Cybersecurity is the rickety scaffolding supporting everything you do online. For every new feature or app, there are a thousand different ways it can break – and a hundred of those can be exploited by criminals for data breaches, identity theft, or outright cyber heists. Staying ahead of those exploits is a full-time job, and one of the most lucrative and sought-after skills in the tech industry. All too often, it’s something up-and-coming companies decide to skip out on, only to pay the price later on.
Specifically, about $60 million — a hefty civil penalty to settle allegations that the telecom giant failed to report incidents of unauthorized access to sensitive data, violating a national security agreement it made to acquire Sprint in 2020.
It’s the largest fine ever imposed by the Committee on Foreign Investment in the US, and just one of many data breaches T-Mobile has faced in recent years.
Citizen Lab and Access Now linked a “sophisticated spear phishing campaign” to a group associated with the Russian Federal Security Service (FSB). The campaign has allegedly targeted exiled opposition figures as well as non-governmental organization staff in the US and Europe. Threat actors would allegedly email their targets, pretending to be a colleague or funder, the groups say.
Trump adviser Roger Stone told The Washington Post that “a couple” of his personal email accounts had been compromised.
As for phishing emails sent to three Biden-Harris campaign staffers, the publication reports that “investigators have not found evidence that those hacking attempts were successful.”
[The Washington Post]
Just weeks after the NYT profiled Blake Benthall about his Silk Road 2.0 role and post-prison endeavors, 404 Media has identified a co-founder, Thomas White, as its “Dread Pirate Roberts 2.0.”
Between his 2014 arrest and receiving a five-year prison sentence in 2019, White apparently launched DDoSecrets with Emma Best, which was eventually tagged a “criminal hacker group” after publishing the “BlueLeaks.”
The vulnerability deals with how browsers deal with queries to the IP address 0.0.0.0, as reported by Forbes and the security startup Oligo. Apple tells Forbes that it is making changes to the macOS Sequoia beta to fix the issue, while Google has plans to fix it in Chrome.
CrowdStrike blamed testing software for taking down 8.5 million Windows machines last month, but now a full root cause analysis offers more details. The main issue was a mismatch between the input fields expected by CrowdStrike’s Falcon driver and the ones supplied in a content update. CrowdStrike is now promising to better test updates and is using two independent third-party software security vendors to review its sensor code and release processes.
[crowdstrike.com]
If you update to macOS Sequoia, you’ll have to go to Settings > Security & Privacy and approve the app on first open, because Apple is taking away the current right-click (ctrl-click) workaround.
The warning signifies the developer never had Apple malware scan and notarize the app. Sensible security step or not, I’ll still grumble every time I have to open Settings to run something.
BleepingComputer points out the notes for this month’s Android security patch, with fixes for flaws that could allow someone to take over your device. The 2024-08-05 patch level specifically addresses a kernel flaw tagged CVE-2024-36971 which “may be under limited, targeted exploitation” already, so be sure to update your devices ASAP.
[Android Open Source Project]
Level, Chamberlain, Moen, Aqara, and Lutron are just some of the manufacturers the publication reports lack a dedicated way for security researchers to flag vulnerabilities — meaning a malicious hacker could potentially take advantage of a flaw before the company knows about it.
Check out the full report to see who’s on the naughty list — and who made the nice list.
[Innovation at Consumer Reports]
This was mandated for all federal agencies back in March, so expect more of these kinds of announcements.
CISA’s general ambit means this hire is a tad bit more significant than the average Chief AI Officer — the agency deals with foreign influence operations and election cybersecurity, for instance. (In 2020, the agency’s head was yeeted by Trump for saying that the election had in fact been safe and secure.)
[Cybersecurity and Infrastructure Security Agency CISA]
Along with CrowdStrike’s post incident review, this has Microsoft telemetry data and some explanations (performance, tamper resistance) for the kernel driver architecture that crashed millions of Windows systems.
Microsoft has called for locking down that access, and this post again brings up alternate options:
...security vendors can use minimal sensors that run in kernel mode for data collection and enforcement limiting exposure to availability issues. The remainder of the key product functionality includes managing updates, parsing content, and other operations can occur isolated within user mode where recoverability is possible.
[Microsoft Security Blog]
Microsoft made Secure Boot a requirement for Windows 11, and has been pushing to use the technology to secure against BIOS rootkits for years. Now, researchers have found that Secure Boot has been compromised on more than 200 device models from Acer, Dell, Gigabyte, Intel, and more. Ars Technica reports that an important cryptographic key was published on GitHub in 2022, by “someone working for multiple US-based device manufacturers.”
“However, we understand our work is not yet complete, and we remain committed to restoring every impacted system.,” CEO George Kurtz continued in his post on LinkedIn.
Yesterday, CrowdStrike released a detailed report on the software update that crashed 8.5 million Windows machines, along with some of the changes it plans to avoid similar issues in the future.
[Linkedin]
As reported by TechCrunch and in some social media posts, even if it seems a little light for a global outage affecting millions of systems (and codes that in some cases, didn’t work). In a statement sent to The Verge, spokesperson Kevin Benacci said:
CrowdStrike did not send gift cards to customers or clients. We did send these to our teammates and partners who have been helping customers through this situation. Uber flagged it as fraud because of high usage rates.
That’s according to an update made last night to CrowdStrike’s statement on yesterday’s global outage,
Similar to the above-referenced query, a Dashboard is now available that displays Impacted channels and CIDs and Impacted Sensors. Depending on your subscriptions, it’s available in the Console menu at either:
• Next-GEN SIEM > Dashboard or;
• Investigate > Dashboards
• Named as: hosts_possibly_impacted_by_windows_crashes
As this incident is resolved, you have my commitment to provide full transparency on how this occurred and the steps we’re taking to prevent anything like this from happening again.
We are working on a technical update and root cause analysis that we will share with everyone as well.
Other updates from CrowdStrike about Friday’s global IT misadventure warn about threat actors impersonating it in phishing attempts and other attacks or advise automated methods (PDF) to track down systems that have been affected.
Photos of a world seeing blue due to the massive outage affecting Microsoft Windows systems on Friday.
Hospital systems from New York to Massachusetts to Pennsylvania impacted by the CrowdStrike outage say they’re canceling appointments and shifting to pen and paper. Memorial Sloan Kettering Cancer Center in NYC had said it would “pause the start of any procedure that requires anesthesia,” according to NBC News, though it’s site now says most of its systems are back online.
A bad time to get hit with the Blue Screen of Death is probably when you’re preparing for a practice session ahead of the Hungarian GP, especially when the problem has been caused by a team sponsor. But the Mercedes F1 team’s trackside engineering director, Andrew Shovlin, told reporters they were back up after updating affected PCs.
The impact in FP1 was minimal, if not nil. So, it created a bit of work, but we’re back where we need to be now.
