October 18, 2024
CYBER Insights » THREAT INTEL: Ongoing Critical Security Lapses: CrowdStrike, Microsoft & SolarWinds Exposed Insecure Servers

THREAT INTEL: Ongoing Critical Security Lapses: CrowdStrike, Microsoft & SolarWinds Exposed Insecure Servers

admin July 22, 2024
Image Credit: IfOnlyCommunications

Helping keep European SMEs CYBERSafe!
Gibraltar: Monday 22 July 2024 at 15:00 CET

THREAT INTEL: Ongoing Critical Security Lapses: CrowdStrike, Microsoft, and SolarWinds Exposed Insecure Servers and Subdomains.

By Andy Jenkinson – Guest Contributor |  Group CEO Cybersec Innovation Partners
via CYBERInsights
First for SME Cybersecurity News
Google Indexed on 220724 at 16:05 CET

#CyberInsights #SMECybersecurityNews #Cybersecurity #WhitethornShield #InternetSecurity #DNS #PKI

Ongoing Critical Security Lapses: CrowdStrike, Microsoft, and SolarWinds Exposed Insecure Servers and Subdomains.

In this alarming revelation, our research demonstrates that CrowdStrike, Microsoft, and SolarWinds—three giants of the cybersecurity and IT world—are operating with glaring vulnerabilities.

Despite Friday’s botched updates from CrowdStrike that caused global IT disruptions, and following high-profile breaches like the SolarWinds Orion hack and Microsoft‘s cyberattacks, these three companies unbelievably maintain insecure subdomains and DNS servers.

CrowdStrike, a company entrusted with protecting some of the most sensitive information, is operating under the pretence of robust security. However, their neglected subdomains and insecure DNS servers paint a different picture. CrowdStrike saw $billions wiped off their shares on Friday with possibly more devaluation and more impact to their clients to come.

The negligence is not only a breach of trust but also a violation of privacy and security regulations, no matter how much CrowdStrike‘s CEO puts his hand up.

Similarly, Microsoft, a cornerstone of enterprise and personal computing, has been found with the same, identical vulnerabilities. This is particularly egregious considering their prominent role and claims in providing secure and reliable software solutions.

These INSECURE subdomains and servers are an open invitation to cybercriminals, jeopardizing the data of millions of users globally. No security measures can or will compensate for these failings.

SolarWinds, already infamous for the devastating Sunburst malware attack, that exploited NOT SECURE subdomains and INSECURE DNS servers, shows no signs of having learned from past mistakes. The company’s ongoing neglect of basic security measures is indefensible, especially given the critical nature of the services they also provide.

Despite the multiple times we shared information and the provision of concrete evidence, these companies continue to ignore these critical exposed issues, prioritizing Profits and PR over genuine security concerns or their clients security.

Their inaction not only puts every one of their clients at risk, but also undermines public trust in their ability to safeguard critical infrastructure.

Thankfully, agencies like the Federal Bureau of Investigation (FBI) and Federal Aviation Administration were grateful and took our information and intelligence seriously and actioned them, underscoring the gravity of the situation.

It’s high time these tech behemoths ‘own’ their security failings and take immediate action to rectify these vulnerabilities before the next catastrophic breach occurs.

Cybersec Innovation Partners
GCHQ
National Cyber Security Centre
FBI Cyber Division
Central Intelligence Agency
U.S. Department of Homeland Security
United States Department of Defense
ABC News
CNN
CNBC
Fox News Media
BBC News
InternetSecurity
DNS PKI

 

Learn More /...

About Andy Jenkinson

Group CEO CIP. Fellow Cyber Theory Institute. Director Fintech & Cyber Security Alliance (FITCA) working with Governments. Recognised Expert in Internet Asset & DNS Vulnerabilities.

Andy Jenkinson is a senior and seasoned innovative Executive with over 30 years’ experience as a hands-on lateral thinking CEO, coach, and leader. A ‘big deal’ business accelerator, and inspirational, lateral thinker, Andy has crafted, created, and been responsible for delivering 100’s £ millions of projects within the Cyber, Technical, Risk and Compliance markets for some of the world’s largest, leading organisations. Andy has a demonstrable track record of largescale technical delivery and management within many sectors including the Professional, Managed, and Financial Services.

Learn More /...
LinkedIn
Tags:

Learn More/…

Image Credit: PublicDomainPictures/Pixabay

LONDON TRANSPORT OUTAGE: British Teenager arrested over London transport (TfL) Cyber attack

admin September 13, 2024
Hacked System

THREAT INTEL: OKTA’s Cyberattack exposes critical vulnerabilities, due to insecure Internet assets

admin August 15, 2024
Data Center Room

THREAT INTEL: DNS Poisoning exploited a number of ISP’s enabling hackers to deliver Malware

admin August 9, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Read Posts …

Image Credit: This_is_Engineering/Pixabay - Skills

CYBER INSIGHTS: Friday 18 October 2024 – Today’s SME Cybersecurity News & Intelligence

admin October 18, 2024
CI_Feature Cyber NIS2

CYBER AWARENESS: Small Business Cyber Compliance NIS2

admin October 17, 2024
Image Credit: Oseven0/Wikimedia

EUROPOL: Charges unveiled in ongoing effort to de-anonymise DDoS group Anonymous Sudan

admin October 17, 2024
Image Credit: Freepik.com - Ransomware https://www.freepik.com/

CYBER INSIGHTS: Thursday 17 October 2024 – Today’s SME Cybersecurity News & Intelligence

admin October 17, 2024
CYBERInsights | Small Business SME CyberSecurity News

COMPLIANCE: Do you know what your UK Small Business Cyber Compliance obligations are?

admin October 16, 2024
CYBERInsights