What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-05-14 23:15:24 | Mai 2024 Patch mardi: deux jours zéro parmi 61 vulnérabilités abordées May 2024 Patch Tuesday: Two Zero-Days Among 61 Vulnerabilities Addressed (lien direct) |
Microsoft a publié des mises à jour de sécurité pour 61 vulnérabilités dans son déploiement du patch de mai 2024.Il y a deux vulnérabilités de zéro-jour corrigées, affectant Windows MSHTML (CVE-2024-30040) et la bibliothèque de base du gestionnaire de fenêtres de bureau (DWM) (CVE-2024-30051), et une vulnérabilité critique affectant Microsoft SharePoint Server (CVE-2024-30044).Mai 2024 Analyse des risques ce mois-ci, le type de risque principal est le code distant [& # 8230;]
Microsoft has released security updates for 61 vulnerabilities in its May 2024 Patch Tuesday rollout. There are two zero-day vulnerabilities patched, affecting Windows MSHTML (CVE-2024-30040) and Desktop Window Manager (DWM) Core Library (CVE-2024-30051), and one Critical vulnerability patched affecting Microsoft SharePoint Server (CVE-2024-30044). May 2024 Risk Analysis This month\'s leading risk type is remote code […] |
Vulnerability Threat | ||
|
2024-05-14 14:55:35 | Crowdsstrike collabore avec Nvidia pour redéfinir la cybersécurité pour l'ère génératrice de l'IA CrowdStrike Collaborates with NVIDIA to Redefine Cybersecurity for the Generative AI Era (lien direct) |
Votre entreprise est dans une course contre les adversaires modernes - et les approches héritées de la sécurité ne travaillent tout simplement pas à bloquer leurs attaques en évolution.Les produits à point fragmenté sont trop lents et complexes pour fournir les capacités de détection et de prévention des menaces nécessaires pour arrêter les adversaires de \\ - dont le temps de rupture est maintenant mesuré en quelques minutes - [& # 8230;]
Your business is in a race against modern adversaries - and legacy approaches to security simply do not work in blocking their evolving attacks. Fragmented point products are too slow and complex to deliver the threat detection and prevention capabilities required to stop today\'s adversaries - whose breakout time is now measured in minutes - […] |
Threat | ||
|
2024-04-30 16:17:33 | CrowdStrike a nommé le seul choix des clients \\ 'en 2024 Gartner & Reg;«Voix du client» pour la gestion de la surface d'attaque externe CrowdStrike Named the Only Customers\\' Choice in 2024 Gartner® “Voice of the Customer” for External Attack Surface Management (lien direct) |
À mesure que les adversaires deviennent plus rapides et plus furtifs, ils recherchent sans relâche des actifs vulnérables à exploiter.Pendant ce temps, votre empreinte numérique se développe, ce qui rend de plus en plus difficile de suivre tous vos actifs.Il n'est pas étonnant que 76% des violations en 2023 ne soient dues à des actifs inconnus et non gérés par Internet.Dans ce contexte, il est plus critique que [& # 8230;]
As adversaries become faster and stealthier, they relentlessly search for vulnerable assets to exploit. Meanwhile, your digital footprint is expanding, making it increasingly challenging to keep track of all of your assets. It\'s no wonder 76% of breaches in 2023 were due to unknown and unmanaged internet-facing assets. Against this backdrop, it’s more critical than […] |
Threat | ★★ | |
|
2024-04-30 09:10:30 | CrowdStrike nommé le premier rapport du leader dans l'industrie \\ de l'INDUST CrowdStrike Named Overall Leader in Industry\\'s First ITDR Comparative Report (lien direct) |
Les rapports d'analystes de la première détection et de la réponse de l'identité de l'industrie (ITDR) nomment CrowdStrike un leader global et une «force de cyber industrie».Dans KuppingerCole Leadership Compass, la détection et la réponse des menaces d'identité (ITDR) 2024: IAM rencontre le SOC, Crowdstrike a été nommé leader dans chaque catégorie - produit, innovation, marché et classement global - et positionné le plus haut [& # 8230;]
The industry\'s first identity detection and response (ITDR) analyst report names CrowdStrike an Overall Leader and a “cyber industry force.” In KuppingerCole Leadership Compass, Identity Threat Detection and Response (ITDR) 2024: IAM Meets the SOC, CrowdStrike was named a Leader in every category - Product, Innovation, Market and Overall Ranking - and positioned the highest […] |
Threat Commercial | ★★★ | |
|
2024-04-22 17:03:13 | 5 meilleures pratiques pour sécuriser les ressources AWS 5 Best Practices to Secure AWS Resources (lien direct) |
Les organisations se tournent de plus en plus vers le cloud computing pour l'agilité, la résilience et l'évolutivité.Amazon Web Services (AWS) est à l'avant-garde de cette transformation numérique, offrant une plate-forme robuste, flexible et rentable qui aide les entreprises à stimuler la croissance et l'innovation.Cependant, à mesure que les organisations migrent vers le nuage, elles sont confrontées à un paysage de menaces complexe et croissant de [& # 8230;]
Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses drive growth and innovation. However, as organizations migrate to the cloud, they face a complex and growing threat landscape of […] |
Threat Cloud | ★★★ | |
|
2024-04-12 22:29:44 | CVE-2024-3400: Ce que vous devez savoir sur le Pan-OS Zero-Day critique CVE-2024-3400: What You Need to Know About the Critical PAN-OS Zero-Day (lien direct) |
MISE À JOUR: Il a été confirmé que la désactivation de la télémétrie ne bloquera pas cet exploit.L'application d'un correctif dès que possible est la correction la plus efficace pour cette vulnérabilité.Des correctifs pour 8 des 18 versions vulnérables ont été publiées;Les correctifs pour les versions vulnérables restantes sont attendues avant le 19 avril.Crowdsstrike travaille constamment à [& # 8230;]
UPDATE: It has been confirmed that disabling telemetry will not block this exploit. Applying a patch as soon as possible is the most effective remediation for this vulnerability. Patches for 8 of the 18 vulnerable versions have been released; patches for the remaining vulnerable versions are expected by April 19th. CrowdStrike is constantly working to […] |
Vulnerability Threat | ★★ | |
|
2024-04-10 17:00:52 | Crowdsstrike étend les capacités de sécurité de l'identité pour arrêter les attaques dans le cloud CrowdStrike Extends Identity Security Capabilities to Stop Attacks in the Cloud (lien direct) |
Deux violations récentes de Microsoft soulignent le problème croissant des attaques d'identité cloud et pourquoi il est essentiel de les arrêter.Alors que Microsoft Active Directory (AD) reste une cible principale pour les attaquants, les magasins d'identité cloud tels que l'ID Microsoft ENTRA sont également une cible d'opportunité.La raison est simple: les acteurs de la menace cherchent de plus en plus à imiter légitime [& # 8230;]
Two recent Microsoft breaches underscore the growing problem of cloud identity attacks and why it’s critical to stop them. While Microsoft Active Directory (AD) remains a prime target for attackers, cloud identity stores such as Microsoft Entra ID are also a target of opportunity. The reason is simple: Threat actors increasingly seek to mimic legitimate […] |
Threat Cloud | ★★ | |
|
2024-03-21 16:54:15 | CrowdStrike améliore les capacités de détection et de réponse des nuages (CDR) pour protéger le pipeline CI / CD CrowdStrike Enhances Cloud Detection and Response (CDR) Capabilities to Protect CI/CD Pipeline (lien direct) |
L'augmentation de l'adoption du cloud a été rencontrée par une augmentation correspondante des menaces de cybersécurité.Les intrusions de nuages ont augmenté par un échec de 75% en 2023, les cas soucieux du cloud augmentant de 110%.Au milieu de cette surtension, les adversaires ECRIME sont devenus les principaux acteurs de la menace ciblant le cloud, représentant 84% des intrusions soucieuses du nuage attribuées aux adversaires.Pour les grandes entreprises qui [& # 8230;]
The increase in cloud adoption has been met with a corresponding rise in cybersecurity threats. Cloud intrusions escalated by a staggering 75% in 2023, with cloud-conscious cases increasing by 110%. Amid this surge, eCrime adversaries have become the top threat actors targeting the cloud, accounting for 84% of adversary-attributed cloud-conscious intrusions. For large enterprises that […] |
Threat Cloud | ★★★ | |
|
2024-02-02 17:21:04 | Drift de l'architecture: ce que c'est et comment cela conduit à des violations Architecture Drift: What It Is and How It Leads to Breaches (lien direct) |
Les cybercriminels travaillent 24 heures sur 24 pour découvrir de nouvelles tactiques pour vioder les systèmes.Chaque fois qu'un écosystème numérique change, il peut introduire une faiblesse pour un acteur de menace pour découvrir et exploiter rapidement.À mesure que l'innovation technologique progresse rapidement et que les organisations élargissent leur infrastructure, cette faiblesse peut prendre forme sous forme de dérive d'architecture.Aujourd'hui, nous [& # 8230;]
Cybercriminals work around the clock to discover new tactics to breach systems. Each time a digital ecosystem changes, it can introduce a weakness for a threat actor to quickly discover and exploit. As technological innovation progresses rapidly, and organizations expand their infrastructure, this weakness may take shape in the form of architecture drift. Today, we […] |
Threat | ★★ | |
|
2023-11-20 18:38:02 | Éliminer les tâches répétitives et accélérer la réponse avec la fusion Falcon Eliminate Repetitive Tasks and Accelerate Response with Falcon Fusion (lien direct) |
Les adversaires deviennent de plus en plus sophistiqués et plus rapidement avec leurs attaques.Selon le rapport de chasse aux menaces Crowdsstrike 2023, le temps d'évasion ECRIME moyen n'est que de 79 minutes.Cela est dû en partie au fait que les adversaires tirent parti des outils qui tirent parti de l'automatisation comme des outils de craquage de mot de passe, des kits d'exploitation pour les vulnérabilités du navigateur Web et des marchés qui vendent des données volées.[& # 8230;]
Adversaries are becoming more sophisticated and faster with their attacks. According to the CrowdStrike 2023 Threat Hunting Report, the average eCrime breakout time is just 79 minutes. This is partly due to adversaries taking advantage of tools that leverage automation like password-cracking tools, exploit kits for web browser vulnerabilities, and marketplaces that sell stolen data. […] |
Tool Vulnerability Threat | ★★ | |
|
2023-10-12 19:23:20 | Connaissez-vous bien votre surface d'attaque?Cinq conseils pour réduire le risque d'exposition How Well Do You Know Your Attack Surface? Five Tips to Reduce the Risk of Exposure (lien direct) |
Dans un paysage numérique de plus en plus connecté, la sécurité de vos données et des actifs de votre organisation est plus critique que jamais.Selon le rapport de chasse aux menaces Crowdsstrike 2023, plus de 20% de toutes les intrusions interactives sont associées à l'exploitation des applications accessibles au public.À mesure que la surface d'attaque d'une organisation se développe et que les cyber-états prolifèrent, c'est [& # 8230;]
In an increasingly connected digital landscape, the security of your organization’s data and publicly facing assets is more critical than ever. According to the CrowdStrike 2023 Threat Hunting Report, more than 20% of all interactive intrusions are associated with the exploitation of public-facing applications. As an organization\'s attack surface expands and cyberthreats proliferate, it is […] |
Threat | ★★ | |
|
2023-10-10 19:59:48 | Obtenir de la valeur de vos journaux proxy avec Falcon Logscale Getting Value from Your Proxy Logs with Falcon LogScale (lien direct) |
Tout le trafic Web qui découle de votre réseau d'entreprise devrait passer par un proxy Web.Ces journaux de proxy sont une excellente ressource pour les enquêtes sur la chasse aux menaces et la sécurité, mais elles se traduisent souvent par des volumes de données extrêmement importants.Dans un article de blog précédent, nous avons partagé la valeur des journaux de proxy dans l'adresse d'une gamme [& # 8230;]
All web traffic flowing out of your company network should be passing through a web proxy. These proxy logs are a great resource for threat hunting and security investigations, yet they often translate into extremely large volumes of data. In a previous blog post, we shared the value of proxy logs in addressing a range […] |
Threat | ★★ | |
|
2023-08-08 04:00:01 | Crowdsstrike fait ses débuts pour l'équipe des opérations de contre-adversaire pour lutter contre les adversaires plus rapides et plus intelligents alors que les attaques axées CrowdStrike Debuts Counter Adversary Operations Team to Fight Faster and Smarter Adversaries as Identity-Focused Attacks Skyrocket (lien direct) |
Crowdsstrike est fier d'annoncer le lancement de CrowdStrike Counter Adversary Operations, une équipe nouvellement formée et tout d'abord qui rassemble Crowdsstrike Falcon & Reg;Intelligence et Crowdsstrike & Reg;L'équipe de chasse aux menaces de Falcon Overwatch ™ pour perturber les adversaires d'aujourd'hui et finalement augmenter ses coûts de faire des affaires.Les opérations de chasse aux menaces et de renseignement sont essentielles pour détecter, perturber [& # 8230;]
CrowdStrike is proud to announce the launch of CrowdStrike Counter Adversary Operations, a newly formed, first-of-its kind team that brings together CrowdStrike Falcon® Intelligence and the CrowdStrike® Falcon OverWatch™ threat hunting team to disrupt today\'s adversaries and ultimately raise their cost of doing business. Both threat hunting and intelligence operations are essential to detect, disrupt […] |
Threat | ★★★ | |
|
2023-08-04 18:00:44 | Crowdsstrike marque à 100% dans SE Labs Q2 2023 Entreprise Advanced Security Detection Test, remporte AAA CrowdStrike Scores 100% in SE Labs Q2 2023 Enterprise Advanced Security Detection Test, Wins AAA Award (lien direct) |
Le Crowdsstrike Falcon & Reg;La plate-forme a obtenu une détection d'attaque à 100% avec zéro faux positif au T2 2023 SE Labs Enterprise Advanced Security (EAS) Test, remportant le prix AAA pour ses performances parfaites dans l'évaluation rigoureuse.SE Labs Analysts \\ 'Testing dirigés par l'intelligence ont utilisé les tactiques, techniques et procédures du monde réel (TTPS) de quatre groupes de menaces avancées, en utilisant quatre [& # 8230;]
The CrowdStrike Falcon® platform achieved 100% attack detection with zero false positives in the Q2 2023 SE Labs Enterprise Advanced Security (EAS) test, earning the AAA award for its perfect performance in the rigorous evaluation. SE Labs analysts\' intelligence-led testing employed the real-world tactics, techniques and procedures (TTPs) of four advanced threat groups, using four […] |
Threat | ★★ | |
|
2023-08-03 07:12:03 | Crowdsstrike a nommé un leader qui «fournit des renseignements sur les menaces de classe mondiale» en 2023 Forrester Wave CrowdStrike Named a Leader that “Delivers World-Class Threat Intelligence” in 2023 Forrester Wave (lien direct) |
Nous sommes ravis de partager que Forrester a nommé CrowdStrike un leader de Forrester Wave ™: External Threat Intelligence Services Providers, T-3 2023. Crowdsstrike a reçu le classement le plus élevé de tous les fournisseurs dans la catégorie d'offre actuelle, avec le score le plus élevé possible dans16 Critères, dépassant tous les autres fournisseurs évalués dans le rapport.Du rapport: «Crowdsstrike [& # 8230;]
We\'re excited to share that Forrester has named CrowdStrike a Leader in The Forrester Wave™: External Threat Intelligence Services Providers, Q3 2023. CrowdStrike received the highest ranking of all vendors in the Current Offering category, with the highest score possible in 16 criteria, surpassing all other vendors evaluated in the report. From the report: “CrowdStrike […] |
Threat | ★★ | |
|
2023-07-13 18:18:06 | Bienvenue dans le podcast d'univers adversaire: démasquer les acteurs de la menace ciblant votre organisation Welcome to the Adversary Universe Podcast: Unmasking the Threat Actors Targeting Your Organization (lien direct) |
L'adversaire moderne est implacable.Les acteurs de la menace d'aujourd'hui ciblent les organisations mondiales avec des attaques de plus en plus sophistiquées.Comme nous l'avons dit depuis la fondation de Crowdstrike: "Vous n'avez pas de problème de logiciel malveillant, vous avez un problème d'adversaire."La protection commence par démasquer les acteurs de la menace ciblant votre organisation.Qui sont-ils?Que sont-ils après?Et surtout, comment [& # 8230;]
The modern adversary is relentless. Today\'s threat actors target global organizations with increasingly sophisticated attacks. As we\'ve said since the founding of CrowdStrike: “You don\'t have a malware problem, you have an adversary problem.” Protection starts by unmasking the threat actors targeting your organization. Who are they? What are they after? And most importantly, how […] |
Malware Threat | ★★ | |
|
2023-06-22 18:12:12 | Affaire comme d'habitude: Falcon Complete Mdr contrecarne le roman Vanguard Panda (Volt Typhoon) Tradecraft Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft (lien direct) |
Vanguard Panda Contexte Le 24 mai 2023, les sources de l'industrie et du gouvernement ont détaillé l'activité China-Nexus dans laquelle l'acteur de menace a surnommé Volt Typhoon ciblé des entités d'infrastructures critiques basées aux États-Unis.Crowdsstrike Intelligence suit cet acteur comme Vanguard Panda.Depuis au moins la mi-2020, le Crowdsstrike Falcon & Reg;Équipe complète de détection et de réponse gérée (MDR) et The Crowdsstrike & Reg;Falcon Overwatch ™ menace [& # 8230;]
VANGUARD PANDA Background On May 24, 2023, industry and government sources detailed China-nexus activity in which the threat actor dubbed Volt Typhoon targeted U.S.-based critical infrastructure entities. CrowdStrike Intelligence tracks this actor as VANGUARD PANDA. Since at least mid-2020, the CrowdStrike Falcon® Complete managed detection and response (MDR) team and the CrowdStrike® Falcon OverWatch™ threat […] |
Threat | Guam Guam | ★★★ |
|
2023-06-15 19:21:14 | Conseils de sécurité des lignes de première ligne de la réponse aux incidents du nuage Security Guidance from the Front Lines of Cloud Incident Response (lien direct) |
Dans notre tout premier sommet des menaces de cloud, la vice-présidente principale du renseignement de CrowdStrike \\ et le directeur principal des services de conseil a discuté des façons les plus courantes que les adversaires influencent le cloud et les étapes que les organisations peuvent prendre pour rester en sécurité.Une conversation perspicace et engageante au cours de la semaine dernière, le sommet des menaces cloud de la semaine dernière a présenté Adam Meyers, vice-président principal du renseignement, [& # 8230;]
In our first-ever Cloud Threat Summit, CrowdStrike\'s Senior Vice President of Intelligence and Senior Director of Consulting Services discussed the most common ways adversaries breach the cloud and the steps organizations can take to stay safe. An insightful and engaging conversation during last week\'s Cloud Threat Summit featured Adam Meyers, Senior Vice President of Intelligence, […] |
Threat Cloud | ★★ | |
|
2023-06-12 00:52:24 | Les adversaires sont pratiques au Japon: connaissez la menace et connaissez la solution Adversaries Go Hands-On in Japan: Know the Threat and Know the Solution (lien direct) |
Le Japon, connu pour son innovation et son efficacité, est un leader de l'industrie mondialement reconnu.Cela met en danger les organisations basées au Japon d'être reconnus comme des cibles potentiellement précieuses par des cyber-adversaires à motivation pénale et ciblée.Ce blog, directement à partir des lignes de front de Crowdsstrike & Reg;Falcon Overwatch ™ Menace Hunting, partage des informations d'intrusion tirées de l'activité observée dans [& # 8230;]
Japan, known for its innovation and efficiency, is a globally recognized industry leader. This puts Japan-based organizations at risk of being recognized as potentially valuable targets by both criminally motivated and targeted cyber adversaries. This blog, directly from the front lines of CrowdStrike® Falcon OverWatch™ threat hunting, shares intrusion insights drawn from activity observed in […] |
Threat | ★★ | |
|
2023-02-28 06:21:51 | CrowdStrike 2023 Global Threat Report: Resilient Businesses Fight Relentless Adversaries (lien direct) | The CrowdStrike 2023 Global Threat Report, among the most trusted and comprehensive research on the modern threat landscape, explores the most significant security events and trends of the previous year, as well as the adversaries driving this activity. The latest edition of the CrowdStrike Global Threat Report comes at a critical time for organizations around […] | Threat | ★★ | |
|
2023-02-13 15:01:35 | DLL Side-Loading: How to Combat Threat Actor Evasion Techniques (lien direct) | Threat actors constantly evolve their tactics and techniques to circumvent security solutions. Working at the cutting-edge of detection engineering, CrowdStrike rapidly tracks and observes these evolutions in tactics to deliver timely, effective detections that protect customers. In this blog, we explore DLL side-loading and learn how CrowdStrike has expanded protections with Advanced Memory Scanning. Learn […] | Threat | ★★ | |
|
2023-02-01 21:34:45 | Using Artificial Intelligence and Machine Learning to Combat Hands-on-Keyboard Cybersecurity Attacks (lien direct) | Malware gets the headlines, but the bigger threat is hands-on-keyboard adversary activity which can evade traditional security solutions and present detection challenges Machine learning (ML) can predict and proactively protect against emerging threats by using behavioral event data. CrowdStrike's artificial intelligence (AI)-powered indicators of attack (IOAs) use ML to detect and predict adversarial patterns in […] | Malware Threat Prediction | ★★★ | |
|
2022-12-14 17:43:30 | Why Managed Threat Hunting Should Top Every CISO\'s Holiday Wish List (lien direct) | With the end of the year fast approaching, many of us are looking forward to a well-deserved break. However, security practitioners and security leaders worldwide are bracing themselves for what has become a peak period for novel and disruptive threats. In 2020, the holiday season was marked by the SUNBURST incident, and in 2021 the […] | Threat Guideline | Solardwinds | ★★ |
|
2022-10-21 20:30:49 | CrowdStrike Advances to Research Partner with MITRE Engenuity Center for Threat-Informed Defense to Help Lead the Future of Cyber Defense (lien direct) | CrowdStrike is deepening its commitment to advancing the security ecosystem leading the future of protection by becoming a top-tier partner in the MITRE Center for Threat-Informed Defense research program. CrowdStrike's adversary-centric approach and technology leadership can help change the game on adversaries, turning state-of-the-art threat defense into a state of practice. CrowdStrike is now a […] | Threat Guideline | ||
|
2022-10-20 08:33:08 | CrowdStrike and Google Chrome: Building an Integrated Ecosystem to Secure Your Enterprise Using the Power of Log Management (lien direct) | Organizations today face an onslaught of attacks across devices, identity and cloud workloads. The more security telemetry an organization has to work with, the better threat hunters can contextualize events to find and remediate potential threats. Google recently announced Chrome Enterprise Connectors Framework, a collection of plug-and-play integrations with industry-leading security solution providers. The framework […] | Threat Guideline | ||
|
2022-10-18 19:49:21 | Why Your Small Business Needs to Rethink Its Cybersecurity Strategy (lien direct) | Cybercrime is a big problem for small businesses, and the risk of advanced threats continues to grow. This Cybersecurity Awareness Month, learn how to protect your SMB or nonprofit from attacks that threaten the business. The cybersecurity threat to small- and medium-sized businesses (SMBs) continues to grow as cybercriminals recognize how vulnerable they can be, […] | Threat | ||
|
2022-09-13 20:56:40 | 2022 Threat Hunting Report: Falcon OverWatch Looks Back to Prepare Defenders for Tomorrow\'s Adversaries (lien direct) | Another turbulent year for cybersecurity finds itself right at home alongside global economic headwinds and geopolitical tensions. This year has been defined by rampant affiliate activity, a seemingly endless stream of new vulnerabilities and exploits, and the widespread abuse of valid credentials. These circumstances have conspired to drive a 50% increase in interactive intrusion activity […] | Threat | ||
|
2022-09-06 18:52:46 | Consolidated Identity Protection in a Unified Security Platform Is a Must-Have for the Modern SOC (lien direct) | As cyberattacks continue to grow relentlessly, enterprises have to continue improving their cyber defenses to stay one step ahead of the adversaries. One area that CISOs have recently started paying more attention is identity threat protection. This is not surprising considering 80% of modern attacks are identity-driven leveraging stolen credentials. In fact, identity threat detection […] | Threat | ★★ | |
|
2022-09-01 13:20:32 | CrowdStrike Introduces Sandbox Scryer: A Free Threat-Hunting Tool for Generating MITRE ATT&CK and Navigator Data (lien direct) | Sandbox Scryer is an open-source tool for producing threat hunting and intelligence data from public sandbox detonation output The tool leverages the MITRE ATT&CK Framework to organize and prioritize findings, assisting in assembling indicators of compromise (IOCs), understanding attack movement and hunting threats By allowing researchers to send thousands of samples to a sandbox for […] | Tool Threat | ★★ | |
|
2022-08-25 12:37:33 | Getting Started Guide: Falcon Long Term Repository (lien direct) | Limited data retention resulting from financial or technological constraints makes it hard for security teams to see the complete history of an attack. This lack of full context about a threat - or a potential threat - eventually catches up with organizations, leading to longer dwell times and increased risk of a breach. CrowdStrike Falcon […] | Threat Guideline | ||
|
2022-08-24 13:14:26 | The Anatomy of Wiper Malware, Part 2: Third-Party Drivers (lien direct) | In Part 1 of this four-part blog series examining wiper malware, we introduced the topic of wipers, reviewed their recent history and presented common adversary techniques that leverage wipers to destroy system data. In Part 2, CrowdStrike’s Endpoint Protection Content Research Team discusses how threat actors have used legitimate third-party drivers to bypass the visibility […] | Threat | ||
|
2022-07-19 14:43:04 | CrowdStrike\'s Adversary Universe World Tour: Coming to a City Near You! (lien direct) | And we're off! The CrowdStrike Adversary Universe® World Tour (AUWT) kicked off with a standing-room-only event in Brisbane, Australia on July 12, 2022, followed by another full house in Melbourne on July 18. We're excited to begin this tour and share insights from CrowdStrike's elite threat intelligence and security experts with customers around the world. […] | Threat | ||
|
2022-07-11 00:01:14 | Top Threats You Need to Know to Defend Your Cloud Environment (lien direct) | The CrowdStrike eBook, “Protectors of the Cloud: Combating the Rise in Threats to Cloud Environments,” reveals how adversaries target and infiltrate cloud environments and recommends best practices for defense. As organizations move critical applications and data to the cloud, these resources have come under increasing attack. Adversaries view cloud environments as soft targets and continue […] | Threat | ||
|
2022-06-30 19:46:55 | Tales from the Dark Web: How Tracking eCrime\'s Underground Economy Improves Defenses (lien direct) | Cybercriminals are constantly evolving their operations, the methods they use to breach an organization’s defenses and their tactics for monetizing their efforts. In the CrowdStrike 2022 Global Threat Report, we examined how the frequency and sophistication of ransomware attacks has grown in the past year. CrowdStrike Intelligence observed an 82% increase in ransomware-related data leaks […] | Ransomware Threat | ||
|
2022-06-29 18:35:27 | Falcon OverWatch Elite in Action: Tailored Threat Hunting Services Provide Individualized Care and Support (lien direct) | The threat presented by today's adversaries is as pervasive as it is dangerous - eCrime and state-nexus actors alike are attempting to infiltrate companies and organizations of all sizes and across all verticals. While technology is a powerful tool for performing routine or repeatable analysis, the only way to effectively hunt and contain sophisticated and […] | Tool Threat | ||
|
2022-06-23 16:26:54 | The Call Is Coming from Inside the House: CrowdStrike Identifies Novel Exploit in VOIP Appliance (lien direct) | CrowdStrike Services recently performed an investigation that identified a compromised Mitel VOIP appliance as the threat actor's entry point. The threat actor performed a novel remote code execution exploit on the Mitel appliance to gain initial access to the environment. CrowdStrike identified and reported the vulnerability to Mitel, and CVE-2022-29499 was created. The threat actor […] | Vulnerability Threat | ||
|
2022-06-02 12:46:52 | CrowdStrike Uncovers New MacOS Browser Hijacking Campaign (lien direct) | CrowdStrike analyzed a new browser hijacking campaign that targets MacOS The purpose of the campaign is to inject ads into the user's Chrome or Safari browser The CrowdStrike Falcon® platform provides continuous protection against browser hijacking threats by offering real-time visibility across workloads The CrowdStrike Content Research team recently analyzed a MacOS targeted browser hijacking […] | Threat | ||
|
2022-06-02 12:35:10 | OverWatch Casts a Wide Net for Follina: Hunting Beyond the Proof of Concept (lien direct) | CVE-2022-30190, aka Follina, was published by @nao_sec on Twitter on May 27, 2022 - the start of Memorial Day weekend in the U.S. - highlighting once again the need for round-the-clock cybersecurity coverage. Threat hunting in particular is critical in these instances, as it provides organizations with the surge support needed to combat adversaries and […] | Threat | ||
|
2022-06-01 12:52:59 | How CrowdStrike Achieves Lightning-Fast Machine Learning Model Training with TensorFlow and Rust (lien direct) | CrowdStrike combines the power of the cloud with cutting-edge technologies such as TensorFlow and Rust to make model training hundreds of times faster than traditional approaches CrowdStrike continuously advances machine learning capabilities to set the industry standard in protecting customers from sophisticated threats and adversaries Supercharging CrowdStrike's artificial intelligence requires both human professionals and the […] | Threat | ||
|
2022-06-01 07:15:25 | CrowdStrike Falcon Identity Threat Protection Added to GovCloud-1 to Help Meet Government Mandates for Identity Security and Zero Trust (lien direct) | CrowdStrike recently announced the addition of Falcon Identity Threat Protection and Falcon Identity Threat Detection to its GovCloud-1 environment, making both available to U.S. public sector organizations that require Federal Risk and Authorization Management Program (FedRAMP) Moderate or Impact Level 4 (IL-4) authorization. This includes U.S. federal agencies, U.S. state and local governments and the […] | Threat | ||
|
2022-05-26 09:23:27 | How Defenders Can Hunt for Malicious JScript Executions: A Perspective from OverWatch Elite (lien direct) | An adversary's ability to live off the land - relying on the operating system's built-in tooling and user-installed legitimate software rather than tooling that must be brought in - may allow them to navigate through a victim organization's network relatively undetected. CrowdStrike Falcon OverWatch™ threat hunters are acutely aware of adversaries’ love of these living […] | Threat | ||
|
2022-05-26 08:03:04 | Quadrant Knowledge Solutions Names CrowdStrike a Leader in the 2022 SPARK Matrix for Digital Threat Intelligence Management (lien direct) | “CrowdStrike is capable of catering to the diverse customer needs across industry verticals, with its comprehensive capabilities, compelling customer references, comprehensive roadmap and vision, cloud-native platform, and product suite with high scalability, have received strong ratings across technology excellence and customer impact.” – Quadrant Knowledge Solutions: 2022 SPARK MatrixTM for Digital Threat Intelligence Management We […] | Threat | ||
|
2022-05-19 17:26:41 | CrowdStrike Cloud Security Extends to New Red Hat Enterprise Linux Versions (lien direct) | As organizations increasingly move to hybrid cloud environments to increase agility, scale and competitive advantage, adversaries are correspondingly looking to exploit these environments. According to the CrowdStrike 2022 Global Threat Report, cloud-based services are “increasingly abused by malicious actors in the course of computer network operations (CNO), a trend that is likely to continue in […] | Threat | ||
|
2022-05-11 05:39:00 | Proactive Threat Hunting Bears Fruit: Falcon OverWatch Detects Novel IceApple Post-Exploitation Framework (lien direct) | The CrowdStrike Falcon OverWatch™ proactive threat hunting team has uncovered a sophisticated .NET-based post-exploitation framework, dubbed IceApple. Since OverWatchâs first detection in late 2021, the framework has been observed in multiple victim environments in geographically distinct locations, with intrusions spanning the technology, academic and government sectors. The emergence of new and evolving IceApple modules over […] | Threat | ★★★ | |
|
2022-05-06 06:43:27 | macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis (lien direct) | Ransomware (43% of analyzed threat data), backdoors (35%) and trojans (17%) were the most popular macOS malware categories spotted by CrowdStrike researchers in 2021 OSX.EvilQuest (ransomware), OSX.FlashBack (backdoor) and OSX.Lador (trojan) were the most prevalent threats in their respective categories To strengthen customer protection, CrowdStrike researchers continuously build better automated detection capabilities by analyzing and […] | Ransomware Malware Threat | ★★★ | |
|
2022-04-28 08:12:34 | Falcon Fusion Accelerates Orchestrated and Automated Response Time (lien direct) | CrowdStrike Falcon Fusion automates and accelerates incident response by orchestrating sandbox detonations to automatically analyze related malware samples and enrich the results with industry-leading threat insights Falcon Fusion enables analysts to build real-time active response and notification capabilities with customized triggers based on detection and incident disposition The CrowdStrike Falcon® platform leverages critical context, visibility […] | Malware Threat Guideline | ||
|
2022-04-27 06:30:19 | CrowdStrike Delivers Adversary-Focused, Platform Approach to CNAPP and Cloud Security (lien direct) | CrowdStrike Falcon® delivers comprehensive cloud security, combining agent-based and agentless protection in a single, unified platform experience Integrated threat intelligence delivers a powerful, adversary-focused approach to stopping cloud breaches Cloud-based services have revolutionized business processes and emerged as the backbone of the modern enterprise. According to analyst firm Gartner®, âmore than 85% of organizations will […] | Threat | ||
|
2022-04-21 08:23:55 | LemonDuck Targets Docker for Cryptomining Operations (lien direct) | LemonDuck, a well-known cryptomining botnet, is targeting Docker to mine cryptocurrency on Linux systems. This campaign is currently active. It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses. It evades detection by targeting Alibaba Cloudâs monitoring service and disabling it. CrowdStrike customers are protected from this threat […] | Threat | ||
|
2022-04-20 12:42:51 | CrowdStrike Falcon Spotlight Fuses Endpoint Data with CISA\'s Known Exploited Vulnerabilities Catalog (lien direct) | In this blog you will: Learn how to leverage the CrowdStrike Falcon Spotlight™ integrated threat and vulnerability management module to fuse your endpoint telemetry with CISA’s Known Exploited Vulnerabilities Catalog Learn how to use the CrowdStrike Falcon® console to further investigate and take action The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency […] | Vulnerability Threat | ||
|
2022-04-19 12:33:33 | Security Doesnât Stop at the First Alert: Falcon X Threat Intelligence Offers New Context in MITRE ATT&CK Evaluation (lien direct) | The CrowdStrike Falcon® platform delivers 100% prevention across all nine steps in the MITRE Engenuity ATT&CK® Enterprise Evaluation CrowdStrike extends endpoint and workload protection by fully integrating threat intelligence into the Falcon platform â CrowdStrike Falcon X™ enables CrowdStrike users to pivot seamlessly from detections to the latest intelligence on todayâs adversaries, including their motivation […] | Threat |
To see everything:
Our RSS (filtrered)
