Security News
An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe. The updated MATA framework combines a loader, a main trojan, and an infostealer to backdoor and gain persistence in targeted networks.
A new process injection technique named 'Mockingjay' could allow threat actors to bypass EDR and other security products to stealthily execute malicious code on compromised systems. Process injection is a method of executing arbitrary code in the address space of another running process that is trusted by the operating system, hence giving threat actors the ability to run malicious code without being detected.
The Windows 11 22H2 KB5027231 cumulative update released during this month's Patch Tuesday also breaks Google Chrome on systems protected by Cisco and WatchGuard EDR and antivirus solutions. As BleepingComputer reported on Wednesday, Windows admins and users report having issues launching the web browser after installing the KB5027231 Windows 11 updates.
Threat actors are employing a previously undocumented "Defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response software by means of a Bring Your Own Vulnerable Driver attack. "The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying either a backdoor or ransomware on the target system," Sophos researcher Andreas Klopsch said in a report published last week.
EDR software, by design, are capable of continually scanning a machine for potentially suspicious and malicious files, and taking appropriate action, such as deleting or quarantining them. The idea, in a nutshell, is to trick vulnerable security products into deleting legitimate files and directories on the system and render the machine inoperable by making use of specially crafted paths.
A security researcher has found a way to exploit the data deletion capabilities of widely used endpoint detection and response (EDR) and antivirus (AV) software from Microsoft, SentinelOne,...
In a recent study by Cymulate of over one million tests conducted by our customers in 2021, the most popular testing vector was EDR. Yet cybersecurity stakeholders should not assume that EDR is a silver bullet. Today, EDR is facing some of its greatest challenges, including threats laser-targeting EDR systems like the highly-successful Grandoiero banking trojan.
Malware disabling/abusing EDR agents: The emergence of sophisticated hacker groups like Lapsus$ is another risk that EDR tools can't deal with. Maintaining/deploying EDR: Finally, with agent based EDR products, it can be a huge burden for security teams to install and maintain agents on every endpoint across the enterprise network environment.
Endpoint security solutions range from signature-based endpoint protection platform or antivirus solutions to extended detection and response platforms that tie multiple security solutions together. Organizations that are evaluating endpoint detection and response solutions need to ensure that the products they are considering will meet their needs in the areas.
Endpoint security solutions range from signature-based endpoint protection platform or antivirus solutions to extended detection and response platforms that tie multiple security solutions together. Organizations that are evaluating endpoint detection and response solutions need to ensure that the products they are considering will meet their needs in the following areas.