I have no idea why @Apple and @Google don't build a setting into iOS and Android so you can set your phone to reboot daily/weekly/monthly on a schedule. I'd reboot daily 🤷
https://t.co/HqBdJDwjE9
@GolfweekNichols They seemed to blame… the volunteers? For thousands of people being in line and unable to get on shuttles? We left after being given a 3-4 hour estimate at 6:50a. Might just fly home. What a calamity.
@molecularmusing@CrowdStrike Hi there. FWIW, this is off by default. Customers have to manually enable it in their prevention policy. It can, obviously, be toggled off again if it's an issue.
@BruceDawson0xB@statictear@CrowdStrike Thank you. Will pass to ENG. In the meantime, if this is causing a PROD issue, disabling "Additional User Mode Data" in the Falcon prevention policy will prevent that DLL from being loaded into Chrome after Chrome is restarted.
Want to hunt the most dangerous game? I'll be teaching an advanced threat hunting course at @CrowdStrike#FalCon2023 this September. Come learn with us!
Great article from @CrowdStrike Services Team on how to identify data exfiltration on exploited MoveIt servers via log file forensics: https://t.co/h8W3sqk0O0
@AppSecBloke @CrowdStrike Hi Mike. That's not cool. Can you please DM me the full email address of the sender and I'll address this internally? I work for CrowdStrike. Following you now.
@mthcht Question on this: 🔍 Sysmon EID 3 / EDR network telemetry: image outlook.exe & dest port 445
Are you seeingS SMB TCP/445 traffic being pinned to outlook.exe's PID and not PID 4 (root)?
@juanandres_gs@NickGalea3cx This is you yesterday asking Twitter for IOCs when a user reported a potential issue. I link you to a post with IOCs. A blog shows up 9 hours later. Saying you've been working on this for a week without any sort of responsible disclosure is either: (1) despicable (2) insane.
RE: The 3CX VOIP supply chain attack, vendors have stated that macOS was also targeted - but I couldn't find any specific technical details (yet) 🍎🐛☠️
One vendor stated, "we cannot confirm that the Mac installer is similarly trojanized"
...let's dive in! 1/n 🧵
Once active, the HTTPS beacon structure and encryption key match those observed by CrowdStrike in a March 7, 2023 campaign attributed with high confidence to DPRK-nexus threat actor LABYRINTH CHOLLIMA... https://t.co/doqOBxXIjV