Technical Details: Falcon Update for Windows Hosts | CrowdStrike
What Happened? On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems. The sensor configuration upd
世界中のWindows搭載PCにおいてブルースクリーンオブデスを発生させてしまったCrowdStrikeの問題について、エンジニアのパトリック・ワードル氏が原因を分析してXに投稿しました。 I don't do Windows but here are some (initial) details about why the CrowdStrike's CSAgent.sys crashed Faulting inst: mov r9d, [r8] R8: unmapped address ...taken from an array of pointers (held in RAX), index RDX (0x14 * 0x8) holds the invalid memory address@_JohnHammond pic.twitter.com/oqlAVwSlJj— Patri
Falcon Content Update Remediation and Guidance Hub | CrowdStrike
Updated 2024-07-25 1954 UTC Using a week-over-week comparison, greater than 97% of Windows sensors are online as of July 24 at 5pm PT, compared to before the content update. Content Configuration Update Impacting the Falcon Sensor and the Windows Operating System (BSOD) Executive Summary PDF This is CrowdStrike’s preliminary Post Incident Review (PIR). We will be detailing our full investigation i
jQuery Attack Hits NPM and GitHub; Can Extract Web Form Data
jQuery Attack Hits NPM and GitHub; Can Extract Web Form Data The trojanized jQuery attack has been spread on npm, GitHub and elsewhere since May. A trojanized version of jQuery has been spreading on the npm JavaScript package manager, GitHub and elsewhere, for use in a jQuery attack, security researchers have discovered. Phylum researchers said they have been monitoring the “persistent supply chai
IntroductionOn June 27, 2024, a small number of users globally may have noticed that 1.1.1.1 was unreachable or degraded. The root cause was a mix of BGP (Border Gateway Protocol) hijacking and a route leak. Cloudflare was an early adopter of Resource Public Key Infrastructure (RPKI) for route origin validation (ROV). With RPKI, IP prefix owners can store and share ownership information securely,
If you ever tried to learn guitar, chances are you are familiar with guitar tablatures. It is a simple way to visualize music for guitar, using ASCII characters to represent strings and frets as an alternative to sheet music. For instance, here are the first four measures of the song "Smoke on the Water" by Deep Purple: e|-----------------|-----------------|-----------------|-----------------| B|-
Falcon Content Update Preliminary Post Incident Report | CrowdStrike
Preliminary Post Incident Review (PIR): Content Configuration Update Impacting the Falcon Sensor and the Windows Operating System (BSOD) Updated 2024-07-25 1900 UTC Executive Summary PDF This is CrowdStrike’s preliminary Post Incident Review (PIR). We will be detailing our full investigation in the forthcoming Root Cause Analysis that will be released publicly. Throughout this PIR, we have used ge
Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery on other platforms, such as GitHub, and even as a CDN-hosted resource on j
By Jun He, Natallia Dzenisenka, Praneeth Yenugutala, Yingyi Zhang, and Anjali Norwood TL;DRWe are thrilled to announce that the Maestro source code is now open to the public! Please visit the Maestro GitHub repository to get started. If you find it useful, please give us a star. What is MaestroMaestro is a general-purpose, horizontally scalable workflow orchestrator designed to manage large-scale
Daron Acemoglu, an M.I.T. economist, says he is no “doomer” when it comes to A.I. But he has his doubts about its potential.Credit...Cody O'Loughlin for The New York Times Despite the advent of personal computers, the internet and other high-tech innovations, much of the industrialized world is stuck in an economic growth slump, with O.E.C.D. countries expected to expand on aggregate just 1.7 perc
Mastering Ruby Code Navigation: Major Ruby LSP Enhancements in the First Half of 2024
In the first half of 2024, Ruby LSP has seen significant enhancements, particularly in the area of code navigation, thanks to the advancement of its indexer. In this post, we’ll dive into the major code navigation enhancements that have been made to Ruby LSP. We’ll also touch on some experimental features that are on the horizon. NOTE While the Ruby LSP server (ruby-lsp gem) can be integrated with
GitHub Actionsを利用したE2E自動化テストの実現 ~ Achieving E2E Automated Testing with GitHub Actions ~ 利用GitHub Actions实现E2E自动化测试 - スタディサプリ Product Team Blog
こんにちは。スタディサプリのQAチームです。 今回のBlogではスタディサプリで実施している自動化テストの一部の取り組みについて紹介させていただきます。 なお、スタディサプリQAチームの特性を活かし、本記事については日英中3言語で記載します。より多くのオーディエンスに読んで頂ければ嬉しいです。 自動化する動機 まず、なぜ自動化テストを導入するのでしょうか。 1. 新規機能が追加される度に、既存機能への影響を確認するための回帰テストをしなければなりません。 2. 繰り返し同じテストを手動実行することにより、テストコストが増加します。 3. 人間が実施すると、人為的ミスによる不具合の検出漏れが発生してしまう可能性が否定できません。 そのため、品質を担保した上でより早くリリースすることを目的とし自動化を導入しました。 現在の開発およびテストフロー QAが回帰テストの自動化テストスクリプトをGit
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog
Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors. ESXi is a bare-metal hypervisor that is installed directly onto a physical server and provides direct access and control of underlying resources. ESXi hypervisors host virtual machines that may include
World's oldest cave art found in Indonesia showing humans and pig
The painting is the earliest known example of representational art The oldest example of figurative cave art has been discovered in the Indonesian Island of Sulawesi by Australian and Indonesian scientists. The painting of a wild pig and three human-like figures is at least 51,200 years old, more than 5,000 years older than the previous oldest cave art. The discovery pushes back the time that mode
Implementing multi-Region failover for Amazon API Gateway | Amazon Web Services
AWS Compute Blog Implementing multi-Region failover for Amazon API Gateway This post is written by Marcos Ortiz, Principal AWS Solutions Architect and Khubyar Behramsha, Sr. AWS Solutions Architect. In this post, you learn how organizations can evolve from a single-Region architecture API Gateway to a multi-Region one, using a reliable failover mechanism without dependencies on AWS control plane o
oss-security - Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Follow @Openwall on Twitter for new release announcements and other news [<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] Date: Mon, 8 Jul 2024 18:21:06 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: Qualys Security Advisory <qsa@...lys.com> Subject: Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Hi, Today
Working with large datasets in Node.js applications can be a double-edged sword. The ability to handle massive amounts of data is extremely handy, but can also lead to performance bottlenecks and memory exhaustion. Traditionally, developers tackled this challenge by reading the entire dataset into memory at once. This approach, while intuitive for smaller datasets, becomes inefficient and resource
The sad state of property-based testing libraries Posted on Jul 2, 2024 Property-based testing is a rare example of academic research that has made it to the mainstream in less than 30 years. Under the slogan “don’t write tests, generate them” property-based testing has gained support from a diverse group of programming language communities. In fact, the Wikipedia page of the original property-bas
research!rsc: Hash-Based Bisect Debugging in Compilers and Runtimes
Setting the Stage Does this sound familar? You make a change to a library to optimize its performance or clean up technical debt or fix a bug, only to get a bug report: some very large, incomprehensibly opaque test is now failing. Or you add a new compiler optimization with a similar result. Now you have a major debugging job in an unfamiliar code base. What if I told you that a magic wand exists
【2024年7月19日に発生したWindowsサーバー障害に関する記事】レスキュー用Windows EC2インスタンスを作成し、復旧対象のWindows EC2インスタンスから不要なファイルを削除する方法 - サーバーワークスエンジニアブログ
こんにちは😺 カスタマーサクセス部の山本です。 2024年7月19日に発生したWindowsサーバーの障害 2024 年 7 月 21 日 00:00 (日本時間) の追加情報 1. 復旧対象の EC2 インスタンスの EBS ルート ボリュームのスナップショットを作成します 2. 1 のスナップショットから新しい EBS ボリュームを、同じアベイラビリティゾーンに作成します 3. 異なるバージョンの Windows を使用して、レスキュー用の Windows インスタンスを起動します 4. 手順 2 の EBS ボリュームをデータ ボリュームとして、レスキュー用の Windows インスタンスに接続します 5. レスキュー用の Windows インスタンスで \Windows\System32\drivers\CrowdStrike\ フォルダーに移動し、「C-00000291*.sy
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
多数のWindowsでブルースクリーンを発生させてしまったCrowdStrikeのコードは何が悪かったのか
Cloudflare 1.1.1.1 incident on June 27, 2024
Playing guitar tablatures in Rust
Persistent npm Campaign Shipping Trojanized jQuery
Maestro: Netflix’s Workflow Orchestrator
What if the A.I. Boosters Are Wrong?
Reading and writing Node.js streams
The sad state of property-based testing libraries