however, remains cautious, with a spokesperson noting that tighter restrictions might lead to compatibility issues, and therefore, Firefox has not yet implemented any proposed restrictions.
The widespread nature of the vulnerability and the potential for serious security breaches underscore the urgent need for a solution. Users of affected browsers are encouraged to stay updated on patches and fixes as they become available, particularly from browser developers like Apple, Google, and Mozilla.
YouTube experienced a mass outage in Russia on Thursday, with users reporting that the platform was inaccessible without using virtual private networks (VPNs). The outage comes amid increasing criticism from Russian authorities, who have been targeting the platform for its role in hosting content from Kremlin opponents, which has been largely removed from other social media sites within Russia. Reuters journalists in Russia confirmed the issue, with access only available through some mobile devices.
Russian internet monitoring services, including Sboi.rf, reported thousands of glitches affecting YouTube. Despite these issues, neither Google, the parent company of YouTube, nor Russia’s state communications watchdog Roskomnadzor, provided immediate comments on the situation.
In recent weeks, YouTube’s download speeds in Russia have noticeably slowed, a development blamed by Russian lawmakers on Google’s alleged failure to invest in local infrastructure. Alexander Khinshtein, head of a parliamentary committee on information policy, warned that YouTube speeds could drop by as much as 70%, labelling it necessary to pressure the platform into complying with Russian legislation. YouTube, however, rejected these claims, maintaining that the issues were not due to any technical actions on its part.
A prolonged recovery from a global cyber outage has been attributed to Delta Air Lines by Microsoft, following over 6,000 cancelled flights. The issue began with a software update by CrowdStrike, which caused system problems for various Microsoft customers. While other airlines recovered quickly, Delta continued to face disruptions.
Delta has defended its IT investments, citing billions spent since 2016 on both capital and operating costs. Despite this, flight disruptions affected hundreds of thousands of travellers, costing the airline an estimated $500 million. An investigation by the US Transportation Department is now underway, and Delta has hired litigator David Boies to seek damages from CrowdStrike and Microsoft.
Delta’s CEO Ed Bastian criticised Microsoft and CrowdStrike for failing to provide exceptional service, calling Microsoft’s platform “fragile.” Microsoft responded, labelling Delta’s comments as false and damaging. The tech giant insisted it had offered assistance to Delta, which was declined.
CrowdStrike also denied responsibility for the disruptions, with its CEO personally offering onsite help to Delta without receiving a reply. Microsoft has vowed to defend itself vigorously if a lawsuit is filed, and tensions between the airline and tech companies remain high.
The multinational technology magnate has unveiled an internal security platform designed to handle the immense scale of the company’s network. Built on a vast graph database, Mithra helps Amazon manage and protect its systems by filtering vast amounts of data to identify and neutralise malicious domains. Chief Information Security Officer C.J. Moses likens Mithra to a funnel, narrowing down data until human intervention is minimal.
Mithra’s integration with Sonaris, Amazon’s network observation platform, creates a robust defensive net around Amazon’s environments. AI and machine learning are essential for managing the large-scale data, with AI models trained to detect anomalies and potential threats. Generative AI further assists threat analysts by allowing them to interact with data in plain language, enhancing decision-making efficiency.
Amazon’s proactive approach extends beyond technology. The company maintains a strong network of Chief Information Security Officers (CISOs) to facilitate rapid communication and collaboration in times of crisis. The unveiling of Mithra comes as Amazon faces scrutiny over its AI deal with startup Adept and accountability issues for hazardous products in the United States.
CrowdStrike is facing legal challenges following a major global computer outage that disrupted air travel and affected various sectors, including banks and hospitals. A proposed class action lawsuit filed in Austin, Texas, alleges that the cybersecurity company’s negligence in testing and deploying its software caused the outage. The plaintiffs, who are air travellers, claim they incurred significant expenses and inconvenience as they scrambled to reach their destinations.
Many travellers had to spend hundreds of dollars on lodging, meals, and alternative travel arrangements, with some even experiencing health issues from sleeping on airport floors. The plaintiffs argue that CrowdStrike should compensate those affected by the disruption, citing previous technology-related flight groundings that made the outage foreseeable. CrowdStrike has stated that it believes the case lacks merit and plans to defend itself vigorously.
The outage was caused by a flawed software update that crashed over 8 million computers worldwide. Delta Air Lines, which cancelled more than 6,000 flights at a cost of about $500 million, has indicated it may take legal action against CrowdStrike. The airline declined CrowdStrike’s offer of assistance, and a US Department of Transportation probe is underway to determine why Delta took longer to recover compared to other airlines.
CrowdStrike’s stock price dropped by about one-third following the incident, prompting a shareholder lawsuit. Despite the mounting legal pressures, CrowdStrike maintains that it was neither grossly negligent nor at fault for the problems faced by Delta. The outcome of these legal battles could have significant implications for the cybersecurity company.
CrowdStrike has denied Delta Air Lines’ claim that it is responsible for the flight disruptions caused by a 19 July global outage. Delta CEO Ed Bastian stated that the outage, which resulted from a faulty update, cost the airline $500 million and indicated plans to pursue legal action against the cybersecurity firm.
CrowdStrike has apologised but rejected allegations of gross negligence, asserting that its liability is contractually limited to a few million dollars. The company also noted that it had offered Delta assistance immediately after the incident and that its CEO had personally contacted Delta’s CEO without receiving a response.
Delta cancelled over 6,000 flights during the outage, affecting more than 500,000 passengers. The airline is under investigation by the US Transportation Department for the extended recovery time compared to its competitors. CrowdStrike has questioned why Delta’s competitors managed to recover faster and why Delta declined its offer of free onsite help, which other clients accepted.
An undisclosed victim paid $75 million to the Dark Angels ransomware group, setting a record for the largest ransomware payout. Zscaler, a cloud security firm, discovered the payment early in 2024 but did not name the affected organisation. The unprecedented payout is expected to attract other attackers aiming to replicate the Dark Angels’ success.
Zscaler reported an 18% increase in ransomware attacks from April 2023 to April 2024, with manufacturing, healthcare, and technology sectors being the most targeted. The rise in ransomware-as-a-service models, zero-day attacks, vishing, and AI-powered attacks has contributed to record-breaking ransom payments. The energy sector experienced a 500% increase in attacks, making it a prime target for cybercriminals.
The United States remains the top target for ransomware attacks, accounting for nearly half of all incidents. The Dark Angels group, which emerged in May 2022, is notable for targeting high-value healthcare, government, finance, and education companies. Their highest-profile attack in September 2023 involved stealing over 27TB of data from an international conglomerate and demanding a $51 million ransom. Zscaler warns that the success of Dark Angels may inspire similar tactics from other ransomware groups.
Nearly 300 small Indian banks that were forced offline by a ransomware attack have resumed operations, according to the National Payments Corporation of India (NPCI). The attack had targeted C-Edge Technologies, a service provider for these banks, affecting about one-fifth of 1,500 cooperative and rural regional banks in India.
To contain the attack, the NPCI had temporarily isolated the affected banks from the country’s retail payments system. A forensic audit confirmed that the attack did not spread to the banks’ systems but was limited to C-Edge’s infrastructure.
The impacted banks can now resume transactions through the United Payments Interface and other NPCI-operated payment systems. The ransomware attack, attributed to a group called RansomEXX, also affected Brontoo Technology Solutions, a key collaborator with C-Edge Technologies.
On Thursday, Microsoft confirmed that users in New Zealand are experiencing difficulties accessing its services, including Exchange Online. Although the extent of the disruption remains unclear, Microsoft has taken steps to mitigate the issue by rerouting traffic to alternate infrastructure, which has led to some improvement in service availability.
The company is actively investigating to determine the underlying cause of the network problem. The incident follows closely on the heels of a significant tech outage caused by faulty code in CrowdStrike’s cybersecurity software, which affected numerous companies using the Microsoft Windows operating system less than two weeks ago.
As Microsoft works to resolve the current issues, users are advised to stay updated on the situation. The company’s efforts highlight the ongoing challenges of maintaining reliable service amidst increasing technological complexities and interdependencies.
A pro-Ukrainian hacker group, known as Cyber Anarchy Squad, has claimed responsibility for hacking the Russian information security firm Avanpost and leaking a significant amount of its data. They also reported destroying more than 60 terabytes of data and leaking 390 gigabytes of ‘valuable information.’
Avanpost, which has been operating in Russia for 15 years and specialises in developing authorisation and authentication systems for local businesses, confirmed the incident. The company acknowledged that its infrastructure was hit by a ‘serious cyberattack’ but did not provide details on the extent of the damage or the specific data that was leaked.
Avanpost advised its customers, including Russian airports, a large water supply company, and telecom service providers, to update their identification data and change passwords ‘as a precaution.’ The company also urged people not to trust ‘rumors’ and to rely only on official information.
The exact method of the hackers’ entry into Avanpost’s system, the tools they used, and the specifics of the leaked data remain unclear.
Cyber Anarchy Squad shared some of the allegedly leaked data on Telegram and the file hosting service Mega. They also posted screenshots of what they claim to be a group chat of Avanpost employees discussing the hack. However, the authenticity of this data could not be independently verified.
