< ciso
brief />
Tag Banner

All news with #crowdstrike tag

149 articles · page 3 of 8

Falcon for XIoT Extends Protection to Medical Devices

🔒 Falcon for XIoT now extends asset protection to medical devices and clinical systems, adding native visibility for protocols such as DICOM and HL7. The cloud-native Falcon sensor, available in beta, monitors device behavior and protocol communications to detect anomalies and block malicious actions before they affect patient care. It integrates device telemetry, AI-driven analytics, and CrowdStrike Exposure Management so security teams can discover legacy or unsupported assets, prioritize high-risk devices, and respond within existing SOC workflows. Integration with Falcon Next‑Gen SIEM and Falcon Fusion SOAR streamlines investigation and triage across IT and XIoT assets.
read more →

Falcon Next-Gen SIEM: Sensor-Native Log Collection

🔒 CrowdStrike announces sensor-based log collector deployment in Falcon Next-Gen SIEM, leveraging the existing Falcon sensor footprint to automate collector installation and management. The policy-driven model enables host-group scoping, incremental rollouts, and real-time installation telemetry without separate distribution tooling or packaging workflows. Organizations can onboard external log sources faster while retaining centralized governance and RBAC.
read more →

Cloudflare One Adds Adaptive User Risk Scoring to Access

🔒 Cloudflare One now integrates continuous User Risk Scores into its ZTNA policies, letting admins factor recent user behaviors into access decisions. The SASE risk engine ingests internal telemetry from Cloudflare Access and Gateway, plus third-party signals via integrations (e.g., CrowdStrike, SentinelOne), and deterministically maps configured behaviors to low/medium/high risk levels. Administrators can apply risk-based selectors in Access policies to restrict, require stronger MFA, or revoke access dynamically, with manual reset and signal-sharing back to IdPs.
read more →

CrowdStrike Earns NCSC CIR Assurance for Incident Response

🛡️CrowdStrike has been independently assessed and assured against the UK National Cyber Security Centre’s CIR Standard. The CrowdStrike certification confirms independent evaluation of provider capability, technical competence, and service delivery for incident handling across the UK and Europe. It reinforces the company's incident response services—breach response, retainers, and resilience work—powered by the Falcon platform.
read more →

Automating Security Decisions to Counter AI-Driven Attacks

🔒 Security experts warn that defenders must embrace greater automation to keep pace with AI-powered attacks that operate at machine speed. Recent research, including CrowdStrike findings showing average breakout times falling to 29 minutes (and as fast as 27 seconds), highlights the urgency. Industry leaders recommend automating routine SOC work and responses to known threats while reserving humans for novel, high-risk incidents. Cultural shifts and revised risk appetites will be required to enable faster, autonomous mitigations.
read more →

CrowdStrike: AI Drives Faster Network Breakouts in 2025

⚠️ CrowdStrike's latest Global Threat Report finds that in 2025 attackers required an average of just 29 minutes to gain full network access, a roughly 65% acceleration from the prior year. The fastest measured breakout dropped to 27 seconds, and some intrusions began exfiltrating data within four minutes of initial access. Researchers link the shift to a steep rise in AI-assisted operations — attackers using AI grew 89% — citing examples such as the LLM-based malware Lamehug, AI-generated credential-extraction scripts, and AI-crafted identities used for insider-style campaigns. Adam Meyers warns defenders must be faster than attackers as AI compresses the window between intent and execution.
read more →

CrowdStrike FalconID Adds Phishing-Resistant MFA Support

🔐 FalconID is now generally available, delivering phishing‑resistant, FIDO2-based authentication built into the Falcon sensor and delivered via the Falcon for Mobile app. It replaces passwords, push notifications and one‑time codes with biometric, device‑bound verification and cryptographic domain binding. Authentication decisions are driven by real‑time identity, endpoint and SaaS telemetry to minimize friction while blocking credential abuse. For legacy apps, FalconID offers secure indirect authentication, and when paired with SGNL it enables continuous, risk‑based authorization across environments.
read more →

AI-enabled Cyber Attacks Nearly Double in 2025 - CrowdStrike

⚠️ CrowdStrike's Global Threat Report 2026 warns that AI-enabled cyber-attacks rose 89% in 2025 as adversaries used machine learning and LLMs to scale and refine phishing, disinformation and malware operations. Researchers observed LLMs producing multilingual, convincing phishing lures and automating campaign creation, while some actors embedded prompting into malware (eg, LameHug) for reconnaissance. CrowdStrike recommends strong identity controls, AI-focused awareness training and threat-intel monitoring to mitigate the accelerating threat.
read more →

The Evasive Adversary: Faster, Quieter, Cloud-Focused

🛡️ CrowdStrike reports that adversaries shifted in 2025 from expanding toolsets to prioritizing evasion, using AI to refine phishing, malware scripts, and reconnaissance while favoring malware-free techniques that blend with legitimate user activity. AI-enabled attacks rose 89% year over year and malware-free methods accounted for 82% of detections. Supply chain compromises, rapid zero-day weaponization, and cloud-focused intrusions amplified stealth, with big-game ransomware groups moving to remote encryption and credential abuse to minimize detection.
read more →

CrowdStrike 2026 Global Threat Report Findings Overview

🔍 The CrowdStrike 2026 Global Threat Report reviews 2025 as the year of the evasive adversary, detailing how attackers shifted to subtle, trust-based techniques across endpoint, identity, SaaS, and cloud environments. Adversaries accelerated operations using AI and exploited AI systems themselves, while supply chain compromises and zero-day usage rose markedly. The report highlights rapid breakout times, a high rate of malware-free intrusions, and significant increases in state-nexus activity, offering prioritized insights for defenders.
read more →

Typosquatting Tactics: How Actors Evade Detection Today

🔍Typosquatting remains a highly effective deception tactic where attackers register look-alike domains to phish, harvest credentials, and deliver malware. CrowdStrike describes how adversaries exploit weak registrar verification and craft convincing WHOIS records while using techniques such as strategic HTTP redirects, geo-targeted content and fake sale pages to evade detection. Organizations should monitor registrations, protect brands, and use Falcon Adversary Intelligence to detect and disrupt campaigns.
read more →

AI Unlocked: Interactive Prompt Injection Challenge

🔐 CrowdStrike has launched AI Unlocked: Decoding Prompt Injection, an interactive online challenge hosted via Falcon Encounter hands-on labs that immerses security teams in attacker-style prompt injection scenarios. Participants progress through three virtual rooms—Command Center, Data Gateway, and Nexus—using prompt injection techniques to convince the simulated supervisor SAIGE to reveal secret phrases while earning higher scores for brevity and efficiency. The exercise aims to convert abstract AI security risks into practical lessons, helping teams recognize attack patterns and the need for defensive guardrails.
read more →

Exposing Insider Threats with Data, Identity & HR Context

🔍 CrowdStrike describes how combining Falcon Data Protection, Falcon Next-Gen Identity Security, and HR context enables detection of insider threats through multi-layer telemetry correlation, behavioral baselines, and automated risk scoring. The Insider Threat Analytics and User Activity Investigation dashboards surface anomaly hunting leads — rare destinations, first-seen egress, off-hours activity, USB and unusual endpoint transfers — and provide prioritized user risk lists. Workday integration and content inspection improve visibility for departing employees and sensitive data.
read more →

CrowdStrike Customers' Choice in 2026 User Authentication

🔒 CrowdStrike has been named a Customers’ Choice in the 2026 Gartner Peer Insights Voice of the Customer for User Authentication report. For the second consecutive year it led with the highest volume of verified reviews, receiving 129 five‑star ratings out of 179 responses and a 96% Willingness to Recommend score. CrowdStrike highlights Falcon Next‑Gen Identity Security as an AI‑powered, continuous identity protection solution and notes intent to acquire SGNL to add continuous dynamic authorization and remove standing privileges.
read more →

Reynolds Ransomware Bundles BYOVD Driver to Evade EDR

🔒 Researchers have identified a Reynolds ransomware campaign that embeds a vulnerable NsecSoft NSecKrnl driver as a built‑in BYOVD component to terminate EDR and antivirus processes from vendors such as CrowdStrike, Symantec, Palo Alto, Sophos and Avast. Unlike typical attacks that deploy BYOVD separately, Reynolds bundles the signed but flawed driver inside the ransomware payload to quietly disable defenses. The intrusion also involved a suspicious side‑loaded loader before deployment and a subsequent GotoHTTP remote access tool, suggesting persistence and further post‑compromise activity.
read more →

February 2026 Patch Tuesday: Six Zero-Days, Five Criticals

🚨 Microsoft’s February 2026 updates address 59 vulnerabilities, including six actively exploited zero-days and five Critical issues. CrowdStrike identified the Windows Remote Desktop elevation-of-privilege (CVE-2026-21533) and observed exploitation against U.S. and Canadian organizations; other zero-days affect MSHTML, Windows Shell, Microsoft Word, Desktop Window Manager and Remote Access Connection Manager. Three Critical Azure service flaws were remediated in-platform while two Critical issues in Azure confidential containers require customer patching. CrowdStrike recommends timely updates, compensating controls, expanded detection/hunting, and use of the Falcon Exposure Management dashboard to prioritize and mitigate risk.
read more →

Human-AI Feedback Loop Powering Agentic Security at Scale

🔁 CrowdStrike describes a continuous human-AI feedback loop that pairs expert analysts with agentic AI to detect, investigate, and contain threats at machine speed. Human-annotated telemetry from Falcon Complete and Adversary OverWatch trains and reinforces models such as Charlotte AI, improving triage accuracy and reducing investigator effort. The system emphasizes analyst-validated reasoning to handle novel tradecraft and minimize false positives.
read more →

CrowdStrike Named Customers' Choice in 2025 EASM Report

🔎 CrowdStrike has been named a Customers’ Choice in Gartner Peer Insights' 2025 Voice of the Customer for External Attack Surface Management (EASM), and is the only vendor to hold that distinction in both years the report has been published. Falcon Exposure Management unifies external attack surface visibility with internal exposure context, adversary-driven prioritization, and attack-path analysis. The platform discovers known and unknown internet-facing assets continuously, prioritizes vulnerabilities most likely to be exploited, and reduces operational overhead by delivering EASM natively within the Falcon platform. Customers praise its accuracy, continuous discovery, and ability to operationalize exposure insights across teams.
read more →

Betterment Data Breach Exposes 1.4 Million Accounts

🔒 Betterment disclosed a January incident in which threat actors accessed systems and stole contact and personal data from an estimated 1,435,174 accounts, including names, email addresses and location details. The attackers also sent fraudulent promotional emails promoting a cryptocurrency reward scam; Betterment says clicking the message did not compromise accounts. A forensic review with CrowdStrike found no evidence of customer account, password, or login credential theft, and the company reports the unauthorized access has been removed.
read more →

Advanced Web Shell Detection and Linux Sensor Enhancements

🛡️ CrowdStrike's Falcon Linux sensor now offers enhanced visibility and detection for PHP web shells, improving discovery of both pre-existing and obfuscated variants. The On write script file visibility capability captures script content and context as files are written, while Enhance PHP visibility surfaces dynamically evaluated PHP (eval/assert/create_function) as PhpEvalString events. These features have already supported OverWatch in identifying hundreds of web shells and provide richer telemetry for faster investigations and hunting.
read more →