Newsletter

Recent Breaches & Incidents

CrowdStrike Patch Deployment Outage 

A CrowdStrike sensor update caused a system crash and a blue screen (BSOD) on several Windows systems on Friday, July 19. Resulting in a worldwide IT outage. A logic error in the update was responsible for the crash, affecting devices with the Windows operating system. 

This incident was not a cyberattack, and CrowdStrike resolved the issue within an hour. According to The Verge, approximately 8.5 million devices worldwide were affected by the update. 

CrowdStrike provided remediation guidance, though it was manual due to the affected devices being unable to connect to the internet or boot up. Follow the provided guidelines to identify affected hosts and remediate the issue. 

External Links:

CrowdStrike Blog

AT&T Breach 

AT&T announced a significant data breach affecting nearly all its customers on July 12, potentially impacting over 100 million people. This breach exposed call and text message logs, including phone numbers and cell-tower IDs, though no names, birthdates, social security numbers, or message contents were leaked. 

Threat actors accessed the phone numbers and call/text logs of AT&T customers, which also affected anyone who contacted them during the breach period (May-Oct 2022 and January 2, 2023). The risks associated with this breach include potential scams, identity theft, and exposure of sensitive information based on call patterns.

External Links:

NY Times

RockYou2024: 10 Billion Passwords Leaked 

The largest password compilation has been uncovered, with nearly 10 billion unique passwords exposed. The file, titled “rockyou2024.txt”, was posted by a forum user on July 4. This leak includes passwords from both old and new data breaches, significantly increasing the risk of credential-related attacks. 

The leak is composed of data gathered from over 4,000 databases across more than two decades. It is recommended to reset passwords, opting for strong and unique ones, and most importantly, enable Multi-Factor Authentication. 

External Links:

Cybernews

University Hospital Centre in Zagreb, Croatia Data Breach 

The University Hospital Centre in Zagreb, Croatia, fell victim to the LockBit ransomware group a week after experiencing a severe cyberattack. Although the hospital managed to restore its IT systems within 24 hours, the attack disrupted operations, forcing emergency patients to be redirected to other facilities and necessitating the use of paper and pens. 

LockBit claimed to have stolen a wide range of sensitive data from the hospital, including medical records, research papers, and employee information. The group operates as a Ransomware-as-a-Service model and has been responsible for over 1,400 attacks globally. 

External Links:

Cybernews