Security News

MATA malware framework exploits EDR in attacks on defense firms
2023-10-18 15:17

An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe. The updated MATA framework combines a loader, a main trojan, and an infostealer to backdoor and gain persistence in targeted networks.

New Mockingjay process injection technique evades EDR detection
2023-06-27 13:00

A new process injection technique named 'Mockingjay' could allow threat actors to bypass EDR and other security products to stealthily execute malicious code on compromised systems. Process injection is a method of executing arbitrary code in the address space of another running process that is trusted by the operating system, hence giving threat actors the ability to run malicious code without being detected.

Windows 11 KB5027231 also breaks Chrome for Cisco, WatchGuard EDR users
2023-06-16 16:56

The Windows 11 22H2 KB5027231 cumulative update released during this month's Patch Tuesday also breaks Google Chrome on systems protected by Cisco and WatchGuard EDR and antivirus solutions. As BleepingComputer reported on Wednesday, Windows admins and users report having issues launching the web browser after installing the KB5027231 Windows 11 updates.

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack
2023-04-24 13:44

Threat actors are employing a previously undocumented "Defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response software by means of a Bring Your Own Vulnerable Driver attack. "The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying either a backdoor or ransomware on the target system," Sophos researcher Andreas Klopsch said in a report published last week.

Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users
2022-12-12 17:28

EDR software, by design, are capable of continually scanning a machine for potentially suspicious and malicious files, and taking appropriate action, such as deleting or quarantining them. The idea, in a nutshell, is to trick vulnerable security products into deleting legitimate files and directories on the system and render the machine inoperable by making use of specially crafted paths.

Antivirus and EDR solutions tricked into acting as data wipers
2022-12-09 17:00

A security researcher has found a way to exploit the data deletion capabilities of widely used endpoint detection and response (EDR) and antivirus (AV) software from Microsoft, SentinelOne,...

EDR is not a silver bullet
2022-10-11 03:00

In a recent study by Cymulate of over one million tests conducted by our customers in 2021, the most popular testing vector was EDR. Yet cybersecurity stakeholders should not assume that EDR is a silver bullet. Today, EDR is facing some of its greatest challenges, including threats laser-targeting EDR systems like the highly-successful Grandoiero banking trojan.

Why Organisations Need Both EDR and NDR for Complete Network Protection
2022-09-30 10:10

Malware disabling/abusing EDR agents: The emergence of sophisticated hacker groups like Lapsus$ is another risk that EDR tools can't deal with. Maintaining/deploying EDR: Finally, with agent based EDR products, it can be a huge burden for security teams to install and maintain agents on every endpoint across the enterprise network environment.

Considerations for Evaluating Endpoint Detection and Response (EDR) Solutions
2022-08-26 00:00

Endpoint security solutions range from signature-based endpoint protection platform or antivirus solutions to extended detection and response platforms that tie multiple security solutions together. Organizations that are evaluating endpoint detection and response solutions need to ensure that the products they are considering will meet their needs in the areas.

Considerations for Evaluating Endpoint Detection and Response (EDR) Solutions – Infographic
2022-07-25 00:00

Endpoint security solutions range from signature-based endpoint protection platform or antivirus solutions to extended detection and response platforms that tie multiple security solutions together. Organizations that are evaluating endpoint detection and response solutions need to ensure that the products they are considering will meet their needs in the following areas.