LATEST POST
CrowdStrike Outage: Critical Lessons for Third-Party Vendor Risk Management
It wasn’t a cyberattack, but it was an incident that took down businesses globally. Last week, people all over the world turned on their work PCs only to see something they probably hadn’t seen in a while: the notorious Windows Blue Screen of Death error message. Flights had to be canceled, and at least one […]
Heads-Up: Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer
Following up on recent reports that threat actors were capitalizing on the CrowdStrike glitch by using phishing attacks to obtain credentials or spread malware, CrowdStrike reported yesterday: On July 22, 2024, CrowdStrike Intelligence identified a Word document containing macros that download an unidentified stealer now tracked as Daolpu. The document impersonates a Microsoft recovery manual.1 Initial analysis […]
Devastating ransomware attack continues to disrupt services at Los Angeles Superior Court
Another ransomware attack on a government agency shuts down services. The Los Angeles Times reports: The Los Angeles County Superior Court, the biggest trial court in the country, remained closed Monday as it sought to recover from a ransomware attack on its systems, officials said. The attack was detected Friday and doesn’t appear to be […]
Widespread IT Outage Due to CrowdStrike Update
While the widespread outage due to a CrowdStrike update glitch was not a cyberattack, criminals quickly acted to take advantage of it, using phishing attacks. CISA has been posting updates. The most recent was yesterday evening. Check for later updates at CISA.gov. CrowdStrike’s most recent update on Falcon Content Update for Windows Hosts was early […]
SolarWinds beats most of U.S. SEC lawsuit over Russia-linked cyberattack
It’s been a rough time for federal agencies. First the Supreme Court undid 40 years of Chevron deference. Now a federal judge has gutted the Security and Exchange Commission’s lawsuit against SolarWinds. Reuters reports: A U.S. judge dismissed most of a Securities and Exchange Commission lawsuit accusing software company SolarWinds (SWI.N), opens new tab of defrauding investors […]
American Hacker in Turkey Linked to Massive AT&T Breach
404 Media reports: John Binns, a U.S. citizen who has been incarcerated in Turkey, is linked to the massive data breach of metadata belonging to nearly all of AT&T’s customers that the telecommunications giant announced on Friday, three sources independently told 404 Media. The breach, in which hackers stole call and text records from a […]
AI hacktivists target Disney in massive data leak
The Verge reports that self-described hacktivists claim to have snagged internal messages from Disney: Over a terabyte of data supposedly obtained from Disney’s internal messaging channels has been leaked online by a self-proclaimed “hacktivist group,” including login credentials, code, images, and information about unreleased projects. The anonymous group calling itself Nullbulge has claimed responsibility for the […]
AT&T Allegedly Pays Ransom After Snowflake Account Breach
“What will it take for victims of ransomware, extortion and other types of cybercrime to stop directly funding their attackers?” That’s the great question posed by BankInfoSecurity after WIRED reported AT&T paid hackers $370,000 to delete the data they had stolen. BankinfoSecurity reports: How many of the approximately 165 victims of the campaign targeting Snowflake […]