はてなブックマーク

Preliminary Post Incident Review (PIR): Content Configuration Update Impacting the Falcon Sensor and the Windows Operating System (BSOD) Updated 2024-07-25 1900 UTC Executive Summary PDF This is CrowdStrike’s preliminary Post Incident Review (PIR). We will be detailing our full investigation in the forthcoming Root Cause Analysis that will be released publicly. Throughout this PIR, we have used ge

Valued Customers and Partners, I want to sincerely apologize directly to all of you for today’s outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority. The outage was caused by a defect found in a Falcon content update for Windows hosts.

34 newly named adversaries in 2023 2 min 7 sec — the fastest recorded eCrime breakout time 75% increase in cloud intrusions Tracking 245+ adversaries and noting a record eCrime breakout time, the 2024 Global Threat Report unveils an alarming rise in covert activity and a cyber threat landscape dominated by stealth. Significant threat gains in data theft, cloud breaches, and malware-free attacks, s

On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by the same adversary, including a malicious bootloader that corrupts detected local disks, a Discord-based downloader and a file wiper. The activity occurred at approximately the same time multiple websi

We recently integrated new functionality into our CrowdStrike Falcon® sensor that was implemented in Rust. Rust is a relatively young language with several features focused on safety and security. Calling Rust from C++ was relatively straightforward, but one stumbling block we’ve run into is how Rust deals with out-of-memory (OOM) conditions. Let’s start by defining what we mean by “out of memory”

View your global threat landscape below organized by eCrime, hacktivism, and nation states based on origin country. Map will show adversaries active within the past 90 days.

クラウドストライク最大のセキュリティイベント「CrowdTour24 - Tokyo」11/15(金)開催！  ご登録はこちら

Cutwail Spam Campaign Uses Steganography to Distribute URLZone CrowdStrike® CrowdStrike Falcon® Intelligence™ has observed a new Cutwail spam campaign from NARWHAL SPIDER on 24 October 2018. NARWHAL SPIDER is the adversary name designated by Falcon Intelligence for the criminal operator of Cutwail version 2. NARWHAL SPIDER primarily provides spam services with a large customer base that has includ

Hiding in Plain Sight: Using the Office 365 Activities API to Investigate Business Email Compromises Update: While this blog post originally covered the Office 365 Activities API, that functionality has been disabled by Microsoft as of Friday, June 6, 2018. However, there are still data sources available within O365 to help investigate business email compromises (BECs). Please stay tuned for an up

Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units Update – As of March 2017, the estimated losses of D-30 howitzer platform have been amended. According to an update provided by the International Institute for Strategic Studies (IISS) Research Associate for Defence and Military Analysis, Henry Boyd, their current assessment is as follows: “excluding the Naval Infantry battalion

U.S. Department of Justice Indicts Hacktivist Group Anonymous Sudan for Prominent DDoS Attacks in 2023 and 2024

U.S. Department of Justice Indicts Hacktivist Group Anonymous Sudan for Prominent DDoS Attacks in 2023 and 2024

Deep in Thought: Chinese Targeting of National Security Think Tanks For some time now, CrowdStrike has been working with a number of national security think tanks and human rights organizations on a pro bono basis to help them with their security posture. These organizations face some of the most advanced nation-state adversaries — China, Russia, and Iran, just to name a few. The individuals who a