November 21, 2024
CYBER Insights » THREAT INTEL: Ongoing Critical Security Lapses: CrowdStrike, Microsoft & SolarWinds Exposed Insecure Servers

THREAT INTEL: Ongoing Critical Security Lapses: CrowdStrike, Microsoft & SolarWinds Exposed Insecure Servers

admin July 22, 2024
Image Credit: IfOnlyCommunications

Helping keep European SMEs CYBERSafe!
Gibraltar: Monday 22 July 2024 at 15:00 CET

THREAT INTEL: Ongoing Critical Security Lapses: CrowdStrike, Microsoft, and SolarWinds Exposed Insecure Servers and Subdomains.

By Andy Jenkinson – Guest Contributor |  Group CEO Cybersec Innovation Partners
via CYBERInsights
First for SME Cybersecurity News
Google Indexed on 220724 at 16:05 CET

#CyberInsights #SMECybersecurityNews #Cybersecurity #WhitethornShield #InternetSecurity #DNS #PKI

Ongoing Critical Security Lapses: CrowdStrike, Microsoft, and SolarWinds Exposed Insecure Servers and Subdomains.

In this alarming revelation, our research demonstrates that CrowdStrike, Microsoft, and SolarWinds—three giants of the cybersecurity and IT world—are operating with glaring vulnerabilities.

Despite Friday’s botched updates from CrowdStrike that caused global IT disruptions, and following high-profile breaches like the SolarWinds Orion hack and Microsoft‘s cyberattacks, these three companies unbelievably maintain insecure subdomains and DNS servers.

CrowdStrike, a company entrusted with protecting some of the most sensitive information, is operating under the pretence of robust security. However, their neglected subdomains and insecure DNS servers paint a different picture. CrowdStrike saw $billions wiped off their shares on Friday with possibly more devaluation and more impact to their clients to come.

The negligence is not only a breach of trust but also a violation of privacy and security regulations, no matter how much CrowdStrike‘s CEO puts his hand up.

Similarly, Microsoft, a cornerstone of enterprise and personal computing, has been found with the same, identical vulnerabilities. This is particularly egregious considering their prominent role and claims in providing secure and reliable software solutions.

These INSECURE subdomains and servers are an open invitation to cybercriminals, jeopardizing the data of millions of users globally. No security measures can or will compensate for these failings.

SolarWinds, already infamous for the devastating Sunburst malware attack, that exploited NOT SECURE subdomains and INSECURE DNS servers, shows no signs of having learned from past mistakes. The company’s ongoing neglect of basic security measures is indefensible, especially given the critical nature of the services they also provide.

Despite the multiple times we shared information and the provision of concrete evidence, these companies continue to ignore these critical exposed issues, prioritizing Profits and PR over genuine security concerns or their clients security.

Their inaction not only puts every one of their clients at risk, but also undermines public trust in their ability to safeguard critical infrastructure.

Thankfully, agencies like the Federal Bureau of Investigation (FBI) and Federal Aviation Administration were grateful and took our information and intelligence seriously and actioned them, underscoring the gravity of the situation.

It’s high time these tech behemoths ‘own’ their security failings and take immediate action to rectify these vulnerabilities before the next catastrophic breach occurs.

Cybersec Innovation Partners
GCHQ
National Cyber Security Centre
FBI Cyber Division
Central Intelligence Agency
U.S. Department of Homeland Security
United States Department of Defense
ABC News
CNN
CNBC
Fox News Media
BBC News
InternetSecurity
DNS PKI

 

Learn More /...

About Andy Jenkinson

Group CEO CIP. Fellow Cyber Theory Institute. Director Fintech & Cyber Security Alliance (FITCA) working with Governments. Recognised Expert in Internet Asset & DNS Vulnerabilities.

Andy Jenkinson is a senior and seasoned innovative Executive with over 30 years’ experience as a hands-on lateral thinking CEO, coach, and leader. A ‘big deal’ business accelerator, and inspirational, lateral thinker, Andy has crafted, created, and been responsible for delivering 100’s £ millions of projects within the Cyber, Technical, Risk and Compliance markets for some of the world’s largest, leading organisations. Andy has a demonstrable track record of largescale technical delivery and management within many sectors including the Professional, Managed, and Financial Services.

Learn More /...
LinkedIn
Tags:

Learn More/…

Image Credit: creativeart/Freepik Email Security

NCSC: Check Your Email Security a service to help UK organisations check for vulnerabilities.

admin November 11, 2024
Image Credit Tumisu_Pixabay

NUISANCE CALLS: Cold Calling – Back Market reveals the UK area codes where most calls originate

admin November 7, 2024
Image Credit: Tumisu/Pixabay https://pixabay.com/users/tumisu-148124

EMAIL SECURITY: Use domain email accounts NOT Freemail as Cybercriminals Bypass MFA

admin November 6, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Read Posts …

Image Credit creativeart/Freepik

CYBER INSIGHTS: Thursday 21 November 2024 – Today’s SME Cybersecurity News & Intel

admin November 21, 2024
Image Credit: VWalakte via Freepik

HACK JACKING: What is Hack Jacking? The Takeover of Systems via Insecure assets … 

admin November 20, 2024
Image Credit: Lukas/Pixabay (AI) Image URL: https://pixabay.com/users/computerizer-4588466

CYBER INSIGHTS: Wednesday 20 November 2024 – Today’s SME Cybersecurity News & Intel

admin November 20, 2024
Cybersecurity Journalist | Small Business Cyber News

FRAUD: What is Payment Diversion Fraud? Practical Advice from ActionFraudUK

admin November 19, 2024
Image Credit: Alexa/Pixabay

CYBER INSIGHTS: Tuesday 19 November 2024 – Today’s SME Cybersecurity News & Intel

admin November 19, 2024
CYBERInsights