Security

In a tweet and blog post, George Kurtz says:

As this incident is resolved, you have my commitment to provide full transparency on how this occurred and the steps we’re taking to prevent anything like this from happening again.

We are working on a technical update and root cause analysis that we will share with everyone as well.

Other updates from CrowdStrike about Friday’s global IT misadventure warn about threat actors impersonating it in phishing attempts and other attacks or advise automated methods (PDF) to track down systems that have been affected.

Hospital systems from New York to Massachusetts to Pennsylvania impacted by the CrowdStrike outage say they’re canceling appointments and shifting to pen and paper. Memorial Sloan Kettering Cancer Center in NYC had said it would “pause the start of any procedure that requires anesthesia,” according to NBC News, though it’s site now says most of its systems are back online.

A bad time to get hit with the Blue Screen of Death is probably when you’re preparing for a practice session ahead of the Hungarian GP, especially when the problem has been caused by a team sponsor. But the Mercedes F1 team’s trackside engineering director, Andrew Shovlin, told reporters they were back up after updating affected PCs.

The impact in FP1 was minimal, if not nil. So, it created a bit of work, but we’re back where we need to be now.

This timelapse of Delta, American Airlines, and United air traffic says it all.

CrowdStrike CEO George Kurtz apologized to customers on the Today show and said that the company “knows what the issue is” that caused the global IT outage early Friday morning.

Thousands of flights have been grounded so far in the massive outage. Some businesses are trying to reboot and bring their systems back themselves.

According to a new Bloomberg report, the FBI’s initial attempts to break into the phone belonging to Thomas Matthew Crooks were unsuccessful.

But that changed once Cellebrite provided the agency with an unreleased, still-in-development update to its software. From there, it took just 40 minutes to access Crooks’ phone, which is described as “a newer Samsung model.”

The new Proton Scribe writing tool runs locally on the device and is available to all privacy conscious Proton Mail business customers as an add-on:

Proton Scribe helps users improve their productivity by composing emails based on a prompt, redrafting to better convey a message, and proofreading content. No user data or information is used to train Proton Scribe, and no data is shared with third parties.

Proton says it’s rolling out to web and desktop apps.

The Russian cybersecurity company confirmed the move in a statement to Zero Day, saying business opportunities in the US “are no longer viable” and that it’s laying off less than 50 workers.

Last month, the US government announced a ban on Kaspersky’s antivirus software over concerns about national security.

A group that has previously claimed responsibility for breaching NATO, as well as satellite systems used by Halliburton and Shell, tells CyberScoop they’ve released 2GB of data from the conservative think tank behind “Project 2025” policy proposals for a second Trump administration.

The data includes the “full names, email addresses, passwords, and usernames” of people associating with Heritage, vio said, including users with U.S. government email addresses. “This itself can have an impact to heritage’s (sic) reputation,” they added, “and it’ll especially push away users in positions of power.” 

With Number Lock, you can’t transfer your phone number to a new phone or port your number over to another carrier, Google says.

If you have Google Fi, it’s probably worth setting this up — SIM swapping attacks can be pretty bad!

Ticketmaster does some pretty wild (and user-hostile) stuff in the name of stopping scalpers and bots from getting all the good tickets. And the scalpers and bots seem to always have another move. Case in point: those rotating barcodes on your ticket.

If you’ve bought a ticket, this token can be extracted from within the Ticketmaster app (or, in some cases, from Ticketmaster’s desktop website), exported to a third-party platform, and tickets can then be generated on that third-party platform.

Microsoft’s Secure Future Initiative is set to impact Chinese employees in September, with the software giant reportedly set to cut off Android devices from accessing its corporate network. Bloomberg News reports that the move is due to Android devices in China lacking Google’s Play store to distribute Authenticator and identity apps for Microsoft employees. Microsoft is ramping up its internal security efforts after a series of high-profile attacks in recent years.

“CDK GLOBAL CYBERATTACK” blares the headline on Automotive News’ landing page for all the site’s reporting on the ransomware attack, which is now in its seventh day. The cyberattack against the software provider to nearly 15,000 dealerships across North America has caused a massive outage that could ultimately affect vehicle sales. Naturally, AutoNews has been following the story closely — including this editorial calling for “creative defense strategies” against cyber criminals.

Systems that support sales, service, and inventory for more than 15,000 dealerships have been shut off since June 19th in the wake of two separate cyberattacks.

After some dealers resorted to pen and paper to keep going amid reported negotiations between CDK and the BlackSuit ransomware group, Reuters reports restoration work has begun but that it may take “several days.”

The awesome bag company only told us about our data getting breached after Cybernews went public. Why? Peak initially assumed it was a vulnerability, not a breach, and never followed up with Cybernews after plugging the hole. Cybernews never sent Peak the ransom note, both entities confirm to The Verge.

“Simply put, we weren’t aware of the data compromise until [June 4th,]” Peak’s CEO tells me.

A report from 404 Media highlights a new type of bot that gets around Ticketmaster’s queuing system by opening dozens of different browsing sessions on one computer, giving them multiple chances to snag tickets from fans. The mix of bots — and fans — likely contributed to Ticketmaster’s latest crash.

The password manager is finally making it easier for users who’ve forgotten their password, or lost their Secret Key, to regain access to their accounts.

Starting today, users can generate (and make sure to safely store) a recovery code that streamlines the process of recovering their 1Password account. However, the recovery codes will only work for those who still have access to the email address associated with their accounts.