Luke Cifarelli’s Post

If you are still dealing with the #crowdstrikeoutage (like many of us are) you may be experiencing a flood of alerts of the type "Defense Evasion via Disable or Modify Tools" This may be triggered by the removal of the offending .sys file in the CrowdStrike sensor directory and all the steps taken to restore your systems. However, we can't assume they are all false positives, my initial questions to triage these alerts are: 1. Who ran the process? in the best case scenario it may have been one of our admins, service desk analysts or user. 2. When did the process run? If it ran during the remediation phase of the outage it may be friendly. 3. Where is the process running from? Check the location of execution this is part of forensics 101. 4. Is this a know malicious file/signature? I don't trust signatures too much but, if this comes out positive is a reason to drill deeper into the alert. Of course, communication is still the best way to understand what happened in a host, I foresee a lot of emails and chats with admins, support and users asking for context for those cases that are hard to crack. Good luck everybody, stay alert, the fog of war is a prime opportunity for attackers and we have some more work ahead. #cybersecurity

🚨 FBI and CISA on Bad Practices in Product Security 🚨 The FBI has dealt with numerous cyberattacks and ransomware incidents. In support of the Secure by Design initiative, the FBI and CISA have released a draft outlining common product security practices that often result in bad outcomes. These practices are - 𝗣𝗿𝗼𝗱𝘂𝗰𝘁 𝗣𝗿𝗼𝗽𝗲𝗿𝘁𝗶𝗲𝘀 - Memory unsafe languages (CWE-119+) - Unsafe user input in SQL (CWE-89) - Unsafe user input in Commands (CWE-78) - Default Passwords (CWE-1392, CWE-1393) - Known KEV vulnerabilities - Known exploitable vulnerabilities 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗙𝗲𝗮𝘁𝘂𝗿𝗲𝘀 - Lack of MFA - Lack of intrusion detection 𝗢𝗿𝗴𝗮𝗻𝗶𝘇𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗣𝗿𝗼𝗰𝗲𝘀𝘀𝗲𝘀 𝗮𝗻𝗱 𝗣𝗼𝗹𝗶𝗰𝗶𝗲𝘀 - Failing to publish CVEs timely - Failing to publish the Vulnerability Disclosure Policy This document is open for public comments here: https://lnkd.in/efpnwjEw #BuildSecureProduct #ProductSecurity

🔒 Eliminate blind spots. 🛡️ Remediate infrastructure threats. 🔎 Detect vulnerable misconfigurations. Say hello to IBM Verify Identity Protection. The solution is designed to proactively protect your business and employees, no matter where they work. Discover how it enables you to quickly discover, remediate, and adapt to potential threats before it’s too late

We know Security. The Verizon 2024 Data Breach Investigations Report analyzes more than 30k real-world security incidents and more than 10k data breaches across 94 countries, providing actionable insights leaders can use to keep their companies safe. #iamvz

The least privilege access model ensures that users only have the permissions they need to do their jobs—nothing more. This simple rule reduces risks, prevents privilege creep, and protects critical data. Here’s how it works: ✔️ Restricted Permissions: Limit user access to the minimum required for their role to shrink the attack surface. ✔️ Temporary Privileges: Grant elevated access only when needed and revoke it immediately after use. ✔️ Regular Audits: Review permissions frequently to remove unnecessary access and prevent misuse. ✔️ Stronger Security: Even if an account is compromised, restricted access minimizes potential damage. By managing permissions carefully, organizations reduce insider threats, improve compliance, and make their systems more secure. 🔗 Learn more about implementing this model effectively: https://hubs.li/Q02_HLB00 #TrioMDM #Trio #ITSolutions #MDM #LeastPrivilege

Protecting Your Data, Protecting Your Business! Data breaches can strike at any moment, but staying prepared is crucial. Implement ongoing strategies to prevent breaches and respond effectively. Keep software and security systems up-to-date, patching vulnerabilities swiftly. Continuously educate your team on security best practices to reduce human error. Ensure sensitive data is always encrypted, both at rest and in transit. Monitor and restrict access to authorized personnel only. Maintain an evolving incident response plan to swiftly minimize breach impact. Vigilance is key, with continuous precautions and response strategies, fortify your data and safeguard your business. Stay proactive! #ContinuousSecurity #DataProtection #Datasec

When a company experiences a data breach, it’s not just systems that are compromised—it’s customer trust. Companies need to prioritize proactive, transparent data security measures to prevent vulnerabilities from damaging their reputation. Don’t wait for a breach to start securing your customers’ data. 🔒 

Little tired of CrowdStrike insisting this wasn't a "security incident" - likely referring to it not being caused by a hack. Security posture is about Confidentiality, Integrity and Availability. When you push out an update without the integrity being quality managed, and it results in millions of users losing availability, you have a security incident. When the remediation involves ducking down into shells and levels of access not typical, paving the way for errors and further data loss, you have a security incident. When your poor quality management and crisis communication opens the door for fraudsters with malware posing as a fix, you have a security issue.

In this case study, following a data loss incident, a client discovered control weaknesses leaving them exposed. A global review identified more than 1000 third-party hosted websites with this weakness. We stepped in with our proven Security Remediation methodology. Our approach simplifies complex security remediation programmes, irrespective of the types of assets or the weaknesses that need addressing. Not only did we accelerate the client's remediation efforts and reduce costs, but we also left behind an auditable record of addressed security weaknesses. Read the full case study to learn more about our Security Remediation methodology in action. #Cybersecurity #Remediation #DataProtection

🤖Cybercrime – A Growing Threat🤖 Cybercrime is a serious issue that affects not only large corporations but also individuals and small businesses. As digitalisation grows, so does the number of cyberattacks, leading to significant financial losses. To minimise risks, it is crucial to identify vulnerabilities in advance. Regular penetration testing and timely software updates can help protect IT infrastructure and reduce the chances of attacks. Protect your data and always stay one step ahead!