US lawmakers banned Kaspersky in the US in June, citing “undue and unacceptable risks” as a result of the company’s ties to the Kremlin.

“The case against Kaspersky Lab is overwhelming,” Senator Jeanne Shaheen said the time. “The strong ties between Kaspersky Lab and the Kremlin are alarming and well-documented.”

Kaspkery said it would wind down its US business in response, saying the ban ensured “business opportunities in the country are no longer viable.”

According to Axios, Kaspersky has reached a deal with Pango that will at least see customers continue to receive support and software updates to their antivirus software.

“The good news is that there’s really no action required by customers,” Pango CEO Neill Feather told the outlet.

“Those things that they do need to be aware of and need to know, we’ll lay out for them in a series of email communications and then we also have our customer support team ramped up and ready to assist,” he added.

While any forced software migration is always difficult, especially when it comes unexpectedly, it appears that Kaspersky and Pango are doing what they can ease the transition as much as possible.

QRadar Suite “is a modernized threat detection and response solution designed to unify the security analyst experience and accelerate their speed across the full incident lifecycle.” The suite leverages enterprise-grade AI and automation to improve response, analysis, and overall security.

Palo Alto announced it has completed its acquisition of the QRadar assets, and will see IBM be a preferred managed security services provider. IBM also committed to further deploying Palo Alto’s “security platforms with the deployment of Cortex XSIAM for its own next-gen security operations, and Prisma SASE 3.0 for zero-trust network security to safeguard more than 250,000 of its global workforce.”

The company says customers will see the following benefits:

• Seamless Migration: Palo Alto Networks, alongside IBM Consulting and its team of security experts, will offer free migrations services to eligible customers, ensuring a smooth transition to the Cortex XSIAM® platform while retaining existing best practices .
• Enhanced Security Operations: Cortex XSIAM integrates multiple SOC tools into a Precision AI-powered platform, to provide comprehensive functionality, reduce manual workload and enable more effective threat response.
• Advanced Analytics and Automation: Cortex XSIAM uses Precision AI-powered analytics to consolidate security alerts into fewer high-priority incidents
• IBM Consulting Platform Support: The companies will offer immersive experiences for customers interested in adopting Palo Alto Networks security platformization, and IBM is training over 1,000 consultants on Palo Alto Networks security solutions.
• On-Premises Customer Continuity: QRadar clients who remain on QRadar on-prem will continue receiving IBM features and support. QRadar SaaS customers will also receive uninterrupted customer service and support until they are ready to move to Cortex XSIAM.

“We are on a mission to help organizations transform their security operations and harness the potential of Precision AI-powered platforms to better protect their businesses,” said Nikesh Arora, Chairman and CEO, Palo Alto Networks. “Our partnership with IBM reinforces our commitment to innovation and our conviction in the tremendous benefit of QRadar customers adopting Cortex XSIAM for a robust, data-driven security platform that offers transformative efficiency and effectiveness in defending against evolving cyber threats.”

“Together, IBM and Palo Alto Networks are shaping the future of cybersecurity for our customers and the industry at large,” added Arvind Krishna, Chairman and CEO, IBM. “Working with Palo Alto Networks will be a strategic advantage for IBM as our two companies partner on advanced threat protection, response, and security operations using Cortex XSIAM and watsonx, backed by IBM Consulting. At the same time, IBM will continue innovating to help secure organizations’ hybrid cloud environments and AI initiatives, focusing our investments on data security and identity and access management technologies.”

Cybernews reports that its research team found a dataset online that contained more than 170 million records. The dataset was exposed via an unprotected Elasticsearch server, although it was not directly connected PDL. As a result, the leak could be the result of a mishandled server from one of PDL’s partner companies.

The leaked data includes:

• Full names
• Phone numbers
• Emails
• Location data
• Skills
• Professional summaries
• Education background
• Employment history

Unfortunately, this is not the first time PDL has been involved in a data leak. As Cybernews reports, PDL suffered a data leak of more than a billion records in 2019. Interestingly, that data breach was also the result of an unprotected Elasticsearch, raising the possibility that this latest breach could be a subset of data from the original 2019 breach.

As the outlet points out, the breach brings increased scrutiny on the data broker industry.

“The existence of data brokers is already a controversial issue, as they often have insufficient checks and controls to ensure that data doesn’t get sold to the wrong parties. Leaking large segments of their datasets makes it easier and more convenient for threat actors to abuse the data for large-scale attacks,” said the Cybernews research team.

Unlike the EU, the US lacks comprehensive privacy legislation, meaning data brokers are not nearly as regulated as on the other side of the Atlantic. As a result, users’ data—as well as their privacy—continues to be collected, saved, bartered, sold, used, and abused.

While a data breach is never a good thing, hopefully it will add to the growing chorus of users, lawmakers, and critics who want more oversight of such companies.

Musk made headlines when he opted to pull X out of Brazil in response to what he called “secret censorship.” Brazilian Supreme Court Justice Alexandre de Moraes had ordered X to remove certain content and secretly provide information about certain users.

As we noted in our previous coverage, the order was condemned by legal scholars who labeled it judicial overreach.

“This is a clear case of a judiciary overreaching its power,” said Javier Moreno, a legal scholar specializing in international law. “Forcing a company to comply with secret orders that violate multiple international laws sets a dangerous precedent.”

Despite the strong stand Musk and X took, it Appears Apple may be going a different route. According to Proton, users are having trouble downloading Proton VPN.

We have received multiple reports today from users in Brazil having difficulties installing the Proton VPN app on iOS devices via the Apple App Store. We can confirm that the issue is not on our side, but likely with the App Store itself, which is controlled by Apple. What makes this an extremely strange coincidence is that it is also impacting multiple other VPNs in the Brazilian app store.

Proton acknowledges it’s not 100% certain if the issue is accidental or the result of secret censorship.

Most likely, something has happened on the Apple side, and we do not know if it is accidental, or if Apple is secretly implementing a censorship order. But because of Apple’s monopoly on iOS app distribution, there is no other way to get the app on iOS devices.

Of course, the timing is suspicious—coming right after an attempt at secret censorship of X—as is the fact that VPN apps appear to be the only ones impacted.

WPN has reached out to Apple for comment and will update with any response received.

Device encryption helps keep users’ data secure when the computer is turned off, or the user is logged out. It’s an important security feature, especially for mobile users who are at greater risk of having their machine stolen.

According to Microsoft, Device Encryption works with BitLocker to encrypt the device and its operating system.

Device Encryption is a Windows feature that enables BitLocker encryption automatically for the Operating System drive and fixed drives. It’s particularly beneficial for everyday users who want to ensure their personal information is safe without having to manage complex security settings.

The company says Device Encryption will be enabled by default for those using a Microsoft account.

When you first sign in or set up a device with a Microsoft account, or work or school account, Device Encryption is turned on and a recovery key is attached to that account. If you’re using a local account, Device Encryption isn’t turned on automatically.

Unlike BitLocker Drive Encryption, which is available on Windows Pro, Enterprise, or Education editions, Device Encryption is available on a wider range of devices, including those running Windows Home.

The change should help improve Windows security for the average user.

UN member states negotiated on the draft convention text for the last three years, before finally coming to an agreement on August 9, 2024. The UN says the convention is the culmination of five years of work, including getting input from academics, civil society, and the private sector.

“The finalization of this Convention is a landmark step as the first multilateral anti-crime treaty in over 20 years and the first UN Convention against Cybercrime at a time when threats in cyberspace are growing rapidly,” said UNODC Executive Director Ghada Waly. “I congratulate Member States and the Ad Hoc Committee, under the leadership of Ambassador Faouzia Boumaiza-Mebarki as Chair and a strong representative of women diplomats, for guiding negotiations and reaching consensus on the final text. UNODC is immensely proud to have supported the negotiation process and to serve as the Secretariat of the Convention. We will continue to play a central role in assisting in the implementation and ratification of the Convention, once adopted by the General Assembly, as well as providing technical assistance to Member States, as we work with all countries and partners to safeguard digital spaces.”

The convention is designed to help law enforcement agencies by fostering greater international cooperation, paving the way for technical assistance, and improve the necessary computing capacity needed to fight cybercrime.

The full draft convention can be found here.

All of this information is valuable, and it is why hackers target them. These hackers try to get into a company’s system and steal this data. A data breach can cause a lot of problems for both the company and its customers. From identity theft to even outright fraud, there are so many issues finance companies have to prevent.

Therefore, it is very important for finance companies to have strong measures in place to protect this information. 

6 Ways to Prevent Data Breaches

Data breaches are not exactly new to the business world. Over the years, there have been quite a few incidents. Finance firms are at risk of data breaches because of the potential for fraud and abuse. So keeping hackers out of your system is crucial. 

Here, we will look at six simple ways finance companies can prevent a data breach.

Monitor for Suspicious Activity

Finance companies are meant to have a system in place to monitor their networks. So, if there is any unusual activity, it can help them catch a data breach early. There are many tools available that can monitor your company’s data. They will quickly alert you if your data is being accessed or if someone is trying to log in from an unusual location. With a hedge fund cybersecurity solution, they can detect it before too much damage is done. 

Use Strong Passwords

Another way they can protect their data is to use strong passwords. It is better to use a strong password, especially one that is long and has a mix of letters, numbers, and special characters. Your password should not be something that is easy to guess.

It is important that employees change their passwords regularly. Also, they should not use the same password for different accounts. The company can even use tools that manage passwords to help their employees create and store strong passwords.

Keep Software Up to Date

If your systems are old and not updated, it will be easy for hackers to get in. Most of the time, software companies release updates when they fix a problem with their software. If your company does not update its software, it will leave the door open for hackers. 

Hence, it is important that finance companies make sure all their software is up-to-date. They can set up automatic updates so they don’t miss anything.

Besides updating the software, companies may also need a total overhaul of outdated hardware. There’s only so much software can fix. If the hardware is outdated, it may not meet international standards. This may incur a cost, but the cost is cheaper than the result of a hack. 

Train Employees

Even before your systems, your employees are the first line of defense against data breaches. So you need to train them on what to look out for. This way, they can know what to do if they see something suspicious. Ensure that your company has regular training sessions for employees. 

Let them know how to recognize phishing emails and other common hacking attempts. They should also know the importance of keeping their work environment secure. Employees should learn how to lock their computers when they are away from their desks.

These trainings should be organized randomly and regularly to ensure that employees are properly sensitized. As technology advances, they need to be up to date with the new ways cyber thieves employ to steal information.

Use Encryption

When data is encrypted, even if a hacker manages to steal it, they will not be able to read it. Encryption makes sure that the data is unreadable to anyone who does not have the right key to view it. Hence, finance companies should use encryption for all sensitive data. They can encrypt data regardless of where it is stored or sent to. 

A good cybersecurity solution provides top notch encryption services to put both the financial business and their customers at ease. 

Outsource cybersecurity 

While having an in house cybersecurity team is a good thing, it may not necessarily keep your business safe from hackers. The reason is simple. Hackers work every day to come up with new technologies to gain access to company systems. In house cybersecurity teams get trained but may not have up to date training to keep hackers at bay. 

On the other hand, when you outsource your cybersecurity team, you’ll work with seasoned professionals who constantly update their knowledge. They can work around the clock to keep finance systems safe and reduce operational risk. This kind of middle office outsourcing service is cheaper in the long run compared to the cost of getting hacked. 

Final thoughts 

It is important to have a good cyber security protocol in place to keep data safe. Companies hold the trust of their customers and a data breach destroys that trust. Not to mention the loss on the company’s part. Finance companies can protect themselves and their customers from the serious consequences of data breaches. However, they need a good monitoring system to ensure that there isn’t any breach. Everyone in the company has a role to play in keeping information safe. From training staff to outsourcing the cybersecurity team, finance companies can

ADT revealed the incident in an SEC filing:

ADT Inc. (“ADT” or the “Company”) recently experienced a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information. After becoming aware of the incident, the Company promptly took steps to shut down the unauthorized access and launched an investigation, partnering with leading third-party cybersecurity industry experts. The attackers nonetheless obtained some limited customer information, including email addresses, phone numbers and postal addresses.

The company says it does not believe the bad actors were able to compromise any information directly related to customers’ security systems, nor does it believe the breach will have any significant impact on the company’s financial outlook.

Based on its investigation to date, the Company has no reason to believe that customers’ home security systems were compromised during this incident. Additionally, the Company has no reason to believe the attackers obtained other personally sensitive information such as credit card data or banking information. The Company is continuing its investigation into this cybersecurity incident and has notified the customers it believes to have been affected, who comprise a small percentage of the Company’s overall subscriber base. While the investigation remains ongoing, as of the date of this filing, the Company believes this cybersecurity incident has not materially impacted its operations and does not expect that this incident is reasonably likely to have a material impact on the Company’s overall financial condition, results of operations, or ability to meet its 2024 financial guidance.

A company that provides security for business and home customers alike is bound to be a high-priority target for bad actors. Fortunately, it appears the damage is fairly limited.

Nonetheless, hackers have reportedly been selling the ADT customer data online, so individuals will likely see an uptick in scam and phishing attacks.

Apple is well-known for its efforts to protect the privacy and security of its users, but its latest efforts may be a bridge too far for some users. According to 9to5Mac, the company is adding a prompt to Sequoia that will ask users to authorize access for any kind of third-party app that records screen activity or takes screenshots.

The prompt will display on first-run of the app, will ask again every week, and will ask every restart. To make matters worse, the prompt will display for every single app that falls into the impacted category.

Needless to say users and developers are not happy with the decision. xScope developer Craig Hockenberry was one of those speaking out about it on Mastodon.

I’ve always been proud that xScope is a tool that sits quietly in the background, ready when you need it.

So much for the “quietly” part…

Craig Hockenberry (@chockenberry@mastodon.social) | August 6, 2024

Hockenberry did go on to say that Apple’s Persistent Content Capture might be a solution to the problem, but pointed out that Apple has yet to provide any documentation on how to actually use it.

“A friend pointed me to this the other day and it feels like a solution to the (justified) uproar over the screen sharing nag,” he writes.

“The issue here is that Apple has provided no documentation or any other guidance on how to get this entitlement and prevent an app from becoming nagware.”

Hockenberry goes on to say that Apple should have communicated such important changes ahead of time, rather than surprising users.

“You’d think that Apple would have figured out that letting developers know about Security changes ahead of time would be a good idea,” he continued.

“Instead, we get intrusive dialogs that cause everyone to (rightfully) freak out.”

There’s no doubt that screen capture and recording apps pose a larger security risk than some other categories. A malicious app could capture sensitive data and send it to bad actors. Apple is rightly concerned about making sure users understand the risks and have knowingly installed and activated such features.

Nonetheless, security that comes in the form of pestering users with endless prompts hardly seems like the right approach, and will hurt developers and end users alike.

Multiple industries were impacted when CrowdStrike pushed a faulty update to its cybersecurity software that bricked millions of Windows PCs. Because CrowdStrike’s software runs at the kernel level, bringing the computers online required phyiscal access. Although multiple airlines were impacted, Delta was affected far worse, at a cost of $500 million and some 5,000 canceled flights.

Delta and CrowdStrke Trade Barbs

Delta CEO Ed Bastian said his company was considering a lawsuit to recover some of its losses.

“We’re not looking to wipe out these companies, but we are looking for fair compensation and assurances that this won’t happen again,” Bastian said last week.

CrowdStrike was quick to fire back, saying that Delta was to blame for the extra issues it enountered, versus its competitors, since it refused help from CrowdStrike.

“Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions—swiftly, transparently, and constructively—while Delta did not,” wrote Michael Carlinsky, an attorney representing the cybersecurity firm, in a letter to Delta.

Microsoft’s Response

Delta was quick to point the blame at Microsoft as well. Delta’s attorney, David Boies, wrote in a July 29 letter: “We have reason to believe Microsoft has failed to comply with contractual requirements and otherwise acted in a grossly negligent, indeed willful, manner in connection with the Faulty Update.”

Microsoft has now weighed in, supporting CrowdStrike’s telling of events. According to CNBC, attorney Mark Cheffo, a Dechert partner, sent a letter to Delta on behalf of Microsoft.

“Our preliminary review suggests that Delta, unlike its competitors, apparently has not modernized its IT infrastructure, either for the benefit of its customers or for its pilots and flight attendants,” Cheffo wrote.

Cheffo also said Microsoft repeatedly offered Delta help that the airline declined. In fact, Microsoft employees reached out to Detal every day from July 19 to July 23. Nadella even tried reaching out to Bastian, but never received a reply, the same thing that happened when CrowdStrike CEO George Kurtz tried contacting Bastian.

Cheffo cited one of Microsoft’s attempts to help Delta in the form of a letter on July 22, in which a Delta employee responded: “All good. Cool will let you know and thank you.”

According to CNBC, evidence is also mounting that Delta has been diversifying the platforms it relies on since 2021, using IBM and even picking AWS as its preferred cloud provider. That point was directly addressed in Cheffo’s letter to the airline.

“It is rapidly becoming apparent that Delta likely refused Microsoft’s help because the IT system it was most having trouble restoring — its crew-tracking and scheduling system — was being serviced by other technology providers, such as IBM, because it runs on those providers’ systems, and not Microsoft Windows or Azure,” Cheffo wrote in his letter.

Conclusion

There is clearly some reason why Delta’s recovery from the CrowdStrike outage was fraught with far more difficulties than its rivals. Whatever that cause may be, it is increasingly looking like it may not have been for any lack of effort on the part of Microsoft or CrowdStrike.

In fact, Delta’s troubled recovery may well have been the result of decisions made by Delta personnel across the entire company, up to an including CEO Ed Bastian himself.

Microsoft Authenticator is the company’s multi-factor authentication (MFA) app, used by countless individuals and organziations. Unfortunately, it has a serious design flaw that leads to saved account information being wiped out.

According to CSO, when users add a new account using a QR scan, Authenticator will overwrite previous accounts that use the same username as the account being added. Unfortunately, this is a common issue. Many individuals use their email address or a common username across platforms. To make matters worse, a QR scan is the most common way to add a new account to Authenticator. As a result, it’s not a matter of if, but when, Authenticator users will find themselves locked out of important accounts.

Unfortunately, this is an issue that has been reported to Microsoft for years, but the company is inexplicably doing nothing to fix it.

CSO says it spoke with several security experts to understand the scope of the problem, and it was not encouraging.

“Users will be locked out and will need to get back in. Once you add one entry that is using the email address, the second entry will conflict,” said Tim Erlin, VP of product at Wallarm. “And once you have overwritten, you won’t know which one was overwritten.

“It’s possible that this problem occurs more often than anyone realizes because [users] don’t realize what the cause is,” he added. “If you haven’t picked an authentication app, why would you pick Microsoft?”

“I tried this to experience it myself,” said David Meltzer, chief product officer at Netography, after recreating the bug. “It is clearly a bug. It is a fairly straightforward thing [for Microsoft] to fix. Every other authenticator can handle it.”

Microsoft’s Response

In statements to CSO, Microsoft blamed users, saying the software was working as intended.

“We can confirm that our authenticator app is functioning as intended. When users scan a QR code, they will receive a message prompt that asks for confirmation before proceeding with any action that might overwrite their account settings. This ensures that users are fully aware of the changes they are making.”

Unfortunately, this statement is somewhat misleading. As CSO points out, the message that Authenticator displays is not nearly as clear as Microsoft would have one believe.

“This action will overwrite existing security information for your account. To prevent being locked out of your account, continue only if you initiated this action from a trusted source.”

As CSO points out, this message is problematic for multiple reasons.

• As Erlin points out above, the app doesn’t clarify which account will be wiped out, leaving users to find out the hard way.
• The dialog describes the user initiating the action, and the action coming from a trusted source, as the criteria for continuing, meaning most users will then proceed.
• It offers no way of avoiding the overwrite, except to cancel the process.

Interestingly, Microsoft reached back out to CSO to provide a new statement, this time blaming vendors.

“When you scan a QR code, the Authenticator app uses a label given by the vendor to set up your Time-based One-Time Password (TOTP) account. However, some sites or vendors don’t include the issuer — the site name or Identity provider name — in the label. This may result in a situation where a user may already have an account with the same label and the app attempts to overwrite the existing TOTP account with the new one they are scanning. In situations where a user has an existing account with the same label, users are always presented with a message prompt to confirm overwriting an existing TOTP account in their app and can make a conscious choice to proceed or not. We are always working on enhancing our products and will take this into consideration and apply it to future improvements.”

Of course, no other major authenticator app struggles with this issue, meaning that there is a fundamental design choice of Microsoft’s that has created this situation.

Australian IT consultant Brett Randall told the outlet that there are few options to fix the issue, short of Microsoft fixing it correctly.

“It seems there are two options here to avoid end users accidentally overwriting other apps’ keys,” Randall told CSO. “We audit every application’s otpauth and go through the hassle of trying to convince every company doing it ‘wrong’ to fix it. Or Microsoft fixes this once and then we never have to worry about it again.”

In the meantime, organizations and individuals would do well to use pretty much any other authenticator, aside from Microsoft Authenticator.

CrowdStrike pushed a faulty update to its cybersecurity software in mid-July. Because CrowdStrike’s software runs at the kernel level in Windows—the most low-level part of the operating system—the update had devastating consequences, crippling millions of Windows PCs around the world. The airline industry was hit hard, with Delta being one of the ones impacted the worst.

Delta CEO Ed Bastian said the company may take legal action against CrowdStrike in response.

“We have no choice,” Bastian said in an interview. “Over five days, between lost revenue and the tens of millions of dollars per day in compensation and hotels, we did everything we could to take care of our customers. We have to protect our shareholders, our customers, and our employees from the damage.”

According to The Wall Street Journal, CrowdStrike is accusing Delta of creating a “misleading narrative,” and points to the airline’s response to the outage as the true culprit.

“Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions—swiftly, transparently, and constructively—while Delta did not,” wrote Michael Carlinsky, an attorney at the Quinn Emanuel Urquhart & Sullivan law firm.

The letter goes on to say that CrowdStrike tried to assist Delta in its recovery, but was ultimately told its help was not needed. Interestingly, Bastian alluded to the offer in his interview, but seemed to indicate that any such offer held very little real-world value.

“Do you really want to know what they offered us? Nothing. Free consulting advice to help us. Exactly,” he said. “We have to ensure that this doesn’t happen again and that our stakeholders are compensated for the losses.”

Delta’s long recovery has been a big question mark in the aftermath of the incident, especially since other airlines were back up and running days sooner. Bastian says the blame lies with CrowdStrike and Microsoft, painting Delta as being caught between two competing companies that don’t always work well together.

“People wonder how this could happen if we have redundancies. We built hundreds of millions of dollars in redundancies. The issue is with Microsoft and CrowdStrike, and we are heavily invested in both,” he explained. “We got hit the hardest in terms of recovery capability.”

“Microsoft and CrowdStrike are the top two competitors in cybersecurity. They don’t necessarily partner at the level we need them to,” Bastian added. “This is a call to the industry. Everyone talks about making sure big tech is responsible. Well, guys, this cost us half a billion dollars.”

There’s no doubt that CrowdStrike is ultimately to blame for the outage. The company admittedly pushed a faulty update that bricked millions of computers, in many cases requiring physical access to the machines to fix them.

Only time will tell if Delta was also negligent in their response to the incident, or if they are just caught between two companies, a victim of their heavy reliance on both.

The top VPN options in the world guarantee a no-logs policy, meaning they do not log user activity. As founder Andy Yen points out, the company’s no-logs claim was tested in 2019. The company was ordered by Swiss authorities to turn over logs to help identify a user. The company could not comply because there were no logs to turn over.

Despite that endorsement, the company has had security firm Securitum perform regular audits on the company’s software, including Proton VPN, to make sure an accidental misconfiguration couldn’t leak user data.

According to Yen, the most recent audit “uncovered no significant security issues,” and he says the company’s security is aided by Proton apps’ code being open source and benefiting from the company’s bug bounty program.

“During the audit, it was confirmed that the Proton VPN product complies with the No-Log policy and offers the highest standards of security and privacy,” reads the Securitum report. “No traces of user logs were detected, and user privacy is protected through both technical and organizational measures. All changes and additional features are developed based on the fundamental principle of maximizing user security and privacy”.

The full report can be read here. In the meantime, however, Securitum’s report confirms that Proton VPN is one of the top VPNs.

According to the company’s System Status page, iCloud Private Relay was experiencing issues for more than 48 hours, from July 25 through July 27. The company has not provided any explanation regarding the cause of the issue, or why it took so long to resolve.

iCloud Private Relay is similar to a VPN, protecting a user’s privacy when they are browsing the web, as Apple explains in a support document:

Normally when you browse the web, information contained in your web traffic, such as your DNS records and IP address, can be seen by your network provider and the websites you visit. This information could be used to determine your identity and build a profile of your location and browsing history over time.

iCloud Private Relay is designed to protect your privacy by ensuring that when you browse the web in Safari, no single party — not even Apple — can see both who you are and what sites you’re visiting.

When Private Relay is enabled, your requests are sent through two separate, secure internet relays.

Hopefully Apple has been able to address the issue so that the service is more reliable moving forward.

The kernel is the core component in any operating system, the most low-level part controls the hardware, communicates with the software, manages processes, file systems, drivers, and more. Because the kernel is often one of the first elements of the boot process, protecting the kernel is a critical component of good security practices.

CrowdStrike’s cybersecurity software is designed to operate at the kernel level, which is why the results were disastrous when the company pushed a faulty update earlier this month. The update bricked millions of Windows PCs and brought multiple industries to a grinding halt.

In the aftermath of the incident, Microsoft is reevaluating best practices for Windows security, including the option to restrict kernel access, as the Microsoft VP John Cable outlines in a blog post:

This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience. These improvements must go hand in hand with ongoing improvements in security and be in close cooperation with our many partners, who also care deeply about the security of the Windows ecosystem.

Examples of innovation include the recently announced VBS enclaves, which provide an isolated compute environment that does not require kernel mode drivers to be tamper resistant, and the Microsoft Azure Attestation service, which can help determine boot path security posture. These examples use modern Zero Trust approaches and show what can be done to encourage development practices that do not rely on kernel access. We will continue to develop these capabilities, harden our platform, and do even more to improve the resiliency of the Windows ecosystem, working openly and collaboratively with the broad security community.

Cable’s comments about encouraging “development practices that do not rely on kernel access” are telling, since CrowdStrike’s kernel access directly led to the issue. In contrast, Apple does not allow developers access to the macOS kernel, implementing that change in 2020. As a result, macOS is largely immune to a CrowdStrike-type issue.

See Also: Expert: “This Outage Is a Wake-Up Call To Re-Evaluate Cybersecurity Strategies”

Unfortunately for Microsoft, the reason the company still allows access to the kernel is because of a 2009 agreement with the EU that was designed to level the playing field and give third-party companies the same access to the Windows kernel as Microsoft has.

Competition vs Security

The issue underscores potential problems with the EU’s current regulatory path. The bloc is hell-bent on cracking open every platform, and make as level a playing field as possible. Apple has become a popular target, with the EU seemingly intent on making iOS function like—and be as open as—Android.

Unfortunately, while such goals are laudable, the reality is that breaking open legacy platforms often has unforeseen consequences, with the CrowdStrike incident being a case in point. Because the EU wanted third-party developers to have full access to the kernel that Microsoft developers and owns, the stage was set for one of the worst outages in computer history.

The reality is that some systems are simply not designed to be cracked open in such a way that anyone and everyone can have access, and doing so opens the door to serious issues.

What About Open-Source?

Critics will point to the open nature of open-source software as proof that prying open existing platforms is viable. Unfortunately, this is comparing apples to oranges.

In the case of true open-source software, all the various components are open and accessible, meaning the software entire stack can be inspected and audited. This helps ensure that flaws like the CrowdStrike flaw don’t make it into production systems.

In contrast, prying open a closed-source platform to allow third-parties to have access doesn’t mean that the entire stack is now open and auditable. Nor does it mean that any third-party software that hooks into the pried-open platform is open for inspection and audit.

As a result, the type of “openness” the EU forced on Microsoft is the worst of both worlds, not the best. It essentially reduces the security of closed-source Windows by prying it open so other closed-source applications can hook into in ways that cannot easily be inspected, tested, or verified before something bad happens.

The Future

Hopefully, companies, organizations, and lawmakers learn from the CrowdStrike debacle and recognize that changes need to be made:

• Companies need to get behind the kind of Zero Trust methods Cable outlined and stop relying on kernel access.
• Microsoft should renegotiate its agreement with the EU to eliminate outside access to the Windows kernel.
• Lawmakers need to recognize that “openness” for the sake of openness sometimes creates more problems than it solves. Any such regulatory efforts need to be made with a greater understanding of the industry and potential issues of decisions that are made.

Until the above steps are universally taken, CrowdStrike-type incidents will keep happening.

First spotted by TechCrunch, CrowdStrike has been sending out $10 Uber Eats gift cards to apologize to those impacted when it sent out a faulty update that bricked millions of Windows PCs. A number of users took to X to post about receiving the gift card.

As if a mere $10 to apologize for an outage that crippled the world wasn’t already insulting enough, TechCrunch reports that the gift cards aren’t working when users try to redeem them. When the outlet reached out to Uber Eats, it was told the card “has been canceled by the issuing party and is no longer valid.”

CrowdStrike has been in the news for all the wrong reasons since the outage it caused. With moves like this, it’s safe to say its days of being in the news for all the wrong reasons are far from over.

CrowdStrike’s cybersecurity software runs at the lowest level of the operation system, the kernel, giving it access that goes far beyond ordinary software. Ideally, the kernel is well-protected against software wreaking havoc—either maliciously or through ineptness, as in the case of CrowdStrike.

Unfortunately, for Microsoft, the company is not able to lock down the kernel and protect it like it should be. According to The Wall Street Journal, a Microsoft spokesperson said the issue stems from a 2009 agreement Microsoft made with the EU in response to a complaint. The agreement stipulates that Microsoft will give third-party developers the same low-level access to the kernel that Microsoft has.

In contrast, Apple announced in 2020 that it would no longer allow developers to access the kernel, meaning macOS is inherently immune from CrowdStrike-like incidents. Put even more bluntly, it means that Microsoft Windows will never be as secure as macOS thanks to the deal it struck with the EU.

Microsoft’s predicament underscores growing concern about the EU’s regulatory efforts. The bloc has been aggressively cracking down on Big Tech, with the Digital Markets Act aimed at fostering a level playing field. Gatekeeper companies—companies that control an entire platform and meet users and income thresholds—have been especially targeted, with the EU trying to force them to open their platforms to third-party companies.

As Microsoft’s example shows, however, ripping platforms open so everyone and anyone can have unfettered access doesn’t always benefit users as much as lawmakers think it will. Instead, it can lead to disasters like CrowdStrike.

Impact and Fallout

The scale of the disruption has been unprecedented. Airports around the world have been shut down, with many airlines grounding their flights. In some cases, airlines have resorted to issuing handwritten boarding passes. Hospitals have faced critical operational failures, with trains in the United States and the United Kingdom coming to a halt. Entire companies have found themselves unable to operate as employees struggle to log into their systems.

“You wake up, and everything’s down,” said Sasha Yanshin, a YouTuber and IT expert who has been covering the outage extensively. “Airports, banks, hospitals, you name it. It’s like the internet just broke.”

CrowdStrike’s CEO George Kurtz addressed the issue in a public statement, acknowledging the severity of the situation. “We deeply apologize for the impact this has caused,” Kurtz said. “This is not a security incident or cyberattack. It was a content update issue that affected Windows hosts. We are working tirelessly to resolve it.”

Despite the apology, CrowdStrike has faced significant backlash for its handling of the situation. Critics have accused the company of gaslighting and failing to provide adequate support to affected customers. “CrowdStrike is busy mitigating risks and gaslighting instead of helping people fix the issue,” Yanshin commented. “How did a global security company send out an update that immediately disables millions of computers worldwide?”

Criticism and Response

The fallout has prompted questions about the testing and deployment processes at CrowdStrike. “If this is the level of attention they pay to updates, what about the actual security they provide?” Yanshin asked. “This incident highlights a major vulnerability in our reliance on third-party security solutions.”

Yanshin did not hold back in his critique of CrowdStrike’s response. “CrowdStrike CEO George Kurtz did a bit of gaslighting on Twitter, saying this is not a security incident or cyberattack. But breaking people’s computers, making companies unable to operate, and grounding airlines – many would argue these are indeed severe security incidents,” Yanshin remarked. “How did this happen? How did a global security company send out an update that immediately disables millions of computers worldwide? It’s mind-boggling.”

Government and Corporate Reactions

The Department of Homeland Security (DHS) and the National Security Council (NSC) have been actively involved in assessing the situation. “We are working closely with CrowdStrike and Microsoft to understand the full scope of the outages and mitigate any potential risks,” a DHS spokesperson said. President Biden has also been briefed on the incident, underscoring its significance at the highest levels of government.

Microsoft, whose Windows operating systems were directly affected, placed the blame squarely on CrowdStrike. “The CrowdStrike update forced Windows devices into a reboot loop, causing widespread disruptions,” Microsoft stated on its support page.

Yanshin offered his perspective on the broader implications: “This incident exposes a critical flaw in how interconnected our digital infrastructure has become. One untested update from a single cybersecurity firm can cause a ripple effect that paralyzes essential services worldwide.”

Economic Impact

The financial markets have reacted sharply to the news. Shares of cybersecurity firms like Palo Alto Networks and SentinelOne have risen as investors anticipate increased demand for robust cybersecurity solutions. Conversely, CrowdStrike’s shares plummeted by approximately 10%, reflecting investor concerns over the company’s role in the incident and potential liabilities.

The economic impact extends beyond the stock market. Businesses worldwide are grappling with significant losses as a result of the outage. “Every minute of downtime translates to millions in lost revenue,” said Dom Chu, a financial analyst. “This incident will likely have long-term repercussions for CrowdStrike and its customers.”

Yanshin pointed out the scale of the economic fallout: “Imagine the level of losses being reported across the world right now. In India, we are seeing the impact largely on flights, but globally, it’s extremely overwhelming to see what’s playing out right now.”

Ongoing Recovery Efforts

Recovery efforts are underway, but the process is labor-intensive and time-consuming. “Our IT workers are tirelessly working to manually reboot systems and restore normal operations,” reported Steve Kovach from the CNBC newsroom. CrowdStrike has provided a detailed workaround for affected users, but the solution requires technical expertise that many users lack.

“Boot Windows into safe mode or the Windows Recovery Environment, navigate to the CrowdStrike directory, and delete a specific file,” Kurtz explained. “We understand this is not an easy task for everyone, and we are providing as much support as possible.”

Yanshin criticized the complexity of the proposed solution: “How many regular everyday non-tech people know how to boot into recovery mode and would actually feel comfortable doing it by themselves? The level of gaslighting by CrowdStrike is incredible because this is significantly worse than they are making out.”

Lessons Learned and Future Implications

The incident has sparked a broader debate about the resilience of critical infrastructure and the need for improved oversight and contingency planning. “This outage serves as a wake-up call for industries worldwide to strengthen their defenses and ensure continuity in the face of unexpected failures,” said Katherine Manstead, a cybersecurity expert.

As businesses and governments work to restore normalcy, the lessons learned from this incident will likely drive significant changes in how cybersecurity is approached and managed globally. The collaborative efforts between corporate IT teams and national security agencies highlight the critical nature of cybersecurity in safeguarding not just business operations but national infrastructure.

The global IT outage caused by a CrowdStrike update has had far-reaching impacts, disrupting services across multiple sectors and highlighting vulnerabilities in digital infrastructure. While recovery efforts continue, the incident underscores the need for robust cybersecurity measures and contingency planning to mitigate the effects of such disruptions in the future. As the world grapples with the fallout, the focus remains on restoring full functionality and preventing similar incidents from occurring again.

First spotted by BleepingComputer, a hackers going by the name ’emo’ began selling 15 million Trello profiles in January. The hacker told the outlet that the data “was collected using an unsecured REST API that allowed developers to query for public information about a profile based on users’ Trello ID, username, or email address.”

Although Trello parent Atlassian failed to provide comment in January, the company acknowledged to BleepingComputer this week how the data was exfiltrated.

“Enabled by the Trello REST API, Trello users have been enabled to invite members or guests to their public boards by email address. However, given the misuse of the API uncovered in this January 2024 investigation, we made a change to it so that unauthenticated users/services cannot request another user’s public information by email. Authenticated users can still request information that is publicly available on another user’s profile using this API. This change strikes a balance between preventing misuse of the API while keeping the ‘invite to a public board by email’ feature working for our users. We will continue to monitor the use of the API and take any necessary actions.”

❖ Atlassian

Most of the information in the profiles is publicly available, but the information does contain non-public email addresses.

All-in-all, the Trello incident is not one of the most devastating cybersecurity breaches, but does continue to demonstrate the risks associated with unsecured APIs.

In a letter to customers that was filed with the Massachusetts attorney general, Rite Aid says bad actors gained access to the company’s systems by impersonating an employee and “compromise their business credentials.” The company says it detected the issue within 12 hours and immediately investigated to understand the scope of the breach.

According to the company, data that includes “purchaser name, address, date of birth and driver’s license number or other form of government-issued ID presented at the time of a purchase between June 6, 2017, and July 30, 2018,” was stolen by the hackers. Rite Aid said no Social Security numbers, financial information, or patient information was compromised.

Rite Aid is working with federal and state regulators, as well as as law enforcement in the wake of the breach. The company has also secured the services of Kroll to provide customers with identity monitoring services at no cost.

Interestingly, Ars Technica reports that RansomHub—the group responsible—claimed to be in advanced negotiations with Rite Aid officials over the stolen data when the company suddenly broke off communications and went radio silent.

It’s unclear if Rite Aid stopped communicating with the ransomware group over the price being demanded, or in response to law enforcement involvement, since law enforcement usually advocates against paying the ransom.