Security News

Black Hat and DEF CON Roundup 2024: CrowdStrike Accepts ‘Epic Fail’ Award
2024-08-12 17:00

Black Hat and DEF CON are two of the major security conferences in the U.S., drawing large crowds of cyber and AI decision-makers to Las Vegas. Black Hat USA 2024 runs from August 3-8, with most of the briefings occurring on August 7 and 8; DEF CON 32 runs from August 8-11.

Delta: CrowdStrike's offer to help in Falcon meltdown was too little, too late
2024-08-08 22:30

Delta Air Lines has come out swinging at CrowdStrike in a letter accusing the security giant of trying to "Shift the blame" for the IT meltdown caused by its software - and that CrowdStrike CEO George Kurtz's offer of support was too little, too late. Today, Delta laid out its defense for how it handled itself in the wake of that disastrous Falcon update, which grounded planes and ruined millions of Delta customers' plans.

CrowdStrike engages external experts, details causes of massive outage
2024-08-07 12:56

CrowdStrike has published a technical root cause analysis of what went wrong when a content update pushed to its Falcon sensors borked over 8.5 million Windows machines around the world on July 19, and has confirmed that it has hired two unnamed third-party software security vendors to review the security and quality assurance of the Falcon sensor code. Expanding on its preliminary post-incident review, the company went into more detail about how the faulty Rapid Response Content - delivered as content configuration updates - failed to be spotted before doing damage.

CrowdStrike Reveals Root Cause of Global System Outages
2024-08-07 10:28

Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally. Specifically, it's related to a problematic content update deployed over the cloud, describing it as a "Confluence" of several problems that led to a crash: A mismatch between the 21 inputs passed to the Content Validator via the IPC Template Type as opposed to the 20 supplied to the Content Interpreter.

CrowdStrike hires outside security outfits to review troubled Falcon code
2024-08-07 00:18

CrowdStrike has hired two outside security firms to review the Falcon sensor code that sparked a global IT outage last month - but it may not have an awful lot to find, because CrowdStrike has identified the simple mistake that caused the incident. The update went through the usual development and testing, and then CrowdStrike pushed a new "Template Type" including the IPC-related info to its Falcon sensors in a "Channel File" numbered 291.

Crowdstrike: Delta Air Lines refused free help to resolve IT outage
2024-08-05 20:09

The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the...

CrowdStrike unhappy about Delta's 'litigation threat,' claims airline refused 'free on-site help'
2024-08-05 12:32

"Delta's public threat of litigation distracts from this work and has contributed to a misleading narrative that CrowdStrike is responsible for Delta's IT decisions and response to the outage," the letter reads. "Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions - swiftly, transparently, and constructively - while Delta did not."

CrowdStrike sued by investors over massive global IT outage
2024-08-02 14:32

Cybersecurity company CrowdStrike has been sued by investors who say it provided false claims about its Falcon platform after a bad security update led to a massive global IT outage causing the...

Too late now for canary test updates, says pension fund suing CrowdStrike
2024-08-01 18:40

In what will likely be one of many class-action complaints against the embattled IT security firm, a retirement association has accused CrowdStrike, its CEO George Kurtz, and CFO Burt Podbere of defrauding it and fellow shareholders by making false and misleading statements about the biz's Falcon endpoint defense software. CrowdStrike and its top execs "Repeatedly touted the efficacy of the Falcon platform while assuring investors that CrowdStrike's technology was 'validated, tested, and certified,'" the Plymouth County Retirement Association's lawsuit [PDF], filed this week in Texas federal court, reads.

Delta Air Lines dials up Microsoft's legal nemesis over CrowdStrike losses
2024-07-30 19:00

Delta Air Lines lost hundreds of millions of dollars due to the CrowdStrike outage earlier this month - and it has hired a high-powered law firm to claw some of those lost funds back, potentially from the Falcon maker and Microsoft itself. CNBC broke the news yesterday that Delta had hired famed lawyer David Boies to look into what the airline could do to recoup as much as an estimated $500 million in operational losses due to the July 19 CrowdStrike outage.