Tag: detection
-
Microsoft Introduces Security Copilot Agents with Enhanced AI Protections
Microsoft has launched an expanded version of its Security Copilot platform, now equipped with advanced AI agents. These agents are designed to autonomously handle critical security tasks such as phishing detection, data security, and identity management, revolutionizing how organizations protect themselves against cyberattacks. The cyber threat landscape is evolving rapidly, with attacks surpassing human capabilities…
-
Medusa Ransomware Brings Its Own Vulnerable Driver
Tags: breach, crowdstrike, detection, endpoint, group, hacker, malicious, ransomware, russia, software, vulnerability, windowsHackers Use Stolen Certificates to Bypass Endpoint Detection and Response. A Russian-speaking ransomware group has been deploying a malicious Windows PE driver that imitates a legitimate CrowdStrike Falcon driver to bypass endpoint security, warn researchers. The driver disables endpoint detection and response software by stripping process protections. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/medusa-ransomware-brings-its-own-vulnerable-driver-a-27813
-
New Rust-Based Linux Kernel Module Unveiled to Detect Rootkits
A recent development in Linux kernel security has led to the creation of a Rust-based kernel module designed to detect rootkits, a type of malware that can hide itself and other malicious activities from system administrators. This project, part of an internship at Thalium, focuses on enhancing malware detection capabilities within Linux systems, which are…
-
Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools
Medusa ransomware uses a malicious Windows driver ABYSSWORKER to disable security tools, making detection and mitigation more difficult. Elastic Security Labs tracked a financially driven MEDUSA ransomware campaign using a HEARTCRYPT-packed loader and a revoked certificate-signed driver, ABYSSWORKER, to disable EDR tools. The attackers used a 64-bit Windows PE driver named smuol.sys, disguised as a…
-
Cloudflare Reveals AI Labyrinth to Counter Automated AI Attacks
Cloudflare has unveiledAI Labyrinth, an innovative platform designed to combat AI-powered bots that relentlessly crawl and scrape data from websites without permission. By employing AI-generated content, AI Labyrinth cleverly slows down and misdirects these bots, safeguarding legitimate websites while enhancing bot detection capabilities. What is AI Labyrinth? AI Labyrinth is a proactive defense mechanism that…
-
CVE-2025-24813: Apache Tomcat Vulnerable to RCE Attacks
IntroductionCVE-2025-24813 was originally published on March 10 with a medium severity score of 5.5, and Apache Tomcat released an update to fix it. On March 12, the first attack was detected in Poland by Wallarm researchers, even before a Proof-of-Concept (PoC) was made public. After the PoC was released on March 13 on GitHub and…
-
How AI Is Used in Fraud Detection [2025]
Learn how AI fraud detection reduces losses, boosts security, and protects your business with real-time threat prevention. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/how-ai-is-used-in-fraud-detection-2025/
-
CEO of AI ad-tech firm pledging “world free of fraud” sentenced for fraud
Prosecutors: Firm offering “300% more” fraud detection oversold revenue by 700%. First seen on arstechnica.com Jump to article: arstechnica.com/gadgets/2025/03/ceo-of-ai-ad-tech-firm-pledging-world-free-of-fraud-sentenced-for-fraud/
-
MEDUSA Ransomware Deploys Malicious ABYSSWORKER Driver to Disable EDR
In a recent analysis by Elastic Security Labs, a malicious driver known as ABYSSWORKER has been identified as a key component in the MEDUSA ransomware attack chain. This driver is specifically designed to disable endpoint detection and response (EDR) systems, allowing the malware to evade detection and execute its payload more effectively. The ABYSSWORKER driver…
-
Fighting Financial Fraud With Adversarial AI Defenses
Experts Weigh the Advantages and Risks of Generative Adversarial Networks. With traditional rule-based fraud detection systems and even conventional machine learning models struggling to identify these highly deceptive fraud patterns, financial institutions are exploring generative adversarial networks to enhance fraud detection. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/fighting-financial-fraud-adversarial-ai-defenses-a-27792
-
Dataminr Raises $85 Million for AI-Powered Information Platform
Real-time event and risk detection firm Dataminr has raised $85 million from NightDragon and HSBC to accelerate AI development. The post Dataminr Raises $85 Million for AI-Powered Information Platform appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/dataminr-raises-85-million-for-ai-powered-information-platform/
-
Rooted Androids 3,000x More Likely to Be Breached, Even iPhones Not Safe
A new Zimperium report reveals that rooted Android phones and jailbroken iOS devices face growing threats, with advanced toolkits making detection nearly impossible for cybersecurity researchers. First seen on hackread.com Jump to article: hackread.com/rooted-androids-breached-even-iphones-not-safe/
-
Is it time to retire ‘one-off’ pen tests for continuous testing?
Annual pentests can leave security gaps that attackers can exploit for months. Learn more from Outpost24 about why continuous penetration testing (PTaaS) offers real-time detection, remediation, and stronger protection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/is-it-time-to-retire-one-off-pen-tests-for-continuous-testing/
-
Red Canary Report Surfaces Sharp Increase in Cyberattacks Involving Identity
An analysis of 93,000 threats published this week by Red Canary, a provider of a managed detection and response (MDR) service, finds the number of cyberattacks seeking to compromise an identity increased by a factor of four in 2024. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/red-canary-report-surfaces-sharp-increase-in-cyberattacks-involving-identity/
-
SecPod launches Saner Cloud: A Revolutionary CNAPP For Preventive Cybersecurity
Moving Beyond Detection to Real-Time, Automated Security Across Workloads, Cloud, and Infrastructure SecPod, a global cybersecurity provider, has announced the General Availability of Saner Cloud, a Cloud-Native Application Protection Platform designed to provide automated remediation and workload security across multi-cloud environments. Unlike conventional security solutions that focus primarily on detection, Saner Cloud integrates security using…
-
News alert: SquareX’s “Year of Browser Bugs” project exposes critical cybersecurity blind spots
Palo Alto, Calif., Mar. 18, 2025, CyberNewswire, SquareX, a pioneer in Browser Detection and Response (BDR) space, announced the launch of the “Year of Browser Bugs” (YOBB) project today, a year-long initiative to draw attention to the lack… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/news-alert-squarexs-year-of-browser-bugs-project-exposes-critical-cybersecurity-blind-spots/
-
Attack time frames are shrinking rapidly. Here’s how cyber teams can cope
Time frame changes to time to exploit: The time frames are quickly shortening as the focus by a variety of attackers’ ransomware efforts shift to data stealing first, rather than trying to collect ransoms.A recent Huntress Cyber Report shows that that TTE, which the researchers refer to as “time-to-ransom” or TTR, has dropped to a few…
-
Transforming Security Operations With Generative AI
Organizations that adopt these AI-driven strategies will not only improve the accuracy and efficiency of their threat detection but also gain a competitive edge by making smarter, faster decisions in every aspect of their operations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/transforming-security-operations-with-generative-ai/
-
Hackers Use DLL Side-Loading to Deploy Malicious Python Code
A recent discovery by Xavier Mertens, a senior handler at the Internet Storm Center, has highlighted a sophisticated attack where hackers utilize DLL side-loading to deploy malicious Python code. This technique involves tricking an application into loading a malicious DLL instead of a legitimate one, allowing attackers to execute malicious code while evading detection by…
-
Seaco charts course for unified security strategy
Shipping container leasing giant consolidates security tools onto a single platform, leveraging AI and extended detection and response to improve security operations First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620921/Seaco-charts-course-for-unified-security-strategy
-
TruffleHog: New Burp Suite Extension for Secret Scanning Released
A new extension for Burp Suite has been released, integrating the powerful secret scanning capabilities of TruffleHog. This innovative integration aims to enhance the detection of live, exploitable credentials within HTTP traffic, making it a valuable tool for security professionals. In this article, we will delve into the features, usage, and benefits of the TruffleHog…
-
New StilachiRAT uses sophisticated techniques to avoid detection
Microsoft discovered a new remote access trojan (RAT), dubbed StilachiRAT, that uses sophisticated techniques to avoid detection. In November 2024, Microsoft researchers discovered StilachiRAT, a sophisticated remote access trojan (RAT) designed for stealth, persistence, and data theft. Analysis of its WWStartupCtrl64.dll module revealed that the malware supports sophisticated functionalities to steal credentials from browsers, digital…
-
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets
Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data.The malware contains capabilities to “steal information from the target system, such as credentials stored in the browser, digital wallet information,…
-
Attack time frames are shrinking rapidly. Here’s how cyber teams can cope.
Time frame changes to time to exploit: The time frames are quickly shortening as the focus by a variety of attackers’ ransomware efforts shift to data stealing first, rather than trying to collect ransoms.A recent Huntress Cyber Report shows that that TTE, which the researchers refer to as “time-to-ransom” or TTR, has dropped to a few…
-
Google Launches Open-Source OSV-Scanner for Detecting Security Vulnerabilities
Google has announced the launch ofOSV-Scanner V2, an open-source tool designed to enhance vulnerability scanning and remediation across various software ecosystems. This update follows the recent release of OSV-SCALIBR, another powerful tool in the OSV suite, which together form a comprehensive platform for managing vulnerability metadata and streamlining vulnerability detection and management. Key Features of OSV-Scanner…