What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-03-09 20:25:53 | March 2022 Patch Tuesday: Critical Microsoft Exchange Bug and Three Zero-day Vulnerabilities (lien direct) | Microsoft has released 71 security patches for its March Patch Tuesday rollout. Of the 71 CVEs addressed, three are ranked as Important zero-days. This month the quantity of patches for Critical vulnerabilities remains low; however, the total number of updates is nearly double what was offered in February 2022. As vulnerabilities and patches continue to […] | |||
|
2022-03-09 19:37:29 | Five Steps to Kick-start Your Move to XDR (lien direct) | Alert overload is practically a given for security teams today. Analysts are inundated with new detections and events to triage, all spread across a growing set of disparate, disconnected security tools. In fact, theyâve burgeoned to such an extent that the average enterprise now has 45 cybersecurity-related tools deployed across its environment. As attacks grow […] | |||
|
2022-03-09 13:28:53 | CrowdStrike and Cloud Security Alliance Collaborate to Enable Pervasive Zero Trust (lien direct) | The security problems that plague organizations today actually havenât changed much in 30 years. Weak and shared passwords, misconfigurations and vulnerabilities are problems that have tormented the industry for years and persist to this day. Whatâs changed is the speed and sophistication at which todayâs adversary can weaponize these weaknesses. Thereâs a misperception that stopping […] | |||
|
2022-03-07 17:30:49 | PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell (lien direct) | At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 â a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller â to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the […] | Vulnerability | ||
|
2022-03-07 09:55:04 | The Easy Solution for Stopping Modern Attacks (lien direct) | Modern cyberattacks are multifaceted, leveraging different tools and techniques and targeting multiple entry points. As noted in the CrowdStrike 2022 Global Threat Report, 62% of modern attacks do not use traditional malware and 80% of attacks use identity-based techniques, meaning that attacks target not only endpoints, but also cloud and identity layers with techniques that […] | Malware Threat | ||
|
2022-03-03 16:06:41 | CrowdStrike Falcon Enhances Fileless Attack Detection with Accelerated Memory Scanning Feature (lien direct) | CrowdStrike introduces memory scanning into the CrowdStrike Falcon® sensor for Windows to enhance existing visibility and detection of fileless threats The Falcon sensor integrates Intel threat detection technology to perform accelerated memory scanning for malicious byte patterns Memory scanning is optimized for performance on Intel CPUs, including high-performance operation, by offloading the operation to an […] | Threat | ||
|
2022-03-02 19:55:14 | How a Strong Identity Protection Strategy Can Accelerate Your Cyber Insurance Initiatives (lien direct) | The growth in frequency and severity of cyberattacks has caused organizations to rethink their security strategies. Major recent security threats, such as high-profile ransomware attacks and the Log4Shell vulnerabilities disclosed in 2021, have led to a greater focus on identity protection as adversaries rely on valid credentials to move laterally across target networks. Cyber insurers […] | Ransomware | ||
|
2022-03-02 12:40:17 | Reinventing Managed Detection and Response (MDR) with Identity Threat Protection (lien direct) | The modern threat landscape continues to evolve with an increase in attacks leveraging compromised credentials. An attacker with compromised credentials too frequently has free reign to move about an organization and carefully plan their attack before they strike. This week Falcon Complete™, CrowdStrikeâs leading managed detection and response (MDR) service, announced a new managed service […] | Threat Guideline | ★★★★ | |
|
2022-03-01 20:57:13 | Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities (lien direct) | Summary On Feb. 23, 2022, destructive attacks were conducted against Ukrainian entities. Industry reporting has claimed the Go-based ransomware dubbed PartyTicket (or HermeticRansom) was identified at several organizations affected by the attack,1 among other families including a sophisticated wiper CrowdStrike Intelligence tracks as DriveSlayer (HermeticWiper). Analysis of the PartyTicket ransomware indicates it superficially encrypts files […] | Ransomware | ||
|
2022-02-25 21:45:10 | CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks (lien direct) | On Feb. 23, 2022, a new wiper malware was reported targeting Ukraine systems The wiper destroys files on infected Windows devices by corrupting specific elements of connected hard drives CrowdStrike Intelligence refers to this destructive malware as DriveSlayer DriveSlayer is the second recent destructive malware targeting Ukraine, following WhisperGate The CrowdStrike Falcon® platform provides continuous […] | Malware | ||
|
2022-02-25 14:52:29 | Data Protection 2022: New U.S. State Laws Reflect Convergence of Privacy and Security Requirements (lien direct) | Many countries around the world recognized Data Protection Day in January â a day that highlights the importance of protecting individual privacy and data against misuse. The U.S. celebrated Data Privacy Day, where privacy and security have often been seen as two separate issues. This is evidenced by the way law has historically developed. At […] | |||
|
2022-02-25 14:42:54 | Nowhere to Hide: Detecting a Vishing Intrusion at a Retail Company (lien direct) | The CrowdStrike Falcon OverWatch™ 2021 Threat Hunting Report details the interactive intrusion activity observed by hunters from July 2020 to June 2021. While the report brings to light some of the new and innovative ways threat actors are gaining access into victim organizationâs networks, social engineering remains a tried and true method of gaining access […] | Threat | ||
|
2022-02-24 19:18:20 | Protecting Cloud Workloads with CrowdStrike and AWS (lien direct) | Migrating to the cloud has allowed many organizations to reduce costs, innovate faster and deliver business results more effectively. However, as businesses expand their cloud investments, they must adapt their security strategies to stay one step ahead of threats that target their expanded environment. Managing, securing and having visibility across endpoints, networks and workloads is […] | |||
|
2022-02-24 12:54:27 | Modernize Your Security Stack with the Falcon Platform (lien direct) | The job for CIOs, CISOs and their security and IT teams may be more complex than ever in 2022. Ongoing support for hybrid workforces, coupled with the continued shift to the cloud, has expanded the threat surface. At the same time, the infrastructure and environments supporting organizations are growing ever more vulnerable. According to the […] | Threat | ||
|
2022-02-23 13:31:21 | CrowdStrike Automates Vulnerability Remediation Processes While Enhancing SecOps Visibility (lien direct) | Adversaries are becoming more adept and sophisticated in their attacks. Taking advantage of vulnerabilities present in major software is often an attractive entry point for establishing a campaign within an enterprise environment. The CrowdStrike 2022 Global Threat Report highlights how adversaries continue to shift tradecraft and weaponize vulnerabilities to evade detection and gain access to […] | Vulnerability Threat | ||
|
2022-02-23 05:36:44 | Access Brokers: Who Are the Targets, and What Are They Worth? (lien direct) | Access brokers have become a key component of the eCrime threat landscape, selling access to threat actors and facilitating myriad criminal activities. Many have established relationships with big game hunting (BGH) ransomware operators and affiliates of prolific ransomware-as-a-Service (RaaS) programs. The CrowdStrike Intelligence team analyzed the multitude of access brokersâ advertisements posted since 2019 and […] | Ransomware Threat | ||
|
2022-02-22 17:26:36 | Why the Most Effective XDR Is Rooted in Endpoint Detection and Response (lien direct) | Extended detection and response (XDR) solutions deliver powerful capabilities to help security teams fight adversaries by increasing visibility, simplifying operations and accelerating identification and remediation across the security stack. XDR platforms gather and aggregate security data from a variety of sources to help detect and contain advanced attacks. But when it comes to efficiently analyzing […] | |||
|
2022-02-22 10:32:44 | CrowdStrike Research Investigates Exploit Behavior to Strengthen Customer Protection (lien direct) | CrowdStrike continuously observes and researches exploit behavior to strengthen protection for customers Code execution techniques constantly target Windows, Linux and macOS operating systems Successful remote/arbitrary code execution can enable a foothold for attackers to continue compromise Understanding and detecting post-exploit activity is imperative for keeping environments safe As technology continues to evolve rapidly, so do […] | |||
|
2022-02-18 09:04:41 | New Mercedes-AMG F1 W13 E Rises to the Challenge for Formula One 2022 (lien direct) | The year 2022 is a transformational one for F1. Itâs hard to overstate just how much has changed to the regulations that govern this sport â the fact that those regulations have doubled in size should give a clue. Having just witnessed one of the most thrilling and close-fought seasons in 2021, itâs important to […] | |||
|
2022-02-18 00:23:28 | How to Automate Workflows with Falcon Spotlight (lien direct) | Introduction Falcon Spotlight leverages the existing Falcon Agent to assess the status of vulnerabilities across the environment. While visibility and filtering capabilities are part of the user interface, this article will document integration options that CrowdStrike provides to help customers effectively operationalize Spotlightâs vulnerability findings. Video ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ Remediation Orchestration Using Falcon Fusion workflows, organizations can […] | Vulnerability | ||
|
2022-02-17 13:46:22 | CrowdStrike Partners with MITRE CTID, Reveals Real-world Insider Threat Techniques (lien direct) | Remote working has exposed companies to greater levels of insider risk, which can result in data exfiltration, fraud and confidential information leakage CrowdStrike is a founding sponsor and lead contributor to the new MITRE Insider Threat Knowledge Base, continuing its industry leadership in protecting organizations from external attacks and internal threats The CrowdStrike Falcon® platform […] | Threat Guideline | ||
|
2022-02-16 22:22:46 | Defend Against Ransomware and Malware with Falcon Fusion and Falcon Real Time Response (lien direct) | Adversaries are moving beyond malware and becoming more sophisticated in their attacks by using legitimate credentials and built-in tools to evade detection by traditional antivirus products. According to the CrowdStrike 2022 Global Threat Report, 62% of detections indexed by the CrowdStrike Security Cloud in Q4 2021 were malware-free. Adversaries are also likely to significantly increase […] | Ransomware Malware Threat | ||
|
2022-02-15 00:01:44 | 2022 Global Threat Report: A Year of Adaptability and Perseverance (lien direct) | For security teams on the front lines and those of us in the business of stopping cyberattacks and breaches, 2021 provided no rest for the weary. In the face of massive disruption brought about by the COVID-driven social, economic and technological shifts of 2020, adversaries refined their tradecraft to become even more sophisticated and brazen. […] | Threat | ||
|
2022-02-10 16:41:52 | Falcon XDR: Extending Detection and Response â The Right Way (lien direct) | This week we announced the general availability of CrowdStrikeâs newest innovation, Falcon XDR, and I couldn’t be more excited. Using our same single, lightweight agent architecture, Falcon XDR enables security teams to bring in third-party data sources for a fully unified solution to rapidly and efficiently hunt and eliminate threats across multiple security domains. As […] | |||
|
2022-02-10 16:17:51 | Falcon XDR: Why You Must Start With EDR to Get XDR (lien direct) | Since we founded CrowdStrike, one of the things Iâm proudest of is our collective ability to work with customers to lead the industry forward. Leadership is more than just being the loudest voice or making wild marketing claims. It’s about listening and working with customers to help them solve their hardest problems to achieve a […] | Guideline | ||
|
2022-02-09 23:19:06 | February 2022 Patch Tuesday: Windows Kernel Zero-Day and Servicing Stack Updates (lien direct) | Microsoft has released 48 security patches for its February Patch Tuesday rollout. None are considered Critical or known to have been actively exploited. CVE-2022-21989, a publicly known zero-day vulnerability in the Windows Kernel, should be closely monitored as the situation continues to unfold. Separate from the patches offered this month, Microsoft has strongly suggested an […] | Vulnerability | ||
|
2022-02-08 15:11:04 | (Déjà vu) A More Modern Approach to Logging in Go (lien direct) | The Go ecosystem has long relied on the use of third-party libraries for logging. Logrus, one of the first leveled, structured logging libraries, is now maintenance-only and its developers recommend migrating to other libraries. At CrowdStrike, we relied heavily on Logrus and recently underwent an overhaul to implement a more modern approach to logging. In […] | |||
|
2022-02-07 07:49:54 | Falcon XDR: Delivered at the Speed and Scale of the CrowdStrike Security Cloud (lien direct) | We are thrilled to announce the general availability of CrowdStrike’s newest innovation: Falcon XDR. Founded on our pioneering endpoint detection and response (EDR) technology and the power of the CrowdStrike Security Cloud, Falcon XDR delivers the next generation of unified, full-spectrum extended detection and response (XDR) so security teams can stop breaches faster. Tackle Key […] | |||
|
2022-02-04 15:55:47 | How to Protect Cloud Workloads from Zero-day Vulnerabilities (lien direct) | Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if theyâre able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with Log4Shell, this […] | Vulnerability Patching | ||
|
2022-02-03 19:11:04 | A More Modern Approach to Logging in Golang (lien direct) | The Golang ecosystem has long relied on the use of third-party libraries for logging. Logrus, one of the first leveled, structured logging libraries, is now maintenance-only and its developers recommend migrating to other libraries. At CrowdStrike, we relied heavily on Logrus and recently underwent an overhaul to implement a more modern approach to logging. In […] | |||
|
2022-02-01 22:37:35 | Hunting pwnkit Local Privilege Escalation in Linux (CVE-2021-4034) (lien direct) | In November 2021, a vulnerability was discovered in a ubiquitous Linux module named Polkit. Developed by Red Hat, Polkit facilitates the communication between privileged and unprivileged processes on Linux endpoints. Due to a flaw in a component of Polkit â pkexec â a local privilege escalation vulnerability exists that, when exploited, will allow a standard […] | Vulnerability | ||
|
2022-01-31 23:11:00 | CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit (lien direct) | On Jan. 18, 2022, researchers found a heap base buffer overflow flaw (CVE-2022-0185) in the Linux kernel (5.1-rc1+) function âlegacy_parse_paramâ of filesystem context functionality, which allows an out-of-bounds write in kernel memory. Using this primitive, an unprivileged attacker can escalate its privilege to root, bypassing any Linux namespace restrictions. CVE-2022-0185 Needs CAP_SYS_ADMIN This flaw is […] | Uber | ||
|
2022-01-31 10:38:21 | CrowdStrike Falcon Proactively Protects Against Wiper Malware as CISA Warns U.S. Companies of Potential Attacks (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) warns of potential critical threats similar to recent cyberthreats targeting Ukraine U.S. companies are advised to implement cybersecurity measures to maximize resilience The CrowdStrike Falcon® platform provides continuous protection against wiper-style threats and real-time visibility across workloads CISA recently advised U.S. business leaders to protect their companies from […] | Malware Guideline | ||
|
2022-01-28 16:31:59 | Lessons Learned From Successive Use of Offensive Cyber Operations Against Ukraine and What May Be Next (lien direct) | Disruptive and destructive cyber operations have been levied against elements of Ukrainian society by adversaries attributed to the Russian government â or groups highly likely to be controlled by them â since at least 2014. These operations have impacted several sectors, including energy, transportation and state finance, and have attempted to influence political processes and […] | |||
|
2022-01-28 13:45:24 | Engineering Manager Jenn Wong on Leading with Empathy and Fearlessness (lien direct) | The year 2021 was a big one for Jenn Wong: It marked the first full year she was in a new role, at a new company, in a new industry. Not only that, it was her first official management role too. After years of working as an engineer, Jenn decided it was time to lean […] | |||
|
2022-01-27 10:47:02 | Data Protection Day 2022: To Protect Privacy, Remember Security (lien direct) | Todayâs privacy and security conversations often happen in silos, but key privacy principles from decades ago remind us that they are intertwined, especially in the face of todayâs risks. January 28, 2022, marks 15 years since the first Data Protection Day was proclaimed in Europe and 13 years since Data Privacy Day was first recognized […] | |||
|
2022-01-27 10:23:54 | Programs Hacking Programs: How to Extract Memory Information to Spot Linux Malware (lien direct) | Threat actors go to great lengths to hide the intentions of the malware they produce This blog demonstrates reliable methods for extracting information from popular Linux shells Extracted memory information can help categorize unknown software as malicious or benign and could reveal information to help incident responders Some malware is only ever resident in memory, […] | Malware Threat | ||
|
2022-01-27 09:00:26 | New Docker Cryptojacking Attempts Detected Over 2021 End-of-Year Holidays (lien direct) | Cryptocurrency mining has become very popular among malicious actors that aim to profit by exploiting cloud attack surfaces. Exposed Docker APIs have become a common target for cryptominers to mine various cryptocurrencies. According to the Google Threat Horizon report published Nov. 29, 2021, 86% of compromised Google Cloud instances were used to perform cryptocurrency mining. […] | Threat | ||
|
2022-01-27 08:00:06 | Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign (lien direct) | StellarParticle is a campaign tracked by CrowdStrike as related to the SUNSPOT implant from the SolarWinds intrusion in December 2020 and associated with COZY BEAR (aka APT29, “The Dukes”). The StellarParticle campaign has continued against multiple organizations, with COZY BEAR using novel tools and techniques to complete their objectives, as identified by CrowdStrike incident responders […] | Solardwinds Solardwinds APT 29 APT 29 | ||
|
2022-01-26 21:51:03 | BERT Embeddings: A New Approach for Command Line Anomaly Detection (lien direct) | Suspicious command lines differ from common ones in how the executable path looks and the unusual arguments passed to them Bidirectional Encoder Representations from Transformers (BERT) embeddings can successfully be used for feature extraction for command lines Outlier detectors on top of BERT embeddings can detect anomalous command lines without the need for data labeling […] | |||
|
2022-01-21 09:43:02 | Better Together: The Power of Managed Cybersecurity Services in the Face of Pressing Global Security Challenges (lien direct) | The results from the 2021 Global Security Attitude Survey paint a bleak picture of how organizations globally are feeling about the cybersecurity landscape before them. Organizations are grappling with shortages of cybersecurity skills and a lack of capability to detect and contain intrusions in a timely way. This comes against a backdrop of persistent ransomware […] | Ransomware | ||
|
2022-01-20 08:41:12 | Mind the MPLog: Leveraging Microsoft Protection Logging for Forensic Investigations (lien direct) | In an incident response investigation, CrowdStrike analysts use multiple data points to parse the facts of who, what, when and how. As part of that fact-finding mission, analysts investigating Windows systems leverage the Microsoft Protection Log (MPLog), a forensic artifact on Windows operating systems that offers a wealth of data to support forensic investigations. MPLog […] | |||
|
2022-01-20 07:01:28 | CrowdStrike Powers MXDR by Deloitte, Offering Customers Risk Mitigation with Powerful Customized and Managed Security Services (lien direct) | Deloitte, a leader in managed security services, has launched MXDR by Deloitte â a Managed Extended Detection and Response suite of offerings â within which the CrowdStrike Falcon® platform will power a number of solutions. MXDR by Deloitte combines an integrated, composable and modular managed detection and response SaaS platform with managed security services in […] | Guideline | Deloitte Deloitte | |
|
2022-01-19 17:37:01 | Technical Analysis of the WhisperGate Malicious Bootloader (lien direct) | On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by the same adversary, including a malicious bootloader that corrupts detected local disks, a Discord-based downloader and a file wiper. The activity occurred at approximately […] | Malware | ||
|
2022-01-14 12:37:11 | January 2022 Patch Tuesday: Multiple Critical Vulnerabilities and Microsoft Exchange Remote Code Execution (lien direct) | Kicking off the first Patch Tuesday of 2022, CrowdStrike continues to provide research and analysis regarding critically rated vulnerabilities and the subsequent patches offered by Microsoft. In this monthâs updates we see the lionâs share of updates directed at Microsoftâs Windows and Extended Security Update (ESU) products, while other patches target lesser-known components of Microsoftâs […] | |||
|
2022-01-13 12:04:18 | Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent (lien direct) | Malware targeting Linux systems increased by 35% in 2021 compared to 2020 XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021 Ten times more Mozi malware samples were observed in 2021 compared to 2020 Malware targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) […] | Malware | ||
|
2022-01-13 07:08:32 | Zero Trust Integrations Are Expanding in the CrowdStrike Partner Ecosystem (lien direct) | Organizations need to stay ahead of the ever-evolving security landscape. Itâs no secret that Zero Trust security is crucial for successful endpoint protection. Due to the rapid transition to a remote workforce and shift from the traditional data center into dynamic cloud infrastructure weâve witnessed in the last year, more and more companies are finding […] | |||
|
2022-01-11 08:08:34 | TellYouThePass Ransomware Analysis Reveals a Modern Reinterpretation Using Golang (lien direct) | TellYouThePass ransomware, discovered in 2019, recently re-emerged compiled using Golang Golangâs popularity among malware developers makes cross-platform development more accessible TellYouThePass ransomware was recently associated with Log4Shell post-exploitation, targeting Windows and Linux The CrowdStrike Falcon® platform protects customers from Golang-written TellYouThePass ransomware using the power of machine learning and behavior-based detection The TellYouThePass ransomware family […] | Ransomware Malware | ||
|
2022-01-11 06:16:40 | noPac Exploit: Latest Microsoft AD Flaw May Lead to Total Domain Compromise in Seconds (lien direct) | What Happened? Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as ânoPacâ) was […] | Guideline | ||
|
2022-01-10 22:02:40 | CrowdStrike Services Offers Incident Response Tracker for the DFIR Community (lien direct) | The CrowdStrike Incident Response Tracker is a convenient spreadsheet that includes sections to document indicators of compromise, affected accounts, compromised systems and a timeline of significant events CrowdStrike incident response teams have leveraged this type of tracker in thousands of investigations Access the CrowdStrike Incident Response Tracker template here During a recent client engagement for […] |
To see everything:
Our RSS (filtrered)
