The following are the five significant cybersecurity stories or events from the past week.
CrowdStrike hires outside security outfits to review troubled Falcon code
CrowdStrike has hired two outside security firms to review its threat-detection suite Falcon that sparked a global IT outage last month – though it may not have an awful lot to find, because CrowdStrike has identified the simple mistake that caused the meltdown. News of the external review emerged in a root causes analysis [PDF] published on Tuesday by the infosec vendor. As we learned from CrowdStrike’s earlier post-incident write-up of the flawed Falcon update, which boot-looped millions of Windows machines worldwide, the problem began back in February. Read the full story.
Microsoft Azure outage takes down services across North America
Microsoft has mitigated an Azure outage that lasted more than two hours and took down multiple services for customers across North and Latin America. The company says the incident started around 18:22 UTC and impacted services that leverage Azure Front Door (AFD), its modern cloud Content Delivery Network (CDN). “This issue is impacting multiple geographies, mostly in North America and Latin America,” Redmond explained when it first acknowledged the outage on the Azure status page, saying it was caused by what it described as a “configuration change.” Read the full story.
Keytronic Reveals $15 Million Financial Loss from Ransomware Attack
Electronics manufacturing services firm Keytronic has revealed that a recent ransomware attack has resulted in additional expenses and lost revenue totaling over $15 million. The financial impact of this Keytronic cyberattack was disclosed in a preliminary U.S. Securities and Exchange Commission (SEC) financial report for the fourth quarter of fiscal 2024. “Due to this event, the Company incurred approximately $2.3 million of additional expenses and believes that it lost approximately $15 million of revenue during the fourth quarter. Most of these orders are recoverable and are expected to be fulfilled in fiscal year 2025. Partially offsetting these additional expenses was an insurance gain in the amount of $0.7 million that was also recorded during the quarter,” reads the SEC financial Report. Read the full story.
Ransomware Leads to $30M in Lost Income at Sonic Automotive
On Monday, publicly traded Sonic Automotive told investors that a recent ransomware attack against one of its key service providers caused earnings per share to sink by a third during the quarter ending June 30. Based in North Carolina, Sonic Automotive is one of the 500 largest U.S. publicly traded companies and the country’s fifth largest automotive retailer, measured by revenue. Sonic Automative said its GAAP earnings per diluted share for the second quarter amounted to $1.18. Due to CDK Global disruption, that was $0.64 lower than it would have been, “after factoring in estimated lost income and expenses attributable to the incident. Read the full story.
SEC Won’t Bring Charges Against Progress Software Over MOVEit Supply Chain Attack
In a surprising move, the U.S. Securities and Exchange Commission (SEC) has decided not to bring charges against Progress Software over last year’s MOVEit software supply chain attack that exposed the data of millions of people. According to an August 6 Form 8-K filing, the SEC’s Division of Enforcement concluded its investigation into Progress Software’s handling of the incident and decided not to recommend any enforcement action. The MOVEit vulnerability exploit had impacted over 2,000 organizations and over 62 million individuals, with the majority of victims being from the United States. Read the full story.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.