Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
We do not use cookies of this type.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
We do not use cookies of this type.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
We do not use cookies of this type.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
We do not use cookies of this type.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
We do not use cookies of this type.
A Wake-Up Call Long Overdue: The Cost of Ignoring Cybersecurity Failures.
Last Week’s global IT outages may not have been as a result of a cyberattack, but the fallout was just as catastrophic.
George Kurtz’s apology for CrowdStrike‘s flawed software updates, which crashed millions of Wintel Operating Systems, underscores a glaring oversight in our Quality Control and digital defenses.
Whilst the incident may not have been a hack, it was, and is a colossal security failure and issue. It is one that echoes the infamous SolarWinds debacle of December 2020.
The similarities do not end there.
SolarWinds, whose subdomains and DNS servers were exploited provided complete access to SolarWinds infrastructure due to their insecurity resulting in the largest Cyberattack in history. Despite warnings and insights we shared with Tim Brown of SolarWinds and thereafter with George Kurtz of CrowdStrike, both companies exhibited a staggering lapse in addressing those vulnerabilities.
On the 14 May 2021 SolarWinds addressed their DNS. It wasn’t until nearly two years later on March 11, 2023, that CrowdStrike finally tackled their insecure DNS servers—after multiple notifications from us about the exposure.
These incidents reveal a systemic problem: arrogance in the industry, and software vendors’ updates lack rigorous quality control. Clients naively assume updates are secure. It does not matter if it is an Orion or Falcon, or any other software for that matter.
Software, like all digital packets, go from A to B and typically require servers to do so. If those servers are compromised, so can the update be.
Both companies’ servers remain on the DNS blacklist, indicating they’ve been misused for malicious activities. We have continuously informed SolarWinds and CrowdStrike.