Recherche : [crowdstrike]

2023-05-31 // SITUATIONAL AWARENESS // Spyboy Defense Evasion Tool Advertised Online https://www.reddit.com/r/crowdstrike/comments/13wjrgn/20230531_situational_awareness_spyboy_defense/

31/05/2023 16:00:16

On May 21, 2023, an online persona named spyboy began advertising an endpoint defense evasion tool for the Windows operating system via the Russian-language forum Ramp. The author claims that the software — seen in a demonstration video as being titled “Terminator” — can bypass twenty three (23) EDR and AV controls. At time of writing, spyboy is pricing the software from $300 USD (single bypass) to $3,000 USD (all-in-one bypass).

CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/

30/03/2023 09:04:31

What Happened On March 29, 2023, Falcon OverWatch observed unexpected malicious activity emanating from a legitimate …

Shlayer Malware: Continued Use of Flash Updates https://www.crowdstrike.com/blog/shlayer-malvertising-campaigns-still-using-flash-update-disguise/

28/12/2022 02:49:09

Although Flash Player reached end of life for macOS in 2020, this has not stopped Shlayer operators from continuing to abuse it for malvertising campaigns.

New Kiss-a-dog Cryptojacking Campaign Targets Docker and Kubernetes https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/

22/12/2022 10:08:41

CrowdStrike has uncovered a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog” mining pools.

Called “Kiss-a-dog,” the campaign used multiple command-and-control (C2) servers to launch attacks that attempted to mine cryptocurrency, utilize user and kernel mode rootkits to hide the activity, backdoor compromised containers, move laterally in the network and gain persistence.

The CrowdStrike Falcon® platform helps protect organizations of all sizes from sophisticated breaches, including cryptojacking campaigns such as this.

OverWatch Insights: Reviewing a New Intrusion Targeting Mac Systems https://www.crowdstrike.com/blog/overwatch-insights-reviewing-a-new-intrusion-targeting-mac-systems/

28/04/2022 14:07:04

While Mac enterprise networks are not as common as Windows, and subject to less targeting by adversaries, recent CrowdStrike Falcon Overwatch observations shed light on sophisticated tactics, techniques and procedures (TTPs) targeting Mac environments.

PROPHET SPIDER Exploits Citrix ShareFile https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/

16/03/2022 08:46:41

At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 — a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller — to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the downloading of additional tools. This incident highlights how PROPHET SPIDER continues to evolve their tradecraft while continuing to exploit known web-server vulnerabilities.

Linux-Targeted Malware Increases by 35% in 2021 https://www.crowdstrike.com/blog/linux-targeted-malware-increased-by-35-percent-in-2021/

15/02/2022 20:57:36

CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.

Liens par page

Filtres