Security News

Notorious FIN7 hackers sell EDR killer to other threat actors
2024-07-17 21:11

The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. The same threat actors are also likely tied to the BlackCat ransomware operation, which recently conducted an exit scam after stealing a UnitedHealth ransom payment.

SentinelOne vs Palo Alto: Compare EDR software
2024-05-27 13:00

SentinelOne and Palo Alto are two of the top brands in this space, and this comparison will help you decide if either one of the company's tools is right for you. While you can request a demo of Cortex XDR on Palo Alto's official website, there is no explicit price list of both Cortex XDR tiers as of May 2024.

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack
2024-05-22 08:57

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring...

GhostEngine mining attacks kill EDR security using vulnerable drivers
2024-05-21 22:30

A malicious crypto mining campaign codenamed 'REF4578,' has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner. Researchers at Elastic Security Labs and Antiy have underlined the unusual sophistication of these crypto-mining attacks in separate reports and shared detection rules to help defenders identify and stop them.

What's the Right EDR for You?
2024-05-10 10:22

A guide to finding the right endpoint detection and response (EDR) solution for your business’ unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized...

“Pool Party” process injection techniques evade EDRs
2023-12-12 10:56

SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed "Pool Party" because theyuse Windows thread pools, these process injection techniques work across all processes and, according to the researchers, they went undetected when tested against five leading EDR/XDR solutions, namely: Palo Alto Cortex, SentinelOne EDR, CrowdStrike Falcon, Microsoft Defender For Endpoint, and Cybereason EDR. "Pool Party" process injection techniques.

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions
2023-12-11 05:58

A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response...

Get 20% off Emsisoft's Enterprise Security EDR solution for the holidays
2023-11-30 21:24

Emsisoft is having a holiday deal where you can get 20% off 1-year licenses of the Emsisoft Enterprise Security EDR solution through December 17th, 2023, with no license limits. Emsisoft's Enterprise Security provides a cloud-based management console where you can see an overview of all your endpoints and any security incidents that need to be investigated, whether malware or other anomalous behavior.

Open-source AV/EDR bypassing lab for training and learning
2023-11-22 04:30

Best EDR Of The Market is a user-mode endpoint detection and response project designed to serve as a testing ground for understanding and bypassing EDR's user-mode detection methods. These techniques are mainly based on a dynamic analysis of the target process state,.

MATA malware framework exploits EDR in attacks on defense firms
2023-10-18 15:17

An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe. The updated MATA framework combines a loader, a main trojan, and an infostealer to backdoor and gain persistence in targeted networks.