Security News

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools
2024-12-11 15:13

A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response...

Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion
2024-10-20 08:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Last week,...

Attackers deploying red teaming tool for EDR evasion
2024-10-15 14:05

Threat actors are leveraging the open-source EDRSilencer tool to evade endpoint detection and response systems, Trend Micro researchers have noticed. About EDRSilencer The software, which is...

RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software
2024-09-10 18:29

The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to disable endpoint detection and response (EDR) services on target systems. [...]

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back
2024-08-29 11:26

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest...

PoorTry Windows driver evolves into a full-featured EDR wiper
2024-08-28 18:57

The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial...

RansomHub-linked EDR-killing malware spotted in the wild
2024-08-19 01:52

In brief Malware that kills endpoint detection and response software has been spotted on the scene and, given it's deploying RansomHub, it could soon be prolific. A look inside the malware indicates it's not as dangerous as it appears at first glance, provided proper precautions are taken.

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks
2024-08-15 10:45

A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response software on compromised hosts, joining the likes of other similar programs like AuKill and Terminator. The EDR-killing utility has been dubbed EDRKillShifter by cybersecurity company Sophos, which discovered the tool in connection with a failed ransomware attack in May 2024.

5 Best Endpoint Detection & Response (EDR) Solutions for 2024
2024-07-19 13:00

Best EDR software for businesses: Comparison table CrowdStrike Falcon SentinelOneSingularity Microsoft Defender for Endpoint Trend Micro Vision One Bitdefender GravityZone Forrester Wave Q4 2023 results Leader Strong Performer Leader Leader Leader Ease of use(Gartner Peer Insights) 4.7 out of 5 4.8 out of 5 4.3 out of 5 4.5 out of 5 4.6 out of 5 Free trial or demo Free trial upon request Demo upon request Free trial available Demo upon request Free trial upon request Starting price $184.99 per device per year $79.99 per device per year $54.75 per user per month Contact Trend Micro for pricing. No matter the EDR vendor, there are key features everyone can expect out of most, if not all, EDR solutions.

Russia’s FIN7 is peddling its EDR-nerfing malware to ransomware gangs
2024-07-18 13:40

Prolific Russian cybercrime syndicate FIN7 is using various pseudonyms to sell its custom security solution-disabling malware to different ransomware gangs. AvNeutralizer malware was previously thought to be solely linked to the Black Basta group, but fresh research has uncovered various underground forum listings of the malicious software now believed to be created by FIN7 operatives.