< ciso
brief />
Tag Banner

All news with #crowdstrike tag

149 articles · page 2 of 8

Weak at the Seams: Cybersecurity's Systemic Resilience Gap

🔧 A former industrial automation engineer turned CISO argues that cybersecurity is fragmented across regulators, vendors, auditors and insurers, creating dangerous seams where correlated failures can cascade beyond organizational boundaries. Despite rising spending, tool proliferation and compliance-focused programs fail to measure or build true resilience, leaving handoffs and interfaces as persistent blind spots. High-profile incidents such as the July 2024 CrowdStrike outage show defensive tools and routine updates can themselves become systemic failure vectors, and the industry must design for graceful degradation rather than audit checkboxes.
read more →

CrowdStrike Joins Anthropic to Secure Frontier AI Globally

🔒 CrowdStrike announced it is a founding member of Project Glasswing, partnering with Anthropic to secure execution of frontier models like Mythos Preview where they run inside enterprises. CrowdStrike emphasizes its sensor-level visibility across endpoints, real-time AI Detection and Response, and Falcon Data Security to govern data and agent behavior at runtime. The company frames deployment governance as distinct from model safety and highlights regulatory and operational requirements for enterprise adoption.
read more →

CrowdStrike Continuous Visibility for Faster Exposure

🔍 Continuous Visibility in CrowdStrike Falcon Exposure Management continuously evaluates stored network asset metadata against newly released vulnerability intelligence so teams can learn about exposures without waiting for periodic scans. It applies updated detection logic instantly, prioritizes high‑risk findings, and offers one‑click targeted rescans for affected assets. By decoupling scanning from risk evaluation, it enables faster, more confident remediation with less operational overhead.
read more →

Falcon for IT: Managed Windows Secure Boot Certificate

🔒 CrowdStrike explains how Falcon for IT helps enterprises manage the transition from the Windows UEFI CA 2011 certificate to Windows UEFI CA 2023 ahead of Microsoft’s 2026 enforcement. The content pack provides fleet-wide Secure Boot posture assessment, controlled enrollment into Microsoft’s managed rollout, emergency blocking for incompatible hardware, and centralized audit logging. It emphasizes validating virtualization stacks, coordinating endpoint and server teams, and completing staged rollouts before enforcement to avoid inconsistent firmware trust states and compressed remediation windows.
read more →

Detecting Kerberos Relay via DNS CNAME Abuse and Mitigation

🔒 CrowdStrike outlines detection for CVE-2026-20929, a Kerberos relay vulnerability exploited via DNS CNAME abuse that can enroll certificates from Active Directory Certificate Services (AD CS). Their correlation-based detection flags anomalous certificate-based authentications coincident with unusual AD CS Kerberos service access within a short time window. Customers can enable the provided CRT rule in Falcon Next‑Gen SIEM to activate alerts and support hunting.
read more →

Charlotte AI AgentWorks: Agentic SOAR for Modern SOCs

🔐 CrowdStrike introduces Charlotte AI AgentWorks and Charlotte Agentic SOAR to enable agentic security operations that orchestrate context-aware agent fleets and automate responses at machine speed. The platform integrates frontier models from Anthropic, NVIDIA and OpenAI and leverages Falcon telemetry, threat intelligence, and industry partners to keep agents context-aware and secure. Built-in guardrails preserve human oversight and governed autonomy while mission-ready agents handle tasks from triage to malware analysis. Customers report sharply reduced manual workloads, restored analyst capacity, and improved decision accuracy.
read more →

Falcon Data Security: Protecting Data Where It Moves

🔒 CrowdStrike introduces Falcon Data Security, a unified solution that discovers, classifies, and defends sensitive information across endpoints, browsers, SaaS, cloud services, and GenAI workflows. The offering uses a shared classification engine for consistent identification of PCI, PII, PHI, and other sensitive types, and applies AI to reduce manual tagging. Real-time visibility into data in motion — including egress context and runtime cloud flows via eBPF telemetry — lets teams stop risky transfers at the moment they occur. Natively integrated with the Falcon platform, it correlates data events with device, user, and adversary telemetry to prioritize and automate response.
read more →

CrowdStrike Agentic MDR and SOC Transformation Services

⚡CrowdStrike introduces agentic MDR through Falcon Complete, combining deterministic automation, adaptive AI agents, and human analyst oversight to accelerate detection and response at machine speed. The service leverages Falcon Fusion SOAR and proprietary tooling to execute expert-engineered playbooks, delivering faster median time to contain and consistent, repeatable remediations. Complementary SOC Transformation Services modernize SIEM, data pipelines, workflows, and governance so organizations can adopt agentic operations safely and deliberately.
read more →

CrowdStrike Expands Falcon Flex Consumption to Services

⚡ CrowdStrike is extending the Falcon Flex consumption model to its expert-led services, allowing customers to draw down a standalone services entitlement across incident response, proactive security, advisory, platform services, and training. The approach reduces procurement friction and supports pre-arranged incident response readiness independent of Falcon subscriptions or standard retainers. For qualifying new customers, the Zero Dollar Flex Fund provides 200 hours (160 incident response, 40 proactive) over 12 months to simplify first-time engagement.
read more →

CrowdStrike Adds Adversary-Aware Prioritization to CNAPP

🔒 CrowdStrike introduces three CNAPP innovations in Falcon Cloud Security to improve cloud risk prioritization and remediation. Application Explorer unites runtime application mapping with infrastructure context to show which apps access sensitive data and external AI models. Adversary intelligence aligns findings to over 280 tracked threat groups and Timeline Explorer reconstructs change histories to show root cause and validate fixes.
read more →

Tycoon2FA Phishing Service Resumes After Disruption

🔁 Tycoon2FA, a phishing-as-a-service platform disrupted by Europol and Microsoft on March 4, has returned to pre-takedown activity levels within days. CrowdStrike observed a brief decline to about 25% of normal volumes on March 4–5, 2026, before activity rebounded and cloud compromise remediations returned to early-2026 levels. The service continues to use similar TTPs targeting Microsoft 365 and Gmail, exploiting redirection, URL shorteners, and compromised domains. CrowdStrike warns that without arrests or physical seizures, operators can quickly recover and replace impacted infrastructure.
read more →

Tycoon2FA Phishing Service Rapidly Resumes Activity

🛡️ Tycoon2FA, a subscription-based phishing-as-a-service platform, has resumed operations following a coordinated takedown that seized 330 domains. The service uses adversary-in-the-middle techniques to intercept live authentication sessions and bypass multifactor authentication, and it continues to deploy AI-generated decoy pages and malicious URLs. CrowdStrike reported multiple suspected Tycoon2FA-enabled incidents in early March. Organisations are urged to prioritise continuous detection, real-time signal correlation, and layered defences to counter this adaptive threat.
read more →

CrowdStrike Adds Microsoft Defender Support to Falcon SIEM

🛡️ CrowdStrike is extending Falcon Next‑Gen SIEM to ingest and operationalize telemetry from third‑party EDRs, beginning with Microsoft Defender, without requiring a Falcon sensor. The release embeds real‑time data pipelines via Falcon Onum to filter, enrich, and route telemetry, and expands federated search to include Falcon LogScale, ExtraHop, and cloud archives. It also introduces Third‑Party Indicator Management to operationalize external threat intelligence and a Query Translation Agent to convert legacy searches into CQL. Together these capabilities aim to reduce ingestion costs, accelerate investigations, simplify SIEM migrations, and let teams modernize SOC operations without replacing endpoint agents.
read more →

CrowdStrike Extends AI Security Across Endpoint, SaaS, Cloud

🔒 CrowdStrike announced a suite of innovations that expand AI detection and response across endpoints, SaaS, and cloud environments. New capabilities include runtime monitoring for desktop AI applications and Copilot Studio agents, unified discovery and classification of AI agents across SaaS, and data-flow visibility for cloud-hosted AI workloads. Several features are in pre-beta or early beta with staged GA rollouts planned over upcoming quarters.
read more →

Tycoon2FA Phishing-as-a-Service Persists After Takedown

🛡️ On March 4, 2026, Europol coordinated a technical disruption that seized 330 domains tied to Tycoon2FA, a subscription-based phishing-as-a-service platform that enabled adversary-in-the-middle (AITM) attacks to bypass multifactor authentication. CrowdStrike observed an immediate drop in activity followed by a return to pre-disruption campaign volumes as operators reconstituted infrastructure and continued using established TTPs. Defenders should maintain layered controls across phishing, DNS resolution, cloud authentication, and Exchange inbox protections while leveraging Falcon and Falcon Complete for detection and response support.
read more →

Trivy GitHub Action Compromise: Credential Stealer Incident

🔍 CrowdStrike linked a spike in script-execution detections to a compromised GitHub Action, aquasecurity/trivy-action, used widely in CI/CD pipelines. An attacker force‑repointed 76 of 77 release tags to commits that prepended a ~105‑line credential stealer to the legitimate entrypoint, enabling secret harvesting on both GitHub-hosted and self‑hosted runners. Harvested data was encrypted with AES-256-CBC and a hardcoded 4096‑bit RSA key, then exfiltrated via a typosquatted domain and, as a fallback, by creating public GitHub releases under victim accounts; the malicious code then invoked the original scanner to hide its activity.
read more →

Securing Homegrown AI Agents with Falcon AIDR & NeMo

🔒 Falcon AIDR now integrates with NVIDIA NeMo Guardrails to provide programmable runtime protections for homegrown AI agents moving into production. The combined solution blocks prompt injection, redacts PII, defangs malicious domains, and moderates unwanted topics while preserving responsive, sub-100ms agent workflows. Teams can leverage 75+ built-in detectors or create custom policies to monitor in report-only mode and then progressively enforce blocks, redactions, encryptions, or transformations.
read more →

FedRAMP High: Falcon for XIoT Extends Federal Protection

🔒 CrowdStrike Falcon Platform for Government now includes Falcon for XIoT, delivering FedRAMP High–authorized visibility and protection for connected and operational technology assets. The solution provides native, zero‑touch XIoT asset discovery with deep protocol support and ICS vendor validation to preserve operational continuity across critical infrastructure. It also leverages AI-powered risk prioritization to surface and rank high‑risk conditions across converged IT/OT environments.
read more →

CrowdStrike Advances GovCloud Security and Modernization

🔒 CrowdStrike is introducing new GovCloud capabilities designed to help federal, state, and local agencies modernize cyber defenses while maintaining FedRAMP compliance. Falcon Flex offers a commitment-based purchasing model to simplify procurement and consolidate tooling. New Charlotte AI features bring natural-language interactions and an automated Response Agent to speed investigations. GovCloud additions include Falcon for XIoT, External Attack Surface Management, and behavioral malware analysis to improve IT/OT visibility, detection, and response.
read more →

How Charlotte AI Accelerates and Scales Security Operations

🛡️Charlotte AI is an agentic security analyst embedded in CrowdStrike Falcon, built to triage alerts, investigate threats and drive automated, inspectable response actions. It reasons over existing detections — including machine learning, IOAs and the CrowdStrike Threat Graph — and enforces analyst-defined guardrails so humans remain in control. Customers report faster MTTR and large reductions in initial investigation time.
read more →