Todays we are seeing major disruptions to IT infrastructure worldwide, afecting Airlines, Banks, Hospitals, Emergency services, Telecom companies, Media outlets, Payments processing, among others. [1] [2]
The root cause seems to be a faulty update released by CrowdStrike, a Cybersecurity company, for Falcon Sensor, their Endpoint Protection solution, which caused computer to lock-up and not turn-on properly, showing a Blue-screen error.
In an unrelated event, Microsoft Azure Cloud services also had major issues around the time of the “CrowdStrike problem” a Central US Azure outage (Tracking Id: 1K80-N_8) – those issues with Azure seem to be already mostly resolved. [3]
Solution for IT admins
As the affected computers and not running properly, unfortunately it seems they will need to be fixed one-by-one.
The solution seems to be:
1. Boot into Safe mode or the Windows Recovery Environment 2. Run the command: del "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys" 3. Reboot
Key takeaways
Software and Hardware Vendors have a high responsibility and should extensively test their products – both with automated tools and manually
Vendors should do gradual releases of software updates, with live monitoring for issues and clients reported issues
You don’t release significant updates on a Friday!
Vendors should provide easy options or tools to control updates: delay updates for X amount of days, completely disable updates should always be available for IT admins
For companies at large, they should have mechanisms to delay or manually approve updates for their entire IT infrastrucutre – unfortunately this is not always easy and is largely dependant of options provided (or not provided) by Vendors
Remember the 3 basic principles of Cybersecurity are Confidentiality, Integrity and Availability, in the quest to secure the systems we should pay attention to issues like this, which end-up causing as much disruptions as a major CyberAttack.
We should also be aware that Cybersecurity is, in large part, a risk-management and a balancing act between those 3 pillars.
I’m very happy to announce that today I signed a work contract with Microsoft!
I will be working in Cybersecurity, as a Support Engineer, providing technical support and advice related to Microsoft Defender for Endpoint, to clients in Europe, Middle East and Africa (EMEA).
I’m also happy that the Certified Ethical Hacker certification helped me get this job – it was one of the preferred qualifications on the job posting.
I will start in less than 1 month, working for Microsoft Portugal, and certainly will have more news soon!
The C-Days 2024 Cybersecurity conference ended today, an event in which I had the honor of participating.
It was a very interesting 3 days, full of lectures and workshops, in Coimbra, a university city, marking 10 years of the existence of the National Cybersecurity Center!
Today, as part of the C-Days Conference, I attended a very interesting Workshop, related to reverse engineering of malware, presented by a member of CERT.PT (Computer Emergency Response Team), part of the Portuguese National Cybersecurity Centre.
Description
This workshop offers a hands-on approach to reverse engineering malicious scripts on Windows systems, covering JavaScript, VBS, and Powershell. Aimed at cybersecurity technicians, this workshop ranges from static and behavioral analysis to manual deobfuscation techniques using Python. The objective is to enable participants to identify, analyze and collect IoCs of these threats, thus enabling them to mitigate what is one of the most common types of malware used as an entry vector to compromise organizations.
Contents
Strings static analysis with strings, pestr and FLOSS
Execute and deobfuscate JavaScript using SpiderMonkey
Powershell deobfuscation and debugging with Cyberchef and PS IDE
Its next week that C-Days 2024, the biggest Cybersecurity conference in Portugal, organized by the Portuguese National Cybersecurity Centre will happen in Coimbra, Portugal, on the 18th, 19th and 20th of June!
Under the theme of “More Prevention”, this event marks the 10 years of the Portuguese National Cybersecurity Centre, and there will be a talk “looking back” at the past and looking forward towards the future of the organization.
I’m also particularly interested in the “Reverse Engineering Malicious Scripts on Windows” Workshop, presented by Duarte Mortágua from CERT.PT!
I’m already registered for the conference, and looking forward to ti! Anyone interested can register at the official website: www.c-days.cncs.gov.pt
In this book bundle from Humble Bundle, you will get 18 books related to Cybersecurity, published by Pearson, ranging from topics like CompTIA Security+, Network Security, Zero Trust Architecture, Microsoft Sentinel and Microsoft Defender for Cloud.
Full list of books:
CompTIA Security+ SY0-701 Cert Guide
Network Security
Zero Trust Architecture
Cybersecurity Myths and Misconceptions
In Zero Trust We Trust
Database and Application Security: A Practitioner’s Guide
Ransomware and Cyber Extortion
Designing and Developing Secure Azure Solutions
The Modern Security Operations Center
A Practical Guide to Digital Forensics Investigations
Data Breaches
Microsoft Defender for Cloud
Microsoft Sentinel
Effective Cybersecurity
Information Privacy Engineering and Privacy by Design
