Tag Archives: Endpoint Security

Microsoft / CrowdStrike: Who is responsible for global IT outage?

Is Microsoft or CrowdStrike to blame for the global IT outage of Windows-based systems?! Take a look at the viral claims, and find out what the facts really are!

 

Claim : Microsoft Is Responsible For Global IT Outrage, Not CrowdStrike!

On Friday, 19 July 2024 – a day that will live in digital infamy, businesses and organisations worldwide were hit by an IT outage on their Windows-based systems. Inevitably, some people are blaming Microsoft for this debacle…

Circulating on WhatsApp : Very interesting to see how the media is playing down on the disaster.

Question remains “Not sure how microsoft is going to rollback the update or to install the patch as affected pcs have locked themselves out.”

Recommended : Elon Musk Bitcoin + Ethereum Giveaway Scam Alert!

 

Truth : CrowdStrike, Not Microsoft, Is Responsible For Global IT Outrage!

This appears to be complete misunderstanding of the global IT outage that’s happening only to systems and cloud services based on Microsoft Windows, and here are the reasons why…

Fact #1 : Global IT Outage Caused By CrowdStrike, Not Microsoft

Let me start by simply pointing out that the global IT outrage that started on Friday, 19 July 2024, was caused by CrowdStrike, not Microsoft.

Soon after the outage occurred, CrowdStrike announced (and again) that it was caused by a bug in an update to its Falcon threat detection system.

The IT outage notably did not affect all Microsoft customers and users, only those who purchased and installed CrowdStrike Falcon, which is an “endpoint detection and response” software. This kind of software is designed for large organisations, and that is why this global IT outage is mainly affecting those organisations.

The scale is massive, because CrowdStrike is a leading provider of Endpoint Detection and Response (EDR) software. However, home users and small business users are not affected, because they rely on the built-in Windows Defender software, or consumer-grade software from the likes of Norton and McAfee.

Blaming Microsoft for the buggy update that CrowdStrike issued would be like blaming BMW for defective third-party tyres that leak air, and asking the automotive company to replace or fix those tyres.

Fact #2 : Microsoft Denies Responsibility For Global IT Outage

A Microsoft spokesperson has officially denied responsibility for the global IT outage caused by the CrowdStrike update:

CrowdStrike update was responsible for bringing down a number of IT systems globally. Microsoft does not have oversight into updates that CrowdStrike makes in its systems.

Recommended : Will Microsoft Disable Your Computer If You Share Fake News?!

Fact #3 : Global IT Outage Caused By Bug In CrowdStrike Update

As CrowdStrike explained (and again), the infamous Windows Blue Screen of Death (BSOD) that is caused by a bug in an update meant for Windows-based systems.

The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.

We are working closely with impacted customers and partners to ensure that all systems are restored, so you can deliver the services your customers rely on.

CrowdStrike further confirmed that the buggy code was introduced in a single channel file – C-00000291.sys, with the timestamp of 0409 UTC.

As former Google engineer Arpit Bhayani explained, the buggy code was trying to access an invalid memory location, triggering a panic and causing the BSOD.

I saw many engineers blaming the outage on Microsoft 🤦‍♂️ SWEs blaming without knowing the root cause is concerning.

It is not Microsoft, it is Crowdstrike who released an update for Windows that had a bug. The patch runs in Kernel mode to monitor system activity at a low level.

Because it was running in Kernel mode, the buggy code was trying to access an invalid memory location that triggered a panic and which showed Blue Screen of Death.

The name of the driver file that had the buggy update is “C-00000291.sys”, deleting it fixes the issue and unfortunately this needs to be done manually.

Microsoft has nothing to do with it.

Deleting the file, or replacing it with the previous or newer version, fixes the problem. However, it has to be done manually, as the affected computers and servers have “bricked” and cannot be remotely accessed.

Recommended : US Bans Kaspersky Software Over National Security Risk!

Fact #4 : Microsoft Is Supposed To Vet Driver Updates

While Microsoft may not be responsible for the bug in the CrowdStrike update, some cybersecurity experts believe that it may hold some responsibility.

Costin Raiu who worked at Kaspersky for 23 years and led its threat intelligence team, says that Microsoft is supposed to vet the code and cryptographically sign it. This suggests that Microsoft may have also missed the buggy code in the CrowdStrike Falcon kernel driver update.

It’s surprising that with the extreme attention paid to driver updates, this still happened. One simple driver can bring down everything. Which is what we saw here.

Raiu also noted that past updates to Kaspersky and Microsoft’s own Windows Defender antivirus software have also triggered similar Blue Screen of Death crashes in previous years.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Trend Micro 2015 Security Roundup Details

9 March 2016 – Today, Trend Micro Incorporated released its 2015 security roundup report, “Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies,” which dissects the most significant security incidents from 2015. The research confirms attackers are now bolder, smarter and more daring in attack vectors, cyberespionage efforts and cyber underground activity on a global basis.

“Our observations for 2015 have confirmed that traditional methods of protecting data and assets are no longer sufficient and should be reassessed to maintain the highest level of corporate and personal security,” said Raimund Genes, CTO, Trend Micro. “The prevalence and sophistication of extortion, cyberespionage and expanding targeted attacks now dictate that organizational security strategies must be prepared to defend against a potentially greater onslaught in 2016. This realization can help the security community better anticipate and respond to what attackers are trying to accomplish.”

Online extortion and cyberattacks were a top concern in 2015, with several high-profile organizations being victimized. Ashley Madison, Hacking Team, the Office of Personal Management and Anthem were a few of these high-profile attacks that left millions of employees and customers exposed. A majority of data breaches in the U.S. in 2015 (41 percent) were caused by device loss, followed by malware and hacking.
Additional report highlights include:

  • Pawn Storm and Zero-Days – In 2015 there were more than 100 zero-days discovered in addition to the long-running cyberespionage campaign Pawn Storm utilized several zero-day exploits to target high-profile organizations, including a U.S. defense organization, the armed forces of a NATO country and several foreign affairs ministries.
  • Deep Web and Underground Explorations – In 2015, cybercriminal markets began to penetrate the recesses of the Deep Web. Each underground market mirrors the culture in which it resides, offering specific wares most profitable in each region.
  • Smart Technology Nightmares – Attacks against connected devices accelerated in 2015, proving their susceptibility. Smart cars and businesses, seen in Trend Micro’s GasPot experiment, were among a few of the new concerns brought by IoT technologies.
  • Angler, the ‘King of Exploit Kits’ – From malvertising to Adobe Flash, Angler Exploit Kit gained notoriety in 2015 as the most used exploit. Accounting for 57.3 percent of overall exploit kit usage. Japan, the U.S. and Australia were among the most impacted countries for this attack.
  • Data Held Hostage – Crypto-ransomware rose to 83 percent of overall ransomware use in 2015. Cryptowall was the most frequently used variant, arriving on users’ computers via email or malicious downloads.
  • Takedowns versus DRIDEX – The seizure and takedown of the notorious DRIDEX botnet contributed to a significant decrease in detections within the U.S. However, this led to a resurgence due to the Command and Control infrastructure being hosted on a bulletproof hosting provider, making it virtually impossible to eradicate altogether.
[adrotate banner=”5″]

 

Support Tech ARP!

If you like our work, you can help support out work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Trend Micro Scores Best In 2016 Gartner Report

Kuala Lumpur, 16 February 2016 – Trend Micro Incorporated today announced placement in the “Leaders” segment of the 2016 Gartner Report’s Magic Quadrant for Endpoint Protection Platforms based on ‘completeness of vision’ and ‘ability to execute’ for its EPP offering, protecting user endpoints and servers.

 

Trend Micro Scores Best In 2016 Gartner Report

The company has been named by Gartner as a leader in enterprise security solutions since 2002 . This year, Trend Micro placed farthest to the right in the leader’s quadrant for completeness of vision.

“As threats continue to evolve in sophistication and aggressiveness, we have made it a priority to invest in comprehensive next generation endpoint protection to help global enterprises keep pace,” said Kevin Simzer, executive vice president, sales, marketing & business development, Trend Micro. “Regardless of hybrid, cloud or on-premise deployment, Trend Micro’s proven endpoint offerings align with the business needs of our customers. We believe Gartner’s Magic Quadrant placement of us reinforces that not only are our current efforts on point, but our vision for the future will continue helping to address complex challenges.”

[adrotate group=”2″]

Trend Micro’s endpoint security solutions provide enterprises with comprehensive threat protection and data security across every device and application to defend endpoints in cloud, hybrid and physical environments, helping to protect business reputation and ensure compliance. With multi-layered security and real-time threat intelligence delivered through a lean interface, the solutions are uniquely positioned to confront evolving threats faced by global enterprises.

To further enhance and simplify deployment and ongoing management, the solutions also offer central control and visibility to enable a connected defense across networks, servers and endpoints on varying operating systems, devices and applications.

Go Back To > Enterprise | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

New Dell Data Protection Endpoint Security Suite Launched

KUALA LUMPUR, Malaysia – February 16, 2016 – Dell today announced the availability of the Dell Data Protection | Endpoint Security Suite Enterprise, which integrates Cylance technology using artificial intelligence and machine learning to proactively prevent advanced persistent threats and malware.

As part of this solution, Dell also announced the availability of a new post-boot BIOS verification solution for Dell commercial PCs, which allows customers to ensure their device remains free from malware during the boot process. The post-boot BIOS verification solution will be integrated on Dell commercial PCs with the purchase of the Dell Data Protection | Endpoint Security Suite Enterprise license.

The new BIOS verification functionality uses a secure cloud environment to compare and test an individual BIOS image against the official measurements held in the Dell BIOS lab. By conducting this test in an off-device environment, users can be assured that the post-boot image is not compromised as the testing takes place in a secure cloud platform and not on a potentially infected device. The verification helps extend security throughout the entire device lifecycle and provides greater visibility for administrators wanting to stop malicious BIOS attacks.

The BIOS verification feature will initially be available on Dell’s range of commercial PCs with a 6th Generation Intel chipset, which includes the widely applauded portfolio of Latitude PCs that were recently announced at CES, as well as select Dell Precision, OptiPlex, and XPS PCs and Dell Venue Pro tablets.

[adrotate banner=”4″]With this functionality, Dell strengthens its ability to provide the most secure commercial PCs in the industry today with best-in-class endpoint security solutions from the Dell Data Protection suite, including comprehensive encryption, advanced authentication and leading-edge malware protection from a single source – and now also BIOS verification.

The Dell Data Protection | Endpoint Security Suite Enterprise is the only endpoint security suite available today that integrates Cylance technology that employs artificial intelligence to protect against the execution of advanced persistent threats and malware including zero day attacks, and targeted attacks such as spear phishing and ransomware.

According to Cylance testing, the new solution offers a significantly higher level of protection, stopping 99 percent of malware and advanced persistent threats, far above the average 50 percent efficacy rating of many traditional anti-virus solutions .

The new Endpoint Security Suite Enterprise is a single solution that simplifies endpoint security and compliance for overburdened IT departments so they can focus on enabling end user mobility and productivity. Key benefits include:

  • No Signatures: The advanced threat protection technology is based on artificial intelligence and dynamic mathematical models with minimal false positives, eliminating the need for constant signature updates.
  • Consolidated Management and Compliance: Endpoint Security Suite Enterprise minimizes the time and resources needed to manage endpoint security by allowing companies to remotely manage all components using a single, non-disruptive console that includes consolidated status and compliance reports. It also satisfies compliance with industry standards, meeting PCI DSS, HIPAA HITECH and Microsoft requirements for anti-virus and anti-malware solutions.
  • Proactive Prevention: Preventing malware significantly reduces remediation costs and employee down time associated with wiping the drive, reimaging the hard disk and reinstalling the operating system and application software.
  • Enhanced Performance and Security: Endpoint Security Suite Enterprise uses a fraction of the system resources, such as CPU or memory, associated with anti-virus and traditional malware solutions. Local detection with no need for a constant cloud connection ensures mobile workers can work where and how they want without worry.
[adrotate group=”1″]

KT Ong, General Manager, Commercial Business, Dell Malaysia
“The growing complexity of BIOS-specific attacks, and with new malware variants possessing the ability to reinstall themselves within the BIOS, organizations need a more sophisticated way to know that their systems have not been compromised. Dell’s unique post-boot BIOS verification technology for its commercial PCs gives IT the assurance that employees’ systems are secure every time they use the device, making them the most secure in the industry.”

Stuart McClure, CEO, Cylance

“The combined Dell and Cylance advanced threat protection capability makes for the world’s most secure computing platforms. Global organizations, through Dell, can now feel confident in their ability to prevent a cyber attack from being successful. Whether an errant email link via a phishing attempt, invisible web site malicious software download or advanced nation-state targeted attack, we can stop them.”

Ray Barth, Manager of Network Operations, Citation Oil & Gas

“The general availability of Dell Data Protection | Endpoint Security Suite Enterprise is a huge advantage for Dell customers. We were looking for an improved approach to endpoint protection and reduction/elimination of the time that support staff has to spend addressing endpoint breaches; we made a strategic decision to replace our legacy server and client software. After implementing Cylance we realized significant benefits in accuracy, visibility, and control. Incidents that have required support staff to put hands on a device have dropped to zero and dormant malware previously undiscovered has been blocked.”

 

Availability

Dell Data Protection | Endpoint Security Suite Enterprise is now available for both Dell commercial PCs and as a security solution across heterogeneous IT environments.

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!