Offline dengan aplikasi Player FM !
Ep6: After CrowdStrike chaos, should Microsoft kick EDR agents out of Windows kernel?
Manage episode 430890493 series 2416144
Three Buddy Problem - Episode 6: As the dust settles on the CrowdStrike incident that blue-screened 8.5 million Windows computers worldwide, we dig into CrowdStrike’s preliminary incident report, the lack of transparency in the update process and the need for more robust testing and validation. We also discuss Microsoft's responsibility to avoid infinite BSOD loops, risks of deploying EDR agents on critical systems, and how an EU settlement is being blamed for EDR vendors having access to the Windows kernel.
Other topics on the show include Mandiant's attribution capabilities, North Korea’s gov-backed hacking teams launching ransomware on hospitals, KnowBe4 hiring a fake North Korean IT worker, and new developments in the NSO Group surveillance-ware lawsuit.
Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)
Links:
- Episode transcript (Unedited, AI-generated)
- Official CrowdStrike preliminary post-mortem
- Microsoft VP David Weston on CrowdStrike outage
- Microsoft VP John Cable on the path forward
- Matt Suiche: Bob and Alice in Kernel-land
- Re-learning Lessons from the CrowdStrike Outage
- Ep5: CrowdStrike's faulty update
- Mandiant Report on North Korea's APT45
- CISA Advisory on North Korea APT45
- KnowBe4 Hires North Korean Fake IT Worker
- Israel’s attempt to sway NSO/WhatsApp spyware case
147 episode
Manage episode 430890493 series 2416144
Three Buddy Problem - Episode 6: As the dust settles on the CrowdStrike incident that blue-screened 8.5 million Windows computers worldwide, we dig into CrowdStrike’s preliminary incident report, the lack of transparency in the update process and the need for more robust testing and validation. We also discuss Microsoft's responsibility to avoid infinite BSOD loops, risks of deploying EDR agents on critical systems, and how an EU settlement is being blamed for EDR vendors having access to the Windows kernel.
Other topics on the show include Mandiant's attribution capabilities, North Korea’s gov-backed hacking teams launching ransomware on hospitals, KnowBe4 hiring a fake North Korean IT worker, and new developments in the NSO Group surveillance-ware lawsuit.
Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)
Links:
- Episode transcript (Unedited, AI-generated)
- Official CrowdStrike preliminary post-mortem
- Microsoft VP David Weston on CrowdStrike outage
- Microsoft VP John Cable on the path forward
- Matt Suiche: Bob and Alice in Kernel-land
- Re-learning Lessons from the CrowdStrike Outage
- Ep5: CrowdStrike's faulty update
- Mandiant Report on North Korea's APT45
- CISA Advisory on North Korea APT45
- KnowBe4 Hires North Korean Fake IT Worker
- Israel’s attempt to sway NSO/WhatsApp spyware case
147 episode
همه قسمت ها
×Selamat datang di Player FM!
Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.