What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-25 14:52:29 | Data Protection 2022: New U.S. State Laws Reflect Convergence of Privacy and Security Requirements (lien direct) | Many countries around the world recognized Data Protection Day in January â a day that highlights the importance of protecting individual privacy and data against misuse. The U.S. celebrated Data Privacy Day, where privacy and security have often been seen as two separate issues. This is evidenced by the way law has historically developed. At […] | |||
|
2022-02-25 14:42:54 | Nowhere to Hide: Detecting a Vishing Intrusion at a Retail Company (lien direct) | The CrowdStrike Falcon OverWatch™ 2021 Threat Hunting Report details the interactive intrusion activity observed by hunters from July 2020 to June 2021. While the report brings to light some of the new and innovative ways threat actors are gaining access into victim organizationâs networks, social engineering remains a tried and true method of gaining access […] | Threat | ||
|
2022-02-24 19:18:20 | Protecting Cloud Workloads with CrowdStrike and AWS (lien direct) | Migrating to the cloud has allowed many organizations to reduce costs, innovate faster and deliver business results more effectively. However, as businesses expand their cloud investments, they must adapt their security strategies to stay one step ahead of threats that target their expanded environment. Managing, securing and having visibility across endpoints, networks and workloads is […] | |||
|
2022-02-24 12:54:27 | Modernize Your Security Stack with the Falcon Platform (lien direct) | The job for CIOs, CISOs and their security and IT teams may be more complex than ever in 2022. Ongoing support for hybrid workforces, coupled with the continued shift to the cloud, has expanded the threat surface. At the same time, the infrastructure and environments supporting organizations are growing ever more vulnerable. According to the […] | Threat | ||
|
2022-02-23 13:31:21 | CrowdStrike Automates Vulnerability Remediation Processes While Enhancing SecOps Visibility (lien direct) | Adversaries are becoming more adept and sophisticated in their attacks. Taking advantage of vulnerabilities present in major software is often an attractive entry point for establishing a campaign within an enterprise environment. The CrowdStrike 2022 Global Threat Report highlights how adversaries continue to shift tradecraft and weaponize vulnerabilities to evade detection and gain access to […] | Vulnerability Threat | ||
|
2022-02-23 05:36:44 | Access Brokers: Who Are the Targets, and What Are They Worth? (lien direct) | Access brokers have become a key component of the eCrime threat landscape, selling access to threat actors and facilitating myriad criminal activities. Many have established relationships with big game hunting (BGH) ransomware operators and affiliates of prolific ransomware-as-a-Service (RaaS) programs. The CrowdStrike Intelligence team analyzed the multitude of access brokersâ advertisements posted since 2019 and […] | Ransomware Threat | ||
|
2022-02-22 17:26:36 | Why the Most Effective XDR Is Rooted in Endpoint Detection and Response (lien direct) | Extended detection and response (XDR) solutions deliver powerful capabilities to help security teams fight adversaries by increasing visibility, simplifying operations and accelerating identification and remediation across the security stack. XDR platforms gather and aggregate security data from a variety of sources to help detect and contain advanced attacks. But when it comes to efficiently analyzing […] | |||
|
2022-02-22 10:32:44 | CrowdStrike Research Investigates Exploit Behavior to Strengthen Customer Protection (lien direct) | CrowdStrike continuously observes and researches exploit behavior to strengthen protection for customers Code execution techniques constantly target Windows, Linux and macOS operating systems Successful remote/arbitrary code execution can enable a foothold for attackers to continue compromise Understanding and detecting post-exploit activity is imperative for keeping environments safe As technology continues to evolve rapidly, so do […] | |||
|
2022-02-18 09:04:41 | New Mercedes-AMG F1 W13 E Rises to the Challenge for Formula One 2022 (lien direct) | The year 2022 is a transformational one for F1. Itâs hard to overstate just how much has changed to the regulations that govern this sport â the fact that those regulations have doubled in size should give a clue. Having just witnessed one of the most thrilling and close-fought seasons in 2021, itâs important to […] | |||
|
2022-02-18 00:23:28 | How to Automate Workflows with Falcon Spotlight (lien direct) | Introduction Falcon Spotlight leverages the existing Falcon Agent to assess the status of vulnerabilities across the environment. While visibility and filtering capabilities are part of the user interface, this article will document integration options that CrowdStrike provides to help customers effectively operationalize Spotlightâs vulnerability findings. Video ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ï"¿ Remediation Orchestration Using Falcon Fusion workflows, organizations can […] | Vulnerability | ||
|
2022-02-17 13:46:22 | CrowdStrike Partners with MITRE CTID, Reveals Real-world Insider Threat Techniques (lien direct) | Remote working has exposed companies to greater levels of insider risk, which can result in data exfiltration, fraud and confidential information leakage CrowdStrike is a founding sponsor and lead contributor to the new MITRE Insider Threat Knowledge Base, continuing its industry leadership in protecting organizations from external attacks and internal threats The CrowdStrike Falcon® platform […] | Threat Guideline | ||
|
2022-02-16 22:22:46 | Defend Against Ransomware and Malware with Falcon Fusion and Falcon Real Time Response (lien direct) | Adversaries are moving beyond malware and becoming more sophisticated in their attacks by using legitimate credentials and built-in tools to evade detection by traditional antivirus products. According to the CrowdStrike 2022 Global Threat Report, 62% of detections indexed by the CrowdStrike Security Cloud in Q4 2021 were malware-free. Adversaries are also likely to significantly increase […] | Ransomware Malware Threat | ||
|
2022-02-15 00:01:44 | 2022 Global Threat Report: A Year of Adaptability and Perseverance (lien direct) | For security teams on the front lines and those of us in the business of stopping cyberattacks and breaches, 2021 provided no rest for the weary. In the face of massive disruption brought about by the COVID-driven social, economic and technological shifts of 2020, adversaries refined their tradecraft to become even more sophisticated and brazen. […] | Threat | ||
|
2022-02-10 16:41:52 | Falcon XDR: Extending Detection and Response â The Right Way (lien direct) | This week we announced the general availability of CrowdStrikeâs newest innovation, Falcon XDR, and I couldn’t be more excited. Using our same single, lightweight agent architecture, Falcon XDR enables security teams to bring in third-party data sources for a fully unified solution to rapidly and efficiently hunt and eliminate threats across multiple security domains. As […] | |||
|
2022-02-10 16:17:51 | Falcon XDR: Why You Must Start With EDR to Get XDR (lien direct) | Since we founded CrowdStrike, one of the things Iâm proudest of is our collective ability to work with customers to lead the industry forward. Leadership is more than just being the loudest voice or making wild marketing claims. It’s about listening and working with customers to help them solve their hardest problems to achieve a […] | Guideline | ||
|
2022-02-09 23:19:06 | February 2022 Patch Tuesday: Windows Kernel Zero-Day and Servicing Stack Updates (lien direct) | Microsoft has released 48 security patches for its February Patch Tuesday rollout. None are considered Critical or known to have been actively exploited. CVE-2022-21989, a publicly known zero-day vulnerability in the Windows Kernel, should be closely monitored as the situation continues to unfold. Separate from the patches offered this month, Microsoft has strongly suggested an […] | Vulnerability | ||
|
2022-02-08 15:11:04 | (Déjà vu) A More Modern Approach to Logging in Go (lien direct) | The Go ecosystem has long relied on the use of third-party libraries for logging. Logrus, one of the first leveled, structured logging libraries, is now maintenance-only and its developers recommend migrating to other libraries. At CrowdStrike, we relied heavily on Logrus and recently underwent an overhaul to implement a more modern approach to logging. In […] | |||
|
2022-02-07 07:49:54 | Falcon XDR: Delivered at the Speed and Scale of the CrowdStrike Security Cloud (lien direct) | We are thrilled to announce the general availability of CrowdStrike’s newest innovation: Falcon XDR. Founded on our pioneering endpoint detection and response (EDR) technology and the power of the CrowdStrike Security Cloud, Falcon XDR delivers the next generation of unified, full-spectrum extended detection and response (XDR) so security teams can stop breaches faster. Tackle Key […] | |||
|
2022-02-04 15:55:47 | How to Protect Cloud Workloads from Zero-day Vulnerabilities (lien direct) | Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if theyâre able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with Log4Shell, this […] | Vulnerability Patching | ||
|
2022-02-03 19:11:04 | A More Modern Approach to Logging in Golang (lien direct) | The Golang ecosystem has long relied on the use of third-party libraries for logging. Logrus, one of the first leveled, structured logging libraries, is now maintenance-only and its developers recommend migrating to other libraries. At CrowdStrike, we relied heavily on Logrus and recently underwent an overhaul to implement a more modern approach to logging. In […] | |||
|
2022-02-01 22:37:35 | Hunting pwnkit Local Privilege Escalation in Linux (CVE-2021-4034) (lien direct) | In November 2021, a vulnerability was discovered in a ubiquitous Linux module named Polkit. Developed by Red Hat, Polkit facilitates the communication between privileged and unprivileged processes on Linux endpoints. Due to a flaw in a component of Polkit â pkexec â a local privilege escalation vulnerability exists that, when exploited, will allow a standard […] | Vulnerability | ||
|
2022-01-31 23:11:00 | CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit (lien direct) | On Jan. 18, 2022, researchers found a heap base buffer overflow flaw (CVE-2022-0185) in the Linux kernel (5.1-rc1+) function âlegacy_parse_paramâ of filesystem context functionality, which allows an out-of-bounds write in kernel memory. Using this primitive, an unprivileged attacker can escalate its privilege to root, bypassing any Linux namespace restrictions. CVE-2022-0185 Needs CAP_SYS_ADMIN This flaw is […] | Uber | ||
|
2022-01-31 10:38:21 | CrowdStrike Falcon Proactively Protects Against Wiper Malware as CISA Warns U.S. Companies of Potential Attacks (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) warns of potential critical threats similar to recent cyberthreats targeting Ukraine U.S. companies are advised to implement cybersecurity measures to maximize resilience The CrowdStrike Falcon® platform provides continuous protection against wiper-style threats and real-time visibility across workloads CISA recently advised U.S. business leaders to protect their companies from […] | Malware Guideline | ||
|
2022-01-28 16:31:59 | Lessons Learned From Successive Use of Offensive Cyber Operations Against Ukraine and What May Be Next (lien direct) | Disruptive and destructive cyber operations have been levied against elements of Ukrainian society by adversaries attributed to the Russian government â or groups highly likely to be controlled by them â since at least 2014. These operations have impacted several sectors, including energy, transportation and state finance, and have attempted to influence political processes and […] | |||
|
2022-01-28 13:45:24 | Engineering Manager Jenn Wong on Leading with Empathy and Fearlessness (lien direct) | The year 2021 was a big one for Jenn Wong: It marked the first full year she was in a new role, at a new company, in a new industry. Not only that, it was her first official management role too. After years of working as an engineer, Jenn decided it was time to lean […] | |||
|
2022-01-27 10:47:02 | Data Protection Day 2022: To Protect Privacy, Remember Security (lien direct) | Todayâs privacy and security conversations often happen in silos, but key privacy principles from decades ago remind us that they are intertwined, especially in the face of todayâs risks. January 28, 2022, marks 15 years since the first Data Protection Day was proclaimed in Europe and 13 years since Data Privacy Day was first recognized […] | |||
|
2022-01-27 10:23:54 | Programs Hacking Programs: How to Extract Memory Information to Spot Linux Malware (lien direct) | Threat actors go to great lengths to hide the intentions of the malware they produce This blog demonstrates reliable methods for extracting information from popular Linux shells Extracted memory information can help categorize unknown software as malicious or benign and could reveal information to help incident responders Some malware is only ever resident in memory, […] | Malware Threat | ||
|
2022-01-27 09:00:26 | New Docker Cryptojacking Attempts Detected Over 2021 End-of-Year Holidays (lien direct) | Cryptocurrency mining has become very popular among malicious actors that aim to profit by exploiting cloud attack surfaces. Exposed Docker APIs have become a common target for cryptominers to mine various cryptocurrencies. According to the Google Threat Horizon report published Nov. 29, 2021, 86% of compromised Google Cloud instances were used to perform cryptocurrency mining. […] | Threat | ||
|
2022-01-27 08:00:06 | Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign (lien direct) | StellarParticle is a campaign tracked by CrowdStrike as related to the SUNSPOT implant from the SolarWinds intrusion in December 2020 and associated with COZY BEAR (aka APT29, “The Dukes”). The StellarParticle campaign has continued against multiple organizations, with COZY BEAR using novel tools and techniques to complete their objectives, as identified by CrowdStrike incident responders […] | Solardwinds Solardwinds APT 29 APT 29 | ||
|
2022-01-26 21:51:03 | BERT Embeddings: A New Approach for Command Line Anomaly Detection (lien direct) | Suspicious command lines differ from common ones in how the executable path looks and the unusual arguments passed to them Bidirectional Encoder Representations from Transformers (BERT) embeddings can successfully be used for feature extraction for command lines Outlier detectors on top of BERT embeddings can detect anomalous command lines without the need for data labeling […] | |||
|
2022-01-21 09:43:02 | Better Together: The Power of Managed Cybersecurity Services in the Face of Pressing Global Security Challenges (lien direct) | The results from the 2021 Global Security Attitude Survey paint a bleak picture of how organizations globally are feeling about the cybersecurity landscape before them. Organizations are grappling with shortages of cybersecurity skills and a lack of capability to detect and contain intrusions in a timely way. This comes against a backdrop of persistent ransomware […] | Ransomware | ||
|
2022-01-20 08:41:12 | Mind the MPLog: Leveraging Microsoft Protection Logging for Forensic Investigations (lien direct) | In an incident response investigation, CrowdStrike analysts use multiple data points to parse the facts of who, what, when and how. As part of that fact-finding mission, analysts investigating Windows systems leverage the Microsoft Protection Log (MPLog), a forensic artifact on Windows operating systems that offers a wealth of data to support forensic investigations. MPLog […] | |||
|
2022-01-20 07:01:28 | CrowdStrike Powers MXDR by Deloitte, Offering Customers Risk Mitigation with Powerful Customized and Managed Security Services (lien direct) | Deloitte, a leader in managed security services, has launched MXDR by Deloitte â a Managed Extended Detection and Response suite of offerings â within which the CrowdStrike Falcon® platform will power a number of solutions. MXDR by Deloitte combines an integrated, composable and modular managed detection and response SaaS platform with managed security services in […] | Guideline | Deloitte Deloitte | |
|
2022-01-19 17:37:01 | Technical Analysis of the WhisperGate Malicious Bootloader (lien direct) | On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by the same adversary, including a malicious bootloader that corrupts detected local disks, a Discord-based downloader and a file wiper. The activity occurred at approximately […] | Malware | ||
|
2022-01-14 12:37:11 | January 2022 Patch Tuesday: Multiple Critical Vulnerabilities and Microsoft Exchange Remote Code Execution (lien direct) | Kicking off the first Patch Tuesday of 2022, CrowdStrike continues to provide research and analysis regarding critically rated vulnerabilities and the subsequent patches offered by Microsoft. In this monthâs updates we see the lionâs share of updates directed at Microsoftâs Windows and Extended Security Update (ESU) products, while other patches target lesser-known components of Microsoftâs […] | |||
|
2022-01-13 12:04:18 | Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent (lien direct) | Malware targeting Linux systems increased by 35% in 2021 compared to 2020 XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021 Ten times more Mozi malware samples were observed in 2021 compared to 2020 Malware targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) […] | Malware | ||
|
2022-01-13 07:08:32 | Zero Trust Integrations Are Expanding in the CrowdStrike Partner Ecosystem (lien direct) | Organizations need to stay ahead of the ever-evolving security landscape. Itâs no secret that Zero Trust security is crucial for successful endpoint protection. Due to the rapid transition to a remote workforce and shift from the traditional data center into dynamic cloud infrastructure weâve witnessed in the last year, more and more companies are finding […] | |||
|
2022-01-11 08:08:34 | TellYouThePass Ransomware Analysis Reveals a Modern Reinterpretation Using Golang (lien direct) | TellYouThePass ransomware, discovered in 2019, recently re-emerged compiled using Golang Golangâs popularity among malware developers makes cross-platform development more accessible TellYouThePass ransomware was recently associated with Log4Shell post-exploitation, targeting Windows and Linux The CrowdStrike Falcon® platform protects customers from Golang-written TellYouThePass ransomware using the power of machine learning and behavior-based detection The TellYouThePass ransomware family […] | Ransomware Malware | ||
|
2022-01-11 06:16:40 | noPac Exploit: Latest Microsoft AD Flaw May Lead to Total Domain Compromise in Seconds (lien direct) | What Happened? Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as ânoPacâ) was […] | Guideline | ||
|
2022-01-10 22:02:40 | CrowdStrike Services Offers Incident Response Tracker for the DFIR Community (lien direct) | The CrowdStrike Incident Response Tracker is a convenient spreadsheet that includes sections to document indicators of compromise, affected accounts, compromised systems and a timeline of significant events CrowdStrike incident response teams have leveraged this type of tracker in thousands of investigations Access the CrowdStrike Incident Response Tracker template here During a recent client engagement for […] | |||
|
2022-01-07 08:22:43 | Why You Need an Adversary-focused Approach to Stop Cloud Breaches (lien direct) | It should come as little surprise that when enterprise and IT leaders turned their attention to the cloud, so did attackers. Unfortunately, the security capabilities of enterprises have not always kept up with the threat landscape. Poor visibility, management challenges and misconfigurations combine with other security and compliance issues to make protecting cloud environments a […] | Threat Guideline | ||
|
2021-12-29 07:23:08 | OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt (lien direct) | Following the Dec. 9, 2021, announcement of the Log4j vulnerability, CVE 2021-44228, CrowdStrike Falcon OverWatch™ has provided customers with unrivaled protection and 24/7/365 vigilance in the face of heightened uncertainty. To OverWatch, Log4Shell is simply the latest vulnerability to exploit â a new access vector among a sea of many others. Adversarial behavior post-exploitation remains […] | Vulnerability | ||
|
2021-12-28 20:55:28 | CrowdStrike Changes Designation of Principal Executive Office to Austin, Texas (lien direct) | Since we founded CrowdStrike, weâve paved the way as one of the most prominent remote-first companies. Weâve planted roots in communities around the world â from Sunnyvale to London and from Pune to Tokyo. This not only gave us a running start at reimagining the workplace for todayâs remote-first world, it also meant that we […] | |||
|
2021-12-28 09:08:14 | CrowdStrike Strengthens Exploit Protection Using Intel CPU Telemetry (lien direct) | Falcon adds a new feature that uses Intel hardware capabilities to detect complex attack techniques that are notoriously hard to detect. CrowdStrikeâs new Hardware Enhanced Exploit Detection feature delivers memory safety protections for a large number of customers on older PCs that lack modern in-built protections. Once activated, the new feature detects exploits by analyzing […] | |||
|
2021-12-23 16:09:39 | Baselining and Hunting Log4Shell with the CrowdStrike Falcon Platform (lien direct) | Note: This post first appeared in r/CrowdStrike. First and foremost: if youâre reading this post, I hope youâre doing well and have been able to achieve some semblance of balance between life and work. It has been, I think we can all agree, a wild December in cybersecurity (again). At this time, itâs very likely […] | |||
|
2021-12-22 18:36:36 | Monitoring File Changes with Falcon FileVantage (lien direct) | Introduction Due to compliance regulations, many organizations have a need to monitor key assets for changes made to certain files, folders or registry settings. File Integrity Monitoring (FIM) can be a daunting deployment that requires yet another solution in the security stack. As a cloud delivered platform, CrowdStrike leverages a single light-weight agent to address […] | |||
|
2021-12-22 15:26:35 | How to Speed Investigations with Falcon Forensics (lien direct) | Introduction Threat hunters and incident responders are under tremendous time pressure to investigate breaches and incidents. While they are collecting and sorting massive quantities of forensic data, fast response is critical to help limit any damage inflected by the adversary. This article and video will provide an overview of Falcon Forensics, and how it streamlines […] | Threat | ||
|
2021-12-22 12:28:37 | CrowdStrike Launches Free Targeted Log4j Search Tool (lien direct) | The recently discovered Log4j vulnerability has serious potential to expose organizations across the globe to a new wave of cybersecurity risks as threat actors look to exploit this latest vulnerability to execute their malicious payloads using remote code execution (RCE). An immediate challenge that every organization faces is simply trying to understand exactly where you […] | Tool Vulnerability Threat | ||
|
2021-12-21 20:12:46 | CrowdStrike Services Launches Log4j Quick Reference Guide (QRG) (lien direct) | The Log4j vulnerability burst onto the scene just a few weeks ago, but to many defenders it already feels like a lifetime. It has rapidly become one of the top concerns for security teams in 2021, and seems set to remain so for the foreseeable future. The critical details of this threat evolve almost daily, […] | Vulnerability Threat | ||
|
2021-12-21 08:26:38 | What Is Data Logging? (lien direct) | This blog was originally published on humio.com. Humio is a CrowdStrike Company. Data logging is the process of capturing, storing and displaying one or more datasets to analyze activity, identify trends and help predict future events. Data logging can be completed manually, though most processes are automated through intelligent applications like artificial intelligence (AI), machine learning […] |
To see everything:
Our RSS (filtrered)
