CrowdStrike Holdings Inc. CEO George Kurtz announced that the company has identified and fixed the update that caused Windows systems to crash globally. Kurtz emphasised that the incident was not a security breach or cyberattack. The issue stemmed from CrowdStrike’s Falcon Sensor threat-monitoring product, which coincided with disruptions in Microsoft’s Azure cloud services, leading to widespread IT outages.
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…
The outages affected several major companies, including McDonald’s, United Airlines, and the LSE Group, which reported communication issues. KLM had to suspend most flights due to the global computer outage. Despite the swift deployment of a fix, CrowdStrike’s shares fell 16% in premarket trading.
The following incident highlights the interconnected nature of modern IT infrastructure and the far-reaching impact of technical issues. CrowdStrike’s quick response helped mitigate further disruptions, but the event underscores the importance of robust and resilient IT systems.
A major tech outage on Friday disrupted operations across various industries worldwide. Airlines such as American, Delta, and United grounded flights due to communication issues, while airports in Tokyo, Amsterdam, and Berlin reported delays. The disruption extended to financial services, with banks and stock exchanges experiencing significant interruptions. Microsoft’s cloud services and Amazon’s AWS were also impacted, further complicating matters.
The root cause of the outage was traced to a software update by cybersecurity firm CrowdStrike. Their Falcon Sensor software caused Microsoft Windows systems to crash, displaying the notorious ‘Blue Screen of Death.’ CrowdStrike has begun rolling back the problematic update, offering a manual workaround to mitigate the issue. Despite the widespread impact, there was no indication that the outage was due to a cyberattack.
The outage’s ripple effect was felt globally, hitting healthcare and media sectors. Sky News went off air in the UK, and doctors’ booking systems were down. In Australia, telecom companies and banks faced disruptions linked to CrowdStrike’s software issues. As companies work to restore their systems, the global scope of the outage underscores the interconnected nature of modern technology infrastructure.
A US judge has dismissed most of an SEC lawsuit against software company SolarWinds, which accused it of defrauding investors by concealing security weaknesses linked to a Russia-backed cyberattack. Judge Paul Engelmayer ruled that claims against SolarWinds and its chief information security officer, Timothy Brown, were based on ‘hindsight and speculation’ and lacked concrete evidence.
The judge dismissed most claims related to statements made before the cyberattack, except for one regarding a statement on SolarWinds’ website about its security controls. The SEC had alleged that SolarWinds hid its cybersecurity vulnerabilities before the attack and downplayed its severity afterwards. SolarWinds expressed satisfaction with the decision, calling the remaining claim factually inaccurate.
The cyberattack, known as Sunburst, targeted SolarWinds’ Orion software platform and compromised several US government networks, including the Departments of Commerce, Energy, Homeland Security, State, and Treasury. The US government has attributed the attack to Russia, which has denied involvement.
This case, filed last October, was notable for being one of the first where the SEC sued a company that was a victim of a cyberattack without announcing a settlement. It is also rare for the SEC to sue public company executives not closely involved in preparing financial statements.
A recent survey conducted by Nikkei Research for Reuters shows a significant divide among Japanese companies regarding AI adoption. Of the 250 firms that responded, 24% have integrated AI into their operations, while 35% plan to do so. However, 41% have no plans to implement the technology, highlighting varying levels of enthusiasm for AI across corporate Japan. Key motivations for adopting AI include addressing workforce shortages, reducing labour costs, and accelerating research and development.
Despite Japan’s initially laid back approach to AI regulation, several obstacles hinder AI adoption, including employee anxiety over potential job losses, lack of technological expertise, high capital expenditure, and concerns about AI’s reliability. Cybersecurity also emerged as a critical issue, with 15% of respondents experiencing cyberattacks in the past year and 9% reporting attacks on their business partners. To enhance cybersecurity, 47% of firms outsource their defence, while 38% rely on in-house specialists.
The survey also touched on the controversial topic of Japan’s surname law, which mandates that spouses use the same surname. Half of the respondents support changing the law, a move prompted by the Keidanren business lobby’s recent appeal to the government. Supporters argue that the current system undermines individual dignity and freedom, particularly for women, while opponents believe separate surnames could weaken family bonds. Only 14% of firms believe the change would boost employee morale, and 10% think it would aid hiring efforts, with the majority expecting no significant impact on business.
The UK government plans to introduce a Cyber Security and Resilience Bill to enhance national cyber-resilience, as announced in the King’s Speech on 17 July 2024. The bill aims to strengthen defences and protect essential digital services, focusing on critical infrastructure providers and expanding the scope of current regulations.Plans Cyber Security and Resilience Bill to Protect Critical Infrastructure
The new legislation will introduce mandatory ransomware reporting, helping authorities better understand the scale of the threat and alert them to potential attacks. It also grants new powers to regulators and extends the scope of existing regulations to include more digital services and supply chains. This initiative responds to heightened cyber threats, such as recent high-profile cyber-attacks on the NHS and the Ministry of Defence.
According to Stuart Davey of Pinsent Masons, the bill builds on previous efforts to reform the UK’s NIS regime. Dominic Trott of Orange Cyberdefense emphasised the importance of updating the regulatory framework to protect supply chains, a significant threat vector for attackers. Martin Greenfield of Quod Orbis added that the bill would help the Labour government deliver on its promise to boost economic growth.
A separate Digital Information and Smart Data Bill will be introduced, incorporating many measures from the Data Protection and Digital Information Bill, which failed to pass in the last parliament. This move aims to create a more secure and prosperous digital economy.
The US Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch a critical vulnerability in the GeoTools plugin of GeoServer by 5 August 2024. This open-source server, written in Java, is used for sharing, processing, and editing geospatial data.
The remote code execution (RCE) flaw, identified as CVE-2024-36401, is actively exploited in the wild. It allows unauthenticated attackers to execute code remotely via specially crafted input.
CISA added GeoServer CVE-2024-36401 to its Known Exploited Vulnerability Catalog https://t.co/0jvga7TBFr
We first observed CVE-2024-36401 "POST /geoserver/wfs" exploitation July 9th in our sensors. Check for signs of compromise & patch https://t.co/CTcIZzwtsI
— The Shadowserver Foundation (@Shadowserver) July 16, 2024
GeoServer maintainers have addressed the issue in versions 2.23.6, 2.24.4, and 2.25.2, urging users to upgrade immediately.
Why does it matter?
Despite the unclear origin of the exploitation, a proof-of-concept code for this vulnerability surfaced recently online. The Shadowserver Foundation detected exploitation signs on July 9, advising users to check for compromises and apply patches. While the CISA directive targets federal agencies, it is also recommended for private enterprises to follow suit for enhanced security.
Romania is experiencing a surge in DDoS attacks from various hacktivist groups, according to recent research by ASERT. The attacks, which began intensifying on 2 June 2024, coincide with Romania’s potential transfer of Patriot missiles to Ukraine. On that day, Romanian websites suffered 352 direct-path attacks, peaking at 1016 on 5 June.
Several hacktivist groups, including CyberDragon and the Cyber Army of Russia, have claimed responsibility for the attacks. The primary targets are government entities, with the banking sector being the second most affected. The escalation is also linked to Romania’s discussions with South Korea about expanding defence cooperation and its involvement in arms exports to Europe.
ASERT warns that the intensity of these attacks is likely to continue, particularly following Romania’s agreement to send a Patriot missile system to Ukraine on 20 June 2024. The increasing threat highlights the need for robust DDoS protection solutions to ensure the availability of crucial websites and services.
NullBulge, which promotes artists’ rights and opposes AI-generated artwork, disseminates the stolen data via its blog using torrent file-sharing systems. The group’s origins and connections are disputed, with SecureWorks noting a lack of evidence for their claim of being Russian and highlighting the English language used in their communications. There are also rumored links to the LockBit ransomware gang.
Cybersecurity experts warn of the lasting impact of such breaches. Jake Moore from ESET emphasised the devastating effects of compromised email accounts, while Adam Pilton from CyberSmart cautioned against the dangerous precedent set by vigilante actions against large corporations. The incident underscores the vulnerability of even the biggest companies to cyberattacks and the persistent challenge of securing sensitive information.
Rite Aid, one of the largest drugstore chains in the US, has reported a significant data breach affecting over two million customers. Attackers gained access by impersonating a Rite Aid employee, compromising the company’s systems in early June 2024. Despite detecting the breach within 12 hours, sensitive customer data was stolen, including names, addresses, dates of birth, and government IDs. The company confirmed no Social Security numbers or financial details were accessed.
In response, Rite Aid has contacted affected individuals and reported the incident to law enforcement and regulatory bodies. The breach notification letter emphasises that additional security measures are being implemented to prevent future incidents. The breach affected customers who purchased between 6 June 2017 and 30 July 2018.
The RansomHub ransomware group has claimed responsibility for the breach, stating they stole 10GB of sensitive data from Rite Aid’s networks. The group posted the stolen data on their dark web blog, showcasing their latest victims. Rite Aid acknowledged the breach as a “limited cybersecurity incident” and is finalising its investigation.
Rite Aid, headquartered in Philadelphia, operates over 2,300 locations across the US and serves 1.6 million customers daily. The company reported revenues exceeding $24 billion in 2023 and employs around 51,000 people. The breach has raised significant concerns about data security within the retail industry.
Wiz, founded in Israel and now headquartered in New York, is known for its cloud-based cybersecurity solutions powered by AI. With about $350 million in revenue in 2023 and serving 40% of Fortune 100 companies, Wiz has quickly become one of the fastest-growing software startups globally. Recently, Wiz raised $1 billion in a funding round, valuing the company at $12 billion.
The potential acquisition comes amid increased regulatory scrutiny of large tech companies under President Joe Biden‘s administration. Despite the investigation, the technology sector has seen a surge in mergers and acquisitions, with tech deals jumping over 42% year-on-year to $327.2 billion in the first half of the year. Alphabet’s interest in Wiz follows its decision not to pursue a takeover of online marketing software company HubSpot.
