logic-it.net’s Post

I trust you are already aware of the global outage causing widespread BSOD errors on Windows machines across various sensor versions. Currently, there is no evidence suggesting a cyber attack, but the workaround of turning off security controls is causing concern among security experts. CrowdStrike release official fix: "Boot Windows into Safe Mode or the Windows Recovery Environment "Navigate to the C:\Windows\System32\drivers\CrowdStrike directory "Locate the file matching 'C-0000029*.sys', and delete it. "Boot the host normally." Suggested to verify the CrowdStrike status after apply this fix. #technologyrisk #cybersecurity

On July 19, 2024, a software update from CrowdStrike caused a widespread IT outage, leading to Blue Screen of Death (BSOD) errors on numerous Microsoft Windows systems globally. This incident affected various industries, including banks, airlines, and other businesses, resulting in significant disruptions. The update triggered system failures, with many users experiencing BSOD errors, which rendered their systems inoperable. This outage highlighted the critical dependency on cybersecurity software and the potential risks associated with updates. CrowdStrike has acknowledged the issue and is actively working on a resolution. They have advised affected users to follow specific remediation steps, including rolling back the update and applying a forthcoming patch. Additionally, organizations are encouraged to review their update deployment strategies to mitigate such risks in the future. The incident has sparked discussions about the importance of rigorous testing for software updates, especially for cybersecurity products that protect critical infrastructure. Experts emphasize the need for robust contingency plans to handle such unexpected disruptions. #BSOD #CrowdStrike #CyberSecurity #ITOutage #SoftwareUpdate #SystemFailure #BlueScreenOfDeath #TechDisruption #CyberIncident #ITSecurity #TechNews #SystemCrash #PatchManagement #ITInfrastructure #IncidentResponse #SystemRecovery #TechAlert #SecurityUpdate #CyberAwareness #ITRiskManagement

Even when we diligently keep our systems updated as recommended, unforeseen issues can arise, disrupting our work and security. Recently, many Windows 10 users encountered the dreaded Blue Screen of Death (BSOD) due to a CrowdStrike sensor update. This issue has left countless machines stuck at the recovery screen, with users unable to proceed without technical intervention. This incident underscores the critical need for our software suppliers to ensure the robustness of their updates before deployment. The affected `csagent.sys` file from CrowdStrike's Falcon endpoint protection system has caused significant disruptions, highlighting the necessity for rigorous pre-release testing and validation. Let's urge all our software providers to double down on their quality assurance processes. Together, we can push for higher standards that will protect us from such issues in the future. As we urge suppliers to intensify their efforts, we also advise organizations to strengthen their cyber requirements management. At Insiber.com, we observe that companies with well-managed cyber operations experience the fewest incidents and face no difficulties in obtaining insurance. For those impacted, here are some workarounds: boot into Safe Mode and rename the CrowdStrike driver folder or use the Registry Editor to disable the CSAgent service. For details check out the article by Cyber Security News ® https://lnkd.in/eyZPsh3G #CyberSecurity #TechUpdate #ITManagement #CrowdStrike #Windows10

TeamViewer on Thursday said its security team just "detected an irregularity" within one of its networks – which is a fancy way of saying someone broke in. We're told this "irregularity" was spotted inside TeamViewer's corporate IT environment on Wednesday, and that the biz immediately called in reinforcements in the form of cyber security investigators, implemented "necessary remediation measures," and activated its incident response team and processes, according to an announcement on Thursday. TeamViewer sells software to remotely control and manage Windows PCs and other computers as well as tools to access systems via the web, and is used the world over. The words "TeamViewer" and "security breach" will make a lot of people's blood run cold given how pervasively it is used – in homes, organizations, and businesses – so a compromise of the platform could be devastating. TeamViewer says it has more than 600,000 customers. Regardless, the software maker's disclosure attempted to downplay the intrusion – sorry, "irregularity." #TeamViewerBreach #CyberSecurity #NetworkIntrusion #DataBreach #InfoSec #PelionCyberSecurity #SecurityIncident

Crowdstrike issue: Remediation as per Crowdstrike “By its nature the issue is going to be very hard to resolve once systems are in a reboot loop, says Adam Harrison, managing director at FTI Cybersecurity. “Manual fixes are going to take time for system admins to apply: CrowdStrike can't push a new update remotely to fix. It's going to need manual intervention on each system.” What happened: Crowdstrike is an industry leader in securing endpoints from malware and viruses, and it is used across the globe by airlines, banks, governments, etc. Miles IT uses this software to protect your systems. CrowdStrike published a faulty channel file last night that is causing some Windows systems to error when booting. How do I know if I am affected: If your computer is unable to start normally (you may see a blue screen), this could be a result of the update. Is this a security incident: No, fortunately this is not a security incident/breach. What should I do: We are working to proactively resolve as many of the systems affected as possible. If you are experiencing the issue, the first step is to reboot your computer as that may resolve it. If that doesn’t work, please submit a support request and we will reach out as soon as possible. If you are technical and comfortable, you could attempt the workaround detailed below. Boot Windows into Safe Mode with Networking.  Go to C:\Windows\System32\drivers\CrowdStrike Locate and delete file matching "C-00000291*.sys" Boot normally

#CyberSecurityAwarenessMonth – What is a VPN? A VPN (Virtual Private Network) encrypts your internet connection, creating a secure tunnel for your data transfer, ensuring that sensitive information stays protected. But what other benefits can a VPN bring to your business? Louise explains how a VPN not only enhances security but also protects remote workers, shields sensitive communications, and ensures safe access to company resources. Find out why business owners and decision-makers should implement a VPN across their departments. #Threatsafe #Cybersafe #Neuways #CyberSecurity

On July 19th, a significant outage linked to CrowdStrike’s Falcon platform—a comprehensive cloud-based security solution caused major disruptions across travel, banking, and healthcare sectors. Falcon combines antivirus, endpoint protection, threat detection, and real-time monitoring into a single hub to protect systems. However, a recent update introduced faulty software into the core Windows operating system, resulting in widespread blue screens of death and systems getting stuck in a boot loop. Despite CrowdStrike’s rapid deployment of a fix, restoring normal operations could take "days to weeks" due to the need for IT administrators to potentially have physical access to affected devices. The speed of recovery will depend on the size and resources of each company’s IT team. This incident highlights the profound impact cybersecurity has on critical services and operations, demonstrating how deeply interconnected cybersecurity is with the functionality and stability of essential systems. It underscores the importance of thorough software testing and effective cybersecurity measures to prevent and manage such disruptions. #Cybersecurity #ITOutage #TechFailure #CrowdStrike #SystemResilience #BlueScreenOfDeath #Feathervault

𝙎𝙤𝙡𝙖𝙧𝙒𝙞𝙣𝙙𝙨 𝘼𝙩𝙩𝙖𝙘𝙠: 𝘼 𝙎𝙤𝙛𝙩𝙬𝙖𝙧𝙚 𝙎𝙪𝙥𝙥𝙡𝙮 𝘾𝙝𝙖𝙞𝙣 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝘿𝙞𝙨𝙖𝙨𝙩𝙚𝙧 (2020) In 2020, one of the most alarming software supply chain attacks happened: the SolarWinds hack. Hackers inserted malicious code into SolarWinds' popular software, Orion(monitoring tool), which was used by many large organizations and governments. This hidden backdoor allowed attackers to access sensitive data from thousands of companies. The SolarWinds attack was a wake-up call, showing how a single weak link in the software supply chain can expose an entire network to security breaches. It emphasized the need for greater transparency and security in how software is built and delivered. 𝙃𝙤𝙬 𝙎𝘽𝙊𝙈 𝘾𝙤𝙪𝙡𝙙 𝙃𝙖𝙫𝙚 𝙃𝙚𝙡𝙥𝙚𝙙 ? An SBOM provides a detailed list of all components in a software product. CycloneDX, SPDX, and Syft are tools used to generate SBOMs for software products. If SolarWinds had published an SBOM for the Orion software, companies could have quickly checked whether they were using compromised versions. This would have allowed them to respond more quickly by removing or patching the affected software. 𝙃𝙤𝙬 𝙑𝙪𝙡𝙣𝙚𝙧𝙖𝙗𝙞𝙡𝙞𝙩𝙮 𝙨𝙘𝙖𝙣𝙣𝙞𝙣𝙜 𝙩𝙤𝙤𝙡 𝙝𝙖𝙫𝙚 𝙞𝙙𝙚𝙣𝙩𝙞𝙛𝙞𝙚𝙙 𝙩𝙝𝙚 𝙫𝙪𝙡𝙣𝙚𝙧𝙖𝙗𝙞𝙡𝙞𝙩𝙮 ? Security tools like trivy, grype, synk, etc could have used the SBOM/images/software to automatically scan for known vulnerabilities in the software supply chain. But they wouldn't have detected the initial SolarWinds malware (which was previously unknown), they are vital in catching other vulnerabilities(which are known) that could be exploited by attackers in the future. But yeah, once vulnerability reported by SolarWinds, then would easily identify whether that vulnerability is present in your software or not. If you liked it and you would loved more as such: https://lnkd.in/gtpNqy9h #sbom #solarwinds #softwaresupplychainattacks #s3c #vulnerability #malicious #code

Even when we diligently keep our systems updated as recommended, unforeseen issues can arise, disrupting our work and security. Recently, many Windows 10 users encountered the dreaded Blue Screen of Death (BSOD) due to a CrowdStrike sensor update. This issue has left countless machines stuck at the recovery screen, with users unable to proceed without technical intervention. This incident underscores the critical need for our software suppliers to ensure the robustness of their updates before deployment. The affected `csagent.sys` file from CrowdStrike's Falcon endpoint protection system has caused significant disruptions, highlighting the necessity for rigorous pre-release testing and validation. Let's urge all our software providers to double down on their quality assurance processes. Together, we can push for higher standards that will protect us from such issues in the future. As we urge suppliers to intensify their efforts, we also advise organizations to strengthen their cyber requirements management. At Insiber.com, we observe that companies with well-managed cyber operations experience the fewest incidents and face no difficulties in obtaining insurance. For those impacted, here are some workarounds: boot into Safe Mode and rename the CrowdStrike driver folder or use the Registry Editor to disable the CSAgent service. For details check out the article by Cyber Security News ® https://lnkd.in/eyZPsh3G #CyberSecurity #TechUpdate #ITManagement #CrowdStrike #Windows10