Tag: Azure

Azure

Microsoft Security Summit Portugal

Just attended the Microsoft Security Summit Portugal, online.

A very interesting event, touching on a several subjects:

  • AI for Cybersecurity Defense
  • Zero-Trust
  • Regulation, compliance and sovereignty

Among the speakers, there was the Rear-Admiral António Gameiro Marques, que General-Director of the National Security Cabinet of Portugal.

If you want to watch a recording, its available here:

Microsoft Security Summit Portugal (Digital) – YouTube

Major IT disruptions wordwide caused by faulty CrowdStrike update

Todays we are seeing major disruptions to IT infrastructure worldwide, afecting Airlines, Banks, Hospitals, Emergency services, Telecom companies, Media outlets, Payments processing, among others. [1] [2]

The root cause seems to be a faulty update released by CrowdStrike, a Cybersecurity company, for Falcon Sensor, their Endpoint Protection solution, which caused computer to lock-up and not turn-on properly, showing a Blue-screen error.

In an unrelated event, Microsoft Azure Cloud services also had major issues around the time of the “CrowdStrike problem” a Central US Azure outage (Tracking Id: 1K80-N_8) – those issues with Azure seem to be already mostly resolved. [3]

Solution for IT admins

As the affected computers and not running properly, unfortunately it seems they will need to be fixed one-by-one.

The solution seems to be:

1. Boot into Safe mode or the Windows Recovery Environment
2. Run the command:
 del "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys"
3. Reboot

Key takeaways

  • Software and Hardware Vendors have a high responsibility and should extensively test their products – both with automated tools and manually
  • Vendors should do gradual releases of software updates, with live monitoring for issues and clients reported issues
  • You don’t release significant updates on a Friday!
  • Vendors should provide easy options or tools to control updates: delay updates for X amount of days, completely disable updates should always be available for IT admins
  • For companies at large, they should have mechanisms to delay or manually approve updates for their entire IT infrastrucutre – unfortunately this is not always easy and is largely dependant of options provided (or not provided) by Vendors

Remember the 3 basic principles of Cybersecurity are Confidentiality, Integrity and Availability, in the quest to secure the systems we should pay attention to issues like this, which end-up causing as much disruptions as a major CyberAttack.

We should also be aware that Cybersecurity is, in large part, a risk-management and a balancing act between those 3 pillars.

Statement from CrowdStrike

Advice from Microsoft to solve this issue

Cybersecurity Book Bundle, by Humble Bundle!

UPDATE: This bundle is no longer available!

In this book bundle from Humble Bundle, you will get 18 books related to Cybersecurity, published by Pearson, ranging from topics like CompTIA Security+, Network Security, Zero Trust Architecture, Microsoft Sentinel and Microsoft Defender for Cloud.

Full list of books:

  • CompTIA Security+ SY0-701 Cert Guide
  • Network Security
  • Zero Trust Architecture
  • Cybersecurity Myths and Misconceptions
  • In Zero Trust We Trust
  • Database and Application Security: A Practitioner’s Guide
  • Ransomware and Cyber Extortion
  • Designing and Developing Secure Azure Solutions
  • The Modern Security Operations Center
  • A Practical Guide to Digital Forensics Investigations
  • Data Breaches
  • Microsoft Defender for Cloud
  • Microsoft Sentinel
  • Effective Cybersecurity
  • Information Privacy Engineering and Privacy by Design
  • Building a Career in Cybersecurity
  • Microsoft Azure Network Security
  • Securing 5G and Evolving Architectures

Get the bundle now! It expires in less than 48 hours!