Month: July 2024

A defective update released by CrowdStrike Falcon is causing Windows systems to display the Blue Screen of Death (BSoD) screen. The incident is causing widespread global disruptions, impacting critical infrastructure such as banks, airports and hospitals.

The company stated that they have identified the content deployment related to this issue and reverted those changes.

The bad release, containing an invalid Windows driver, was published just after midnight Eastern time on July 19, 2024, and rolled back an hour and a half later, at 1:27 AM Eastern, CrowdStrike said. But by then millions of computers had already automatically downloaded the faulty update. When Windows devices using CrowdStrike’s cybersecurity tools tried to access the flawed file, it caused an “out-of-bounds memory read” that “could not be gracefully handled, resulting in a Windows operating system crash,” CrowdStrike said. The issue affected only Windows devices, not Mac or Linux machines, and only those that were switched on and able to receive updates during those early morning hours.

IT giants Google and Microsoft were also impacted by the incident: Virtual machines using the CrowdStrike agent experienced serious problems.

What’s been described as the largest IT outage in history will cost Fortune 500 companies alone more than $5 billion in direct losses, according to one insurer’s analysis.

CrowdStrike Falcon detects and blocks hacking threats. The company confirmed that the incident was not a result of a cyber attack.

Read more about it here.

French cloud computing provider OVHcloud revealed in the beginning of July 2024 that it had mitigated in April 2024 the largest ever distributed denial-of-service (DDoS) attack in terms of packet rate, amid an overall increase in DDoS attack intensity. This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020.

The analysis of the malicious traffic revealed that most of the source IPs are known as Internet-facing MikroTik routers, specifically cloud core routers CCR1036-8G-2S+ and CCR1072-1G-8S+.

99% of the malicious traffic were TCP ACK flood, originating from around 5,000 source IPs. The remaining 1% was a DNS reflection attack that involved about 15,000 DNS servers, to amplify the traffic, which is not really efficient when trying to achieve high packet rate attacks.

The experts at OVHcloud speculate that the use of MikroTik devices in coordinated DDoS attacks might be due to the “Bandwidth test” feature in RouterOS, which allows administrators to test router throughput by crafting packets and performing stress tests. For versions after 6.44beta39, this feature uses all available bandwidth by default, potentially impacting network usability. Most of the offending IPs identified were running RouterOS v6.44 or above.

Read more about it here.

Prudential Financial, a global financial services company, has disclosed that over 2.5 individuals people had their personal information compromised in a February 2024 data breach.

The company did not share details of the cyber attack, however, notorious ALPHV/BlackCat ransomware gang claimed responsibility for the security breach.

Initially, in March 2024, the company revealed in a filing with the Maine Attorney General’s Office that it notified over 36,000 people whose personal information (including names, driver’s license numbers, and non-driver identification card numbers) was stolen during the breach. The company then stated that “a small percentage of company user accounts associated with employees and contractors” were breached.

However, in the end of June, the company updated the information shared with the Maine Attorney General’s Office regarding the February data breach and said that the incident impacted 2,556,210 individuals.

Prudential is the second largest life insurance company in the US, with 40,000 employees worldwide, revenues of $54 billion in 2023, and managing $1.45 trillion in assets.

Read more about it here.