Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-05-10 12:17:59 |
Humio Sets the Standard for Data Ingestion with Scalability Benchmark Streaming over One Petabyte of Data per Day (lien direct) |
This blog was originally published March 8, 2022 on humio.com. Humio is a CrowdStrike Company. Humio is excited to achieve another milestone in data ingestion by reaching a benchmark of over one petabyte of data ingestion per day. The Humio engineering team completed a one petabyte benchmark on only 45 nodes with 96 cores each, running […] |
|
|
★★
|
|
2022-05-06 06:43:27 |
macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis (lien direct) |
Ransomware (43% of analyzed threat data), backdoors (35%) and trojans (17%) were the most popular macOS malware categories spotted by CrowdStrike researchers in 2021 OSX.EvilQuest (ransomware), OSX.FlashBack (backdoor) and OSX.Lador (trojan) were the most prevalent threats in their respective categories To strengthen customer protection, CrowdStrike researchers continuously build better automated detection capabilities by analyzing and […] |
Ransomware
Malware
Threat
|
|
★★★
|
|
2022-05-05 11:48:27 |
Start Logging Everything: Humio Community Edition Series (lien direct) |
This blog was originally published January 24, 2022 on humio.com. Humio is a CrowdStrike Company. In this blog, weâll show you, step by step, how to download stock data and then upload it to Humio. You can then search that data and build a dashboard for fast insights. Subsequent blog posts will expand on this […] |
|
|
|
|
2022-05-05 11:22:42 |
How Senior Manager for Learning and Talent Lowell Doringo Helps CrowdStrikers Excel (lien direct) |
CrowdStrike employees may be at the very forefront of their respective fields, but it takes a culture of constant learning and development to maintain their edge. Here to talk about how he helps develop programs to build and enhance skills of all types is CrowdStrike Senior Manager for Learning and Talent Lowell Doringo. Q. Tell […] |
|
|
|
|
2022-05-05 06:45:56 |
How Falcon OverWatch Spots Destructive Threats in MITRE Adversary Emulation (lien direct) |
In the recent ââMITRE Engenuity ATT&CK Enterprise Evaluation, CrowdStrike demonstrated the power of its unified platform approach to stopping breaches. Facing attack emulations from the highly sophisticated WIZARD SPIDER and VOODOO BEAR (Sandworm Team) adversaries, the CrowdStrike Falcon® platform: Achieved 100% automated prevention across all of the MITRE Engenuity ATT&CK Enterprise Evaluation steps. Demonstrated powerful […] |
|
|
|
|
2022-05-04 05:45:48 |
Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack (lien direct) |
Container and cloud-based resources are being abused to deploy disruptive tools. The use of compromised infrastructure has far-reaching consequences for organizations who may unwittingly be participating in hostile activity against Russian government, military and civilian targets. Docker Engine honeypots were compromised to execute two different Docker images targeting Russian, Belarusian and Lithuanian websites in a […] |
|
|
|
|
2022-05-03 19:57:44 |
VP of Humio Marketing Cinthia Portugal on the Role of Marketing in Achieving the CrowdStrike Mission (lien direct) |
At CrowdStrike, we often say that every team and every person plays a role in helping our company achieve our mission to stop breaches. VP of Humio Marketing Cinthia Portugal is no exception. In this latest installment in our 5 Questions series, Cinthia sits down to talk about her leadership role and how her team […] |
Guideline
|
|
|
|
2022-05-03 08:37:30 |
CVE-2022-23648: Kubernetes Container Escape Using Containerd CRI Plugin and Mitigation (lien direct) |
CVE-2022-23648, reported by Googleâs Project Zero in November 2021, is a Kubernetes runtime vulnerability found in Containerd, a popular Kubernetes runtime. It lies in Containerdâs CRI plugin that handles OCI image specs containing âVolumes.â The attacker can add Volume containing path traversal to the image and use it to copy arbitrary files from the host […] |
Vulnerability
|
Uber
|
|
|
2022-04-28 08:12:34 |
Falcon Fusion Accelerates Orchestrated and Automated Response Time (lien direct) |
CrowdStrike Falcon Fusion automates and accelerates incident response by orchestrating sandbox detonations to automatically analyze related malware samples and enrich the results with industry-leading threat insights Falcon Fusion enables analysts to build real-time active response and notification capabilities with customized triggers based on detection and incident disposition The CrowdStrike Falcon® platform leverages critical context, visibility […] |
Malware
Threat
Guideline
|
|
|
|
2022-04-27 06:30:19 |
CrowdStrike Delivers Adversary-Focused, Platform Approach to CNAPP and Cloud Security (lien direct) |
CrowdStrike Falcon® delivers comprehensive cloud security, combining agent-based and agentless protection in a single, unified platform experience Integrated threat intelligence delivers a powerful, adversary-focused approach to stopping cloud breaches Cloud-based services have revolutionized business processes and emerged as the backbone of the modern enterprise. According to analyst firm Gartner®, âmore than 85% of organizations will […] |
Threat
|
|
|
|
2022-04-22 12:37:02 |
UX Writer Michelle Handelman on Giving Customers the Information They Need to Succeed (lien direct) |
When you get an error message on a website or app, do you wonder where it comes from? In most cases, a person writes every bit of copy in apps, websites, notifications, alerts and more. At CrowdStrike, that person may be UX Writer Michelle Handelman. Here we sit down with Michelle to discuss her role, […] |
|
|
|
|
2022-04-22 08:30:52 |
Navigating the Five Stages of Grief During a Breach (lien direct) |
Every security professional dreads âThe Phone Call.â The one at 2 a.m. where the tired voice of a security analyst on the other end of the line shares information that is soon drowned out by your heart thumping in your ears. Your mind races. There are so many things to do, so many people to […] |
|
|
|
|
2022-04-21 08:23:55 |
LemonDuck Targets Docker for Cryptomining Operations (lien direct) |
LemonDuck, a well-known cryptomining botnet, is targeting Docker to mine cryptocurrency on Linux systems. This campaign is currently active. It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses. It evades detection by targeting Alibaba Cloudâs monitoring service and disabling it. CrowdStrike customers are protected from this threat […] |
Threat
|
|
|
|
2022-04-20 12:42:51 |
CrowdStrike Falcon Spotlight Fuses Endpoint Data with CISA\'s Known Exploited Vulnerabilities Catalog (lien direct) |
In this blog you will: Learn how to leverage the CrowdStrike Falcon Spotlight™ integrated threat and vulnerability management module to fuse your endpoint telemetry with CISA’s Known Exploited Vulnerabilities Catalog Learn how to use the CrowdStrike Falcon® console to further investigate and take action The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency […] |
Vulnerability
Threat
|
|
|
|
2022-04-19 12:33:33 |
Security Doesnât Stop at the First Alert: Falcon X Threat Intelligence Offers New Context in MITRE ATT&CK Evaluation (lien direct) |
The CrowdStrike Falcon® platform delivers 100% prevention across all nine steps in the MITRE Engenuity ATT&CK® Enterprise Evaluation CrowdStrike extends endpoint and workload protection by fully integrating threat intelligence into the Falcon platform â CrowdStrike Falcon X™ enables CrowdStrike users to pivot seamlessly from detections to the latest intelligence on todayâs adversaries, including their motivation […] |
Threat
|
|
|
|
2022-04-15 13:32:04 |
Engineer Rotem Bar On on Solving Big Challenges with Autonomy in Cybersecurity (lien direct) |
Our latest installment of 5 Questions takes us to Tel Aviv, where we sit down with Rotem Bar On to discuss his role on the cloud infrastructure team, what he loves about his job and how he is helping CrowdStrike build a scalable, future-proof system. Q. What is your role and what drew you to […] |
|
|
|
|
2022-04-13 12:36:07 |
XDR: A New Vision for InfoSecâs Ongoing Problems (lien direct) |
Let’s face it. The information security industry loves a new acronym. For industry long-timers, a new acronym might be just the latest reason for an eye roll. For folks new to the field, it can be very confusing. A constructive way to look at XDR â extended detection and response â is as an opportunity […] |
|
|
|
|
2022-04-08 16:06:10 |
How Human Intelligence Is Supercharging CrowdStrike\'s Artificial Intelligence (lien direct) |
The CrowdStrike Security Cloud processes over a trillion events from endpoint sensors per day, but human professionals play a vital role in providing structure and ground truth for artificial intelligence (AI) to be effective. Without human professionals, AI is useless. There is a new trope in the security industry, and it goes something like this: […] |
|
|
|
|
2022-04-08 13:21:44 |
CrowdStrikeâs First Employee and Pride ERG Executive Sponsor Hyacinth Diehl on International Transgender Day of Visibility (lien direct) |
When Hyacinth Diehl (pronouns: he/they/she – mix it up!) joined CrowdStrike as the first employee in 2011, identity was top of mind. For one thing, they selected the title Tool-Using Mammal after learning from past experience that having a title like Chief Architect or Senior Engineer could be limiting. âPeople will put you in a […] |
|
|
|
|
2022-04-07 20:16:40 |
How to Create Custom Cloud Security Posture Policies (lien direct) |
Introduction Falcon Horizon, CrowdStrikeâs Cloud Security Posture Management solution, uses configuration and behavioral policies to monitor public cloud deployments, proactively identify issues and resolve potential security problems. However, customers are not limited to predefined policies. This article will review the different options for creating custom cloud security posture management policies in Falcon Horizon. Video ï"¿ […] |
|
|
|
|
2022-04-07 09:12:13 |
Falcon Platform Identity Protection Shuts Down MITRE ATT&CK Adversaries (lien direct) |
âWe were asked to disable identity protection capabilities to let the testing proceed â and still achieved 100% prevention.â The weeks following the release of the MITRE Engenuity ATT&CK Evaluation can be confusing when trying to interpret the results and cut through the noise. But one thing is crystal clear in this yearâs evaluation that […] |
|
|
|
|
2022-04-06 08:47:07 |
CrowdStrike âDominatesâ in Endpoint Detection and Response (lien direct) |
âCrowdStrike dominates in EDR while building its future in XDR and Zero Trust.â â The Forrester Wave™: Endpoint Detection and Response Providers, Q2 2022 We are excited that Forrester has named CrowdStrike a âLeaderâ in The Forrester Wave™: Endpoint Detection and Response (EDR) Providers, Q2 2022 and recognized us as dominating in EDR while building […] |
Guideline
|
|
|
|
2022-04-04 21:12:29 |
Runtime Protection: The Secret Weapon for Stopping Breaches in the Cloud (lien direct) |
Mistakes are easy to make, but in the world of cloud computing, they arenât always easy to find and remediate without help. Cloud misconfigurations are frequently cited as the most common causes of breaches in the cloud. According to a 2021 survey from VMware and the Cloud Security Alliance, one in six surveyed companies experienced […] |
|
|
|
|
2022-04-01 13:00:29 |
BERT Embeddings: A Modern Machine-learning Approach for Detecting Malware from Command Lines (Part 2 of 2) (lien direct) |
A novel methodology, BERT embedding, enables large-scale machine learning model training for detecting malware It reduces dependency on human threat analyst involvement in training machine learning models Bidirectional Encoder Representation from Transformers (BERT) embeddings enable performant results in model training CrowdStrike researchers constantly explore novel approaches to improve the automated detection and protection capabilities of […] |
Malware
Threat
|
|
|
|
2022-03-31 15:41:48 |
CrowdStrike Achieves 100% Prevention in Recent MITRE Engenuity ATT&CK Evaluation Emulating Russia-based Threat Groups (lien direct) |
âWe were asked to disable identity protection capabilities to let the testing proceed â and still achieved 100% prevention.â The CrowdStrike Falcon® platform delivers 100% prevention across all nine steps in the MITRE Engenuity ATT&CK® Enterprise Evaluation The Falcon platform delivers comprehensive visibility and actionable alerts, scoring visibility on 96% of substeps in the ATT&CK […] |
Threat
|
|
|
|
2022-03-31 08:54:15 |
Celebrating Transgender Day of Visibility as an Out and Proud Trans Man. (lien direct) |
Transgender Day of Visibility is a day dedicated to recognizing the resilience and accomplishments of the transgender community. This day means showing up and being visible, especially for those who cannot. I am an out and proud Trans man, and I am visible because I know many cannot for fear of their physical security, work […] |
|
|
|
|
2022-03-31 08:43:09 |
Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365 (lien direct) |
Multiple investigations and testing by the CrowdStrike Services team identified inconsistencies in Azure AD sign-in logs that incorrectly showed successful logins via Internet Mail Access Protocol (IMAP) despite it being blocked. Investigators rely on these logs to determine threat actor activity in investigations that often involve legal and regulatory consequences for organizations. This blog includes […] |
Threat
|
|
|
|
2022-03-30 08:00:45 |
Who is EMBER BEAR? (lien direct) |
4/4/22 Editorâs note: The hearing described below has been rescheduled for 10 a.m. EST on Tuesday, April 5. On Wednesday, March 30, 2022, Adam Meyers, CrowdStrike Senior Vice President of Intelligence, will testify in front of CHS (House Committee on Homeland Security) on Russian cyber threats to critical infrastructure. Within his testimony, Adam will speak […] |
|
|
|
|
2022-03-29 13:41:43 |
Maintaining Security Consistency from Endpoint to Workload and Everywhere in Between (lien direct) |
In todayâs fast-paced world, mobility, connectivity and data access are essential. As organizations grow and add more workloads, containers, distributed endpoints and different security solutions to protect them, security can quickly become complex. Modern attacks and adversary tradecraft target vulnerable areas to achieve their objectives. Threats can originate at the endpoint to attack the cloud, […] |
|
|
|
|
2022-03-28 08:25:31 |
CrowdStrike Named a Leader in The Forrester Wave™: Cybersecurity Incident Response Services, Q1 2022 (lien direct) |
CrowdStrike has been recognized as a Leader in the Forrester Wave™ for Cybersecurity Incident Response Services. When it comes to incident response (IR), time is of the essence. The longer it takes to detect threat activity, investigate an incident and remediate systems across highly distributed environments, the deeper into the threat lifecycle the adversary gets. […] |
Threat
Guideline
|
|
|
|
2022-03-23 09:10:03 |
Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack (lien direct) |
In an effort to stay ahead of improvements in automated detections and preventions, adversary groups continually look to new tactics, techniques and procedures (TTPs), and new tooling to progress their mission objectives. One group â known as BlackCat/ALPHV â has taken the sophisticated approach of developing their tooling from the ground up, using newer, more […] |
Threat
|
|
|
|
2022-03-23 09:05:00 |
CrowdStrike Named a Strong Performer in 2022 Forrester Wave for Cloud Workload Security (lien direct) |
âIn its current CWS offering, the vendor has great CSPM capabilities for Azure, including detecting overprivileged admins and enforcing storage least privilege and encryption, virtual machine, and network policy controls.â â The Forrester Wave™:Â Cloud Workload Security, Q1 2022Â Â CrowdStrike is excited to announce we have been named a âStrong Performerâ in The Forrester Wave:™ […] |
|
|
|
|
2022-03-21 08:39:23 |
Your Current Endpoint Security May Be Leaving You with Blind Spots (lien direct) |
Threat actors are continuously honing their skills to find new ways to penetrate networks, disrupt business-critical systems and steal confidential data. In the early days of the internet, adversaries used file-based malware to carry out attacks, and it was relatively easy to stop them with signature-based defenses. Modern threat actors have a much wider variety […] |
Malware
Threat
|
|
|
|
2022-03-17 05:15:09 |
CrowdStrike and Cloudflare Expand Zero Trust from Devices and Identities to Applications (lien direct) |
Threat actors continue to exploit users, devices and applications, especially as more of them exist outside of the traditional corporate perimeter. With employees consistently working remotely, adversaries are taking advantage of distributed workforces and the poor visibility and control that legacy security tools provide. Traditional tools that connect employees to corporate applications like VPNs and […] |
Threat
|
|
★★★★
|
|
2022-03-15 13:30:18 |
Meet the Channel Chief: Michael Rogers Shares How CrowdStrike Is Driving Growth for Partners (lien direct) |
CrowdStrike last week announced Michael Rogers was promoted to vice president of global business development, channel and alliances. His appointment comes after years of driving growth in CrowdStrikeâs channel program and a career built working with partners across the security industry. Rogers takes on this role after a tremendous year for CrowdStrikeâs partner ecosystem: For […] |
|
|
|
|
2022-03-15 12:19:11 |
(Déjà vu) cr8escape: New Vulnerability in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811) (lien direct) |
CrowdStrike cloud security researchers discovered a new vulnerability (dubbed âcr8escapeâ and tracked as CVE-2022-0811) in the Kubernetes container engine CRI-O. CrowdStrike disclosed the vulnerability to Kubernetes, which worked with CRI-O to issue a patch that was released today. It is recommended that CRI-O users patch immediately. CrowdStrike customers are protected from this threat by the […] |
Vulnerability
Threat
|
Uber
|
|
|
2022-03-15 12:19:11 |
cr8escape: Zero-day in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811) (lien direct) |
CrowdStrike cloud security researchers discovered a zero-day vulnerability (dubbed âcr8escapeâ and tracked as CVE-2022-0811) in the Kubernetes container engine CRI-O. CrowdStrike disclosed the vulnerability to Kubernetes, which worked with CRI-O to issue a patch that was released today. It is recommended that CRI-O users patch immediately. CrowdStrike customers are protected from this threat by the […] |
Vulnerability
Threat
|
Uber
|
|
|
2022-03-14 20:40:03 |
Falcon OverWatch Threat Hunting Uncovers Ongoing NIGHT SPIDER Zloader Campaign (lien direct) |
Over recent months, the CrowdStrike Falcon OverWatch™ team has tracked an ongoing, widespread intrusion campaign leveraging bundled .msi installers to trick victims into downloading malicious payloads alongside legitimate software. These payloads and scripts were used to perform reconnaissance and ultimately download and execute NIGHT SPIDER’s Zloader trojan, as detailed in CrowdStrike Falcon X™ Premium reporting. […] |
Threat
|
|
|
|
2022-03-11 17:26:58 |
Empower Your SOC with New Applications in the CrowdStrike Store (lien direct) |
With chaos seemingly surrounding us in security, it can be hard to cut through the noise. How do you detect and prioritize evolving threats and what tools should you use to address them? With new attacks and vulnerabilities on the rise, combined with ineffective security tools and the industryâs ongoing skill shortage, security operations center […] |
|
|
|
|
2022-03-10 20:58:14 |
Buying IAM and Identity Security from the Same Vendor? Think Again. (lien direct) |
With the growing risk of identity-driven breaches, as seen in recent ransomware and supply chain attacks, businesses are starting to appreciate the need for identity security. As they assess how best to strengthen identity protection, there is often an urge to settle for security features or modules included in enterprise bundles from the same vendor […] |
Ransomware
|
|
|
|
2022-03-09 20:25:53 |
March 2022 Patch Tuesday: Critical Microsoft Exchange Bug and Three Zero-day Vulnerabilities (lien direct) |
Microsoft has released 71 security patches for its March Patch Tuesday rollout. Of the 71 CVEs addressed, three are ranked as Important zero-days. This month the quantity of patches for Critical vulnerabilities remains low; however, the total number of updates is nearly double what was offered in February 2022. As vulnerabilities and patches continue to […] |
|
|
|
|
2022-03-09 19:37:29 |
Five Steps to Kick-start Your Move to XDR (lien direct) |
Alert overload is practically a given for security teams today. Analysts are inundated with new detections and events to triage, all spread across a growing set of disparate, disconnected security tools. In fact, theyâve burgeoned to such an extent that the average enterprise now has 45 cybersecurity-related tools deployed across its environment. As attacks grow […] |
|
|
|
|
2022-03-09 13:28:53 |
CrowdStrike and Cloud Security Alliance Collaborate to Enable Pervasive Zero Trust (lien direct) |
The security problems that plague organizations today actually havenât changed much in 30 years. Weak and shared passwords, misconfigurations and vulnerabilities are problems that have tormented the industry for years and persist to this day. Whatâs changed is the speed and sophistication at which todayâs adversary can weaponize these weaknesses. Thereâs a misperception that stopping […] |
|
|
|
|
2022-03-07 17:30:49 |
PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell (lien direct) |
At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 â a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller â to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the […] |
Vulnerability
|
|
|
|
2022-03-07 09:55:04 |
The Easy Solution for Stopping Modern Attacks (lien direct) |
Modern cyberattacks are multifaceted, leveraging different tools and techniques and targeting multiple entry points. As noted in the CrowdStrike 2022 Global Threat Report, 62% of modern attacks do not use traditional malware and 80% of attacks use identity-based techniques, meaning that attacks target not only endpoints, but also cloud and identity layers with techniques that […] |
Malware
Threat
|
|
|
|
2022-03-03 16:06:41 |
CrowdStrike Falcon Enhances Fileless Attack Detection with Accelerated Memory Scanning Feature (lien direct) |
CrowdStrike introduces memory scanning into the CrowdStrike Falcon® sensor for Windows to enhance existing visibility and detection of fileless threats The Falcon sensor integrates Intel threat detection technology to perform accelerated memory scanning for malicious byte patterns Memory scanning is optimized for performance on Intel CPUs, including high-performance operation, by offloading the operation to an […] |
Threat
|
|
|
|
2022-03-02 19:55:14 |
How a Strong Identity Protection Strategy Can Accelerate Your Cyber Insurance Initiatives (lien direct) |
The growth in frequency and severity of cyberattacks has caused organizations to rethink their security strategies. Major recent security threats, such as high-profile ransomware attacks and the Log4Shell vulnerabilities disclosed in 2021, have led to a greater focus on identity protection as adversaries rely on valid credentials to move laterally across target networks. Cyber insurers […] |
Ransomware
|
|
|
|
2022-03-02 12:40:17 |
Reinventing Managed Detection and Response (MDR) with Identity Threat Protection (lien direct) |
The modern threat landscape continues to evolve with an increase in attacks leveraging compromised credentials. An attacker with compromised credentials too frequently has free reign to move about an organization and carefully plan their attack before they strike. This week Falcon Complete™, CrowdStrikeâs leading managed detection and response (MDR) service, announced a new managed service […] |
Threat
Guideline
|
|
★★★★
|
|
2022-03-01 20:57:13 |
Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities (lien direct) |
Summary On Feb. 23, 2022, destructive attacks were conducted against Ukrainian entities. Industry reporting has claimed the Go-based ransomware dubbed PartyTicket (or HermeticRansom) was identified at several organizations affected by the attack,1 among other families including a sophisticated wiper CrowdStrike Intelligence tracks as DriveSlayer (HermeticWiper). Analysis of the PartyTicket ransomware indicates it superficially encrypts files […] |
Ransomware
|
|
|
|
2022-02-25 21:45:10 |
CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks (lien direct) |
On Feb. 23, 2022, a new wiper malware was reported targeting Ukraine systems The wiper destroys files on infected Windows devices by corrupting specific elements of connected hard drives CrowdStrike Intelligence refers to this destructive malware as DriveSlayer DriveSlayer is the second recent destructive malware targeting Ukraine, following WhisperGate The CrowdStrike Falcon® platform provides continuous […] |
Malware
|
|
|