On July 23, 2024, CrowdStrike Intelligence identified the phishing domain crowdstrike-office365com, which impersonates CrowdStrike and delivers malicious ZIP and RAR files containing a Microsoft Installer (MSI) loader. The loader ultimately executes Lumma Stealer packed with CypherIt.
On July 23, 2024, CrowdStrike Intelligence identified a malicious ZIP file containing a Python-based information stealer now tracked as Connecio. A threat actor distributed this file days after the July 19, 2024, single content update for CrowdStrike’s Falcon sensor — which impacted Windows operating systems — was identified and a fix was deployed. The ZIP file uses the filename CrowdStrike Falcon.zip in an attempt to masquerade as a Falcon update.
On July 22, 2024, CrowdStrike Intelligence identified a Word document containing macros that download an unidentified stealer now tracked as Daolpu. The document impersonates a Microsoft recovery manual.1 Initial analysis suggests the activity is likely criminal.
On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon sensor impacting Windows operating systems was identified, and a fix was deployed.1 CrowdStrike Intelligence has since observed threat actors leveraging the event to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos.
|
By Austin Murphy
CrowdStrike is setting a new standard for managed detection and response (MDR), building on our established reputation as pioneers and industry leaders. Falcon Complete Next-Gen MDR combines cutting-edge AI-powered cybersecurity technology with the expertise of the industry’s top security analysts to stop breaches across the entire attack surface 24/7 with unmatched speed and precision.
|
By Anne Aarness
The endpoint combines both opportunity and risk for most organizations. While an essential hub for modern business operations and the tools employees use, it also is the primary attack surface for today’s adversaries: Nearly 90% of successful cyberattacks start at the endpoint.1 An endpoint protection platform (EPP) is the essential foundation to a strong cybersecurity strategy.
|
By Dana Raveh
The advent of cloud technology has revolutionized organizations’ data use and security practices. Cloud development has decentralized data management, with development and DevOps teams — and now business intelligence (BI) and AI teams — dispersing data across multiple cloud service providers, regions and applications. This decentralization has fueled the proliferation of shadow data and heightened the risk of unintentional data exposure.
|
By Karishma Asthana
Serverless functions such as AWS Lambda, Google Cloud Functions and Azure Functions are increasingly popular among DevOps teams, as these cloud-based systems allow developers to build and run applications without managing the underlying infrastructure. But for all their benefits, serverless functions can also raise cybersecurity risk.
|
By Vicky Ngo-Lam
At CrowdStrike, we’ve long known how difficult it is to detect attacks that involve stolen credentials. We themed the CrowdStrike 2024 Global Threat Report “the year of stealth” to highlight how attackers are moving away from malware and malicious attachments and toward more subtle and effective methods such as credential phishing, password spraying and social engineering to accomplish their objectives. Source: CrowdStrike 2024 Global Threat Report.
|
By Editorial Team
The CISO of a major insurance company recently switched from Microsoft to CrowdStrike for endpoint and identity security following a ransomware incident that Microsoft Defender failed to block. The following Q&A explains what happened, the fallout with Microsoft and how CrowdStrike delivered the protection, consolidation and support the CISO needed. Describe your security posture before the incident. I joined the company as CISO a few years ago.
|
By CrowdStrike
This video is an overview of the dashboard available for CrowdStrike Insight customers to identify possibly impacted devices related to the recent defect in a CrowdStrike content update for Windows hosts. For more information on this dashboard, please visit the CrowdStrike Remediation and Guidance Hub.
|
By CrowdStrike
This video shows you how to use the Falcon Windows Host Recovery project to build bootable USB drives to remediate Windows hosts impacted by the recent Falcon Content Update.
|
By CrowdStrike
This video for remote users with local administrator privileges, outlines the steps required to self-remediate a Windows laptop experiencing a blue screen of death (BSOD) related to the recent defect in a CrowdStrike content update for Windows hosts. Follow these instructions if directed to do so by your organization's IT department.
|
By CrowdStrike
Breach containment is a race against time. Falcon Fusion, integrated within the CrowdStrike Falcon Platform, harnesses AI and automation to expedite incident detection and response. Experience how Falcon Fusion streamlines security workflows, enabling teams to take down threats 108 days quicker on average, providing a swift and strategic defense that keeps adversaries at bay. CrowdStrike Falcon Fusion SOAR.
|
By CrowdStrike
Start using your free 10GB/day of third-party data ingestion by learning how to onboard data with Falcon Next-Gen SIEM. Effortlessly accelerate third-party data ingestion with pre-built data connectors and out-of-the-box content - all within the CrowdStrike Falcon platform. Managing your data has never been easier with Falcon Next-Gen SIEM. CrowdStrike Falcon Next-Gen SIEM: Consolidate security operations with the world’s most complete AI-native SOC platform.
|
By CrowdStrike
Adversaries are relentless when they're targeting your endpoints. Experience CrowdStrike's state of the art Endpoint Security, which thwarts advanced threats by leveraging cutting edge AI and enabling advanced remediation actions, all in a simple to deploy unified architecture.
|
By CrowdStrike
See how CrowdStrike achieved the highest detection coverage (42 out of 43) of all adversary attack substeps, and fastest mean-time-to-detect (MTTD) at 4 minutes, far surpassing other competitive vendors. Connect With Us: Subscribe and Stay Updated: ► Don't miss out on more exciting content! Subscribe to our channel for the latest updates, case studies, and more from the world of cybersecurity.
|
By CrowdStrike
A daily onslaught of significant breaches means policymakers are often forced into crisis response. For decades, this has led to an overwhelming focus within the community on tactical issues and relatively less attention on strategic ones. Fortunately, however, policymakers are increasingly considering cyber risk holistically and are attempting to proactively drive systemic changes.
|
By CrowdStrike
Protecting your software from adversaries requires a precise understanding of production. Watch how Falcon ASPM empowers security teams to stop adversaries from breaching their custom applications. CrowdStrike Falcon ASPM: Prioritize and mitigate cloud threats with unmatched application visibility and business context.
|
By CrowdStrike
When you detect a threat, you need rich investigative details and intelligence to identify and root out the adversary quickly. Watch to learn how Falcon NG-SIEM's detection and threat intelligence capabilities allow you to stop adversaries with complete context. CrowdStrike Falcon Next-Gen SIEM: Consolidate security operations with the world’s most complete AI-native SOC platform.
|
By CrowdStrike
Since a majority of the breaches are credential based, securing your multi-directory identity store - Microsoft Active Directory (AD) and Azure AD - is critical to protecting your organization from adversaries launching ransomware and supply chain attacks. Your security and IAM teams are concerned about securing AD and maintaining AD hygiene - and they need to be in sync, for example, to ensure that legacy and deprecated protocols like NTLMv1 are not being used and that the right security controls are in place to prevent breaches in real time.
|
By CrowdStrike
Visibility in the cloud is an important but difficult problem to tackle. It differs among cloud providers, and each one has its own positive and negative aspects. This guide covers some of the logging and visibility options that Amazon Web Services (AWS) and Google Cloud Platform (GCP) offer, and highlights their blind spots and how to eliminate them.
|
By CrowdStrike
Learn about how to strengthen and modernize your agency's security protection, detection and remediation with Zero Trust. This white paper explains the unique risk factors federal agencies face, what a superior Zero Trust framework includes, and how cloud and endpoint security can help modernize federal security from the endpoint to the application.
|
By CrowdStrike
You have to secure your workforce identities immediately, to protect your organization from modern attacks like ransomware and supply chain threats. Your environment could be just Microsoft Active Directory (AD), or a hybrid identity store with AD and Azure AD, and it's important to have a holistic view of the directories and a frictionless approach to securing them. If you're considering Microsoft to secure your identities and identity store (AD and Azure Active Directory), you should ask these five questions.
|
By CrowdStrike
Network segmentation has been around for a while and is one of the core elements in the NIST SP 800-207 Zero Trust framework. Although network segmentation reduces the attack surface, this strategy does not protect against adversary techniques and tactics in the identity phases in the kill chain. The method of segmentation that provides the most risk reduction, at reduced cost and operational complexity, is identity segmentation.
|
By CrowdStrike
Cloud adoption remains a key driver for digital transformation and growth for today's businesses, helping them deliver applications and services to customers with the speed and scalability that only the cloud can provide. Enabling them to do so safely is a critical objective for any enterprise IT security team.
- July 2024 (14)
- June 2024 (20)
- May 2024 (17)
- April 2024 (17)
- March 2024 (16)
- February 2024 (21)
- January 2024 (11)
- December 2023 (11)
- November 2023 (21)
- October 2023 (19)
- September 2023 (18)
- August 2023 (21)
- July 2023 (7)
- June 2023 (15)
- May 2023 (14)
- April 2023 (15)
- March 2023 (16)
- February 2023 (13)
- January 2023 (19)
- December 2022 (29)
- November 2022 (19)
- October 2022 (26)
- September 2022 (22)
- August 2022 (14)
- July 2022 (8)
- June 2022 (23)
- May 2022 (17)
- April 2022 (20)
- March 2022 (34)
- February 2022 (20)
- January 2022 (18)
- December 2021 (27)
- November 2021 (5)
- September 2021 (1)
- August 2021 (6)
- July 2021 (5)
CrowdStrike protects the people, processes and technologies that drive modern enterprise. A single agent solution to stop breaches, ransomware, and cyber attacks—powered by world-class security expertise and deep industry experience.
Many of the world’s largest organizations already put their trust in CrowdStrike, including three of the 10 largest global companies by revenue, five of the 10 largest financial institutions, three of the top 10 health care providers, and three of the top 10 energy companies.
A Radical New Approach Proven To Stop Breaches:
- Cloud Native: Eliminates complexity and simplifies deployment to drive down operational costs.
- AI Powered: Harnesses the power of big data and artificial intelligence to empower your team with instant visibility.
- Single Agent: Delivers everything you need to stop breaches — providing maximum effectiveness on day one.
One platform. Every industry. Superior protection.