Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-01-07 08:22:43 |
Why You Need an Adversary-focused Approach to Stop Cloud Breaches (lien direct) |
It should come as little surprise that when enterprise and IT leaders turned their attention to the cloud, so did attackers. Unfortunately, the security capabilities of enterprises have not always kept up with the threat landscape. Poor visibility, management challenges and misconfigurations combine with other security and compliance issues to make protecting cloud environments a […] |
Threat
Guideline
|
|
|
|
2021-12-29 07:23:08 |
OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt (lien direct) |
Following the Dec. 9, 2021, announcement of the Log4j vulnerability, CVE 2021-44228, CrowdStrike Falcon OverWatch™ has provided customers with unrivaled protection and 24/7/365 vigilance in the face of heightened uncertainty. To OverWatch, Log4Shell is simply the latest vulnerability to exploit â a new access vector among a sea of many others. Adversarial behavior post-exploitation remains […] |
Vulnerability
|
|
|
|
2021-12-28 20:55:28 |
CrowdStrike Changes Designation of Principal Executive Office to Austin, Texas (lien direct) |
Since we founded CrowdStrike, weâve paved the way as one of the most prominent remote-first companies. Weâve planted roots in communities around the world â from Sunnyvale to London and from Pune to Tokyo. This not only gave us a running start at reimagining the workplace for todayâs remote-first world, it also meant that we […] |
|
|
|
|
2021-12-28 09:08:14 |
CrowdStrike Strengthens Exploit Protection Using Intel CPU Telemetry (lien direct) |
Falcon adds a new feature that uses Intel hardware capabilities to detect complex attack techniques that are notoriously hard to detect. CrowdStrikeâs new Hardware Enhanced Exploit Detection feature delivers memory safety protections for a large number of customers on older PCs that lack modern in-built protections. Once activated, the new feature detects exploits by analyzing […] |
|
|
|
|
2021-12-23 16:09:39 |
Baselining and Hunting Log4Shell with the CrowdStrike Falcon Platform (lien direct) |
Note: This post first appeared in r/CrowdStrike. First and foremost: if youâre reading this post, I hope youâre doing well and have been able to achieve some semblance of balance between life and work. It has been, I think we can all agree, a wild December in cybersecurity (again). At this time, itâs very likely […] |
|
|
|
|
2021-12-22 18:36:36 |
Monitoring File Changes with Falcon FileVantage (lien direct) |
Introduction Due to compliance regulations, many organizations have a need to monitor key assets for changes made to certain files, folders or registry settings. File Integrity Monitoring (FIM) can be a daunting deployment that requires yet another solution in the security stack. As a cloud delivered platform, CrowdStrike leverages a single light-weight agent to address […] |
|
|
|
|
2021-12-22 15:26:35 |
How to Speed Investigations with Falcon Forensics (lien direct) |
Introduction Threat hunters and incident responders are under tremendous time pressure to investigate breaches and incidents. While they are collecting and sorting massive quantities of forensic data, fast response is critical to help limit any damage inflected by the adversary. This article and video will provide an overview of Falcon Forensics, and how it streamlines […] |
Threat
|
|
|
|
2021-12-22 12:28:37 |
CrowdStrike Launches Free Targeted Log4j Search Tool (lien direct) |
The recently discovered Log4j vulnerability has serious potential to expose organizations across the globe to a new wave of cybersecurity risks as threat actors look to exploit this latest vulnerability to execute their malicious payloads using remote code execution (RCE). An immediate challenge that every organization faces is simply trying to understand exactly where you […] |
Threat
Tool
Vulnerability
|
|
|
|
2021-12-21 20:12:46 |
CrowdStrike Services Launches Log4j Quick Reference Guide (QRG) (lien direct) |
The Log4j vulnerability burst onto the scene just a few weeks ago, but to many defenders it already feels like a lifetime. It has rapidly become one of the top concerns for security teams in 2021, and seems set to remain so for the foreseeable future. The critical details of this threat evolve almost daily, […] |
Threat
Vulnerability
|
|
|
|
2021-12-21 08:26:38 |
What Is Data Logging? (lien direct) |
This blog was originally published on humio.com. Humio is a CrowdStrike Company. Data logging is the process of capturing, storing and displaying one or more datasets to analyze activity, identify trends and help predict future events. Data logging can be completed manually, though most processes are automated through intelligent applications like artificial intelligence (AI), machine learning […] |
|
|
|
|
2021-12-20 07:09:45 |
CrowdXDR Alliance Expands to Help Security Teams Identify and Hunt Threats Faster (lien direct) |
CrowdStrike is proud to announce that Armis, Cloudflare and ThreatWarrior have joined the open CrowdXDR Alliance. The addition of these industry leaders enhances XDR with telemetry from cloud, network and Internet of Things (IoT) solutions. This best-of-platform approach to XDR will help solve real-world productivity challenges that security teams face by empowering them to identify […] |
Guideline
|
|
|
|
2021-12-17 22:01:12 |
December 2021 Patch Tuesday: AppX Installer Zero-day, Multiple Critical Vulnerabilities (lien direct) |
Itâs the last Patch Tuesday update of 2021, and as with many other updates this year, this monthâs list includes important ones â among them a zero-day (CVE-2021-43890 in AppX installer), multiple critical vulnerabilities and a variety of attack types utilized in several Microsoft product families â highlighting once again that patching and prioritization are […] |
Patching
|
|
|
|
2021-12-16 15:16:11 |
Automate Your Cloud Operations With Humio and Fylamynt (lien direct) |
This blog was originally published Dec. 2, 2021 on humio.com. Humio is a CrowdStrike Company. A new API integration for Humio and Fylamynt helps joint customers improve the efficiency of their cloud operations teams by automating repetitive and manual operations tasks. Fylamynt, a low-code platform that delivers a developerâs approach to ITOps with site reliability […] |
|
|
|
|
2021-12-15 09:42:18 |
How CrowdStrike Protects Customers from Threats Delivered via Log4Shell (lien direct) |
Log4Shell, the latest critical vulnerability, found in the Log4j2 Apache Logging Services library, poses a serious threat to organizations Active attempts to exploit the vulnerability were identified in the wild, currently making it the most severe threat CrowdStrike utilizes indicators of attack (IOAs) and machine learning to protect our customers CrowdStrike continues to track and […] |
Threat
Vulnerability
|
|
|
|
2021-12-15 07:58:27 |
How to Set Yourself Up for Real XDR Success (lien direct) |
Extended detection and response (XDR) is all the rage these days. It seems like almost every security vendor now claims to offer XDR functionality. But are those claims based in reality? The fact is that many vendors have simply rebranded their legacy endpoint detection and response (EDR) products, or network detection and response (NDR) solutions, […] |
|
|
|
|
2021-12-15 07:11:21 |
CrowdStrike Falcon Awarded AV-Comparatives Approved Business Security Product for the Second Time in 2021 (lien direct) |
CrowdStrike Falcon receives second half-year award for Approved Business Security Product from AV-Comparatives in 2021 This marks the tenth consecutive Approved Business Security Product award from AV-Comparatives since 2016 CrowdStrike Falcon achieves the highest 99.9% protection rate, demonstrating its ability to protect against real-world threats using the power of machine learning and behavioral detection CrowdStrike […] |
|
|
|
|
2021-12-14 07:27:51 |
CrowdStrike Falcon Detects 100% of Attacks in New SE Labs EDR Test, Winning Highest Rating (lien direct) |
The CrowdStrike Falcon® platform achieves 100% attacks detected in new Advanced Security Test (EDR) from SE Labs This SE Labs test demonstrated that CrowdStrikeâs Zero Trust module, Falcon Identity Threat Protection, is a highly effective component in securing your environment against real-world attacks SE Labs is one of the most prestigious independent third-party testing institutions […] |
Threat
|
|
|
|
2021-12-14 05:59:18 |
Accelerate Troubleshooting, Forensics and Response With Fast and Efficient Search (lien direct) |
This blog was originally published Nov. 22, 2021 on humio.com. Humio is a CrowdStrike Company. Whether you’re diagnosing a system outage, mitigating a malicious attack or trying to get to the bottom of an application-response-time issue, speed is critical. Pinpointing and resolving issues quickly and easily can mean the difference between success and crisis for […] |
|
|
|
|
2021-12-10 09:57:34 |
Log4j2 Vulnerability “Log4Shell” (CVE-2021-44228) (lien direct) |
Log4j2 is an open-source, Java-based logging framework commonly incorporated into Apache web servers. Between late November and early December 2021, a critical vulnerability (CVE-2021-44228) impacting the Log4j2 utility was reported, resulting in several fixes and code revisions from the vendor. The Log4j2 library is used in numerous Apache frameworks services, and as of Dec. 9, […] |
Vulnerability
|
|
★★★★
|
|
2021-12-09 09:01:46 |
How a Generalized Validation Testing Approach Improves Efficiency, Boosts Outcomes and Streamlines Debugging (lien direct) |
In two recent blog posts from the CrowdStrike Software Development Engineers in Test (SDET) team, we explored how end-to-end validation testing and modular testing design could increase the speed and accuracy of the testing lifecycle. In this latest post, we conclude our SDET series with a deep dive on how our generalized validation testing component […] |
|
|
★★
|
|
2021-12-09 09:00:43 |
CrowdStrikeâs Strategic Counter-Adversarial Research Team (SCAR): Developing the Technology Falcon OverWatch Threat Hunters Need (lien direct) |
As a human-led managed threat hunting service, CrowdStrike Falcon OverWatch™ is built around the best and brightest analysts in the industry who lead the fight against todayâs sophisticated adversaries. But while humans remain the critical ingredient that makes OverWatch so successful, these hunters are also supported by best-in-class technologies that enable them to work at […] |
Threat
Guideline
|
|
★★
|
|
2021-12-09 08:59:37 |
CrowdStrike Falcon and Humio: Leverage All Your FDR Data in One Place (lien direct) |
This blog was originally published Nov. 8, 2021 on humio.com. Humio is a CrowdStrike Company. In 2021, Humio and Crowdstrike joined forces to deliver a truly robust security solution. CrowdStrike delivers the industryâs most comprehensive security solution for protecting endpoints and workloads, processing 1 trillion security-related events per day with its pioneering Threat Graph™ technology. […] |
Threat
|
|
★★
|
|
2021-12-07 20:52:45 |
5 Common Hybrid IT Security Challenges and How to Overcome Them (lien direct) |
Digital transformation has pushed organizations to adopt a hybrid IT approach and has created a mix of on-premises and cloud infrastructure that has to be supported and protected. Unfortunately, while hybrid IT holds significant promise for businesses when it comes to creating efficiencies and speeding the delivery of applications and services, it also introduces a […] |
|
|
★★★
|
|
2021-12-07 09:17:25 |
Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes (lien direct) |
In a July 2019 blog post about DoppelPaymer, Crowdstrike Intelligence reported that ProcessHacker was being hijacked to kill a list of targeted processes and gain access, delivering a âcritical hit.â Although the blog is now a couple of years old, the hijacking technique is interesting enough to dig into its implementation. The hijack occurs when […] |
|
|
★★
|
|
2021-12-07 09:14:21 |
Extend Threat Visibility With Humio\'s Integration With CrowdStrike\'s Indicators of Compromise (IOCs) (lien direct) |
This blog was originally published Oct. 1, 2021 on humio.com. Humio is a CrowdStrike Company. What is an indicator of compromise (IOC)? An indicator of compromise (IOC) is a piece of digital forensics that suggests that an endpoint or network may have been breached. The ability to monitor for indicators of compromise is critical to […] |
Threat
|
|
★★
|
|
2021-12-03 09:00:39 |
End-to-end Testing: How a Modular Testing Model Increases Efficiency and Scalability (lien direct) |
In our last post, Testing Data Flows using Python and Remote Functions, we discussed how organizations can use remote functions in Python to create an end-to-end testing and validation strategy. Here we build on that concept and discuss how it is possible to design the code to be more flexible.  For our purposes, flexible code […] |
|
|
★★★
|
|
2021-12-02 05:16:53 |
Why Actionable Logs Require Sufficient History (lien direct) |
This blog was originally published Oct. 26, 2021 on humio.com. Humio is a CrowdStrike Company. Improve visibility and increase insights by logging everything ITOps, DevOps and SecOps teams need historical log data to ensure the security, performance and availability of IT systems and applications. Detailed historical log data is fundamental for understanding system behavior, mitigating […] |
|
|
★★★★★
|