|
By Brett Shaw
CrowdStrike is excited to announce we have been named a leader in Frost & Sullivan’s Cloud Workload Protection Platform (CWPP) Radar for the second consecutive year. This recognition validates our continued innovation and growth in cloud security and our commitment to providing a unified cloud security approach and powerful workload security capabilities.
|
By Cody Queen
Securing the cloud has become increasingly complex as organizations adopt hybrid and multi-cloud resources to meet their demanding business requirements. It’s also more crucial than ever: From 2022 to 2023, CrowdStrike identified a 75% increase in cloud intrusions.
|
By Yang Liang
As modern cyberattacks increasingly target cloud environments, it is imperative organizations have the technology they need to detect and stop them. The attack surface of cloud-native applications and infrastructure is quickly expanding. Cloud-native application protection platforms (CNAPPs) address the growing need for modern cloud security monitoring, security posture management, breach prevention and control tools to fully protect cloud environments.
In today’s rapidly evolving threat landscape, the need for dynamic security measures is critical. Due to Windows’s current architecture and design, security products running in the platform, particularly those involved in endpoint protection, require kernel access to provide the highest level of visibility, enforcement and tamper-resistance, while meeting the strict performance envelopes demanded by large enterprise clients.
|
By Adam Meyers
CrowdStrike is aware of inaccurate reporting and false claims about the security of the Falcon sensor. This blog sets the record straight by providing customers with accurate technical information about the Falcon sensor and any claims regarding the Channel File 291 incident. CrowdStrike has provided a Technical Root Cause Analysis and executive summary that describes the bug in detail.
Malicious Inauthentic Falcon Crash Reporter Installer Delivers LLVM-Based Mythic C2 Agent Named Ciro
On July 24, 2024, an unattributed threat actor distributed a password-protected installer masquerading as an inauthentic Falcon Crash Reporter Installer to a German entity in an unattributed spear-phishing attempt. Subsequent analysis revealed that executing the installer with the threat actor-provided password leads to a novel execution chain in which an agent written to the Mythic command-and-control (C2)1 framework is executed as LLVM Intermediate Representation (IR) bitcode.
On July 24, 2024, hacktivist entity USDoD claimed on English-language cybercrime forum BreachForums to have leaked CrowdStrike’s “entire threat actor list.”1 The actor also alleged that they had obtained CrowdStrike’s “entire IOC list” and would release it “soon.” In the announcement, USDoD provided a link to download the alleged threat actor list and provided a sample of data fields, likely in an effort to substantiate their claims.
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic CrowdStrike Crash Reporter installer via a website impersonating a German entity. The website was registered with a sub-domain registrar.
On July 23, 2024, CrowdStrike Intelligence identified the phishing domain crowdstrike-office365com, which impersonates CrowdStrike and delivers malicious ZIP and RAR files containing a Microsoft Installer (MSI) loader. The loader ultimately executes Lumma Stealer packed with CypherIt.
On July 23, 2024, CrowdStrike Intelligence identified a malicious ZIP file containing a Python-based information stealer now tracked as Connecio. A threat actor distributed this file days after the July 19, 2024, single content update for CrowdStrike’s Falcon sensor — which impacted Windows operating systems — was identified and a fix was deployed. The ZIP file uses the filename CrowdStrike Falcon.zip in an attempt to masquerade as a Falcon update.
|
By CrowdStrike
Organizations are migrating and building on AWS to unlock their potential and remove obstacles to growth and innovation. AWS customers are able to focus on building value for their end customers by removing the burden of data center operations and hardware management costs. Cloud-based architectures improve agility, resilience and scalability while allowing enterprise-scale infrastructure to be deployed globally in minutes.
|
By CrowdStrike
This video is an overview of the dashboard available for CrowdStrike Insight customers to identify possibly impacted devices related to the recent defect in a CrowdStrike content update for Windows hosts. For more information on this dashboard, please visit the CrowdStrike Remediation and Guidance Hub.
|
By CrowdStrike
This video shows you how to use the Falcon Windows Host Recovery project to build bootable USB drives to remediate Windows hosts impacted by the recent Falcon Content Update.
|
By CrowdStrike
This video for remote users with local administrator privileges, outlines the steps required to self-remediate a Windows laptop experiencing a blue screen of death (BSOD) related to the recent defect in a CrowdStrike content update for Windows hosts. Follow these instructions if directed to do so by your organization's IT department.
|
By CrowdStrike
Breach containment is a race against time. Falcon Fusion, integrated within the CrowdStrike Falcon Platform, harnesses AI and automation to expedite incident detection and response. Experience how Falcon Fusion streamlines security workflows, enabling teams to take down threats 108 days quicker on average, providing a swift and strategic defense that keeps adversaries at bay. CrowdStrike Falcon Fusion SOAR.
|
By CrowdStrike
Start using your free 10GB/day of third-party data ingestion by learning how to onboard data with Falcon Next-Gen SIEM. Effortlessly accelerate third-party data ingestion with pre-built data connectors and out-of-the-box content - all within the CrowdStrike Falcon platform. Managing your data has never been easier with Falcon Next-Gen SIEM. CrowdStrike Falcon Next-Gen SIEM: Consolidate security operations with the world’s most complete AI-native SOC platform.
|
By CrowdStrike
Adversaries are relentless when they're targeting your endpoints. Experience CrowdStrike's state of the art Endpoint Security, which thwarts advanced threats by leveraging cutting edge AI and enabling advanced remediation actions, all in a simple to deploy unified architecture.
|
By CrowdStrike
See how CrowdStrike achieved the highest detection coverage (42 out of 43) of all adversary attack substeps, and fastest mean-time-to-detect (MTTD) at 4 minutes, far surpassing other competitive vendors. Connect With Us: Subscribe and Stay Updated: ► Don't miss out on more exciting content! Subscribe to our channel for the latest updates, case studies, and more from the world of cybersecurity.
|
By CrowdStrike
A daily onslaught of significant breaches means policymakers are often forced into crisis response. For decades, this has led to an overwhelming focus within the community on tactical issues and relatively less attention on strategic ones. Fortunately, however, policymakers are increasingly considering cyber risk holistically and are attempting to proactively drive systemic changes.
|
By CrowdStrike
Protecting your software from adversaries requires a precise understanding of production. Watch how Falcon ASPM empowers security teams to stop adversaries from breaching their custom applications. CrowdStrike Falcon ASPM: Prioritize and mitigate cloud threats with unmatched application visibility and business context.
|
By CrowdStrike
Since a majority of the breaches are credential based, securing your multi-directory identity store - Microsoft Active Directory (AD) and Azure AD - is critical to protecting your organization from adversaries launching ransomware and supply chain attacks. Your security and IAM teams are concerned about securing AD and maintaining AD hygiene - and they need to be in sync, for example, to ensure that legacy and deprecated protocols like NTLMv1 are not being used and that the right security controls are in place to prevent breaches in real time.
|
By CrowdStrike
Visibility in the cloud is an important but difficult problem to tackle. It differs among cloud providers, and each one has its own positive and negative aspects. This guide covers some of the logging and visibility options that Amazon Web Services (AWS) and Google Cloud Platform (GCP) offer, and highlights their blind spots and how to eliminate them.
|
By CrowdStrike
Learn about how to strengthen and modernize your agency's security protection, detection and remediation with Zero Trust. This white paper explains the unique risk factors federal agencies face, what a superior Zero Trust framework includes, and how cloud and endpoint security can help modernize federal security from the endpoint to the application.
|
By CrowdStrike
You have to secure your workforce identities immediately, to protect your organization from modern attacks like ransomware and supply chain threats. Your environment could be just Microsoft Active Directory (AD), or a hybrid identity store with AD and Azure AD, and it's important to have a holistic view of the directories and a frictionless approach to securing them. If you're considering Microsoft to secure your identities and identity store (AD and Azure Active Directory), you should ask these five questions.
|
By CrowdStrike
Network segmentation has been around for a while and is one of the core elements in the NIST SP 800-207 Zero Trust framework. Although network segmentation reduces the attack surface, this strategy does not protect against adversary techniques and tactics in the identity phases in the kill chain. The method of segmentation that provides the most risk reduction, at reduced cost and operational complexity, is identity segmentation.
|
By CrowdStrike
Cloud adoption remains a key driver for digital transformation and growth for today's businesses, helping them deliver applications and services to customers with the speed and scalability that only the cloud can provide. Enabling them to do so safely is a critical objective for any enterprise IT security team.
- August 2024 (6)
- July 2024 (17)
- June 2024 (20)
- May 2024 (17)
- April 2024 (17)
- March 2024 (16)
- February 2024 (21)
- January 2024 (11)
- December 2023 (11)
- November 2023 (21)
- October 2023 (19)
- September 2023 (18)
- August 2023 (21)
- July 2023 (7)
- June 2023 (15)
- May 2023 (14)
- April 2023 (15)
- March 2023 (16)
- February 2023 (13)
- January 2023 (19)
- December 2022 (29)
- November 2022 (19)
- October 2022 (26)
- September 2022 (22)
- August 2022 (14)
- July 2022 (8)
- June 2022 (23)
- May 2022 (17)
- April 2022 (20)
- March 2022 (34)
- February 2022 (20)
- January 2022 (18)
- December 2021 (27)
- November 2021 (5)
- September 2021 (1)
- August 2021 (6)
- July 2021 (5)
CrowdStrike protects the people, processes and technologies that drive modern enterprise. A single agent solution to stop breaches, ransomware, and cyber attacks—powered by world-class security expertise and deep industry experience.
Many of the world’s largest organizations already put their trust in CrowdStrike, including three of the 10 largest global companies by revenue, five of the 10 largest financial institutions, three of the top 10 health care providers, and three of the top 10 energy companies.
A Radical New Approach Proven To Stop Breaches:
- Cloud Native: Eliminates complexity and simplifies deployment to drive down operational costs.
- AI Powered: Harnesses the power of big data and artificial intelligence to empower your team with instant visibility.
- Single Agent: Delivers everything you need to stop breaches — providing maximum effectiveness on day one.
One platform. Every industry. Superior protection.