More on the Crowdstrike BSoD
- CrowdStrike offers a $10 apology gift card to say sorry for outage | TechCrunch – This is just salt in the wound for many admins. It makes CrowdStrike’s PR team look absolutely clueless as to how much strife they caused.
- Admins learn update lessons from Crowdstrike outage • The Register – Know the difference between client updates and signature updates. This appears to have caught many admins by surprise.
- A closer look at what caused the CrowdStrike Windows crashes • The Register – It appears the BSoD was caused by an invalid memory pointer error in CrowdStrike.
- CrowdStrike CEO requested to testify on global IT outage • The Register –
- Reddit – Crowdstrike didn’t learn from June 27th Outage – Could quality control be a bigger issue for CrowdStrike than one major flub?
- CrowdStrike’s Falcon Sensor linked to Linux crashes, too • The Register – CrowdStrike took out RedHat machines in June prior to the massive outage in July.
- Fortune 500 firms to see $5.4 bln in CrowdStrike losses, says insurer Parametrix | Reuters – “Hatzor estimated that financial losses globally from the outage could total around $15 billion, as companies struggle to get their computers back up to speed. Global insured losses could total around $1.5-3 billion, Hatzor added.”
- Inside the 78 minutes that took down millions of Windows machines – The Verge
- Technical Details: Falcon Update for Windows Hosts | CrowdStrike
- Cybercriminals quick to exploit CrowdStrike chaos • The Register
- Cybercrooks are typosquatting to exploit CrowdStrike fallout • The Register – Scammers are already jumping on this.
- cscertificates.txt · GitHub – (Courtesy Risky.Biz Newsletter) List of new domains & certificate registration for lookalike CrowdStrike domains. I recommend blocking access and email from these domains.
Security
CU Loses Nearly $300,000 in Four Hours With ATM Skimming Device – ATM skimming is on the rise across the country, but it doesn’t get talked about very much. Make sure to take steps to protect yourself and your organization from these attacks.
Chrome will now prompt some users to send passwords for suspicious files | Ars Technica – The files will be deep scanned by Google, then the passwords and files will be deleted (they claim).
Ransomware ecosystem fragmenting under law enforcement pressure and distrust – (Courtesy Seriously Risky Business Newsletter) – The increased fragmentation is a good thing, but it’s no reason to back off controls and protections.
Breaches & Attacks
Following Ransomware Attack, Patelco Has Restored Many Services, But Others Remain Unavailable / Fresh Today / CUToday.info – CU Today – I have a hunch the offline services are all located in the credit union’s data center, which likely means they are being rebuilt from scratch or restored from offsite backups.
Russian ICS malware cuts heat to 600 Ukrainian buildings – This new malware appears to directly manipulate devices using the common MODBUS protocol instead of vulnerabilities in the devices themselves. MODBUS is common in ICS, HVAC, and power systems. The protocol is not encrypted or authenticated. Take care to segment these devices away from normal business networks.
Squarespace Status – Domain Hijacking – Squarespace finally published their version of the domain takeover incidents related to the Google Domains business they acquired. TL;DR – make sure MFA is enabled on your Squarespace account.
How a North Korean Fake IT Worker Tried to Infiltrate Us – KnowBe4 was victim of a North Korean social engineering attack. The attacker created a synthetic identity and managed to get hired to a key IT position.
Vulnerabilities & Patches
TuDoor – A new vulnerability affecting many DNS resolvers has been discovered which allows cache poisoning, denial-of-service, and resource consumption.
Windows 11, version 22H2 known issues and notifications | Microsoft Learn – KB5040442 might require you to enter the Bitlocker recovery key after rebooting on Windows 2022.
Technology
Framework | Fix Consumer Electronics – A nice looking laptop that is designed to be repaired and upgraded! I can’t wait to see someone review these.
The Minimal Company | Live More, Scroll Less. – A stripped down Android-based phone, eInk display, and hardware keyboard. Another product I would love to see in action.
GPS Alternative: New Technique Uses Cell Signals to Navigate – IEEE Spectrum – The Air Force is testing using cellular signal positioning in the event GPS is blocked or spoofed.
Failure to follow procedures caused US-wide AT&T outage • The Register – Many change control failures and lack of planning lead to the February outage. It’s amazing what a simple peer review/signoff can prevent.
Science & Space
One-dose nasal spray clears toxic Alzheimer’s proteins to improve memory – The spray delivers antibodies to target plaques associated with Alzheimer’s disease.
We’re building nuclear spaceships again—this time for real | Ars Technica – DARPA and NASA team up to build nuclear rockets for both defense and exploration purposes, 40 years after Nixon killed the original program.
World’s first meltdown-proof nuclear reactor unveiled in China – Tech like this could be the bridge to aid our transition to cleaner power sources like fusion and solar.
Misc
Overcast – This is hands-down the best iOS podcast app! The dev just refreshed the interface and has been cranking out updates in the last couple