Top 5 Cybersecurity stories for week ending 11 August 2024

The following are the five significant cybersecurity stories or events from the past week.

CrowdStrike has hired two outside security firms to review its threat-detection suite Falcon that sparked a global IT outage last month – though it may not have an awful lot to find, because CrowdStrike has identified the simple mistake that caused the meltdown. News of the external review emerged in a root causes analysis [PDF] published on Tuesday by the infosec vendor. As we learned from CrowdStrike’s earlier post-incident write-up of the flawed Falcon update, which boot-looped millions of Windows machines worldwide, the problem began back in February. Read the full story.

Microsoft has mitigated an Azure outage that lasted more than two hours and took down multiple services for customers across North and Latin America. The company says the incident started around 18:22 UTC and impacted services that leverage Azure Front Door (AFD), its modern cloud Content Delivery Network (CDN). “This issue is impacting multiple geographies, mostly in North America and Latin America,” Redmond explained when it first acknowledged the outage on the Azure status page, saying it was caused by what it described as a “configuration change.” Read the full story.

Electronics manufacturing services firm Keytronic has revealed that a recent ransomware attack has resulted in additional expenses and lost revenue totaling over $15 million. The financial impact of this Keytronic cyberattack was disclosed in a preliminary U.S. Securities and Exchange Commission (SEC) financial report for the fourth quarter of fiscal 2024. “Due to this event, the Company incurred approximately $2.3 million of additional expenses and believes that it lost approximately $15 million of revenue during the fourth quarter. Most of these orders are recoverable and are expected to be fulfilled in fiscal year 2025. Partially offsetting these additional expenses was an insurance gain in the amount of $0.7 million that was also recorded during the quarter,” reads the SEC financial ReportRead the full story.

On Monday, publicly traded Sonic Automotive told investors that a recent ransomware attack against one of its key service providers caused earnings per share to sink by a third during the quarter ending June 30. Based in North Carolina, Sonic Automotive is one of the 500 largest U.S. publicly traded companies and the country’s fifth largest automotive retailer, measured by revenue. Sonic Automative said its GAAP earnings per diluted share for the second quarter amounted to $1.18. Due to CDK Global disruption, that was $0.64 lower than it would have been, “after factoring in estimated lost income and expenses attributable to the incident. Read the full story.

In a surprising move, the U.S. Securities and Exchange Commission (SEC) has decided not to bring charges against Progress Software over last year’s MOVEit software supply chain attack that exposed the data of millions of people. According to an August 6 Form 8-K filing, the SEC’s Division of Enforcement concluded its investigation into Progress Software’s handling of the incident and decided not to recommend any enforcement action. The MOVEit vulnerability exploit had impacted over 2,000 organizations and over 62 million individuals, with the majority of victims being from the United States. Read the full story.

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.