CYBER Insights » THREAT INTEL: Ongoing Critical Security Lapses: CrowdStrike, Microsoft & SolarWinds Exposed Insecure Servers

THREAT INTEL: Ongoing Critical Security Lapses: CrowdStrike, Microsoft & SolarWinds Exposed Insecure Servers

53418278435_1ed0e949a3_h.jpg
Image Credit: IfOnlyCommunications

Helping keep European SMEs CYBERSafe!
Gibraltar: Monday 22 July 2024 at 15:00 CET

THREAT INTEL: Ongoing Critical Security Lapses: CrowdStrike, Microsoft, and SolarWinds Exposed Insecure Servers and Subdomains.

By Andy Jenkinson – Guest Contributor |  Group CEO Cybersec Innovation Partners
via CYBERInsights
First for SME Cybersecurity News
Google Indexed on 220724 at 16:05 CET

#CyberInsights #SMECybersecurityNews #Cybersecurity #WhitethornShield #InternetSecurity #DNS #PKI

Ongoing Critical Security Lapses: CrowdStrike, Microsoft, and SolarWinds Exposed Insecure Servers and Subdomains.

In this alarming revelation, our research demonstrates that CrowdStrike, Microsoft, and SolarWinds—three giants of the cybersecurity and IT world—are operating with glaring vulnerabilities.

Despite Friday’s botched updates from CrowdStrike that caused global IT disruptions, and following high-profile breaches like the SolarWinds Orion hack and Microsoft‘s cyberattacks, these three companies unbelievably maintain insecure subdomains and DNS servers.

CrowdStrike, a company entrusted with protecting some of the most sensitive information, is operating under the pretence of robust security. However, their neglected subdomains and insecure DNS servers paint a different picture. CrowdStrike saw $billions wiped off their shares on Friday with possibly more devaluation and more impact to their clients to come.

The negligence is not only a breach of trust but also a violation of privacy and security regulations, no matter how much CrowdStrike‘s CEO puts his hand up.

AJ_220724

Similarly, Microsoft, a cornerstone of enterprise and personal computing, has been found with the same, identical vulnerabilities. This is particularly egregious considering their prominent role and claims in providing secure and reliable software solutions.

These INSECURE subdomains and servers are an open invitation to cybercriminals, jeopardizing the data of millions of users globally. No security measures can or will compensate for these failings.

SolarWinds, already infamous for the devastating Sunburst malware attack, that exploited NOT SECURE subdomains and INSECURE DNS servers, shows no signs of having learned from past mistakes. The company’s ongoing neglect of basic security measures is indefensible, especially given the critical nature of the services they also provide.

Despite the multiple times we shared information and the provision of concrete evidence, these companies continue to ignore these critical exposed issues, prioritizing Profits and PR over genuine security concerns or their clients security.

Their inaction not only puts every one of their clients at risk, but also undermines public trust in their ability to safeguard critical infrastructure.

Thankfully, agencies like the Federal Bureau of Investigation (FBI) and Federal Aviation Administration were grateful and took our information and intelligence seriously and actioned them, underscoring the gravity of the situation.

It’s high time these tech behemoths ‘own’ their security failings and take immediate action to rectify these vulnerabilities before the next catastrophic breach occurs.

Cybersec Innovation Partners
GCHQ
National Cyber Security Centre
FBI Cyber Division
Central Intelligence Agency
U.S. Department of Homeland Security
United States Department of Defense
ABC News
CNN
CNBC
Fox News Media
BBC News
InternetSecurity
DNS PKI

 

About Andy Jenkinson

Group CEO CIP. Fellow Cyber Theory Institute. Director Fintech & Cyber Security Alliance (FITCA) working with Governments. Recognised Expert in Internet Asset & DNS Vulnerabilities.

Andy Jenkinson is a senior and seasoned innovative Executive with over 30 years’ experience as a hands-on lateral thinking CEO, coach, and leader. A ‘big deal’ business accelerator, and inspirational, lateral thinker, Andy has crafted, created, and been responsible for delivering 100’s £ millions of projects within the Cyber, Technical, Risk and Compliance markets for some of the world’s largest, leading organisations. Andy has a demonstrable track record of largescale technical delivery and management within many sectors including the Professional, Managed, and Financial Services.

Leave a Reply

Your email address will not be published. Required fields are marked *