Microsoft put into action their response to the CrowdStrike incident

Plus multinational gambling company hacked, macOS and iOS vulnerabilities & FREE beginner hacking games

Author

InfoSec Sam
November 24, 2024

This Week’s News

Microsoft CrowdStrike Response

We all remember the mass outages earlier this year caused by a CrowdStrike sensor crash. Well, it seems Microsoft have been working on actions to prevent this reoccurring again and have introduced a Quick Machine Recovery tool.

The tool will enable IT administrators to execute “targeted fixes” from Windows Update, even when machines are unable to boot, without needing physical access to the PC. 

Microsoft also announced that anti-malware vendors are being asked to adopt Safe Deployment Practices, which means that all security product updates must be gradual, leverage deployment rings, as well as monitoring to ensure any negative impact from updates is kept to a minimum. 

Let’s hope this helps to avoid a repeat of this kind of event!

Gambling Company Attacked

Multinational gambling company International Game Technology (IGT) fell victim to a cyberattack over the weekend and have resorted to taking some systems offline.

“An unauthorised third party gained access to certain of its systems, and the company has experienced disruptions in portions of its internal information technology systems and applications resulting from this cybersecurity incident,” IGT said in a filing with the US Securities and Exchange Commission.

IGT have not stated what type of cyberattack they suffered but the likely scenario is that they were hit by ransomware.

Google TAGs Apple

Apple recently rushed out a major macOS and iOS update to patch two vulnerabilities that are already being exploited in the wild.

The vulnerabilities were identified by Google’s TAG (Threat Analysis Group) and effect Apple’s Intel-based macOS systems.

Raw details on the patched vulnerabilities:

  • CVE-2024-44308 — JavaScriptCore — Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

  • CVE-2024-44309 — WebKit —  Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Other News

  • Tate Site Attack - Website belonging to the infamous Andrew Tate has been compromised and details of his subscribers leaked.

  • Digital Legacy - Japan’s government is urging its citizens to put their usernames and passwords in their will to help loved ones avoid difficulties in managing their ‘digital legacy’.

Password GIF

Career Development

FREE Cyber Hacking Advent Calendar

Another reminder that starting December 1st, TryHackMe are kicking off their annual Advent of Cyber event. Daily beginner friendly, gamified cyber security challenges throughout the month of December.

You can join in on the fun for free using the following link and there are also prizes to be won!:

Subscribe to keep reading

This content is free, but you must be subscribed to InfoSecSam's Newsletter to continue reading.

I consent to receive newsletters via email. Terms of use and Privacy policy.

Already a subscriber?Sign in.Not now