CrowdStrike Counter Adversary Operations monitors for and attempts to disrupt eCrime threat actors across a broad spectrum of malicious activity, ranging from sophisticated ransomware campaigns to simpler but often highly effective forms of fraud.

Two new local privilege escalation vulnerabilities were recently discovered in Ubuntu: CVE-2023-2640 (CVSS 7.8) and CVE-2023-32629 (CVSS 7.8). The vulnerabilities, dubbed GameOver(lay), affect the OverlayFS module in multiple Ubuntu kernels. Ubuntu’s official security bulletin here and here outlines the impacted versions by both CVEs. It’s important to note that CrowdStrike Falcon® Cloud Security protects against both vulnerabilities.

The fastest adversary can “break out” — or move laterally — in only seven minutes after compromising an endpoint. Yes, you heard that right. Seven minutes. In the relentless race against adversaries, every second counts. To avoid breaches, you need to detect and stop adversaries before they can break out and expand their realm of control.

In today’s rapidly evolving digital landscape, K-12 school districts are harnessing the power of technology to transform education. The widespread adoption of Chromebooks has revolutionized the learning process, providing students with tools for collaboration, research and creativity. However, along with these advancements come unprecedented cybersecurity challenges that demand a comprehensive strategy.

In the first part of this series, we provided a brief overview of the Windows Restart Manager. In this blog post, we examine how these mechanisms can be exploited by adversaries and review how the CrowdStrike Falcon platform can detect and prevent these attacks.

The cloud has become the new battleground for adversary activity: CrowdStrike observed a 95% increase in cloud exploitation from 2021 to 2022 and a 288% jump in cases involving threat actors directly targeting the cloud. Defending your cloud environment requires understanding how threat actors operate: how they’re breaking in and moving laterally, which resources they target and how they evade detection.

The MITRE ATT&CK framework provides the cybersecurity industry with a common language for describing adversary behaviors, making it invaluable for organizations building or operating cyber defenses, as well as advancing research across the threat landscape.