The General thread for Computers And Internet

[RTH10260]

Newsletter writer covering Evolve Bank’s data breach says the bank sent him a cease and desist letter

Mary Ann Azevedo Lorenzo Franceschi-Bicchierai
2:04 PM PDT • July 2, 2024

The situation around a data breach that’s affected an ever-growing number of fintech companies has gotten even weirder. Evolve Bank & Trust announced last week that it was hacked and confirmed the stolen data has been posted to the dark web. Now Evolve has sent a cease and desist letter to the writer of a newsletter who has been covering the ongoing situation.

Jason Mikula, author of respected industry publication Fintech Business Weekly, told TechCrunch that he received a cease and desist letter from the bank telling him not to share files from the dark web with any allegedly impacted fintech companies.

Mikula told TechCrunch that he wasn’t actually doing such sharing but he was offering to do so and did see some of the files. Looking at hacked information is a common practice among journalists when reporting on security breaches as a way to confirm that a breach happened and what was taken.

In this case, Mikula said he’s connected with four people who have access to some of the files that were stolen in the breach and posted on the dark web and has reviewed some of the data himself.

The crux of the problem is that not all the impacted fintechs have received details about what information was stolen in the breach, according to Mikula’s industry sources.



https://techcrunch.com/2024/07/02/evolv ... ta-breach/

[keith]

Okay I'm making progress.

Couple of months ago my C drive crashed. It has taken me awhile to get everything reinstalled, repassworded, and operating smoothly again.

The tech that diagnosed it and fixed the issue did a good job but he messed up a couple of things.

The main one being he reformatted my big disk which first of all didn't have to be touched at all in anyway shape or form, and second of all he wiped the partition setup. I had a second partition for my virtual machine files on there. All content was saved so that isn't too bad.

But after putting everything back together, the VM performance was BAD, BAD, BAD. So I've been fiddling with the VM set up for a couple of months to no avail. Today I figured out a big piece. The tech had also turned off VM Assist in my BIOS. (If you are running on a Gigabyte Motherboard its called VT-d and its under the 'Miscellaneous' heading on the "SETTINGS" page.)

After setting VT-d on, the VM performance is certainly not fast like it was before the crash, but it isn't slow like it has been either.

Its just kinda half-fast now.

So I'm hoping that I can restore the VM definition like it was before I started messing with it. I probably have too many cores defined or something.

[Reality Check]

I got my weather station back up and running this week. I had it boxed up for 4 years since our last move. I have it on Weather Underground by connecting to the internet with a Raspberry Pi 3 micro PC running CumulusMX Linux software. The station is a Davis Vantage Pro 2 wireless. Davis Instruments is the Cadillac of weather instruments. I have had it mounted at 3 different locations and it still works fine. I forgot everything I once knew about Linux so I had to relearn a few things to get everything running.

Hidden Content

This board requires you to be registered and logged-in to view hidden content.

[Mr brolin]

Love my Raspberry Pi's.....

Since work makes me go to various places and countries including those that tend to be a little too invested in monitoring peoples internet activity, the Pi's are very useful to protect my traffic data.

I have 2 Pi's running seperate VPN servers (Wireguard and OpenVPN) on my home network so all my traffic gets encrypted and tunnelled and for extra fun and games, for REALLY nobby countries I tunnel the VPN traffic through TOR hidden services to the PI's.

For those who want a pretty pain free and fairly simple way to set up and run a solid VPN server at home with hardware that cost about 40 bucks, go to https://www.pivpn.io/

[Reality Check]

Love my Raspberry Pi's.....

Yes, they are very versatile. I originally bought this RP3 in 2016 to run the weather software but before long I added a portable hard drive and software to to share it on my network. I shared an old black and white laser printer that had no networking capability built in. It did all those things without a problem. Plus the power consumption is very low. I use SSH and do any maintenance through a terminal window on a PC using PuTTY.

[Mr brolin]

Love my Raspberry Pi's.....

Yes, they are very versatile. I originally bought this RP3 in 2016 to run the weather software but before long I added a portable hard drive and software to to share it on my network. I shared an old black and white laser printer that had no networking capability built in. It did all those things without a problem. Plus the power consumption is very low. I use SSH and do any maintenance through a terminal window on a PC using PuTTY.

Only problem us they seems to breed when I'm not looking..... I'll turn around and another appears to appear as if by magic.

Looking to get the size down even further and up the capability, running a test bed with a couple of Compute Module 4's with a Waveshare "Nano" carrier board.

Literally not much larger than half a credit card footprint and running a full Security Event and Incident Management server (Wazuh) for 25 PC's and Pi's mainly with the family members who are less diligent about clicking on dodgy links, failing to patch etc.

If you want "away from home network" remote access, particularly if you have an Internet service provider who changes your external IP address or you don't want to open a port for VPN, I heartily recommend looking at Zerotier. Creates a virtual ethernet network you can manage yourself, has clients for pretty much any OS and free for up to 25 machines.

[John Thomas8]

I enjoy watching rctestflight program Arduino boards to control his long distance FPV boat missions, and the planes he's done.

[Reality Check]

If you want "away from home network" remote access, particularly if you have an Internet service provider who changes your external IP address or you don't want to open a port for VPN, I heartily recommend looking at Zerotier. Creates a virtual ethernet network you can manage yourself, has clients for pretty much any OS and free for up to 25 machines.

That looks like what I need. We spend half of the year in Floriduh and I would like to be able to use SSH to get to the RP3 to run the CumulusMX interface for troubleshooting.

[Mr brolin]

If you want "away from home network" remote access, particularly if you have an Internet service provider who changes your external IP address or you don't want to open a port for VPN, I heartily recommend looking at Zerotier. Creates a virtual ethernet network you can manage yourself, has clients for pretty much any OS and free for up to 25 machines.

That looks like what I need. We spend half of the year in Floriduh and I would like to be able to use SSH to get to the RP3 to run the CumulusMX interface for troubleshooting.

If you aren't too fussed by occasionally higher latency, SSH'ing via TOR Hidden Sevice is easy and lightweight, so long as your laptop/desktop SSH client supports connection via a Socks5 proxy (I'm a happy user of Bitvise).

[RTH10260]

What foreign "state actors" did not achieve, Microsoft delivers ...

Major Windows BSOD issue takes banks, airlines, and broadcasters offline
/ A faulty update from cybersecurity provider CrowdStrike is responsible for the global outage.

By Tom Warren, a senior editor and author of Notepad, who has been covering all things Microsoft, PC, and tech for over 20 years.
Jul 19, 2024, 9:17 AM GMT+2

Thousands of Windows machines are experiencing a Blue Screen of Death (BSOD) issue at boot today, impacting banks, airlines, TV broadcasters, supermarkets, and many more businesses worldwide. A faulty update from cybersecurity provider CrowdStrike is knocking affected PCs and servers offline, forcing them into a recovery boot loop so machines can’t start properly. CrowdStrike is widely used by many businesses worldwide for managing the security of Windows PCs and servers.

Australian banks, airlines, and TV broadcasters first raised the alarm as thousands of machines started to go offline. The issues are now spreading, as businesses based in Europe are starting their working days. UK broadcaster Sky News was unable to broadcast its morning news bulletins for hours this morning, and was showing a message apologizing for “the interruption to this broadcast.” Ryanair, one of the biggest airlines in Europe, also says it’s experiencing a “third-party” IT issue, which is impacting flight departures.

The Federal Aviation Administration (FAA) says it’s assisting airlines like Delta, United, and American Airlines due to communications issues. “The FAA is closely monitoring a technical issue impacting IT systems at US airlines,” says FAA spokesperson Jeannie Shiffer in a statement to The Verge. “Several airlines have requested FAA assistance with ground stops for their fleets until the issue is resolved.”

Berlin airport is also warning of travel delays due to “technical issues.” Many 911 emergency call centers in Alaska have also been impacted by the issues. One airline in India has even turned to handwritten boarding passes due to the outages.

“We have widespread reports of BSODs on Windows hosts, occurring on multiple sensor versions,” says CrowdStrike in a support note issued at 1:20AM ET today. CrowdStrike has identified the issue and reverted the faulty update, but that doesn’t appear to help machines that have already been impacted.



https://www.theverge.com/2024/7/19/2420 ... tage-issue

[RTH10260]

same

CrowdStrike Windows Outage—What Happened And What To Do Next

Kate O'FlahertySenior ContributorCybersecurity and privacy journalist
Jul 19, 2024,04:35am EDT

A CrowdStrike update is breaking computers running Windows, causing them to crash and display the Blue Screen of Death. Companies around the world have been unable to reboot, according to reports. Firms affected by the outage include Sky News, which has been unable to broadcast.

Concerned users have taken to forums such as Reddit to report the issue, with one user saying: “Wow, stuck in a boot loop, and entire org taken out.”

So if you got into work this morning and were met by frankly, carnage, know that you are not alone. Here’s what happened and what to do next.

What happened

As you might have gathered, an issue with CrowdStrike is causing the widespread global issue. CrowdStrike engineers say they are working on the issue, which affects its Falcon Sensor product. CrowdStrike calls Falcon “the CrowdStrike platform purpose-built to stop breaches via a unified set of cloud-delivered technologies that prevent all types of attacks—including malware and much more.”

The IT outage has affected airports, businesses and broadcasters, according to the Sky News website. Planes have been grounded in the U.S., trains in the U.K. are impacted, as well as boarding scanners at Edinburgh airport in Scotland.


https://www.forbes.com/sites/kateoflahe ... o-do-next/

[RTH10260]

ditto

Crowdstrike and Microsoft: What we know about global IT outage

11 minutes ago
By Robert Plummer, BBC News

A mass IT outage has caused chaos around the world, with major banks, media outlets and airlines among the victims.

Many flights have been grounded, with queues and delays at airports, while shops and communications have also been hit.

The cause is unknown, but Microsoft says it is taking "mitigation action" to deal with "the lingering impact" of the outage.

Australia's home affairs ministry and American Airlines have both said the outage appeared to be related to an issue at global cyber-security firm Crowdstrike.

Here is a summary of what we know so far.


https://www.bbc.com/news/articles/cp4wnrxqlewo

[John Thomas8]

If you run into this mess, and it is quite a mess, here's a quick fix:

Boot windows into safemode or the wre

C: \windows\system32\drivers\crowdstrike

Delete C-00000291*.sys (may be sysagent.sys for some)

Reboot

Some have noted that you may need to rename the crowdstrike folder.

[Greatgrey]

[keith]

My bank is down.
My mobile internet has been down all day, at least on the highway. I've got only 2 bars out of 5 at home.
Airports are in chaos.
Hospitals are having trouble le checking folks in.
TV networks are crippled.

Australia was hit hard because we were awake when the update was pushed out when you were sleeping.

Remember: this was CloudStrike NOT M$oft

[John Thomas8]

r/sysadmin on Reddit is afire this morning trying to help each other clean this mess up.

[RTH10260]

What the concious IT guy wears today

Men's UA Stormproof Cloudstrike 2.0 Jacket

(https://www.underarmour.com.au/en-au/p/ ... 74644.html)

[Dr. Ken]

Oy expect the market to take a hit today

[sugar magnolia]

A friend is in the ICU in renal failure and they can't open the fucking meds cabinets or supply rooms because they're all controlled electronically. No meds for you! Or you. Or you. No meds for anybody!

She's in excruciating pain and they can't give her anything, or hang her next round of antibiotics. They can't even access clean catheters for her, so the choice they gave her was to wait or re-use one after it had been sterilized. So her choices are either have your bladder literally explode in your body, or run the risk of a fatal infection when you're already in the ICU with sepsis.

[neonzx]

All these companies are broken because no contingency plans? They put all the eggs in one basket and let it roll. Smh

[sugar magnolia]

All these companies are broken because no contingency plans? They put all the eggs in one basket and let it roll. Smh

Yep. It's why I don't do everything on-line or through apps.

My friend says they have maintenance at the hospital pharmacy trying to figure out how to break into it. The nurses are trying to figure out how to dispense drugs without being able to scan them. It's a clusterfuck.

[Dr. Ken]

You'd think they'd at least have a manual key to get into them in a safe place or something

[sugar magnolia]

You'd think they'd at least have a manual key to get into them in a safe place or something

It all runs on those ID swipe cards. Keys are apparently how nurses steal all the good fentanyl. No record of who is accessing it.

[bill_g]

C:\>dir /s cloudstrike*.*
Volume in drive C is TIDR
Volume Serial Number is 53470-11412
File Not Found

[RTH10260]

C:\>dir /s cloudstrike*.*
Volume in drive C is TIDR
Volume Serial Number is 53470-11412
File Not Found

You would need to be in an enterprise environment that uses CloudStrike security services, doesn't happen on simple consumer grade machines.