3 min
IT news August brings a surge of IT developments that demand the attention of MSPs and integrators. Cybersecurity threats are becoming more sophisticated, with recent attacks exploiting vulnerabilities in popular platforms. SonicWall’s latest innovations promise enhanced security for remote workforces, while Acronis warns of critical infrastructure flaws.
Meanwhile, KnowBe4’s new tool aims to fortify network defences by simulating hacker tactics. Additionally, the discovery of an extensive phishing campaign exploiting CrowdStrike’s recent outage highlights the persistent risks in today’s digital landscape. Below, we explore these IT news highlights and more, ensuring you’re equipped with the knowledge to stay ahead in this dynamic field.
CrowdStrike Reports 97% of Windows Sensors Restored After Outage
CrowdStrike announced that over 97% of its Windows sensors are back online following a widespread outage caused by a faulty update to its Falcon platform. The error is estimated to have taken down 8.5 million Windows systems. It affected millions of devices and disrupted corporate networks globally, CrowdStrike CEO George Kurtz apologized for the disruption, attributing the issue to a bug in a diagnostic program and emphasizing the company’s commitment to full restoration.
Read more about this IT news here.
A New Spear-Phishing Campaign Targets CrowdStrike Customers After Outage
Threat actors are targeting CrowdStrike customers in Germany. They used a spear-phishing campaign that capitalized on a domain registered after the recent global IT outage of its Falcon platform. The attackers lured victims into downloading a fake CrowdStrike Crash Reporter tool containing a trojanized installer that injected malicious code into a JavaScript file. The campaign’s sophisticated methods, including encrypted installer contents and a required password for further actions, have hindered attribution efforts.
Read more about this IT news here.
KnowBe4 Hires North Korean Hacker
KnowBe4, a leading cybersecurity firm, disclosed that it unknowingly hired a North Korean hacker who immediately attempted to load malware onto his work computer. The hacker used a stolen identity. He passed several security checks, but KnowBe4 quickly detected suspicious activities and contained his device. KnowBe4’s CEO, Stu Sjouwerman, emphasized the importance of vigilance in hiring to prevent such state-sponsored cyber threats.
Read more about this IT news here.
SonicWall Introduces Cloud Secure Edge (CSE) for MSPs, with Zero Trust Network Access
SonicWall introduced Cloud Secure Edge (CSE), a Zero Trust Network Access (ZTNA) solution tailored for MSPs to support customers with remote workforces and cloud migration. CSE offers flexible, cost-effective remote and internet access solutions, allowing secure connections from any device and location. Integrating with SonicWall’s existing infrastructure, CSE enhances security with features like firewall connectors, seamless integration with MySonicWall, simplified remote access, and multi-tenant management.
Read more about this IT news here.
KnowBe4 has released BreachSim, a free tool designed to help organizations identify and mitigate network security vulnerabilities from a hacker’s perspective. This tool allows IT security professionals to detect data exfiltration methods and pinpoint weaknesses in their security infrastructure. BreachSim provides quick, detailed analysis to enhance an organization’s security posture and reduce human-related cyber risks.
Read more about this IT news here.
Major XSS Vulnerability Found in OAuth Implementations Threatens Millions of Websites
Salt Labs has identified cross-site scripting (XSS) vulnerability. It affected millions of websites due to improper implementation of OAuth, a tool commonly used for social logins. Unlike traditional product vulnerabilities, this issue arises from how web developers integrate OAuth, potentially leading to complete account takeovers. Highlighting examples like HotJar and Business Insider, Salt Labs urges website operators to review their OAuth implementations and offers a free scanner to detect vulnerabilities.
Read more about this IT news here.
Proofpoint Email Routing Misconfiguration Enables Massive Spoofed Phishing Campaign
An unidentified threat actor exploited a misconfiguration in Proofpoint’s email routing system to send millions of spoofed phishing emails, impersonating companies like Best Buy, IBM, and Nike. Dubbed “EchoSpoofing,” the campaign leveraged Proofpoint’s authenticated email relays to bypass major security measures and deceive recipients. Proofpoint has since addressed the flaw and implemented measures to prevent similar exploits in the future.
Read more about this IT news here.
NIST Vulnerability Backlog May Hit 30,000 by 2025
A new analysis reveals that the National Institute of Standards and Technology (NIST) faces a growing backlog of over 16,000 unanalyzed vulnerabilities, potentially surging to 30,000 by 2025 if processing rates don’t improve. The National Vulnerability Database (NVD), which logs an average of 100 new security flaws daily, has been struggling due to resource constraints and other challenges, analyzing just over 30 vulnerabilities per day in 2024. NIST has initiated plans, including awarding an $865,657 contract to Analygence for additional support, but experts warn more automation and private sector assistance may be necessary.
Read more about this IT news here.
Acronis Alerts on Exploitation of Cyber Infrastructure Default Password Flaw
Acronis has warned customers to patch a critical vulnerability in its Cyber Infrastructure (ACI) platform, which allows attackers to bypass authentication using default credentials. The flaw (CVE-2023-45249) affects multiple versions of ACI and can lead to remote code execution, with over 750,000 businesses potentially at risk. Despite being patched nine months ago, recent attacks exploiting this vulnerability have prompted Acronis to urge administrators to update their systems immediately to maintain security.
Read more about this IT news here.
Interested in more IT insights?
Check out our IT news section and never miss an important story!
Further reading:
Share via Social Networks