What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-19 14:43:04 | CrowdStrike\'s Adversary Universe World Tour: Coming to a City Near You! (lien direct) | And we're off! The CrowdStrike Adversary Universe® World Tour (AUWT) kicked off with a standing-room-only event in Brisbane, Australia on July 12, 2022, followed by another full house in Melbourne on July 18. We're excited to begin this tour and share insights from CrowdStrike's elite threat intelligence and security experts with customers around the world. […] | Threat | ||
|
2022-07-14 19:51:58 | July 2022 Patch Tuesday: Four Critical CVEs and a Zero-Day Bug Under Active Exploitation (lien direct) | Microsoft has released 84 security patches for its July 2022 Patch Tuesday rollout. Four vulnerabilities are rated Critical in severity and the rest are classified as Important, with one (CVE-2022-22047) under active exploitation. In this blog, the CrowdStrike Falcon Spotlight™ team offers an analysis of this month's vulnerabilities, as well as insights into the vulnerabilities […] | |||
|
2022-07-11 00:01:14 | Top Threats You Need to Know to Defend Your Cloud Environment (lien direct) | The CrowdStrike eBook, “Protectors of the Cloud: Combating the Rise in Threats to Cloud Environments,” reveals how adversaries target and infiltrate cloud environments and recommends best practices for defense. As organizations move critical applications and data to the cloud, these resources have come under increasing attack. Adversaries view cloud environments as soft targets and continue […] | Threat | ||
|
2022-07-08 21:42:25 | Callback Malware Campaigns Impersonate CrowdStrike and Other Cybersecurity Companies (lien direct) | Today CrowdStrike sent the following Tech Alert to our customers: On July 8, 2022, CrowdStrike Intelligence identified a callback phishing campaign impersonating prominent cybersecurity companies, including CrowdStrike. The phishing email implies the recipient's company has been breached and insists the victim call the included phone number. This campaign leverages similar social-engineering tactics to those employed […] | Malware | ||
|
2022-07-01 13:41:33 | How CrowdStrike\'s Machine Learning Model Automation Uses the Cloud to Maximize Detection Efficacy (lien direct) | The CrowdStrike Falcon® platform takes full advantage of the power of the CrowdStrike Security Cloud to reduce high-cost false positives and maximize detection efficacy to stop breaches CrowdStrike continuously explores novel approaches to improve machine learning automated detection and protection capabilities for Falcon customers CrowdStrike's cloud-based machine learning model automation can predict 500,000 feature vectors […] | |||
|
2022-06-30 19:46:55 | Tales from the Dark Web: How Tracking eCrime\'s Underground Economy Improves Defenses (lien direct) | Cybercriminals are constantly evolving their operations, the methods they use to breach an organization’s defenses and their tactics for monetizing their efforts. In the CrowdStrike 2022 Global Threat Report, we examined how the frequency and sophistication of ransomware attacks has grown in the past year. CrowdStrike Intelligence observed an 82% increase in ransomware-related data leaks […] | Ransomware Threat | ||
|
2022-06-29 18:52:53 | Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers (lien direct) | Adversaries often exploit legacy protocols like Windows NTLM that unfortunately remain widely deployed despite known vulnerabilities. Previous CrowdStrike blog posts have covered critical vulnerabilities in NTLM that allow remote code execution and other NTLM attacks where attackers could exploit vulnerabilities to bypass MIC (Message Integrity Code) protection, session signing and EPA (Enhanced Protection for Authentication). […] | |||
|
2022-06-29 18:35:27 | Falcon OverWatch Elite in Action: Tailored Threat Hunting Services Provide Individualized Care and Support (lien direct) | The threat presented by today's adversaries is as pervasive as it is dangerous - eCrime and state-nexus actors alike are attempting to infiltrate companies and organizations of all sizes and across all verticals. While technology is a powerful tool for performing routine or repeatable analysis, the only way to effectively hunt and contain sophisticated and […] | Tool Threat | ||
|
2022-06-28 07:28:01 | CrowdStrike Falcon Pro for Mac Achieves 100% Mac Malware Protection, Wins Fifth AV-Comparatives Approved Mac Security Product Award (lien direct) | CrowdStrike Falcon Pro for Mac achieved 100% Mac malware protection in the May 2022 AV-Comparatives Mac Security Test and Review CrowdStrike Falcon Pro for Mac has now won five consecutive Approved Mac Security Product Awards from AV-Comparatives, one of the leading third-party independent organizations testing the efficacy of endpoint security solutions in protecting against malware […] | Malware Guideline | ||
|
2022-06-23 16:26:54 | The Call Is Coming from Inside the House: CrowdStrike Identifies Novel Exploit in VOIP Appliance (lien direct) | CrowdStrike Services recently performed an investigation that identified a compromised Mitel VOIP appliance as the threat actor's entry point. The threat actor performed a novel remote code execution exploit on the Mitel appliance to gain initial access to the environment. CrowdStrike identified and reported the vulnerability to Mitel, and CVE-2022-29499 was created. The threat actor […] | Vulnerability Threat | ||
|
2022-06-23 14:44:18 | CrowdStrike Tops IDC Worldwide Corporate Endpoint Security Market Shares, 2021 (lien direct) | CrowdStrike is proud to be ranked No. 1 in the IDC Worldwide Corporate Endpoint Security Market Shares, 2021 report (doc #US48580022, May 2022). We are grateful to our customers and partners for helping us achieve this significant milestone, yet its real value goes far beyond the bottom line. Our conviction is that the only way […] | |||
|
2022-06-16 19:04:19 | Capture the Flag: CrowdStrike Intelligence Adversary Quest 2022 (lien direct) | The Adversary Quest is back! From July 11 through July 25, 2022, the CrowdStrike Intelligence Advanced Research Team invites you to go head-to-head with three unique adversaries during our second annual Adversary Quest. Last year hundreds of Adversary Quest participants battled for the coveted CrowdStrike swag that was awarded to the top 50 high scorers. […] | |||
|
2022-06-16 18:29:55 | June 2022 Patch Tuesday: Three Critical CVEs and a Fix for the Follina Vulnerability (lien direct) | Microsoft has released 55 security patches for its June 2022 Patch Tuesday rollout. Three of the 55 CVEs addressed are rated Critical severity, with CVE-2022-30136 having the highest CVSS score of 9.8. In this blog, the CrowdStrike Falcon Spotlight™ team offers an analysis of this month's vulnerabilities, as well as insights into the vulnerabilities and […] | Vulnerability | ||
|
2022-06-08 18:54:34 | Seven Key Ingredients of Incident Response to Reduce the Time and Cost of Recovery (lien direct) | When a breach occurs, time is of the essence. The decisions you make about whom to collaborate with and how to respond will determine how much impact the incident is going to have on your business operations. This blog outlines the seven key ingredients needed for successful incident response, given the spate of widespread ransomware […] | Ransomware | ★★ | |
|
2022-06-08 09:00:24 | CrowdStrike Falcon Stops Modern Identity-Based Attacks in Chrome (lien direct) | A novel technique that reduces the overhead in extracting sensitive data from Chromium browser's memory was recently found by researchers from CyberArk Labs Existing access to the targeted system is required before leveraging the technique Successful use of the technique can lead to multifactor authentication (MFA) bypass by extracting valid authentication tokens from the web […] | Guideline | ||
|
2022-06-07 08:23:37 | For the Common Good: How to Compromise a Printer in Three Simple Steps (lien direct) | In August 2021, ZDI announced Pwn2Own Austin 2021, a security contest focusing on phones, printers, NAS devices and smart speakers, among other things. The Pwn2Own contest encourages security researchers to demonstrate remote zero-day exploits against a list of specified devices. If successful, the researchers are rewarded with a cash prize, and the leveraged vulnerabilities are […] | |||
|
2022-06-06 07:45:08 | RSAC 2022: CrowdStrike Delivers Protection that Powers Productivity (lien direct) | The theme of RSA Conference 2022 succinctly captures the aftermath of the disruption we've all experienced over the last couple of years: Transform. Customers continue to transform and accelerate digital initiatives in response to the massive economic and technological shifts driven by the COVID-19 pandemic. The shift to the cloud, embrace of DevOps and broad […] | |||
|
2022-06-06 07:42:06 | RSAC 2022: CrowdStrike Innovations that Prioritize Data (lien direct) | It's been several years since we've been at the RSA Conference in person and having face-to-face interaction is invaluable - the energy here is palpable. The theme for RSAC 2022 is “transform.” It’s a fitting theme given how much has changed in the cybersecurity world in the last few years. The move to support remote […] | |||
|
2022-06-06 07:23:58 | RSAC 2022: Introducing CrowdStrike Asset Graph - the Path to Proactive Security Posture Management (lien direct) | Driven by all the new technologies being adopted and the move to the cloud, the number and types of assets an organization has to manage increased nearly fourfold over the last 10 years. As a result, organizations are at risk to adversaries, who continually conduct reconnaissance to identify, target and exploit soft targets and vulnerabilities. […] | |||
|
2022-06-03 08:16:58 | Detecting Poisoned Python Packages: CTX and PHPass (lien direct) | The software supply chain remains a weak link for an attacker to exploit and gain access to an organization. According to a report in 2021, supply chain attacks increased by 650%, and some of the attacks have received a lot of limelight, such as SUNBURST in 2020 and Dependency Confusion in 2021. On May 21, […] | Solardwinds | ||
|
2022-06-02 12:46:52 | CrowdStrike Uncovers New MacOS Browser Hijacking Campaign (lien direct) | CrowdStrike analyzed a new browser hijacking campaign that targets MacOS The purpose of the campaign is to inject ads into the user's Chrome or Safari browser The CrowdStrike Falcon® platform provides continuous protection against browser hijacking threats by offering real-time visibility across workloads The CrowdStrike Content Research team recently analyzed a MacOS targeted browser hijacking […] | Threat | ||
|
2022-06-02 12:35:10 | OverWatch Casts a Wide Net for Follina: Hunting Beyond the Proof of Concept (lien direct) | CVE-2022-30190, aka Follina, was published by @nao_sec on Twitter on May 27, 2022 - the start of Memorial Day weekend in the U.S. - highlighting once again the need for round-the-clock cybersecurity coverage. Threat hunting in particular is critical in these instances, as it provides organizations with the surge support needed to combat adversaries and […] | Threat | ||
|
2022-06-01 15:49:28 | CrowdStrike Falcon Protects Customers from Follina (CVE-2022-30190) (lien direct) | On May 27, 2022, a remote code execution vulnerability was reported affecting the Microsoft Windows Support Diagnostic Tool (MSDT) The vulnerability, which is classified as a zero-day, can be invoked via weaponized Office documents, Rich Text Format (RTF) files, XML files and HTML files At time of writing, there is no patch available from the […] | Tool Vulnerability | ||
|
2022-06-01 12:52:59 | How CrowdStrike Achieves Lightning-Fast Machine Learning Model Training with TensorFlow and Rust (lien direct) | CrowdStrike combines the power of the cloud with cutting-edge technologies such as TensorFlow and Rust to make model training hundreds of times faster than traditional approaches CrowdStrike continuously advances machine learning capabilities to set the industry standard in protecting customers from sophisticated threats and adversaries Supercharging CrowdStrike's artificial intelligence requires both human professionals and the […] | Threat | ||
|
2022-06-01 07:15:25 | CrowdStrike Falcon Identity Threat Protection Added to GovCloud-1 to Help Meet Government Mandates for Identity Security and Zero Trust (lien direct) | CrowdStrike recently announced the addition of Falcon Identity Threat Protection and Falcon Identity Threat Detection to its GovCloud-1 environment, making both available to U.S. public sector organizations that require Federal Risk and Authorization Management Program (FedRAMP) Moderate or Impact Level 4 (IL-4) authorization. This includes U.S. federal agencies, U.S. state and local governments and the […] | Threat | ||
|
2022-05-31 17:47:21 | Naming Adversaries and Why It Matters to Your Security Team (lien direct) | What is it with these funny adversary names such as FANCY BEAR, WIZARD SPIDER and DEADEYE JACKAL? You read about them in the media and see them on CrowdStrike T-shirts and referenced by MITRE in the ATT&CK framework. Why are they so important to cyber defenders? How is an adversary born? You may think you […] | APT 28 | ||
|
2022-05-27 18:44:40 | Four Takeaways as the European Union\'s General Data Protection Regulation (GDPR) Turns 4 (lien direct) | This blog was originally published on Security Senses. May 25, 2022, marked four years since the European Union's General Data Protection Regulation (GDPR) went into effect. Although the scope of the law is limited to personal data originating from activities in the European Economic Area, the ensuing requirements have had a global impact. This is […] | |||
|
2022-05-26 09:23:27 | How Defenders Can Hunt for Malicious JScript Executions: A Perspective from OverWatch Elite (lien direct) | An adversary's ability to live off the land - relying on the operating system's built-in tooling and user-installed legitimate software rather than tooling that must be brought in - may allow them to navigate through a victim organization's network relatively undetected. CrowdStrike Falcon OverWatch™ threat hunters are acutely aware of adversaries’ love of these living […] | Threat | ||
|
2022-05-26 08:03:04 | Quadrant Knowledge Solutions Names CrowdStrike a Leader in the 2022 SPARK Matrix for Digital Threat Intelligence Management (lien direct) | “CrowdStrike is capable of catering to the diverse customer needs across industry verticals, with its comprehensive capabilities, compelling customer references, comprehensive roadmap and vision, cloud-native platform, and product suite with high scalability, have received strong ratings across technology excellence and customer impact.” – Quadrant Knowledge Solutions: 2022 SPARK MatrixTM for Digital Threat Intelligence Management We […] | Threat | ||
|
2022-05-25 05:45:46 | Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun (lien direct) | The security landscape is constantly developing to provide easier ways to establish endpoint visibility across networks through the use of endpoint detection and response (EDR) utilities. However, certain challenges still remain, particularly as a result of many organizations’ need for systems running legacy or proprietary operating systems, such as Solaris. If such systems are not […] | |||
|
2022-05-20 09:02:24 | Mirai Malware Variants for Linux Double Down on Stronger Chips in Q1 2022 (lien direct) | According to CrowdStrike research, Mirai malware variants compiled for Intel-powered Linux systems double (101%) in Q1 2022 compared to Q1 2021 Mirai malware variants that targeted 32-bit x86 processors increased the most (120% in Q1 2022 vs. Q1 2021) Mirai malware is used to compromise internet-connected devices, amass them into botnets and use their collective […] | Malware | ||
|
2022-05-19 17:26:41 | CrowdStrike Cloud Security Extends to New Red Hat Enterprise Linux Versions (lien direct) | As organizations increasingly move to hybrid cloud environments to increase agility, scale and competitive advantage, adversaries are correspondingly looking to exploit these environments. According to the CrowdStrike 2022 Global Threat Report, cloud-based services are “increasingly abused by malicious actors in the course of computer network operations (CNO), a trend that is likely to continue in […] | Threat | ||
|
2022-05-16 14:53:23 | CrowdStrike Named an Overall Leader in 2022 KuppingerCole Leadership Compass for EPDR Market (lien direct) | CrowdStrike is proud to announce its recognition as an Overall Leader with the highest rating in the 2022 KuppingerCole Leadership Compass for vendors in the Endpoint Protection, Detection & Response (EPDR) market. The Overall Leadership ranking provides a combined view of ratings across Product, Innovation and Market Leadership categories. Our acknowledgement as an Overall Leader […] | Guideline | ||
|
2022-05-13 08:52:13 | Follow the Money: How eCriminals Monetize Ransomware (lien direct) | The transaction details and monetization patterns of modern eCrime reveal critical insights for organizations defending against ransomware attacks. Cybercrime has evolved over the past several years from simple “spray and pray” attacks to a sophisticated criminal ecosystem centered around highly effective monetization techniques that enable adversaries to maximize success and profitability. Monetization is the step […] | Ransomware | ||
|
2022-05-13 08:34:54 | Denise Stemen, CrowdStrike Director of Customer Crisis Strategy and Response, on Bringing Inclusivity to Life (lien direct) | If you're a CrowdStrike client or partner working with Denise Stemen, our new Director of Customer Crisis Strategy and Response, know that you're in good hands. After 22 years in the Federal Bureau of Investigation (FBI) - plus 10 years before that teaching in public schools - Denise knows how to bring calm and order […] | |||
|
2022-05-12 16:43:58 | CrowdStrike Falcon Pro for Mac Achieves Highest Score in AV-TEST MacOS Evaluation for Business Users (March 2022) (lien direct) | CrowdStrike Falcon® achieves the maximum score of 18 points in the first 2022 AV-TEST MacOS evaluation for business users AV-TEST is an independent research institute for IT security that performs quality-assuring comparison and tests for security products Falcon demonstrates excellent protection, performance and visibility against MacOS threats, with zero false alarms, using the power of […] | ★★ | ||
|
2022-05-12 13:09:11 | One engineer. One day. One petabyte of log data. (lien direct) | This blog was originally published March 8, 2022 on humio.com. Humio is a CrowdStrike Company. Humio recently unveiled the results of its latest benchmark, where the log management platform achieved a new benchmark of 1 petabyte (PB) of streaming log ingestion per day. This benchmark showcases the power of Humio and its ability to scale with […] | ★★★ | ||
|
2022-05-12 11:15:30 | May 2022 Patch Tuesday: Six Critical CVEs Fixed and a Windows Vulnerability Actively Exploited (lien direct) | Microsoft has released 73 security patches for its May Patch Tuesday rollout. One of the 73 CVEs addressed, Windows LSA Spoofing Vulnerability CVE-2022-26925, is ranked as Important and is under active exploitation. In this blog, the CrowdStrike Falcon Spotlight™ team offers an analysis on this monthâs vulnerabilities, highlighting those that are most severe and recommending […] | Vulnerability | ★★★★ | |
|
2022-05-11 05:39:00 | Proactive Threat Hunting Bears Fruit: Falcon OverWatch Detects Novel IceApple Post-Exploitation Framework (lien direct) | The CrowdStrike Falcon OverWatch™ proactive threat hunting team has uncovered a sophisticated .NET-based post-exploitation framework, dubbed IceApple. Since OverWatchâs first detection in late 2021, the framework has been observed in multiple victim environments in geographically distinct locations, with intrusions spanning the technology, academic and government sectors. The emergence of new and evolving IceApple modules over […] | Threat | ★★★ | |
|
2022-05-10 14:34:32 | CrowdStrike Partners with Center for Threat-Informed Defense to Reveal Top Attack Techniques Defenders Should Prioritize (lien direct) | CrowdStrike is a Research Sponsor and contributor for the new Top ATT&CK Techniques project â an initiative of the Center for Threat-Informed Defense, a non-profit, privately funded research and development organization operated by MITRE Engenuity â to provide prioritization for adversary attack techniques The Center for Threat-Informed Defense will introduce three critical new components to […] | ★★ | ||
|
2022-05-10 12:17:59 | Humio Sets the Standard for Data Ingestion with Scalability Benchmark Streaming over One Petabyte of Data per Day (lien direct) | This blog was originally published March 8, 2022 on humio.com. Humio is a CrowdStrike Company. Humio is excited to achieve another milestone in data ingestion by reaching a benchmark of over one petabyte of data ingestion per day. The Humio engineering team completed a one petabyte benchmark on only 45 nodes with 96 cores each, running […] | ★★ | ||
|
2022-05-06 06:43:27 | macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis (lien direct) | Ransomware (43% of analyzed threat data), backdoors (35%) and trojans (17%) were the most popular macOS malware categories spotted by CrowdStrike researchers in 2021 OSX.EvilQuest (ransomware), OSX.FlashBack (backdoor) and OSX.Lador (trojan) were the most prevalent threats in their respective categories To strengthen customer protection, CrowdStrike researchers continuously build better automated detection capabilities by analyzing and […] | Ransomware Malware Threat | ★★★ | |
|
2022-05-05 11:48:27 | Start Logging Everything: Humio Community Edition Series (lien direct) | This blog was originally published January 24, 2022 on humio.com. Humio is a CrowdStrike Company. In this blog, weâll show you, step by step, how to download stock data and then upload it to Humio. You can then search that data and build a dashboard for fast insights. Subsequent blog posts will expand on this […] | |||
|
2022-05-05 11:22:42 | How Senior Manager for Learning and Talent Lowell Doringo Helps CrowdStrikers Excel (lien direct) | CrowdStrike employees may be at the very forefront of their respective fields, but it takes a culture of constant learning and development to maintain their edge. Here to talk about how he helps develop programs to build and enhance skills of all types is CrowdStrike Senior Manager for Learning and Talent Lowell Doringo. Q. Tell […] | |||
|
2022-05-05 06:45:56 | How Falcon OverWatch Spots Destructive Threats in MITRE Adversary Emulation (lien direct) | In the recent ââMITRE Engenuity ATT&CK Enterprise Evaluation, CrowdStrike demonstrated the power of its unified platform approach to stopping breaches. Facing attack emulations from the highly sophisticated WIZARD SPIDER and VOODOO BEAR (Sandworm Team) adversaries, the CrowdStrike Falcon® platform: Achieved 100% automated prevention across all of the MITRE Engenuity ATT&CK Enterprise Evaluation steps. Demonstrated powerful […] | |||
|
2022-05-04 05:45:48 | Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack (lien direct) | Container and cloud-based resources are being abused to deploy disruptive tools. The use of compromised infrastructure has far-reaching consequences for organizations who may unwittingly be participating in hostile activity against Russian government, military and civilian targets. Docker Engine honeypots were compromised to execute two different Docker images targeting Russian, Belarusian and Lithuanian websites in a […] | |||
|
2022-05-03 19:57:44 | VP of Humio Marketing Cinthia Portugal on the Role of Marketing in Achieving the CrowdStrike Mission (lien direct) | At CrowdStrike, we often say that every team and every person plays a role in helping our company achieve our mission to stop breaches. VP of Humio Marketing Cinthia Portugal is no exception. In this latest installment in our 5 Questions series, Cinthia sits down to talk about her leadership role and how her team […] | Guideline | ||
|
2022-05-03 08:37:30 | CVE-2022-23648: Kubernetes Container Escape Using Containerd CRI Plugin and Mitigation (lien direct) | CVE-2022-23648, reported by Googleâs Project Zero in November 2021, is a Kubernetes runtime vulnerability found in Containerd, a popular Kubernetes runtime. It lies in Containerdâs CRI plugin that handles OCI image specs containing âVolumes.â The attacker can add Volume containing path traversal to the image and use it to copy arbitrary files from the host […] | Vulnerability | Uber | |
|
2022-04-28 08:12:34 | Falcon Fusion Accelerates Orchestrated and Automated Response Time (lien direct) | CrowdStrike Falcon Fusion automates and accelerates incident response by orchestrating sandbox detonations to automatically analyze related malware samples and enrich the results with industry-leading threat insights Falcon Fusion enables analysts to build real-time active response and notification capabilities with customized triggers based on detection and incident disposition The CrowdStrike Falcon® platform leverages critical context, visibility […] | Malware Threat Guideline | ||
|
2022-04-27 06:30:19 | CrowdStrike Delivers Adversary-Focused, Platform Approach to CNAPP and Cloud Security (lien direct) | CrowdStrike Falcon® delivers comprehensive cloud security, combining agent-based and agentless protection in a single, unified platform experience Integrated threat intelligence delivers a powerful, adversary-focused approach to stopping cloud breaches Cloud-based services have revolutionized business processes and emerged as the backbone of the modern enterprise. According to analyst firm Gartner®, âmore than 85% of organizations will […] | Threat |
To see everything:
Our RSS (filtrered)
