Category: Blog – crowdstrike.com

This article has been indexed from Blog – crowdstrike.com Since we founded CrowdStrike, one of the things I’m proudest of is our collective ability to work with customers to lead the industry forward. Leadership is more than just being the…

Read more →

This article has been indexed from Blog – crowdstrike.com This week we announced the general availability of CrowdStrike’s newest innovation, Falcon XDR, and I couldn’t be more excited. Using our same single, lightweight agent architecture, Falcon XDR enables security teams…

Read more →

This article has been indexed from Blog – crowdstrike.com Microsoft has released 48 security patches for its February Patch Tuesday rollout. None are considered Critical or known to have been actively exploited. CVE-2022-21989, a publicly known zero-day vulnerability in the…

Read more →

This article has been indexed from Blog – crowdstrike.com The Go ecosystem has long relied on the use of third-party libraries for logging. Logrus, one of the first leveled, structured logging libraries, is now maintenance-only and its developers recommend migrating…

Read more →

This article has been indexed from Blog – crowdstrike.com We are thrilled to announce the general availability of CrowdStrike’s newest innovation: Falcon XDR. Founded on our pioneering endpoint detection and response (EDR) technology and the power of the CrowdStrike Security…

Read more →

This article has been indexed from Blog – crowdstrike.com Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces.  When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis,…

Read more →

This article has been indexed from Blog – crowdstrike.com The Golang ecosystem has long relied on the use of third-party libraries for logging. Logrus, one of the first leveled, structured logging libraries, is now maintenance-only and its developers recommend migrating…

Read more →

This article has been indexed from Blog – crowdstrike.com In November 2021, a vulnerability was discovered in a ubiquitous Linux module named Polkit. Developed by Red Hat, Polkit facilitates the communication between privileged and unprivileged processes on Linux endpoints. Due…

Read more →

This article has been indexed from Blog – crowdstrike.com On Jan. 18, 2022, researchers found a heap base buffer overflow flaw (CVE-2022-0185) in the Linux kernel (5.1-rc1+) function “legacy_parse_param” of filesystem context functionality, which allows an out-of-bounds write in kernel…

Read more →

This article has been indexed from Blog – crowdstrike.com The Cybersecurity and Infrastructure Security Agency (CISA) warns of potential critical threats similar to recent cyberthreats targeting Ukraine U.S. companies are advised to implement cybersecurity measures to maximize resilience The CrowdStrike…

Read more →

This article has been indexed from Blog – crowdstrike.com Disruptive and destructive cyber operations have been levied against elements of Ukrainian society by adversaries attributed to the Russian government — or groups highly likely to be controlled by them —…

Read more →

This article has been indexed from Blog – crowdstrike.com The year 2021 was a big one for Jenn Wong: It marked the first full year she was in a new role, at a new company, in a new industry. Not…

Read more →

This article has been indexed from Blog – crowdstrike.com Today’s privacy and security conversations often happen in silos, but key privacy principles from decades ago remind us that they are intertwined, especially in the face of today’s risks. January 28,…

Read more →

This article has been indexed from Blog – crowdstrike.com StellarParticle is a campaign tracked by CrowdStrike as related to the SUNSPOT implant from the SolarWinds intrusion in December 2020 and associated with COZY BEAR (aka APT29, “The Dukes”).  The StellarParticle…

Read more →

This article has been indexed from Blog – crowdstrike.com Suspicious command lines differ from common ones in how the executable path looks and the unusual arguments passed to them Bidirectional Encoder Representations from Transformers (BERT) embeddings can successfully be used…

Read more →

This article has been indexed from Blog – crowdstrike.com The results from the 2021 Global Security Attitude Survey paint a bleak picture of how organizations globally are feeling about the cybersecurity landscape before them. Organizations are grappling with shortages of…

Read more →

This article has been indexed from Blog – crowdstrike.com In an incident response investigation, CrowdStrike analysts use multiple data points to parse the facts of who, what, when and how. As part of that fact-finding mission, analysts investigating Windows systems…

Read more →

This article has been indexed from Blog – crowdstrike.com Deloitte, a leader in managed security services, has launched MXDR by Deloitte — a Managed Extended Detection and Response suite of offerings — within which the CrowdStrike Falcon® platform will power…

Read more →

This article has been indexed from Blog – crowdstrike.com On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by…

Read more →

This article has been indexed from Blog – crowdstrike.com Kicking off the first Patch Tuesday of 2022, CrowdStrike continues to provide research and analysis regarding critically rated vulnerabilities and the subsequent patches offered by Microsoft. In this month’s updates we…

Read more →

This article has been indexed from Blog – crowdstrike.com Malware targeting Linux systems increased by 35% in 2021 compared to 2020 XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021 Ten…

Read more →

This article has been indexed from Blog – crowdstrike.com Organizations need to stay ahead of the ever-evolving security landscape. It’s no secret that Zero Trust security is crucial for successful endpoint protection. Due to the rapid transition to a remote…

Read more →

This article has been indexed from Blog – crowdstrike.com TellYouThePass ransomware, discovered in 2019, recently re-emerged compiled using Golang  Golang’s popularity among malware developers makes cross-platform development more accessible TellYouThePass ransomware was recently associated with Log4Shell post-exploitation, targeting Windows and…

Read more →

This article has been indexed from Blog – crowdstrike.com What Happened? Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path…

Read more →

This article has been indexed from Blog – crowdstrike.com The CrowdStrike Incident Response Tracker is a convenient spreadsheet that includes sections to document indicators of compromise, affected accounts, compromised systems and a timeline of significant events CrowdStrike incident response teams…

Read more →

This article has been indexed from Blog – crowdstrike.com It should come as little surprise that when enterprise and IT leaders turned their attention to the cloud, so did attackers. Unfortunately, the security capabilities of enterprises have not always kept…

Read more →

This article has been indexed from Blog – crowdstrike.com Since we founded CrowdStrike, we’ve paved the way as one of the most prominent remote-first companies. We’ve planted roots in communities around the world — from Sunnyvale to London and from…

Read more →

This article has been indexed from Blog – crowdstrike.com Following the Dec. 9, 2021, announcement of the Log4j vulnerability, CVE 2021-44228, CrowdStrike Falcon OverWatch™ has provided customers with unrivaled protection and 24/7/365 vigilance in the face of heightened uncertainty.  To…

Read more →

This article has been indexed from Blog – crowdstrike.com Falcon adds a new feature that uses Intel hardware capabilities to detect complex attack techniques that are notoriously hard to detect. CrowdStrike’s new Hardware Enhanced Exploit Detection feature delivers memory safety…

Read more →

This article has been indexed from Blog – crowdstrike.com Note: This post first appeared in r/CrowdStrike. First and foremost: if you’re reading this post, I hope you’re doing well and have been able to achieve some semblance of balance between…

Read more →

This article has been indexed from Blog – crowdstrike.com The recently discovered Log4j vulnerability has serious potential to expose organizations across the globe to a new wave of cybersecurity risks as threat actors look to exploit this latest vulnerability to…

Read more →

This article has been indexed from Blog – crowdstrike.com Introduction Due to compliance regulations, many organizations have a need to monitor key assets for changes made to certain files, folders or registry settings. File Integrity Monitoring (FIM) can be a…

Read more →

This article has been indexed from Blog – crowdstrike.com The Log4j vulnerability burst onto the scene just a few weeks ago, but to many defenders it already feels like a lifetime. It has rapidly become one of the top concerns…

Read more →

This article has been indexed from Blog – crowdstrike.com This blog was originally published on humio.com. Humio is a CrowdStrike Company. Data logging is the process of capturing, storing and displaying one or more datasets to analyze activity, identify trends and…

Read more →

This article has been indexed from Blog – crowdstrike.com CrowdStrike is proud to announce that Armis, Cloudflare and ThreatWarrior have joined the open CrowdXDR Alliance.  The addition of these industry leaders enhances XDR with telemetry from cloud, network and Internet…

Read more →

This article has been indexed from Blog – crowdstrike.com It’s the last Patch Tuesday update of 2021, and as with many other updates this year, this month’s list includes important ones — among them a zero-day (CVE-2021-43890 in AppX installer),…

Read more →

This article has been indexed from Blog – crowdstrike.com This blog was originally published Dec. 2, 2021 on humio.com. Humio is a CrowdStrike Company. A new API integration for Humio and Fylamynt helps joint customers improve the efficiency of their…

Read more →

This article has been indexed from Blog – crowdstrike.com Log4Shell, the latest critical vulnerability, found in the Log4j2 Apache Logging Services library, poses a serious threat to organizations Active attempts to exploit the vulnerability were identified in the wild, currently…

Read more →

This article has been indexed from Blog – crowdstrike.com Extended detection and response (XDR) is all the rage these days. It seems like almost every security vendor now claims to offer XDR functionality. But are those claims based in reality? …

Read more →

This article has been indexed from Blog – crowdstrike.com This blog was originally published Nov. 22, 2021 on humio.com. Humio is a CrowdStrike Company. Whether you’re diagnosing a system outage, mitigating a malicious attack or trying to get to the…

Read more →

This article has been indexed from Blog – crowdstrike.com The CrowdStrike Falcon® platform achieves 100% attacks detected in new Advanced Security Test (EDR) from SE Labs This SE Labs test demonstrated that CrowdStrike’s Zero Trust module, Falcon Identity Threat Protection,…

Read more →

This article has been indexed from Blog – crowdstrike.com CrowdStrike Falcon receives second half-year award for Approved Business Security Product from AV-Comparatives in 2021 This marks the tenth consecutive Approved Business Security Product award from AV-Comparatives since 2016 CrowdStrike Falcon…

Read more →

This article has been indexed from Blog – crowdstrike.com Log4j2 is an open-source, Java-based logging framework commonly incorporated into Apache web servers. Between late November and early December 2021, a critical vulnerability (CVE-2021-44228) impacting the Log4j2 utility was reported, resulting…

Read more →

This article has been indexed from Blog – crowdstrike.com In two recent blog posts from the CrowdStrike Software Development Engineers in Test (SDET) team, we explored how end-to-end validation testing and modular testing design could increase the speed and accuracy…

Read more →

This article has been indexed from Blog – crowdstrike.com As a human-led managed threat hunting service, CrowdStrike Falcon OverWatch™ is built around the best and brightest analysts in the industry who lead the fight against today’s sophisticated adversaries. But while…

Read more →

This article has been indexed from Blog – crowdstrike.com Digital transformation has pushed organizations to adopt a hybrid IT approach and has created a mix of on-premises and cloud infrastructure that has to be supported and protected.  Unfortunately, while hybrid…

Read more →

This article has been indexed from Blog – crowdstrike.com This blog was originally published Oct. 1, 2021 on humio.com. Humio is a CrowdStrike Company. What is an indicator of compromise (IOC)? An indicator of compromise (IOC) is a piece of…

Read more →

This article has been indexed from Blog – crowdstrike.com In a July 2019 blog post about DoppelPaymer, Crowdstrike Intelligence reported that ProcessHacker was being hijacked to kill a list of targeted processes and gain access, delivering a “critical hit.” Although…

Read more →

This article has been indexed from Blog – crowdstrike.com Customers of mainstream software providers continue to face a crisis of trust, say IT and security chiefs, while cyberattacks are more costly and anxieties around these attacks continue to grow —…

Read more →

This article has been indexed from Blog – crowdstrike.com In our last post, Testing Data Flows using Python and Remote Functions, we discussed how organizations can use remote functions in Python to create an end-to-end testing and validation strategy. Here…

Read more →

This article has been indexed from Blog – crowdstrike.com This blog was originally published Oct. 26, 2021 on humio.com. Humio is a CrowdStrike Company. Improve visibility and increase insights by logging everything ITOps, DevOps and SecOps teams need historical log…

Read more →

This article has been indexed from Blog – crowdstrike.com The United States and like-minded nations face unprecedented threats from today’s adversaries. Continuous cyberattacks on critical infrastructure, supply chains, government agencies and more present significant ongoing threats to national security, and…

Read more →

This article has been indexed from Blog – crowdstrike.com Security budgets are not infinite. Every dollar spent must produce a return on investment (ROI) in the form of better detection or prevention.  Getting the highest ROI for security purchases is…

Read more →

This article has been indexed from Blog – crowdstrike.com This blog was originally published on humio.com. Humio is a CrowdStrike Company. What is a hypervisor? A hypervisor, or virtual machine monitor (VMM), is virtualization software that creates and manages multiple virtual machines…

Read more →

This article has been indexed from Blog – crowdstrike.com CrowdStrike Falcon OverWatch™ recently released its annual threat hunting report, detailing the interactive intrusion activity observed by hunters over the course of the past year. The tactics, techniques and procedures (TTPs)…

Read more →

This article has been indexed from Blog – crowdstrike.com Developing applications quickly has always been the goal of development teams. Traditionally, that often puts them at odds with the need for testing. Developers might code up to the last minute,…

Read more →

This article has been indexed from Blog – crowdstrike.com In a recent blog post, Sharding Kafka for Increased Scale and Reliability, the CrowdStrike Engineering Site and Reliability Team shared how it overcame scaling limitations within Apache Kafka so that they…

Read more →

This article has been indexed from Blog – crowdstrike.com In a recent blog post, Sharding Kafka for Increased Scale and Reliability, the CrowdStrike Engineering Site and Reliability Team shared how it overcame scaling limitations within Apache Kafka so that they…

Read more →

This article has been indexed from Blog – crowdstrike.com This blog was originally published oct. 28, 2021 on humio.com. Humio is a CrowdStrike Company. Definition of MTTR Mean time to repair (MTTR) is a key performance indicator (KPI) that represents the…

Read more →

This article has been indexed from Blog – crowdstrike.com With virtualization in the data center and further adoption of cloud infrastructure, it’s no wonder why IT, DevOps and security teams grapple with new and evolving security challenges. An increase in…

Read more →

This article has been indexed from Blog – crowdstrike.com CrowdStrike Incident Response teams leverage Falcon Identity Threat Detection (ITD) for Microsoft Active Directory (AD) and Azure AD account authentication visibility, credential hygiene and multifactor authentication implementation Falcon ITD is integrated…

Read more →

This article has been indexed from Blog – crowdstrike.com Recently, one of our engineering teams encountered what seemed like a fairly straightforward issue: When they attempted to store UUID values to a database, it produced an error claiming that the…

Read more →

This article has been indexed from Blog – crowdstrike.com ECrime activities dominate the threat landscape, with ransomware as the main driver Ransomware operators constantly refine their code and the efficacy of their operations CrowdStrike uses improved behavior-based detections to prevent…

Read more →

This article has been indexed from Blog – crowdstrike.com This blog was originally published Oct. 11, 2021 on humio.com. Humio is a CrowdStrike Company. Humio is a powerful and super flexible platform that allows customers to log everything and answer…

Read more →

This article has been indexed from Blog – crowdstrike.com CrowdStrike wins the prestigious SE Labs “Best Endpoint Detection and Response” 2021 award.  This marks CrowdStrike’s second consecutive year winning Best EDR from SE Labs, the highly regarded independent testing organization,…

Read more →

This article has been indexed from Blog – crowdstrike.com One useful method in a security researcher’s toolbox for discovering new bugs in software is called “fuzz testing,” or just “fuzzing.” Fuzzing is an automatic software testing approach where the software…

Read more →

This article has been indexed from Blog – crowdstrike.com The CrowdStrike Falcon® platform receives new AAA rating from SE Labs, one of the most prestigious independent third-party testing institutions Falcon achieves AAA rating, scoring 99% total accuracy and 100% legitimate…

Read more →

This article has been indexed from Blog – crowdstrike.com This blog was originally published Sept. 30, 2021 on humio.com. Humio is a CrowdStrike Company. What Is Log Analysis? Log analysis is the process of reviewing computer-generated event logs to proactively identify…

Read more →

This article has been indexed from Blog – crowdstrike.com The Cybersecurity and Infrastructure Security Agency (CISA) issued a mandate on November 2, 2021, for all U.S. federal agencies to fix hundreds of known vulnerabilities. Binding Operational Directive 22-01 (BOD 22-01)…

Read more →

This article has been indexed from Blog – crowdstrike.com As the year draws to a close, the active exploitation of Microsoft vulnerabilities continues unabated. Once again, a broad range of Microsoft products are included in this month’s Patch Tuesday update…

Read more →

This article has been indexed from Blog – crowdstrike.com CrowdStrike and Rockwell Automation have announced a partnership to help joint customers secure the expanded threat surface of the industrial control systems (ICS) and operational technology (OT) controlling our energy, manufacturing…

Read more →

This article has been indexed from Blog – crowdstrike.com Career planning in the cybersecurity industry can be a double-edged sword. On one hand, there is no typical or structured course to follow, which can make it difficult for people to…

Read more →

This article has been indexed from Blog – crowdstrike.com Introduction Organizations have historically been reliant on CVSS severity scoring to help prioritize vulnerability remediations. Unfortunately, that single data point is often not enough to drive an effective patching strategy. With…

Read more →

This article has been indexed from Blog – crowdstrike.com This blog was originally published Sept. 24, 2021 on humio.com. Humio is a CrowdStrike Company. From time to time, people ask us exactly what we mean when we say things like…

Read more →

This article has been indexed from Blog – crowdstrike.com One of the most tedious tasks in malware analysis is to get rid of the obfuscated code. Nowadays, almost every malware uses obfuscation to hinder the analysis and try to evade…

Read more →

This article has been indexed from Blog – crowdstrike.com Introduction Falcon Insight provides customers with extensive visibility into the events taking place on endpoints and workloads. While triggered detections are an important part of endpoint security, CrowdStrike also provides the…

Read more →

This article has been indexed from Blog – crowdstrike.com This blog was originally published Nov. 8, 2021 on humio.com. Humio is a CrowdStrike Company. Recently, I had the wonderful opportunity to sit down with George Kurtz, CEO and Co-Founder of…

Read more →

This article has been indexed from Blog – crowdstrike.com Humio delivers modern log management with streaming observability to enable customers to log everything and answer anything in real time. Today, Humio is proud to be recognized by Enterprise Management Associates…

Read more →

This article has been indexed from Blog – crowdstrike.com Since September 2019, Falcon OverWatch™ has been tracking an as yet unattributed actor, conducting targeted operations against organizations within the Asia Pacific (APAC) semiconductor industry. CrowdStrike Intelligence tracks this activity cluster…

Read more →

This article has been indexed from Blog – crowdstrike.com This blog was originally published on humio.com. Humio is a CrowdStrike Company. Overview The University of Idaho uses Humio to ingest and analyze network security log data at scale. Humio provides…

Read more →