Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-02-17 13:46:22 |
CrowdStrike Partners with MITRE CTID, Reveals Real-world Insider Threat Techniques (lien direct) |
Remote working has exposed companies to greater levels of insider risk, which can result in data exfiltration, fraud and confidential information leakage CrowdStrike is a founding sponsor and lead contributor to the new MITRE Insider Threat Knowledge Base, continuing its industry leadership in protecting organizations from external attacks and internal threats The CrowdStrike Falcon® platform […] |
Threat
Guideline
|
|
|
|
2022-02-16 22:22:46 |
Defend Against Ransomware and Malware with Falcon Fusion and Falcon Real Time Response (lien direct) |
Adversaries are moving beyond malware and becoming more sophisticated in their attacks by using legitimate credentials and built-in tools to evade detection by traditional antivirus products. According to the CrowdStrike 2022 Global Threat Report, 62% of detections indexed by the CrowdStrike Security Cloud in Q4 2021 were malware-free. Adversaries are also likely to significantly increase […] |
Ransomware
Malware
Threat
|
|
|
|
2022-02-15 00:01:44 |
2022 Global Threat Report: A Year of Adaptability and Perseverance (lien direct) |
For security teams on the front lines and those of us in the business of stopping cyberattacks and breaches, 2021 provided no rest for the weary. In the face of massive disruption brought about by the COVID-driven social, economic and technological shifts of 2020, adversaries refined their tradecraft to become even more sophisticated and brazen. […] |
Threat
|
|
|
|
2022-02-10 16:41:52 |
Falcon XDR: Extending Detection and Response â The Right Way (lien direct) |
This week we announced the general availability of CrowdStrikeâs newest innovation, Falcon XDR, and I couldn’t be more excited. Using our same single, lightweight agent architecture, Falcon XDR enables security teams to bring in third-party data sources for a fully unified solution to rapidly and efficiently hunt and eliminate threats across multiple security domains. As […] |
|
|
|
|
2022-02-10 16:17:51 |
Falcon XDR: Why You Must Start With EDR to Get XDR (lien direct) |
Since we founded CrowdStrike, one of the things Iâm proudest of is our collective ability to work with customers to lead the industry forward. Leadership is more than just being the loudest voice or making wild marketing claims. It’s about listening and working with customers to help them solve their hardest problems to achieve a […] |
Guideline
|
|
|
|
2022-02-09 23:19:06 |
February 2022 Patch Tuesday: Windows Kernel Zero-Day and Servicing Stack Updates (lien direct) |
Microsoft has released 48 security patches for its February Patch Tuesday rollout. None are considered Critical or known to have been actively exploited. CVE-2022-21989, a publicly known zero-day vulnerability in the Windows Kernel, should be closely monitored as the situation continues to unfold. Separate from the patches offered this month, Microsoft has strongly suggested an […] |
Vulnerability
|
|
|
|
2022-02-08 15:11:04 |
(Déjà vu) A More Modern Approach to Logging in Go (lien direct) |
The Go ecosystem has long relied on the use of third-party libraries for logging. Logrus, one of the first leveled, structured logging libraries, is now maintenance-only and its developers recommend migrating to other libraries. At CrowdStrike, we relied heavily on Logrus and recently underwent an overhaul to implement a more modern approach to logging. In […] |
|
|
|
|
2022-02-07 07:49:54 |
Falcon XDR: Delivered at the Speed and Scale of the CrowdStrike Security Cloud (lien direct) |
We are thrilled to announce the general availability of CrowdStrike’s newest innovation: Falcon XDR. Founded on our pioneering endpoint detection and response (EDR) technology and the power of the CrowdStrike Security Cloud, Falcon XDR delivers the next generation of unified, full-spectrum extended detection and response (XDR) so security teams can stop breaches faster. Tackle Key […] |
|
|
|
|
2022-02-04 15:55:47 |
How to Protect Cloud Workloads from Zero-day Vulnerabilities (lien direct) |
Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if theyâre able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with Log4Shell, this […] |
Vulnerability
Patching
|
|
|
|
2022-02-03 19:11:04 |
A More Modern Approach to Logging in Golang (lien direct) |
The Golang ecosystem has long relied on the use of third-party libraries for logging. Logrus, one of the first leveled, structured logging libraries, is now maintenance-only and its developers recommend migrating to other libraries. At CrowdStrike, we relied heavily on Logrus and recently underwent an overhaul to implement a more modern approach to logging. In […] |
|
|
|
|
2022-02-01 22:37:35 |
Hunting pwnkit Local Privilege Escalation in Linux (CVE-2021-4034) (lien direct) |
In November 2021, a vulnerability was discovered in a ubiquitous Linux module named Polkit. Developed by Red Hat, Polkit facilitates the communication between privileged and unprivileged processes on Linux endpoints. Due to a flaw in a component of Polkit â pkexec â a local privilege escalation vulnerability exists that, when exploited, will allow a standard […] |
Vulnerability
|
|
|
|
2022-01-31 23:11:00 |
CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit (lien direct) |
On Jan. 18, 2022, researchers found a heap base buffer overflow flaw (CVE-2022-0185) in the Linux kernel (5.1-rc1+) function âlegacy_parse_paramâ of filesystem context functionality, which allows an out-of-bounds write in kernel memory. Using this primitive, an unprivileged attacker can escalate its privilege to root, bypassing any Linux namespace restrictions. CVE-2022-0185 Needs CAP_SYS_ADMIN This flaw is […] |
|
Uber
|
|
|
2022-01-31 10:38:21 |
CrowdStrike Falcon Proactively Protects Against Wiper Malware as CISA Warns U.S. Companies of Potential Attacks (lien direct) |
The Cybersecurity and Infrastructure Security Agency (CISA) warns of potential critical threats similar to recent cyberthreats targeting Ukraine U.S. companies are advised to implement cybersecurity measures to maximize resilience The CrowdStrike Falcon® platform provides continuous protection against wiper-style threats and real-time visibility across workloads CISA recently advised U.S. business leaders to protect their companies from […] |
Malware
Guideline
|
|
|
|
2022-01-28 16:31:59 |
Lessons Learned From Successive Use of Offensive Cyber Operations Against Ukraine and What May Be Next (lien direct) |
Disruptive and destructive cyber operations have been levied against elements of Ukrainian society by adversaries attributed to the Russian government â or groups highly likely to be controlled by them â since at least 2014. These operations have impacted several sectors, including energy, transportation and state finance, and have attempted to influence political processes and […] |
|
|
|
|
2022-01-28 13:45:24 |
Engineering Manager Jenn Wong on Leading with Empathy and Fearlessness (lien direct) |
The year 2021 was a big one for Jenn Wong: It marked the first full year she was in a new role, at a new company, in a new industry. Not only that, it was her first official management role too. After years of working as an engineer, Jenn decided it was time to lean […] |
|
|
|
|
2022-01-27 10:47:02 |
Data Protection Day 2022: To Protect Privacy, Remember Security (lien direct) |
Todayâs privacy and security conversations often happen in silos, but key privacy principles from decades ago remind us that they are intertwined, especially in the face of todayâs risks. January 28, 2022, marks 15 years since the first Data Protection Day was proclaimed in Europe and 13 years since Data Privacy Day was first recognized […] |
|
|
|
|
2022-01-27 10:23:54 |
Programs Hacking Programs: How to Extract Memory Information to Spot Linux Malware (lien direct) |
Threat actors go to great lengths to hide the intentions of the malware they produce This blog demonstrates reliable methods for extracting information from popular Linux shells Extracted memory information can help categorize unknown software as malicious or benign and could reveal information to help incident responders Some malware is only ever resident in memory, […] |
Malware
Threat
|
|
|
|
2022-01-27 09:00:26 |
New Docker Cryptojacking Attempts Detected Over 2021 End-of-Year Holidays (lien direct) |
Cryptocurrency mining has become very popular among malicious actors that aim to profit by exploiting cloud attack surfaces. Exposed Docker APIs have become a common target for cryptominers to mine various cryptocurrencies. According to the Google Threat Horizon report published Nov. 29, 2021, 86% of compromised Google Cloud instances were used to perform cryptocurrency mining. […] |
Threat
|
|
|
|
2022-01-27 08:00:06 |
Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign (lien direct) |
StellarParticle is a campaign tracked by CrowdStrike as related to the SUNSPOT implant from the SolarWinds intrusion in December 2020 and associated with COZY BEAR (aka APT29, “The Dukes”). The StellarParticle campaign has continued against multiple organizations, with COZY BEAR using novel tools and techniques to complete their objectives, as identified by CrowdStrike incident responders […] |
|
Solardwinds
Solardwinds
APT 29
APT 29
|
|
|
2022-01-26 21:51:03 |
BERT Embeddings: A New Approach for Command Line Anomaly Detection (lien direct) |
Suspicious command lines differ from common ones in how the executable path looks and the unusual arguments passed to them Bidirectional Encoder Representations from Transformers (BERT) embeddings can successfully be used for feature extraction for command lines Outlier detectors on top of BERT embeddings can detect anomalous command lines without the need for data labeling […] |
|
|
|
|
2022-01-21 09:43:02 |
Better Together: The Power of Managed Cybersecurity Services in the Face of Pressing Global Security Challenges (lien direct) |
The results from the 2021 Global Security Attitude Survey paint a bleak picture of how organizations globally are feeling about the cybersecurity landscape before them. Organizations are grappling with shortages of cybersecurity skills and a lack of capability to detect and contain intrusions in a timely way. This comes against a backdrop of persistent ransomware […] |
Ransomware
|
|
|
|
2022-01-20 08:41:12 |
Mind the MPLog: Leveraging Microsoft Protection Logging for Forensic Investigations (lien direct) |
In an incident response investigation, CrowdStrike analysts use multiple data points to parse the facts of who, what, when and how. As part of that fact-finding mission, analysts investigating Windows systems leverage the Microsoft Protection Log (MPLog), a forensic artifact on Windows operating systems that offers a wealth of data to support forensic investigations. MPLog […] |
|
|
|
|
2022-01-20 07:01:28 |
CrowdStrike Powers MXDR by Deloitte, Offering Customers Risk Mitigation with Powerful Customized and Managed Security Services (lien direct) |
Deloitte, a leader in managed security services, has launched MXDR by Deloitte â a Managed Extended Detection and Response suite of offerings â within which the CrowdStrike Falcon® platform will power a number of solutions. MXDR by Deloitte combines an integrated, composable and modular managed detection and response SaaS platform with managed security services in […] |
Guideline
|
Deloitte
Deloitte
|
|
|
2022-01-19 17:37:01 |
Technical Analysis of the WhisperGate Malicious Bootloader (lien direct) |
On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by the same adversary, including a malicious bootloader that corrupts detected local disks, a Discord-based downloader and a file wiper. The activity occurred at approximately […] |
Malware
|
|
|
|
2022-01-14 12:37:11 |
January 2022 Patch Tuesday: Multiple Critical Vulnerabilities and Microsoft Exchange Remote Code Execution (lien direct) |
Kicking off the first Patch Tuesday of 2022, CrowdStrike continues to provide research and analysis regarding critically rated vulnerabilities and the subsequent patches offered by Microsoft. In this monthâs updates we see the lionâs share of updates directed at Microsoftâs Windows and Extended Security Update (ESU) products, while other patches target lesser-known components of Microsoftâs […] |
|
|
|
|
2022-01-13 12:04:18 |
Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent (lien direct) |
Malware targeting Linux systems increased by 35% in 2021 compared to 2020 XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021 Ten times more Mozi malware samples were observed in 2021 compared to 2020 Malware targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) […] |
Malware
|
|
|
|
2022-01-13 07:08:32 |
Zero Trust Integrations Are Expanding in the CrowdStrike Partner Ecosystem (lien direct) |
Organizations need to stay ahead of the ever-evolving security landscape. Itâs no secret that Zero Trust security is crucial for successful endpoint protection. Due to the rapid transition to a remote workforce and shift from the traditional data center into dynamic cloud infrastructure weâve witnessed in the last year, more and more companies are finding […] |
|
|
|
|
2022-01-11 08:08:34 |
TellYouThePass Ransomware Analysis Reveals a Modern Reinterpretation Using Golang (lien direct) |
TellYouThePass ransomware, discovered in 2019, recently re-emerged compiled using Golang Golangâs popularity among malware developers makes cross-platform development more accessible TellYouThePass ransomware was recently associated with Log4Shell post-exploitation, targeting Windows and Linux The CrowdStrike Falcon® platform protects customers from Golang-written TellYouThePass ransomware using the power of machine learning and behavior-based detection The TellYouThePass ransomware family […] |
Ransomware
Malware
|
|
|
|
2022-01-11 06:16:40 |
noPac Exploit: Latest Microsoft AD Flaw May Lead to Total Domain Compromise in Seconds (lien direct) |
What Happened? Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as ânoPacâ) was […] |
Guideline
|
|
|
|
2022-01-10 22:02:40 |
CrowdStrike Services Offers Incident Response Tracker for the DFIR Community (lien direct) |
The CrowdStrike Incident Response Tracker is a convenient spreadsheet that includes sections to document indicators of compromise, affected accounts, compromised systems and a timeline of significant events CrowdStrike incident response teams have leveraged this type of tracker in thousands of investigations Access the CrowdStrike Incident Response Tracker template here During a recent client engagement for […] |
|
|
|
|
2022-01-07 08:22:43 |
Why You Need an Adversary-focused Approach to Stop Cloud Breaches (lien direct) |
It should come as little surprise that when enterprise and IT leaders turned their attention to the cloud, so did attackers. Unfortunately, the security capabilities of enterprises have not always kept up with the threat landscape. Poor visibility, management challenges and misconfigurations combine with other security and compliance issues to make protecting cloud environments a […] |
Threat
Guideline
|
|
|
|
2021-12-29 07:23:08 |
OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt (lien direct) |
Following the Dec. 9, 2021, announcement of the Log4j vulnerability, CVE 2021-44228, CrowdStrike Falcon OverWatch™ has provided customers with unrivaled protection and 24/7/365 vigilance in the face of heightened uncertainty. To OverWatch, Log4Shell is simply the latest vulnerability to exploit â a new access vector among a sea of many others. Adversarial behavior post-exploitation remains […] |
Vulnerability
|
|
|
|
2021-12-28 20:55:28 |
CrowdStrike Changes Designation of Principal Executive Office to Austin, Texas (lien direct) |
Since we founded CrowdStrike, weâve paved the way as one of the most prominent remote-first companies. Weâve planted roots in communities around the world â from Sunnyvale to London and from Pune to Tokyo. This not only gave us a running start at reimagining the workplace for todayâs remote-first world, it also meant that we […] |
|
|
|
|
2021-12-28 09:08:14 |
CrowdStrike Strengthens Exploit Protection Using Intel CPU Telemetry (lien direct) |
Falcon adds a new feature that uses Intel hardware capabilities to detect complex attack techniques that are notoriously hard to detect. CrowdStrikeâs new Hardware Enhanced Exploit Detection feature delivers memory safety protections for a large number of customers on older PCs that lack modern in-built protections. Once activated, the new feature detects exploits by analyzing […] |
|
|
|
|
2021-12-23 16:09:39 |
Baselining and Hunting Log4Shell with the CrowdStrike Falcon Platform (lien direct) |
Note: This post first appeared in r/CrowdStrike. First and foremost: if youâre reading this post, I hope youâre doing well and have been able to achieve some semblance of balance between life and work. It has been, I think we can all agree, a wild December in cybersecurity (again). At this time, itâs very likely […] |
|
|
|
|
2021-12-22 18:36:36 |
Monitoring File Changes with Falcon FileVantage (lien direct) |
Introduction Due to compliance regulations, many organizations have a need to monitor key assets for changes made to certain files, folders or registry settings. File Integrity Monitoring (FIM) can be a daunting deployment that requires yet another solution in the security stack. As a cloud delivered platform, CrowdStrike leverages a single light-weight agent to address […] |
|
|
|
|
2021-12-22 15:26:35 |
How to Speed Investigations with Falcon Forensics (lien direct) |
Introduction Threat hunters and incident responders are under tremendous time pressure to investigate breaches and incidents. While they are collecting and sorting massive quantities of forensic data, fast response is critical to help limit any damage inflected by the adversary. This article and video will provide an overview of Falcon Forensics, and how it streamlines […] |
Threat
|
|
|
|
2021-12-22 12:28:37 |
CrowdStrike Launches Free Targeted Log4j Search Tool (lien direct) |
The recently discovered Log4j vulnerability has serious potential to expose organizations across the globe to a new wave of cybersecurity risks as threat actors look to exploit this latest vulnerability to execute their malicious payloads using remote code execution (RCE). An immediate challenge that every organization faces is simply trying to understand exactly where you […] |
Tool
Vulnerability
Threat
|
|
|
|
2021-12-21 20:12:46 |
CrowdStrike Services Launches Log4j Quick Reference Guide (QRG) (lien direct) |
The Log4j vulnerability burst onto the scene just a few weeks ago, but to many defenders it already feels like a lifetime. It has rapidly become one of the top concerns for security teams in 2021, and seems set to remain so for the foreseeable future. The critical details of this threat evolve almost daily, […] |
Vulnerability
Threat
|
|
|
|
2021-12-21 08:26:38 |
What Is Data Logging? (lien direct) |
This blog was originally published on humio.com. Humio is a CrowdStrike Company. Data logging is the process of capturing, storing and displaying one or more datasets to analyze activity, identify trends and help predict future events. Data logging can be completed manually, though most processes are automated through intelligent applications like artificial intelligence (AI), machine learning […] |
|
|
|
|
2021-12-20 07:09:45 |
CrowdXDR Alliance Expands to Help Security Teams Identify and Hunt Threats Faster (lien direct) |
CrowdStrike is proud to announce that Armis, Cloudflare and ThreatWarrior have joined the open CrowdXDR Alliance. The addition of these industry leaders enhances XDR with telemetry from cloud, network and Internet of Things (IoT) solutions. This best-of-platform approach to XDR will help solve real-world productivity challenges that security teams face by empowering them to identify […] |
Guideline
|
|
|
|
2021-12-17 22:01:12 |
December 2021 Patch Tuesday: AppX Installer Zero-day, Multiple Critical Vulnerabilities (lien direct) |
Itâs the last Patch Tuesday update of 2021, and as with many other updates this year, this monthâs list includes important ones â among them a zero-day (CVE-2021-43890 in AppX installer), multiple critical vulnerabilities and a variety of attack types utilized in several Microsoft product families â highlighting once again that patching and prioritization are […] |
Patching
|
|
|
|
2021-12-16 15:16:11 |
Automate Your Cloud Operations With Humio and Fylamynt (lien direct) |
This blog was originally published Dec. 2, 2021 on humio.com. Humio is a CrowdStrike Company. A new API integration for Humio and Fylamynt helps joint customers improve the efficiency of their cloud operations teams by automating repetitive and manual operations tasks. Fylamynt, a low-code platform that delivers a developerâs approach to ITOps with site reliability […] |
|
|
|
|
2021-12-15 09:42:18 |
How CrowdStrike Protects Customers from Threats Delivered via Log4Shell (lien direct) |
Log4Shell, the latest critical vulnerability, found in the Log4j2 Apache Logging Services library, poses a serious threat to organizations Active attempts to exploit the vulnerability were identified in the wild, currently making it the most severe threat CrowdStrike utilizes indicators of attack (IOAs) and machine learning to protect our customers CrowdStrike continues to track and […] |
Vulnerability
Threat
|
|
|
|
2021-12-15 07:58:27 |
How to Set Yourself Up for Real XDR Success (lien direct) |
Extended detection and response (XDR) is all the rage these days. It seems like almost every security vendor now claims to offer XDR functionality. But are those claims based in reality? The fact is that many vendors have simply rebranded their legacy endpoint detection and response (EDR) products, or network detection and response (NDR) solutions, […] |
|
|
|
|
2021-12-15 07:11:21 |
CrowdStrike Falcon Awarded AV-Comparatives Approved Business Security Product for the Second Time in 2021 (lien direct) |
CrowdStrike Falcon receives second half-year award for Approved Business Security Product from AV-Comparatives in 2021 This marks the tenth consecutive Approved Business Security Product award from AV-Comparatives since 2016 CrowdStrike Falcon achieves the highest 99.9% protection rate, demonstrating its ability to protect against real-world threats using the power of machine learning and behavioral detection CrowdStrike […] |
|
|
|
|
2021-12-14 07:27:51 |
CrowdStrike Falcon Detects 100% of Attacks in New SE Labs EDR Test, Winning Highest Rating (lien direct) |
The CrowdStrike Falcon® platform achieves 100% attacks detected in new Advanced Security Test (EDR) from SE Labs This SE Labs test demonstrated that CrowdStrikeâs Zero Trust module, Falcon Identity Threat Protection, is a highly effective component in securing your environment against real-world attacks SE Labs is one of the most prestigious independent third-party testing institutions […] |
Threat
|
|
|
|
2021-12-14 05:59:18 |
Accelerate Troubleshooting, Forensics and Response With Fast and Efficient Search (lien direct) |
This blog was originally published Nov. 22, 2021 on humio.com. Humio is a CrowdStrike Company. Whether you’re diagnosing a system outage, mitigating a malicious attack or trying to get to the bottom of an application-response-time issue, speed is critical. Pinpointing and resolving issues quickly and easily can mean the difference between success and crisis for […] |
|
|
|
|
2021-12-10 09:57:34 |
Log4j2 Vulnerability “Log4Shell” (CVE-2021-44228) (lien direct) |
Log4j2 is an open-source, Java-based logging framework commonly incorporated into Apache web servers. Between late November and early December 2021, a critical vulnerability (CVE-2021-44228) impacting the Log4j2 utility was reported, resulting in several fixes and code revisions from the vendor. The Log4j2 library is used in numerous Apache frameworks services, and as of Dec. 9, […] |
Vulnerability
|
|
★★★★
|
|
2021-12-09 09:01:46 |
How a Generalized Validation Testing Approach Improves Efficiency, Boosts Outcomes and Streamlines Debugging (lien direct) |
In two recent blog posts from the CrowdStrike Software Development Engineers in Test (SDET) team, we explored how end-to-end validation testing and modular testing design could increase the speed and accuracy of the testing lifecycle. In this latest post, we conclude our SDET series with a deep dive on how our generalized validation testing component […] |
|
|
★★
|