Crowdstrike issue taking down companies around the world. AT&T breach leaking all call logs. Kaspersky shutting down in the US.  

News

Hi friends,

If you've opened up any news reader before seeing this email, you'll probably have seen the Crowdstrike issue going the rounds. Heavy stuff. If you're affected I hope it'll be resolved once the weekend starts, and that you may find peace and quiet when it does :-) Enjoy the read folks.

Cheers,

Dieter Van der Stock

CrowdStrike update bricking PCs around the world

This one is still developing as I write this issue. It seems that Windows machines all over the world are blue-screening because of an issue with CrowdStrike. It's affecting airlines, banks, and much more. As I write this there seems to be a workaround published, but it's still early. My heart goes out to all IT folks and Crowdstrike engineers affected, this is going to be one of those Friday's.

theverge.com

Kaspersky is shutting down its business in the United States

The US government has officially banned Kaspersky from selling any products or providing any services, reasoning that the Kremlin would have too much of an ability to influence the vendor. Understandably, in my opinion. The company will now wind down its US operations. In a somewhat ironic move, they will offer some of their software for free for the next six months (link).

bleepingcomputer.com

CISA publishes resilience-planning playbook for critical infrastructure

I'm becoming a big fan of the work that CISA does. They seem to communicate clearly, without sounding patronizing, and in a way that both engineers and managers can appreciate. This playbook is a nice example. It has table-top excercises and scenario's written out, and a bunch of advice. You can go straight to the pdf here.

statescoop.com

Quick links

  • Hackers use PoC exploits in attacks 22 minutes after release: link.
  • Report: Alphabet close to $23 billion deal for cybersecurity startup Wiz: link.
  • Judge tosses out most of SEC cybersecurity case against SolarWinds: link.

Breaches and leaks

  • Massive AT&T data breach exposes call logs of 109 million customers: link.
  • ATT ransom laundered through mixers, gambling services: link.
  • UK national blood stocks in 'very fragile' state following ransomware attack: link.
  • Rite Aid says breach exposes sensitive details of 2.2 million customers: link.
  • Email addresses of 15 million Trello users leaked on hacking forum: link.
  • Yacht giant MarineMax data breach impacts over 123,000 people: link.
  • Over 400,000 Life360 user phone numbers leaked via unsecured API: link.
  • Furniture giant shuts down manufacturing facilities after ransomware attack: link.
  • Indian crypto platform WazirX confirms $230 million stolen during cyberattack: link.

Issues and fixes

  • Vulnerability in Cisco Smart Software Manager lets attackers change any user password: link.
  • Netgear warns users to patch auth bypass, XSS router flaws: link.
  • Critical Exim bug bypasses security filters on 1.5 million mail servers: link.
  • CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks: link.
  • SolarWinds fixes 8 critical bugs in access rights audit software: link.

What 1Password can do for developers

If you're an engineer, it's really worth checking out 1Password's developer tools. It can manage secrets for your infrastructure and CI/CD pipeline, manage SSH keys, and inject tokens into CLI scripts. Play around with it and see how it can fit in your development flow. (Sponsored)

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.