apt update

Company & Industry Updates

Stay informed with the latest developments in the IT and cyber security landscape. This page is dedicated to providing timely, relevant updates on industry advancements, emerging technologies, newly discovered vulnerabilities, and significant data breaches that may impact your business. Additionally, we’ll keep you informed about any changes to our company's policies or services. Here, you'll find critical updates such as revisions to our privacy policy, the introduction of new services or consulting packages, and enhancements to our security assessment offerings.

22/11/2024: China's Telecom Hack: Unprecedented Breach Exposes U.S. Security Vulnerabilities

Chinese hackers, linked to the intelligence group "Salt Typhoon," breached U.S. telecommunications networks, allowing them to intercept unencrypted calls and texts, including those of high-profile officials like President-elect Donald Trump. Exploiting outdated equipment and network vulnerabilities, the attack extended across major carriers like Verizon, AT&T, and T-Mobile, targeting sensitive national security communications and metadata such as call durations and locations. Discovered by Microsoft in mid-2024, this is deemed the most severe telecom hack in U.S. history. Investigators warn that hackers might still have residual access, complicating containment efforts. The breach highlights critical infrastructure weaknesses and has prompted calls for enhanced cybersecurity standards, as adopted by allies like Australia and Britain.

11/11/2024: Amazon Confirms Employee Data Leak Following Vendor Breach in MOVEit Attack

Amazon confirmed on November 11, 2024, that employee data was leaked following a May 2023 breach of a third-party vendor during the MOVEit attacks. The breach, attributed to a threat actor named Nam3L3ss, exposed over 2.8 million lines of Amazon employee information, including work contact details but no sensitive data like Social Security numbers or financial information. Amazon stated its own systems remained secure, and the vendor has since patched the exploited vulnerability. Nam3L3ss also leaked data from 25 other companies, likely sourced from various exposed databases and leak sites.

Source: https://www.forbes.com/sites/larsdaniel/2024/11/11/amazon-confirms-data-breach-exposed-2800000-lines-of-employee-data/

31/10/2024: Microsoft Delays Release of Recall for Windows Copilot

Microsoft is delaying the release of its Recall feature for Windows Copilot+ PCs, initially expected in October, to enhance user experience and address security concerns. The feature, introduced in May, allows users to navigate a "visual timeline" of their activities, effectively giving their computers a "photographic memory." However, privacy and security issues led to the feature being disabled by default and redesigned for better access controls. The revised Recall will now be available for preview to Windows Insiders by December. Microsoft emphasizes its commitment to secure user experiences, incorporating additional protections like "just in time" decryption linked to Windows Hello Enhanced Sign-in Security.

Source: https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/

Source: https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/

25/10/2024: Legal Battle Erupts Between Delta Air Lines and CrowdStrike Over July Outage

Delta Airlines and CrowdStrike are embroiled in a legal dispute following a July outage that disrupted millions of computers worldwide and led to the cancellation of 7,000 Delta flights. Delta has accused CrowdStrike of breach of contract and negligence, claiming the incident cost the airline $380 million in lost revenue and $170 million in additional expenses due to a flawed software update. In response, CrowdStrike filed a suit against Delta, asserting that the airline's damages were primarily due to its own negligence and seeking a declaration that its liability is limited to the terms of their service agreement. Both companies have publicly exchanged blame for the incident, with Delta's CEO criticizing CrowdStrike's practices while CrowdStrike has characterized Delta's claims as misinformation and a failure to modernize its IT infrastructure.

Source: https://www.cnbc.com/2024/10/25/delta-suit-against-crowdstrike-after-it-outage-caused-cancellations.html

19/07/2024: CrowdStrike Sensor Update Leading to System Crashes (BSOD) on Windows Hosts

On July 19, 2024, CrowdStrike experienced a system crash following a content configuration update for their Falcon sensor on Windows Hosts. The update, intended to enhance the sensor's capabilities, inadvertently introduced a mismatch in expected input fields, leading to an out-of-bounds memory read. Despite the disruption, CrowdStrike successfully restored ~99% of Windows sensors online within ten days, thanks to the collaborative efforts of their teams, customers, and partners. Importantly, an analysis confirmed that the incident was not exploitable by threat actors.

For technical details, visit CrowdStrike Blog

For remediation steps, visit: Cyber Security News

Page updated

Report abuse