AWS launches an incident response service to combat cybersecurity threats | TechCrunch
Amazon has launched AWS Security Incident Response, a service to help triage and respond to cybersecurity threats.
Cisco Event Response: Reports of Security Incident
Version 1.1: October 18, 2024 Based on our investigations, we are confident that there has been no breach of our systems. We have determined that the data in question is on a public-facing DevHub environment—a Cisco resource center that enables us to support our community by making available software code, scripts, etc. for customers to use as needed. At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published. As of now, we have not observed any confidential information such as sensitive PII or financial data to be included but continue to investigate to confirm. Out of an abundance of caution, we have disabled public access to the site while we continue the investigation. * Meanwhile, Cisco will engage directly with customers if we determine they have been impacted by this event.
Radiant Capital Post-Mortem. Events Summary
On October 16, 2024, Radiant Capital experienced a security breach resulting in the loss of approximately $50 million USD. The attack compromised three Radiant developers, all of whom are…
MITRE Announces AI Incident Sharing Project
MITRE’s AI Incident Sharing initiative helps organizations receive and hand out data on real-world AI incidents. Non-profit technology and R&D company MITRE has introduced a new mechanism that enables organizations to share intelligence on real-world AI-related incidents. Shaped in collaboration with over 15 companies, the new AI Incident Sharing initiative aims to increase community knowledge of threats and defenses involving AI-enabled systems.
CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes
CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the embarrassing July outage that caused widespread disruption on Windows systems around the world.
TfL confirms 5,000 customers' bank data exposed
Transport for London's ongoing cyber incident has taken a dark turn as the organization confirmed that some data, including bank details, might have been accessed, and 30,000 employees' passwords will need to be reset via in-person appointments.
Security Incident | August 2024
Mobile Guardian experienced a security incident that involved unauthorized access to the iOS and ChromeOS devices enrolled to the Mobile Guardian platform on the 4th of August. We have halted servers in order to prevent further disruption by the perpetrator. This is not related to an error in configuration that occurred on the 30th of July which affected Mobile Guardian iPads on our Singapore instance only.
Certificate Revocation Incident
DigiCert will be revoking certificates that did not have proper Domain Control Verification (DCV). Before issuing a certificate to a customer, DigiCert validates the customer’s control or ownership over the domain name for which they are requesting a certificate using one of several methods approved by the CA/Browser Forum (CABF). One of these methods relies on the customer adding a DNS CNAME record which includes a random value provided to them by DigiCert. DigiCert then does a DNS lookup for the domain and verifies the same random value, thereby proving domain control by the customer..
Cyberattack hits blood-donation nonprofit OneBlood
A cyberattack has hit a blood-donation nonprofit that serves hundreds of hospitals in the southeastern US. The hack, which was first reported by CNN, has raised concerns about potential impacts on OneBlood’s service to some hospitals, multiple sources familiar with the matter said, and the incident is being investigated as a potential ransomware attack.
CrowdStrike's Impact on Aviation
Just after midnight Eastern Time on July 19, 2024, the enterprise cybersecurity company CrowdStrike YOLOed a software update to millions of Windows machines. Or as they put it: On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. That sensor configuration update caused the largest IT outage in history.
Windows Security best practices for integrating and managing security tools
In this blog post, we examine the recent CrowdStrike outage and provide a technical overview of the root cause. We also explain why security products use kernel-mode drivers today and the safety measures Windows provides for third-party solutions. In addition, we share how customers and security vendors can better leverage the integrated security capabilities of Windows for increased security and reliability. Lastly, we provide a look into how Windows will enhance extensibility for future security products.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F25537885%2FSTK275_CROWDSTRIKE_CVIRGINIA_B.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft has started responding with changes it wants to see in the wake of the CrowdStrike botched update. It looks like Windows kernel access is on the agenda.
CrowdStrike blames a test software bug for Windows wipeout
CrowdStrike has blamed a bug in its own test software for the mass-crash-event it caused last week. A Wednesday update to its remediation guide added a preliminary post incident review (PIR) that offers the antivirus maker's view of how it brought down 8.5 million Windows boxes.
CrowdStrike shares tumble 13% on IT outage impact
Shares of CrowdStrike plunged 13% on Monday, extending their loss-making streak, after Wall Street analysts downgraded the stock on concerns over the financial fallout from a global cyber outage last week.
Technical Details: Falcon Update for Windows Hosts
On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems. The sensor configuration update that caused the system crash was remediated on Friday, July 19, 2024 05:27 UTC. This issue is not the result of or related to a cyberattack.
Helping our customers through the CrowdStrike outage
On July 18, CrowdStrike, an independent cybersecurity company, released a software update that began impacting IT systems globally. Although this was not a Microsoft incident, given it impacts our ecosystem, we want to provide an update on the steps we’ve taken with CrowdStrike and others to remediate and support our customers.
Our Statement on Today's Outage
I want to sincerely apologize directly to all of you for today’s outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority. The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.
Banks, airlines, brokerage houses report widespread outages across the globe
Businesses worldwide are experiencing outages, including Windows "blue screen of death" errors on their computers, in what has already become one of the
Patch or Peril: A Veeam vulnerability incident
Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences. Initial access via FortiGate Firewall SSL VPN using a dormant account Deployed persistent backdoor (“svchost.exe”) on the failover server, and conducted lateral movement via RDP. Exploitation attempts of CVE-2023-27532 was followed by activation of xp_cmdshell and rogue user account creation. Threat actors made use of NetScan, AdFind, and various tools provided by NirSoft to conduct network discovery, enumeration, and credential harvesting. * Windows Defender was permanently disabled using DC.exe, followed by ransomware deployment and execution with PsExec.exe.
blog.ethereum.org mailing list incident
On 2024-06-23, 00:19 AM UTC, a phishing email was sent out to 35,794 email addresses by updates@blog.ethereum.org with the following content
TeamViewer: Hackers copied employee directory data and encrypted passwords
TeamViewer says that a recently discovered breach appears to be limited to its internal corporate IT network. The software company has attributed it to a hacking operation associated with Russian intelligence.
Analysis of the Phishing Campaign: Behind the Incident
See the results of our investigation into the phishing campaign encountered by our company and get information to defend against it. Here are some key findings: We found around 72 phishing domains pretending to be real or fake companies. These domains created believable websites that tricked people into sharing their login details. The attack was sophisticated, using advanced techniques like direct human interaction to deceive targets. We analyzed several fake websites and reverse-engineered their web-facing application. At the end of the post, you will find a list of IOCs that can be used for improving your organization’s security.
Hubspot says it's investigating customer account hacks | TechCrunch
The company “identified a security incident that involved bad actors targeting a limited number of HubSpot customers and attempting to gain unauthorized access to their accounts” on June 22.
Levi Strauss notifies customers of cyberattack
Personal information, including partial payment details, may have been obtained by bad actors during an automated credential-stuffing attack on Levi’s online store. The maker of the famous Levi’s denim jeans reported that over 72,000 accounts were affected during a “security incident” that was detected on July 13th.
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment – The DFIR Report
Key Takeaways In October 2023, we observed an intrusion that began with a spam campaign, distributing a forked IcedID loader. The threat actor used Impacket’s wmiexec and RDP to install Scree…
Space secrets security update
We’re on a journey to advance and democratize artificial intelligence through open source and open science.
How ransomware abuses BitLocker | Securelist
The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. #BitLocker #Data #Descriptions #Encryption #Incident #Malware #Microsoft #Ransomware #Technologies #Windows #response
2023 Kaspersky Incident Response report
The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations. #Cybersecurity #Incident #Internal #LockBit #Ransomware #Security #Statistics #Threats #response #services
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report
- In late February 2023, threat actors rode a wave of initial access using Microsoft OneNote files. In this case, we observed a threat actor deliver IcedID using this method. After loading IcedID and establishing persistence, there was no further actions, other than beaconing for over 30 days. The threat actor used Cobalt Strike and AnyDesk to target a file server and a backup server. * The threat actor used FileZilla to exfiltrate data from the network before deploying Nokoyawa ransomware.
IMF Investigates Cyber-Security Incident
The International Monetary Fund (IMF) recently experienced a cyber incident, which was detected on February 16, 2024.