Search results for is crowdstrike down | Breaking Cybersecurity News | The Hacker News

Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform.  Their bi-annual "You Did What with Tines?!" competition highlights some of the most interesting workflows submitted by their users, many of which demonstrate practical applications of large language models (LLMs) to address complex challenges in security operations. One recent winner is a workflow designed to automate CrowdStrike RFM reporting. Developed by Tom Power, a security analyst at The University of British Columbia, it uses orchestration, AI and automation to reduce the time spent on manual reporting. Here, we'll share an overview of the workflow, plus a step-by-step guide for getting it up and running. The problem - time-consuming reporting The workflow's builder, Tom Power, explains, "The CrowdStrike ...

Kelihos Botnet with 110,000 PCs take down finally Botnets are particularly insidious, using thousands of virus-infected computers which their owners are unaware are being used for sending out spam, launching denial-of-service attacks and stealing data.But taking down a botnet poses challenges. The main problem is that legitimate security companies can't use the same type of weapons as criminals. A group of malware experts from security companies Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, have worked together to disable the second version of the Kelihos botnet, which is significantly bigger than the one shut down by Microsoft and its partners. Kelihos is used to send spam, carry out DDoS attacks, and steal online currency such as bitcoin wallets. It operates as a so-called "peer-to-peer" bot network, which are more difficult to take down than those with a centralized command and control servers (C&C), according to Tillmann Werner, a senior ...

CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign. The cybersecurity company said it identified what it described as an unattributed spear-phishing attempt on July 24, 2024, distributing an inauthentic CrowdStrike Crash Reporter installer via a website impersonating an unnamed German entity. The imposter website is said to have been created on July 20, a day after the botched update crashed nearly 9 million Windows devices, causing extensive IT disruptions across the world. "After the user clicks the Download button, the website leverages JavaScript (JS) that masquerades as JQuery v3.7.1 to download and deobfuscate the installer," CrowdStrike's Counter Adversary Operations team said . "The installer contains CrowdStrike branding, German localization, and a password [is] required to continue install...

Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. "The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling automatic trojanization of downstream packages," supply chain security company Socket said . The end goal of the campaign is to search developer machines for secrets using TruffleHog's credential scanner and transmit them to an external server under the attacker's control. The attack is capable of targeting both Windows and Linux systems. The following packages have been identified as impacted by the incident - angulartics2@14.1.2 @ctrl/deluge@7.2.2 @ctrl/golang-template@1.4.3 @ctrl/magnet-link@4.0.4 @ctrl/ngx-codemirror@7.0.2 @ctrl/ngx-csv@6.0.2 @ctrl/ngx-emoji-mart@...

Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Developed by Lucas Cantor at Intercom, the creators of fin.ai , the workflow makes it easier to determine the severity of a security alert and escalate it seamlessly, depending on the device owner's response. "It's a great way to reduce noise and add context to security issues that are added on our endpoints as well," Lucas explains. In this guide, we'll share an overview of the workflow, plus step-by-step instructions for getting it up and running. The problem - lack of integration between security tools  For security teams, responding to malware threats, analyzing their severity, and identifying the device owner so...

Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally. The "Channel File 291" incident, as originally highlighted in its Preliminary Post Incident Review (PIR), has been traced back to a content validation issue that arose after it introduced a new Template Type to enable visibility into and detection of novel attack techniques that abuse named pipes and other Windows interprocess communication (IPC) mechanisms. Specifically, it's related to a problematic content update deployed over the cloud, with the company describing it as a "confluence" of several shortcomings that led to a crash – the most prominent of them is a mismatch between the 21 inputs passed to the Content Validator via the IPC Template Type as opposed to the 20 supplied to the Content Interpreter. CrowdStrike said the parameter mismatch was not discovered during "multi...

Companies are engaged in a seemingly endless cat-and-mouse game when it comes to cybersecurity and cyber threats. As organizations put up one defensive block after another, malicious actors kick their game up a notch to get around those blocks. Part of the challenge is to coordinate the defensive abilities of disparate security tools, even as organizations have limited resources and a dearth of skilled cybersecurity experts. XDR, or Extended Detection and Response, addresses this challenge. XDR platforms correlate indicators from across security domains to detect threats and then provide the tools to remediate incidents.  While XDR has many benefits, legacy approaches have been hampered by the lack of good-quality data. You might end up having a very good view of a threat from events generated by your EPP/EDR system but lack events about the network perspective (or vice versa). XDR products will import data from third-party sensors, but data comes in different formats. The XDR p...

Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process. "The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website," the company said . "Victims are prompted to download and run a fake application, which serves as a downloader for the cryptominer XMRig." The Texas-based company said it discovered the malicious campaign on January 7, 2025, and that it's "aware of scams involving false offers of employment with CrowdStrike." The phishing email lures recipients by claiming that they have been shortlisted for the next stage of the hiring process for a junior developer role, and that they need to join a call with the recruitment team by downloading a customer relationship management (CRM) tool provided in the embedd...

The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response , and other tools, they are adequately protected. However, this approach not only fails to address the fundamental issue of the attack surface but also introduces dangerous third-party risk to the mix. The world of cybersecurity is in a constant state of flux, with cybercriminals becoming increasingly sophisticated in their tactics. In response, organizations are investing heavily in cybersecurity tools, hoping to build an impenetrable fortress around their digital assets. However, the belief that adding "just one more cybersecurity tool" will magically fix your attack surface and enhance your protection is a dangerous misconception. The limitations of cybersecurity tools Cybersecurity tools, while essential, have inherent limitations. They are designe...