Last week, staff at CrowdStrike pushed out an update through their Content Validator, which unfortunately allowed bad data to be distributed to clients around the world, causing massive IT outages via crashing computers running Windows OS. While staff were quick to catch the bug and revert the update, over 8.5 million systems had already been impacted, from banks to airlines and other high-volume industries. CrowdStrike has since improved their internal testing for updates to ensure this type of incident becomes less likely to occur in the future.
UK law enforcement takes down DDoS marketplace
Following a joint operation between the UK’s National Crime Agency and the Police Service of Northern Ireland (PSNI), the notorious DDoS marketplace DigitalStress was taken offline, and the site’s domain has been replaced with a law enforcement warning to users. The takedown was confirmed on July 22nd, after PSNI officials arrested one of the site’s alleged operators earlier in the month. DigitalStress was a long-running marketplace that offered DDoS-for-hire services and has been traced back to thousands of weekly attacks on organizations around Europe.
13 million Australians impacted by MediSecure breach
After the conclusion of the investigation into a data breach at the Australian medical prescription service provider, MediSecure, it has been confirmed that roughly 13 million individuals have had their sensitive data compromised. The breach initially occurred in May of this year when hackers claimed to have exfiltrated 6.5TB of data from MediSecure servers and subsequently posted the stolen data for sale on a dark web leak site.
Ransomware closes largest trial court in the US
Over the weekend, staff for the Los Angeles Superior Court were forced to close all 36 courthouse locations after identifying a ransomware attack on their internal systems. The initial attack began on Friday morning and quickly spread through the network before being discovered, which lead staff to disable all network devices until restoration procedures could be completed. No ransomware group has claimed responsibility for this attack yet, nor has there been any indication of data being exfiltrated.
Linux variant of Play ransomware spotted
Researchers have identified a new variant of Play ransomware that specifically targets ESXi environments of VMWare on Linux platforms. These targets are highly valuable as they are commonly run in enterprise and manufacturing sectors, and any disruption can cause a significant impact on production and day-to-day operations. This Linux variant also makes multiple checks to identify the system settings, and if it determines to not be on an ESXi system, the ransomware will terminate itself before execution to avoid any detection.
