CrowdStrike recently analyzed a macOS-targeted mineware campaign that utilized malicious application bundles to deliver open source XMRig cryptomining software and Invisible Internet Protocol (I2P) network tooling.
This post covers how to ingest data into CrowdStrike Falcon® LogScale from your MacOS platform using Python. This guide is great for setting up a one-node proof of concept (POC) so you can take advantage of LogScale’s free trial. Before you can write your ingest client, you must prepare a good foundation. That means preparing your MacOS instance via the following steps: Ready? Let’s get started.
Public cloud services and cloud assets are agile and dynamic environments. Close oversight of these assets is a critical component of your asset management and security practices. While it’s important to understand the relationships and potential vulnerabilities of your cloud assets, the practice of managing these systems is complicated by the ever-changing nature of cloud environments.
CrowdStrike maintains endpoint security market leadership with a #1 ranking in IDC’s 2021-2022 report, and has been awarded Best Endpoint Detection and Response and Best Product Development by SE Labs. These recognitions validate CrowdStrike as the industry’s market and innovation leader in endpoint security.
Threat actors constantly evolve their tactics and techniques to circumvent security solutions. Working at the cutting-edge of detection engineering, CrowdStrike rapidly tracks and observes these evolutions in tactics to deliver timely, effective detections that protect customers. In this blog, we explore DLL side-loading and learn how CrowdStrike has expanded protections with Advanced Memory Scanning.
From manufacturers in Michigan to fintechs in Finland, every business must comply with industry regulations — which are increasingly constraining. At the same time, businesses must protect and account for a growing number of systems, applications and data in order to remain compliant. In other words, compliance is getting harder. Enter log management. While regulations vary by country and industry, nearly every organization must store compliance-relevant information for a certain period of time.
At AWS re:Invent 2022, CrowdStrike announced expanded service integrations with AWS to provide breach protection across your AWS environment, simplified infrastructure management and security consolidation. On January 31, 2023, AWS announced CloudTrail Lake Partner Integrations, with CrowdStrike signing on as a launch partner. With this integration, organizations get the opportunity for a consistent security posture between on-premises workloads and those running in the AWS cloud.
With news headlines like “A massive ransomware attack hit hundreds of businesses” becoming common, concern about malware has never been higher. High-profile examples of malware like DarkSide, REvil have been profiled so many times that not only cybersecurity professionals are on edge — every organization that has on-premises or in-the-cloud workloads is concerned.
In recent incident response investigations, CrowdStrike Services has observed adversaries use the sts:GetFederationToken API call to create federated sessions from IAM users. In this scenario, the federated session inherits permissions from the base IAM user. Perhaps surprising to many incident responders, the privileges and access of the federated session are not revoked when the base IAM user’s credentials are deactivated.
Small and medium-sized businesses (SMBs) are more frequent targets of cybercrime than larger companies, industry research shows, and the trend is putting enormous financial pressure on small businesses. Some SMBs feel this pressure more strongly than others: CrowdStrike’s data shows sectors including not-for-profit and transportation are more frequently targeted with high- and critical-severity attacks than other industries.
