Tuesday, July 23, 2024

Secret Service Director resigns


By Maria Sacchetti,

Carol D. Leonnig,

Nick Miroff and

Shayna Jacobs
Washington Post 

Updated July 23, 2024 at 12:04 p.m. EDT|Published July 23, 2024 at 10:41 a.m. EDT





U.S. Secret Service Director Kimberly Cheatle resigned Tuesday in the aftermath of the assassination attempt on former president Donald Trump in Pennsylvania, telling staff that she took “full responsibility,” according to a copy of a letter sent to agency staff obtained by The Washington Post.

“In light of recent events, it is with a heavy heart that I have made the difficult decision to step down as your Director,” wrote Cheatle, who has been under intense pressure to resign from lawmakers of both parties.

“This incident does not define us,” Cheatle told staff. “I do not want my calls for resignation to be a distraction from the great work each and every one of you do towards our vital mission.”

The attack was the first against a U.S. leader on the elite protective agency’s watch in more than 40 years. Cheatle, a veteran Secret Service agent, had called the security failure involving a gunman shooting from an apparently unsecured roof at a Trump presidential campaign rally July 13 unacceptable and acknowledged that “the buck stops with me.”


She initially had said she would not resign and would cooperate with investigations into the shooting.


But during a House oversight hearing Monday, Cheatle faced withering scorn from Republicans and Democrats alike. Lawmakers took turns criticizing her for declining to answer detailed questions about what went wrong at the Trump rally.


Johnson calls Secret Service director resignation 'overdue'
1:42

House Speaker Mike Johnson (R-La.) on July 23 said Congress would need to rebuild "trust" in the Secret Service after Kimberly Cheatle resigned as director. (Video: The Washington Post)

After Cheatle’s resignation, Oversight committee chairman James Comer (R-Ky.) took credit for pushing her out and pledged “there will be more accountability to come.”

“Egregious security failures leading up to and at the Butler, Pennsylvania campaign rally resulted in the assassination attempt of President Trump, the murder of an innocent victim, and harm to others in the crowd,” Comer said in a statement. “We will continue our oversight of the Secret Service in support of the House Task Force to deliver transparency, accountability, and solutions to ensure this never happens again.”

Friday, July 19, 2024

CrowdStrike glitch exposes major vulnerability to Windows systems


VARIOUS SOURCES:


A failed tech update grounded flights throughout the country after US cybersecurity company CrowdStrike initiated a faulty software update. “This is not a security incident or cyberattack,” said CrowdStrike CEO George Kurtz. “This is the first time in recent modern times we’ve seen something like this happen at this scale,” said New York City’s chief technology officer, Matthew Fraser. The graphic below is a 12 hour timelapse of Delta, American Airlines, and United flights as shared by
@US_Stormwatch.

In the state of Georgia, the Department of Driver Services said its computer systems were down at more than 60 offices statewide. The department was still giving road tests, but wasn’t issuing licenses to people who passed.

The Metropolitan Atlanta Regional Transit Authority said problems had caused service reductions on its rail system earlier in the morning, but that full rail service had been restored.

However, the system’s website, service information systems and online ticket sales remained disrupted.




Banks and health care providers saw their services disrupted and TV broadcasters went offline as businesses worldwide grappled with the ongoing outage. Air travel has been hit hard, too, with planes grounded and services delayed.


At the heart of the issue is Texas-based cybersecurity vendor CrowdStrike. On Friday, the cybersecurity firm experienced a major disruption following an issue with a software update.

CrowdStrike is what’s known as an “endpoint security” firm as it uses cloud technology to apply cyber protections to devices that are connected to the internet.

This differs from alternative approaches used by other cyber firms, which involve applying protection directly to backend server systems.

“Many companies use [CrowdStrike software] and install it on all of their machines across their organization,” Nick France, chief technology officer of IT security firm Sectigo, told CNBC’s “Squawk Box Europe” on Friday.

“So when an update happens that maybe has problems with it, it causes this problem where the machines reboot, and people can’t get back into their computers.”

CrowdStrike’s software requires deep access to a computer’s operating system to scan for threats. In the case of Friday’s outage, machines running Microsoft’s Windows operating system crashed due to a fault in the way a software update issued by CrowdStrike interacted with Windows.

“We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD [blue screen of death]) and get stuck in a restarting state. We approximate impact started around 19:00 UTC on the 18th of July,” Microsoft said in an update at 5:40 a.m. ET.

“We can confirm the affected update has been pulled by CrowdStrike. Customers that are continuing to experience issues should reach out to CrowdStrike for additional assistance,” the company added.

“The challenge here is that security software — because it’s doing its job to protect organizations — it has to have more privileged access to these machines,” he said.

So, while people may be seeing their IT issues as a problem with Windows, “it’s not actually a Windows issue, it’s related to a faulty or bad update from those security software,” Narang added.

CrowdStrike is “actively working with customers impacted by a defect found in a single content update for Windows hosts,” CEO George Kurtz said Friday in a update on social media platform X. He added that Mac and Linux hosts are not affected.

“This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,” Kurtz said.

That fix could be hard to implement, though. Andy Grayland, chief information and security officer at threat intelligence firm Silobreaker, said that in order to implement a fix, engineers would have to go into each individual data center running windows.

They’d then have to log in, navigate to a certain CrowdStrike file, delete it, and then reboot the entire system, he said.

“Where machines are encrypted, complex encryption keys also need to be entered manually. Unless Microsoft and CrowdStrike (if they are involved) pull something miraculous out of the bag, this could be painful to recover from.”

LinkWithin

Blog Widget by LinkWithin