Russ White, Ph.D.’s Post

The whole Crowd Strike's situation: 7/19/2024 7:58PM PT: We have collaborated with Intel to remediate affected hosts remotely using Intel vPro and with Active Management Technology. Read more here: https://lnkd.in/gravkbqs The TA will be updated with this information. 7/19/2024 7:39PM PT: Dashboards are now rolling out across all clouds Update within TA: https://lnkd.in/gFgfHaS8 US1 https://lnkd.in/gGnj4Wwn US2 https://lnkd.in/gsuttAxM EU1 https://lnkd.in/gRNWZJke GOV https://lnkd.in/gJPhYCw3 7/19/2024 6:10PM PT : New blog post: Technical Details on Today’s Outage: https://lnkd.in/gPVi49qZ 7/19/2024 4PM PT : CrowdStrike Intelligence has monitored for malicious activity leveraging the event as a lure theme and received reports that threat actors are conducting activities that impersonate CrowdStrike’s brand. Some domains in this list are not currently serving malicious content or could be intended to amplify negative sentiment. However, these sites may support future social-engineering operations. https://lnkd.in/ghBuhDb7 7/19/2024 1:26PM PT : Our friends at AWS and MSFT have a support article for impacted clients to review: https://lnkd.in/gqQTJ6XD https://lnkd.in/gMvhTCRm 7/19/2024 10:11AM PT : Hello again, here to update everyone with some announcements on our side. 1. Please take a moment to review our public blog post on the outage here. 2. We assure our customers that CrowdStrike is operating normally and this issue does not affect our Falcon platform systems. If your systems are operating normally, there is no impact to their protection if the Falcon Sensor is installed. Falcon Complete and Overwatch services are not disrupted by this incident. 3. If hosts are still crashing and unable to stay online to receive the Channel File Changes, the workaround steps in the TA can be used. 4. How to identify hosts possibly impacted by Windows crashes support article is now available: https://lnkd.in/gvKKcVs9 Remain vigilant for threat actors during this time, CrowdStrike customer success organization will never ask you to install AnyDesk or other remote management tools in order to perform restoration. TA Link:  https://lnkd.in/gFgfHaS8

If your computer is showing the dreaded blue screen of death today or stuck in a boot loop, it might be due to a recent CrowdStrike issue. 🖥️ If you need any assistance with this issue, we can be reached at (850) 601-5566 🔧 #TechTips #PanamaCity #Crowdstrike #BSOD

CrowdStrike

I saw 10's of posts today on Crowdstrike. It's really sad that this has happened and it has caused a global chaos affecting a lot of us. If you are affected, here is the solution: 1. Boot Windows into Safe Mode or WRE. 2. Go to C:\Windows\System32\drivers\CrowdStrike 3. Locate and delete file matching "C-00000291*.sys" 4. Boot normally. Solution Sourced from: Forbes #crowdstrike #mistakes

Yesterday's #Crowdstrike outage makes me question the wisdom of two things: 1.) Using products and services by 3rd party vendors such as Crowdstrike's Falcon or Riot's Vanguard that require kernel access. 2.) Using a single vendor for such critical infrastructure like transportation and medical. This isn't just a comment about Crowdstrike since Microsoft is also involved in someway. My thoughts are of the potential that threat actors could compromise kernel dependent software at the vendor level and create a catastrophic breach for all of the companies that rely on them. My questions for those who know more than I. Is kernel level access required for these system? Doesn't it pose a greater security concern? #Crowdstrike #Serviceoutage #BootLoop

CrowdStrike is on everyone's lips today due to the major outage affecting tons of Windows devices out there. I hope everyone affected by the situation is alright out there (whether you are a technical person scrambling to fix stuff or just someone who can't go on holiday as planned). If you want a summary of what the heck is happening, I've tried to compile everything about the situation as I know it here: https://lnkd.in/eYsbaQZG

Now this is interesting... Whilst the piece under-delivers in terms of memes (I don't think 3 counts as a memes-fest) it's interesting that #Southwest avoided the #crowdstrike #outage that affected so many last week. If I was travelling with them I'd have probably been grateful that my flight successfully flew, but I'm not so happy about why. I am old. I remember #DOS and #Windows 3.1 and as the article points out, 3.1 is now 32 years old 😳. But I am astounded that any critical system is running on an unsupported operating system. I imagine this isn't the only example of CNI operating on legacy kit and, perhaps, isolating this from an internet connection is sufficient to protect it. #investing in modern technology comes at a price we're all aware of, but is vital to maintain modern and well-protected systems. The article also points out that Southwest are (after some pressure, perhaps?) embarking on an update programme. This is great, but strikes me as far too late (maybe 30 years too late?!). We saw legacy systems targeted at the British Library late last year. And I can't help but wonder how many cybercriminal affiliates are now lining up to attack Southwest... This issue has really shone a light into the global systems in use. Microsoft have identified that 8.5 million Windows devices were affected. Less than 1% of all Windows machines. If this is the impact with <1%, what would the impact be with 10, 20, 50 percent or more? Maybe now is the time to think about diversifying operating systems alongside maintaining a current and up-to-date estate? Comments welcome. https://lnkd.in/egk8_HP7

Introducing the first installment of the StrongestLayer blog! Message me if you want learn how we are changing the game in reducing risk at the Human Layer. **Build Resilience Against What Matters** In this entry, Safwan Khan, Head of Threat Intelligence, analyzes real-life evidence of attacker techniques shifting and becoming more advanced in order to trick unsuspecting Microsoft users.

Updating the Crowdstrike Falcon Sensor has given some trouble on a global scale this morning. In the meantime the CrowdStrike Engineering team has identified a content deployment related to this issue and reverted those changes. If hosts are still crashing and unable to stay online to receive the Channel File Changes, the following steps can be used to workaround this issue:  1.    Boot Windows into Safe Mode or the Windows Recovery Environment 2.    Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3.    Locate the file matching “C-00000291*.sys”, and delete it.  4.    Boot the host normally.

Crowdstrike fix! A lot of work for IT teams! Someone needs to built a script a push to end computer. But problem is, who gonna restart that many pc😗 Here are details #crowdstrike #windowsoutage #bsod