Security News

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Last week,...

Threat actors are leveraging the open-source EDRSilencer tool to evade endpoint detection and response systems, Trend Micro researchers have noticed. About EDRSilencer The software, which is...

The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to disable endpoint detection and response (EDR) services on target systems. [...]

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest...

The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial...

In brief Malware that kills endpoint detection and response software has been spotted on the scene and, given it's deploying RansomHub, it could soon be prolific. A look inside the malware indicates it's not as dangerous as it appears at first glance, provided proper precautions are taken.

A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response software on compromised hosts, joining the likes of other similar programs like AuKill and Terminator. The EDR-killing utility has been dubbed EDRKillShifter by cybersecurity company Sophos, which discovered the tool in connection with a failed ransomware attack in May 2024.

Best EDR software for businesses: Comparison table CrowdStrike Falcon SentinelOneSingularity Microsoft Defender for Endpoint Trend Micro Vision One Bitdefender GravityZone Forrester Wave Q4 2023 results Leader Strong Performer Leader Leader Leader Ease of use(Gartner Peer Insights) 4.7 out of 5 4.8 out of 5 4.3 out of 5 4.5 out of 5 4.6 out of 5 Free trial or demo Free trial upon request Demo upon request Free trial available Demo upon request Free trial upon request Starting price $184.99 per device per year $79.99 per device per year $54.75 per user per month Contact Trend Micro for pricing. No matter the EDR vendor, there are key features everyone can expect out of most, if not all, EDR solutions.

Prolific Russian cybercrime syndicate FIN7 is using various pseudonyms to sell its custom security solution-disabling malware to different ransomware gangs. AvNeutralizer malware was previously thought to be solely linked to the Black Basta group, but fresh research has uncovered various underground forum listings of the malicious software now believed to be created by FIN7 operatives.

The cybercrime-focused enterprise known as FIN7 has come up with yet another trick to assure the effectiveness of its "EDR killer" tool, dubbed AvNeutralizer by researchers. They spotted the tool being offered for sale on underground forums by several sellers/personas, which they suspect to be part of the FIN7 cluster.