Following 8.5 million Microsoft devices being hit by a faulty software update from CrowdStrike causing global chaos, we look at what happened, how, and why.

The Worst Cyber Event In History 

The scale of effects of the disruption caused make this event, which began on 18 July (Microsoft) or 19 July (according to CrowdStrike), makes it the worst cyber event in history, beating the WannaCry cyber-attack in 2017 where 300,000 computers in 150 countries were affected.

Who Are CrowdStrike? 

Texas-based cybersecurity technology company, CrowdStrike, formed in 2011, provides an AI and machine learning powered, cloud-based enterprise endpoint protection platform (intelligent real-time antivirus) called Falcon which is used by a wide range of businesses and organisations.

What Caused The Problems? 

As part of the Falcon protection mechanisms, it receives regular software updates. However, the recent update which caused the outage was described as a “sensor configuration update to Windows systems”. In this case, the faulty sensor software update triggered a logic error which resulted in a system crash and blue screen (the ‘Blue Screen Of Death’ – BSOD) on impacted systems, i.e. the computer system for the companies that were running Microsoft operating systems and using CrowdStrike’s Falcon platform (those running Falcon sensor for Windows version 7.11 and above) were completely disabled.

The ‘sensor’ is a software agent installed on endpoint devices (such as Windows systems).

Only Windows Affected 

The faulty software update only impacted Microsoft because the Falcon sensor update was specifically designed specifically just for the Windows operating system and the logic error that triggered the system crashes and blue screens (BSOD) was tied to a component or function that is unique to Windows environments.

Enormous Impact 

The faulty CrowdStrike software update caused major disruptions across a wide variety of industries globally, which included:

Airlines

Airlines experienced severe operational disruptions, thousands of cancelled /grounded flights and causing delays and passenger queues at major airports, such as the UK’s Stanstead and Gatwick airports and Berlin’s BER and Newark International airports. Passengers faced long waits while the airlines struggled to manage schedules and customer service due to the system failures. Customers (many of whom only learned of the cancellation of their flight when they arrived at the airport) suffered delays, as well as the stress, disruption, and expense of having to find later alternative flights and alternative routes, and/or book hotels overnight, and pay more for overdue car parking back at home.

Healthcare 

Hospitals and healthcare systems were notably impacted, with some facilities facing delays in clinical procedures and disruptions in medical technology and communications. This situation forced many hospitals to implement manual restoration of systems and downtime procedures, which affected patient care and led to cancellations of some clinical services. Even pharmacies have been affected with customers unable to get their prescriptions.

Financial Services 

Many banks and financial institutions encountered issues processing transactions, leading to service interruptions. The outage affected ATMs and online banking services, causing inconvenience to customers and operational delays.

Media and Broadcasting

Broadcasters such as Sky News experienced temporary outages, affecting their ability to deliver news and updates to the public, thereby highlighting the apparent reliance of media companies on cybersecurity and IT infrastructure to maintain continuous service.

Emergency Services 

Emergency call centres also faced operational challenges, which impacted their ability to respond promptly to emergencies, leading to increased risk and delays in emergency response times, raising significant public safety concerns.

Retail 

Retailers also had difficulties, particularly in their point-of-sale systems and online platforms. This disruption led to transaction delays and affected inventory management, impacting both in-store and online sales.

Fix Issued 

CrowdStrike says it has issued a fix although this in itself may be time-consuming and disruptive because it involves having to apply the fix to each affected device separately and the need for a manual reboot in safe mode for affected computers, thereby creating considerable work and issues for IT departments everywhere.

Ongoing 

At the time of writing this, the many effects are ongoing, and are expected to last around one week.

Not A Cyber Attack, But Cyber Attack Risk Now Increased 

Although CrowdStrike Founder and CEO, George Kurtz, stressed in a statement that the outage was “not a cyberattack”, there are warnings that scams and cyberattacks should now be expected, e.g. cyber attackers setting up phishing websites and running scams under the guise of offering help / fixes for those affected. Secureworks, for example, has reported a spike in CrowdStrike-themed domain registrations (a sign of potential phishing websites being set up), and there have been reports of emails being circulated by scammers claiming to be ‘CrowdStrike Support’ or ‘CrowdStrike Security’. The advice, therefore, is for those affected to only use CrowdStrike’s website to source information and help.

Although not directly related, on the theme of online security and issues relating to antivirus software, Russian security company Kaspersky has just announced that it will be exiting the US market and consequently will be cutting staff ahead of a government-imposed sales ban. Kaspersky reports: “Starting from July 20, 2024, Kaspersky will gradually wind down its US operations and eliminate US-based positions” and that “The decision and process follows the Final Determination by the US Department of Commerce, prohibiting the sales and distribution of Kaspersky products in the US”.

Sorry! 

Following the CrowdStrike issue, the company’s CEO, George Kurtz, has issued an apology, saying: “I want to sincerely apologise directly to all of you for the outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority”. 

What Does This Mean For Your Business?

The catastrophic event involving CrowdStrike’s faulty software update serves as a stark reminder of the vulnerabilities that can arise from our reliance on advanced cybersecurity solutions. For businesses, this incident is a reminder of the critical importance of rigorous testing and validation processes for all software updates. It also highlights the need for robust contingency plans to ensure operational continuity in the face of unexpected system failures.

The extensive disruption across various industries, from airlines to healthcare, illustrates the interconnected nature of modern business operations and the potential widespread impact of a single point of failure. Companies must therefore try to prioritise not only their own cybersecurity measures but also closely scrutinise and manage the cybersecurity protocols of their service providers and partners.

The legal and financial ramifications of such events also can’t be ignored. The anticipated lawsuits and claims for damages resulting from operational disruptions and customer inconvenience could set significant precedents, influencing future legal standards and liability expectations in the cybersecurity sector. This legal landscape will likely demand that businesses enhance their insurance coverage and legal strategies to mitigate potential risks.

Also, the warning from CrowdStrike about the increased risk of cyber-attacks in the wake of this incident should prompt businesses to heighten their vigilance against phishing and other cyber threats. The surge in CrowdStrike-themed phishing websites shows the cruel and opportunistic nature of cybercriminals, and businesses should now ensure their employees are well-informed and equipped to recognise and respond to these threats.

While the disruption caused by CrowdStrike’s software update was not a cyber-attack, it has nonetheless amplified the need for businesses to adopt comprehensive cybersecurity strategies. This could include, for example, maintaining up-to-date security protocols, preparing for swift crisis management, and fostering a culture of continuous improvement in cybersecurity practices. Businesses that learn from this incident and proactively strengthen their cybersecurity frameworks will be better positioned to navigate the complexities of the digital age and safeguard their operations against future disruptions.

Following the massive after-effects of the faulty CrowdStrike update, we take a look at the lessons learned so far in this ongoing situation.

What Happened? 

On July 19, a faulty software update from cybersecurity technology company CrowdStrike affected approximately 8.5 million Microsoft devices globally causing chaos across multiple industries globally as key systems were disabled. The faulty software update only impacted Microsoft because the update for CrowdStrike’s enterprise security platform was specifically designed just for the Windows operating system. The update caused a ‘logic error’, leading to widespread system crashes and blue screens of death (BSOD).

The worst cyber event in history (so far), it has surpassed the scale of the 2017 WannaCry attack and highlighted significant vulnerabilities in modern cybersecurity frameworks.

What Is CrowdStrike? 

CrowdStrike, founded in 2011 and headquartered in Texas, provides the Falcon platform, a cloud-based endpoint protection solution used by large businesses and organisations globally.

Lessons Learned from the CrowdStrike Event 

Although (at the time of writing this), some of the after-effects are still being felt, the scale and severity of the event have already taught us some valuable lessons. For example:

– Businesses may have an over-reliance on the Cloud. The CrowdStrike incident has starkly highlighted our over-reliance on cloud services. Many businesses have embraced the cloud for its scalability, cost-effectiveness and convenience, often integrating critical operations and data storage into cloud platforms. However, this event demonstrated the potential risks of depending heavily on a single cloud provider or a homogeneous cloud environment.

– A re-evaluating of business cloud strategies may now be necessary. For example, the disruption caused by the faulty update has already led to some reconsidering their cloud strategies. Many businesses are now re-evaluating their cloud-first approaches to avoid single points of failure. Strategies being reported include moving away from a platform-centric approach to a more tailored, nuanced strategy which balances performance, costs, and security, and enhances efficiency and reduces risk. Also, adopting workload-specific strategies and determining the best platform for each application, e.g. a private cloud, industry cloud, on-premises data-centres, or a multi-cloud architecture, may now be a more attractive and less risky strategy.

Broadly speaking, building resilience through diversity (e.g. diversifying cloud providers and also implementing hybrid and multi-cloud strategies) plus ensuring all eggs aren’t just in one basket may now be the way forward (controversially) for some businesses. This approach could mitigate the risks associated with single points of failure, ensure greater operational continuity, perhaps even reduce (long-term) costs, and hopefully contain any cloud chaos in future.

– There is a need for rigorous software testing. The CrowdStrike incident emphasises the critical importance of thorough testing before deploying software updates, especially on a Friday! This event demonstrated that even minor configuration changes could have catastrophic consequences if not properly vetted. Comprehensive testing protocols must now be implemented to prevent such incidents from occurring in the future. Robust incident response plans are necessary. Businesses need to ensure they have comprehensive strategies in place to quickly address and mitigate the impact of IT failures. This includes regular drills and updates to incident response protocols to stay prepared for various scenarios.

– Enhanced employee security training and awareness is important. Increased vigilance against phishing and other cyber threats is crucial in the aftermath of such incidents. Businesses must invest in continuous employee training to recognise and respond to cybersecurity threats effectively. This proactive approach can significantly reduce the risk of successful cyberattacks exploiting the situation. For example, some of the reports of how cyber-criminals have already taken advantage of the situation include:

– Phishing campaigns, pretending to offer fixes and updates for the CrowdStrike-related issues. These campaigns are aimed to trick users into clicking on malicious links, leading to malware infections. The US The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) reported that it had “observed threat actors taking advantage of this incident for phishing and other malicious activity”. People have been advised to avoid clicking links in any text or email related to the CrowdStrike or Windows disruption.

– Setting up fraudulent websites claiming to provide legitimate updates and solutions. These sites were designed to distribute malware under the guise of providing help. For example, cybercriminals distributed ZIP archives with names like “CrowdStrike-hotfix.zip” containing the HijackLoader payload (which loads malware) and was reportedly aimed at users and CrowdStrike customers in Latin America.

– Initiating ransomware attacks, taking advantage of the disruption.

– Stealing data. In some cases, attackers have exploited vulnerabilities exposed by the disruption to infiltrate systems and steal sensitive data, compounding the damage caused by the initial outage

– Continuous and transparent communication makes a big difference in a crisis. CrowdStrike’s swift communication and deployment of a fix were crucial in managing the incident’s fallout. Transparent and continuous updates helped affected organisations understand the issue and implement necessary measures. This event highlights the importance of maintaining open lines of communication between cybersecurity firms and their clients during crises to ensure timely and effective responses.

– Be cautious with third-party services. The CrowdStrike incident underscores the critical risks associated with relying on third-party services. Businesses learned that dependency on external providers for crucial functions can lead to widespread disruptions if those services fail. The incident highlighted the necessity of rigorous vetting processes to ensure third-party providers meet high security and reliability standards. Continuous monitoring and regular audits are essential to identify and mitigate risks promptly.

Diversifying service providers can reduce the risk of a single point of failure, enhancing overall resilience. Companies should ensure contracts with third-party providers include stringent security requirements and clear terms for liability and incident response. This approach helps maintain control and oversight over outsourced services, safeguarding operations and data integrity against potential vulnerabilities introduced by external partners.

Why Was The Aviation Sector So Badly Affected? 

The aviation sector experienced severe operational disruptions. Thousands of flights were cancelled or delayed, affecting major airports worldwide. The aviation and travel sectors were heavily affected by the CrowdStrike issue due to their reliance on real-time IT systems for critical operations. The system crashes disrupted flight scheduling, booking, and check-in processes, leading to thousands of cancellations and delays. Additionally, the outage compromised safety and security monitoring systems, exacerbating the operational chaos and inconvenience for passengers.

Why Was The Healthcare Sector Also Badly Affected? 

Hospitals and healthcare systems faced critical disruptions, delaying clinical procedures, and impacting patient care. The incident forced many institutions to revert to manual processes, highlighting the vulnerability of healthcare systems to IT failures. Healthcare and hospitals are particularly vulnerable to IT issues like the CrowdStrike incident (and cyberattacks) due to their reliance on IT systems for critical patient care functions, such as electronic health records (EHRs), medical devices, and communication systems. Also, the complex IT infrastructure in hospitals, often a mix of legacy and modern systems, creates additional vulnerabilities, as securely integrating these diverse systems is challenging.

This event demonstrates the urgent need for healthcare providers to invest in robust IT infrastructure and emergency protocols to ensure patient safety and continuity of care during technological crises.

What Does This Mean For Your Business? 

The CrowdStrike incident is a stark reminder of the inherent vulnerabilities in modern cybersecurity frameworks and the critical importance of robust IT management strategies. For businesses, the event offers many lessons, such as the need for rigorous testing and validation processes for all software updates. Ensuring that updates are thoroughly vetted before deployment can prevent similar catastrophic failures in the future.

Also, the incident highlights the necessity of developing comprehensive contingency plans to maintain operational continuity during IT disruptions. Businesses should conduct regular drills and update their incident response protocols to prepare for various scenarios, ensuring they can quickly address and mitigate the impact of unexpected failures.

The extensive disruption across various industries illustrates the interconnected nature of modern business operations and the potential widespread impact of a single point of failure. Businesses should, therefore, take a good look not only their own cybersecurity measures but also closely scrutinise and manage the cybersecurity protocols of their service providers and partners. This includes implementing stringent vetting processes, continuous monitoring, and regular audits of third-party services to ensure high security and reliability standards are maintained.

The legal and financial ramifications of such events also cannot be ignored. The anticipated lawsuits and claims for damages resulting from operational disruptions and customer inconvenience could set significant precedents, influencing future legal standards and liability expectations in the cybersecurity sector. That said, many businesses in the aviation and travel sector may decide to risk arguing that this was an exceptional event, thereby hoping to limit their legal/financial liabilities. Businesses may, however, need to enhance their insurance coverage and legal strategies to mitigate potential similar risks in the future.

Also, the increased risk of cyber-attacks following this incident (and other incidents in the past) should prompt businesses to heighten their vigilance against phishing and other cyber threats. The surge in CrowdStrike-themed phishing websites, for example, demonstrates the opportunistic nature of cybercriminals. Businesses must ensure their employees are well-informed and equipped to recognise and respond to these threats, investing in continuous security training and awareness programs.

While the disruption caused by CrowdStrike’s software update was not a cyber-attack, it nonetheless highlights the need for comprehensive cybersecurity strategies. Businesses that learn from this incident and proactively strengthen their cybersecurity frameworks will be better positioned to navigate the complexities of the digital age and safeguard their operations against future disruptions. By diversifying their cloud dependencies, implementing robust incident response plans, and maintaining stringent oversight of third-party services, companies can build a more resilient and secure operational environment.

Following the State Opening of Parliament, the King’s Speech on 17 July included news of significant new legislative proposals to address cybersecurity concerns, focusing on supply chain risks, particularly in the public sector, and improving incident reporting.

What Concerns and Risks? 

The kinds of concerns and risks the new legislation has been drafted to tackle are essentially those that come from the public sector’s extensive reliance on interconnected systems and digital services. For example, public sector organisations (including healthcare, local government, and infrastructure services) manage vast amounts of sensitive data and provide essential services to the population. This, therefore, makes them prime targets for cyber-attacks, which can disrupt critical functions and compromise personal information.

Recent cyber incidents, such as the ransomware attack on Synnovis (a pathology partnership between SYNLAB, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust), have highlighted the vulnerabilities within public sector supply chains. The Synnovis attack (in June), for example, led to significant disruptions in healthcare services, delaying thousands of outpatient appointments and elective procedures in major hospitals. The particular vulnerability of supply chains is illustrated by recent research from Security Scorecard which showed that a staggering 29 per cent of all breaches in the last quarter of 2023 were the result of a third-party attack vector, i.e. cyber criminals gaining unauthorised access to an organisation’s systems or data by exploiting vulnerabilities in its suppliers, vendors, or partners.

As noted by the UK government within the supporting documentation for the King’s Speech: “Over the past 18 months, hospitals, universities, local authorities, democratic institutions, and government departments have been targeted. These attacks highlight the vulnerability of our essential services, with severe consequences observed in sectors like the NHS and the Ministry of Defence”. 

What New Legislation? 

As one of 40 bills announced by King Charles III in his speech, the ‘Cyber Security and Resilience Bill’ is being introduced to tackle the public sector’s reliance on interconnected systems and digital services. This new legislation is designed to address this challenge by expanding the scope of cybersecurity regulations to cover more digital services and supply chains within the public sector to ensure that public organisations implement necessary security measures to protect against cyber threats.  To give a brief overview of what’s being suggested, the key points of the Cyber Security and Resilience Bill are:

– Expansion of regulations. The bill broadens the scope of existing cybersecurity regulations to include more digital services and supply chains, addressing vulnerabilities in critical infrastructure.

– Empowerment of regulators. It provides regulators with enhanced powers to enforce cybersecurity measures, including the ability to investigate potential vulnerabilities proactively.

– Protection of the public sector. The legislation aims to safeguard essential public services such as healthcare and defence, which have been targets of significant cyber-attacks in recent years.

– Cost recovery mechanisms. The bill introduces cost recovery mechanisms to ensure regulators have sufficient resources to enforce cybersecurity measures effectively

Increased Incident Reporting Too 

Also, the ‘Cyber Security and Resilience Bill’ mandates increased incident reporting, which is crucial for improving the government’s response to cyber-attacks. For example, it requires organisations to report a wider range of cyber incidents.

This is because enhanced reporting is likely to improve the government’s ability to identify, mitigate, and respond to threats more effectively, thereby reducing the risk of widespread disruption.

Overall, the bill is designed to address the pressing need to strengthen cybersecurity across all sectors, particularly focusing on the interconnected nature of modern supply chains.

Criticism

Although the need for such legislation is clear and is likely to be welcomed, some critics have suggested that it should have happened sooner – it’s the first time cybersecurity legislation has been updated in six years, and it may only just bring the UK up to speed with current threats. Also, with the rate at which new threats are advancing, the legislation is unlikely to fully address all vulnerabilities.

What Does This Mean For Your Business? 

For businesses, the introduction of the Cyber Security and Resilience Bill represents a challenge and an opportunity. The new regulations will require companies (particularly those involved in supplying public sector organisations) to bolster their cybersecurity measures. This means that businesses will need to review and potentially upgrade their existing security protocols to meet the expanded regulatory requirements. Ensuring compliance will also be crucial to avoid penalties and to maintain the trust of public sector clients who are increasingly vigilant about their cybersecurity posture.

The emphasis on enhanced incident reporting is another critical aspect that businesses must prepare for. Organisations will need to establish or refine their reporting processes to ensure that all significant cyber incidents are promptly and accurately reported to the relevant authorities. This increased transparency will not only aid in the collective defence against cyber threats but also help businesses understand the evolving threat landscape, allowing them to adapt and improve their security measures proactively.

Also, giving greater power to regulators means that businesses are likely to need more rigorous inspections and enforcement actions. This could involve regular audits and compliance checks, and the need for a continuous commitment to maintaining robust cybersecurity practices. While this may require additional resources and investment, it also presents an opportunity for businesses to strengthen their defences against cyber-attacks, thereby safeguarding their operations and reputation.

The legislation’s focus on securing supply chains also highlights the importance of third-party risk management. Businesses will need to ensure that their suppliers and partners adhere to high cybersecurity standards, as vulnerabilities within the supply chain can have severe repercussions. Implementing stringent vetting processes and regular security assessments for third parties are likely to be essential to mitigate these risks.

To conclude, while the Cyber Security and Resilience Bill introduces new obligations, it also provides a framework for businesses to enhance their cybersecurity resilience. By embracing these changes and proactively strengthening their defences, businesses can protect themselves against the growing threat of cyber-attacks and maintain their competitive edge in an increasingly digital economy.

Swiss app company Proton has introduced ‘Proton Scribe,’ an AI-powered private writing assistant that writes and proofreads emails for you.

Why? 

Proton says that with most of us sending emails daily, finding the right words and tone can be time-consuming. Also, other popular email programs process data on remote servers, thereby posing a risk that as data is transmitted over the internet and stored on external servers, it may be susceptible to breaches, hacking, or unauthorised access. In addition to these risks, many people use online grammar checkers or AI assistants to help compose and edit emails which can be risky in terms of sensitive company or customer data potentially being shared, misused, or used to train language models.

Advantages 

Here are some ways that Proton boasts this new smart, privacy-first writing assistant (built into Proton Mail) tackles these challenges :

– The AI element helps users to compose and improve email drafts, thereby saving time. Proton says that the ability to use the AI to hone drafts means that the end result emails are “professional and polished – even if your first language is not English.” 

– It can be run locally, so user-data never leaves the user’s device, thereby enhancing privacy and data security.

– Scribe doesn’t train on the user’s inbox data (because this has zero-access encryption), and nothing that a user types into Scribe is logged or saved.

– The company had previously developed its own internal AI models (using an independent internal team) and the learning from this has been used to help create Scribe.

Open Source Too 

Proton Scribe is also open source and therefore available for independent security and privacy audits.

Who Can Use It? 

Scribe is available for a full-use-trial by Proton customers. For example, Proton says customers on Mail Essentials, Mail Professional or Proton Business Suite plan can try Scribe by opening their email composer and clicking on the pencil icon. Scribe is also included free as part of Visionary and Lifetime subscription plans.

How Does It Work? 

To use Scribe, it’s a case of opening it in Proton Mail composer, clicking on the pencil icon and typing, and then using the Shorten or Proofread options to improve email drafts so they’re free of typos and grammatical errors. For writing to an important client or formal institution, users can improve the tone of their email with the Formalise option before refining, editing, and sending it.

Challenge To Google & Microsoft? 

Some commentators have noted how with Proton recently unveiling Proton Docs (its privacy-focused alternative to Google Docs) and now Scribe following Google’s inclusion of its Gemini chatbot in Gmail, Proton could be seen as a more privacy-focused challenger to Google (and Microsoft) in these areas.

Alternatives Available 

It should also be noted here that Scribe is not the only privacy-focused, AI-powered email writing assistant available. For example, others include Flowrite (a tool that integrates with email and messaging platforms), Compose AI (as a free Chrome extension), and Mailbutler which works with Gmail, Outlook, and Apple Mail.

What Does This Mean For Your Business? 

The introduction of Proton Scribe is a sign of a shift towards ensuring privacy and efficiency in email communication for businesses. By integrating a privacy-first AI writing assistant directly into Proton Mail, Proton’s customers can now enjoy the benefits of AI-driven email composition without compromising on data-security. As noted above, it’s Proton Scribe’s local operation that helps ensure that sensitive information remains on the user’s device, purportedly mitigating risks associated with data breaches, hacking, and unauthorised access often associated with remote server processing.

For businesses, this kind of tool could mean a substantial reduction in the time spent on drafting and proofreading emails, allowing employees to focus more on core tasks. In Scribe’s case, the AI’s capability to refine drafts into professional and polished messages (even for non-native English speakers) appears to be a fast and easy way to significantly enhance the quality of business communications. This could, of course, lead to improved client interactions and more effective internal communications, thereby delivering significant value to users of Scribe.

Also, at a time when there are privacy and security concerns about generative AI models, the assurance that Proton Scribe does not log or save user inputs and does not train on users’ inbox data (due to zero-access encryption) provides an additional layer of security and reassurance. This could prove very valuable for companies handling sensitive client information, as it ensures that no data is inadvertently shared or misused.

Proton is also keen to demonstrate its commitment to transparency through open-source availability which allows for independent security and privacy audits, further establishing trust with businesses concerned about data-integrity and security. These features of Scribe could position Proton as a serious contender in the market, offering a robust alternative to established players like Google and Microsoft, especially for those prioritising privacy.

With other privacy-focused AI tools like Flowrite, Compose AI, and Mailbutler also available, businesses now have multiple options to enhance their email productivity while safeguarding their data. However, Proton Scribe’s seamless integration into Proton Mail and its strong privacy features may offer a unique edge for businesses already invested in the Proton ecosystem.

Following CrowdStrike’s faulty update only affecting Microsoft Windows systems (because the update was specific to the Windows operating system), it’s been reported that Microsoft claims that an agreement with the EU means it’s not allowed to protect its operating system (OS) in the same way as Apple. The agreement with the EU relates to Microsoft not being able to give its own security software an unfair advantage over third-party apps.

Following a complaint (antitrust) to the European Commission in 2009, Microsoft says it agreed to give security software makers the same level of access to Windows that Microsoft itself gets. This, says Microsoft, contrasts with Apple’s situation.

Although Apple doesn’t allow security apps to have the same deep-level access to its OS, the macOS does the same type of monitoring as CrowdStrike for itself.

However, critics may say that CrowdStrike’s tools can’t operate at the same depth on a Mac as they can on Windows because Apple’s Endpoint Security Framework prevents it from doing so. Microsoft could have taken the same approach. Also, it could be argued by some, that Microsoft may only have itself to blame to an extent having only been made to make agreements following the outcome of antitrust cases and investigations relating to unfair advantages as judged by the EC.

A British Medical Journal report has warned people to beware of AI deepfake videos purporting to feature popular TV doctors selling scam products. Doctors featured in the deepfake videos being used to sell scam medical cures on social media include Hilary Jones, the late Michael Mosley and Rangan Chatterjee.

Hilary Jones, one of the UK’s most recognisable doctors, reported on the BMJ website that “Some of the products that are currently being promoted using my name include those that claim to fix blood pressure and diabetes, along with hemp gummies with names like Via Hemp Gummies, Bouncy Nutrition, and Eco Health.”

Many of the deepfake videos have been posted on Meta’s Facebook and Instagram platforms and it’s been reported that Meta has said it will investigate the videos highlighted in the BMJ report.

The BMJ advises anyone encountering such a video to leave a comment questioning its authenticity, and to report it to platform it’s been posted on.