Security News

A rolling Cloudflare outage is impacting access to web sites worldwide, including BleepingComputer, with sites working in some regions and not others. [...]

CrowdStrike has published a technical root cause analysis of what went wrong when a content update pushed to its Falcon sensors borked over 8.5 million Windows machines around the world on July 19, and has confirmed that it has hired two unnamed third-party software security vendors to review the security and quality assurance of the Falcon sensor code. Expanding on its preliminary post-incident review, the company went into more detail about how the faulty Rapid Response Content - delivered as content configuration updates - failed to be spotted before doing damage.

Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally. Specifically, it's related to a problematic content update deployed over the cloud, describing it as a "Confluence" of several problems that led to a crash: A mismatch between the 21 inputs passed to the Content Validator via the IPC Template Type as opposed to the 20 supplied to the Content Interpreter.

One of the US's largest car dealerships says the IT outage caused by CDK Global's June ransomware attack cost it approximately $30 million. Sonic Automotive filed a Form 8-K with the Securities and Exchange Commission on Monday alongside the release of its quarterly financials, confirming that like its rivals, it too was materially affected by the incident at CDK. Of the total $30 million drop in pre-tax GAAP income, $11.6 million of that related to additional compensation paid to staff, and possibly external contractors, who helped to handle the outage, it said.

​Microsoft has mitigated an Azure outage that lasted more than two hours and took down multiple services for customers across North and Latin America. [...]

The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the...

Cybersecurity company CrowdStrike has been sued by investors who say it provided false claims about its Falcon platform after a bad security update led to a massive global IT outage causing the...

The Azure outage had global reach, impacting a subset of customers attempting to connect to Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy, the Azure portal itself, and a subset of Microsoft 365 and Microsoft Purview services. Many different organisations made statements on Tuesday, notifying users that their services were disrupted as a result of the Azure DDoS attack.

Do you have problems configuring Microsoft's Defender? You might not be alone: Microsoft admitted that whatever it's using for its defensive implementation exacerbated yesterday's Azure instability. Microsoft has published its strategy to defend against network-based DDoS attacks, noting it was unique due to the global footprint of the company.

Microsoft confirmed that a nine-hour outage on Tuesday, which disrupted numerous Microsoft 365 and Azure services worldwide, was caused by a distributed denial-of-service (DDoS) attack. Affected services included Microsoft Entra, Intune, Power BI, Power Platform, Azure App Services, and others.The company explained that their DDoS protection mechanisms were triggered, but an error in the implementation of their defenses exacerbated the attack's impact. Once the issue was identified, Microsoft made networking configuration changes and rerouted to alternate paths to mitigate the problem.