Tag: edr
-
Runtime: The new frontier of AI agent security
Tags: access, ai, automation, ceo, ciso, computer, container, control, crowdstrike, cybersecurity, data, detection, edr, endpoint, firewall, framework, incident response, jobs, monitoring, network, openai, risk, saas, technology, threat, tool, vulnerability, zero-dayWhat runtime monitoring looks like: Once an organization knows where its agents are, the question is what to watch for, and how.Elia Zaitsev, CTO of CrowdStrike, tells CSO that existing endpoint detection and response (EDR) tools already capture the kinds of behavior needed to track AI agents. They instrument operating systems like a flight data…
-
Researchers Uncover Ways to Decrypt Palo Alto Cortex XDR BIOC Rules for Evasion
Cybersecurity researchers have discovered a critical evasion technique in Palo Alto Networks’ Cortex XDR agent that allowed attackers to completely bypass behavioral detections. The research demonstrates how predefined Behavioral Indicators of Compromise (BIOC) rules, shipped encrypted by Palo Alto, could be decrypted and analyzed. By reverse-engineering these rules, analysts identified hardcoded global whitelists that provided…
-
ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah”¦ this is probably going to show up in real incidents sooner than we’d like.”The pattern this week feels familiar in…
-
Palo Alto Cortex XDR Broker Vulnerability Exposes Systems to Sensitive Information Theft and Modification
Palo Alto Networks has issued a security advisory regarding a newly discovered vulnerability in its Cortex XDR Broker Virtual Machine (VM). Tracked as CVE-2026-0231, this medium-severity flaw could allow a threat actor to access and modify sensitive system information. Because the Broker VM acts as a critical bridge between on-premises network assets and the cloud-based…
-
Palo Alto Cortex XDR Broker Vulnerability Exposes Systems to Sensitive Information Theft and Modification
Palo Alto Networks has issued a security advisory regarding a newly discovered vulnerability in its Cortex XDR Broker Virtual Machine (VM). Tracked as CVE-2026-0231, this medium-severity flaw could allow a threat actor to access and modify sensitive system information. Because the Broker VM acts as a critical bridge between on-premises network assets and the cloud-based…
-
BlackSanta Malware Shuts Down Protections, Targets HR and Recruiting Operations
Russian threat actors for more than a year have targeted HR and recruiting operations in a sophisticated phishing and infostealing campaign that includes a component, dubbed BlackSanta, that can shut down antivirus tools and EDR protections before deploying the malware that exfiltrates data, Aryaka researchers say. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/blacksanta-malware-shuts-down-protections-targets-hr-and-recruiting-operations/
-
BlackSanta EDR-Killer Targets HR Teams in CV-Themed Campaign
BlackSanta malware targets HR staff with fake resumes, kills EDR and steals system data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/blacksanta-edr-killer-targets-hr/
-
HR Departments Targeted by Multi-Layered BlackSanta EDR Killer Malware
Threat actors are increasingly targeting human resources (HR) departments by disguising malware as job application documents. The attack begins with what appears to be a legitimate job application. HR professionals receive a resume hosted on a well-known cloud storage platform, making the file seem trustworthy. The candidate profile looks realistic and relevant to open positions,…
-
New ‘BlackSanta’ EDR killer spotted targeting HR departments
For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-blacksanta-edr-killer-spotted-targeting-hr-departments/
-
‘BlackSanta’ EDR Killer Targets HR Workflows
A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/blacksanta-edr-killer-hr-workflows
-
Fake job applications pack malware that kills EDR before stealing data
Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses First seen on theregister.com Jump to article: www.theregister.com/2026/03/10/malware_targeting_hr/
-
Attackers Use Malformed ZIP Archives to Evade Antivirus and EDR Tools
Cybersecurity researchers at the CERT Coordination Center (CERT/CC) have issued a warning regarding a newly disclosed evasion technique tracked as VU#976247. Threat actors are increasingly utilizing malformed ZIP archives to bypass Antivirus (AV) and Endpoint Detection and Response (EDR) scanning engines. By manipulating the internal headers of these archives, attackers can successfully hide malicious payloads,…
-
The Portland Timbers expand from data protection to cybersecurity with Acronis
The Portland Timbers’ continued partnership with Acronis reflects a shared vision for modern cyber resilience, one built on consolidation, threat intelligence and integrated protection. This expansion goes beyond backup and recovery to incorporate cybersecurity capabilities, including Acronis EDR, Acronis RMM and Acronis Email Security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-portland-timbers-expand-from-data-protection-to-cybersecurity-with-acronis/
-
4 ways to prepare your SOC for agentic AI
Tags: access, ai, attack, automation, best-practice, cloud, compliance, control, cybersecurity, data, defense, detection, edr, framework, governance, guide, identity, injection, intelligence, least-privilege, metric, mitre, radius, RedTeam, risk, siem, skills, soar, soc, threat, toolBuild capabilities for AI governance, content and quality: Upskilling existing analysts alone is not enough. As AI agents begin operating across tools, making decisions and triggering actions with minimal human involvement, the demands on the SOC will extend well beyond traditional analyst capabilities, experts say.Content engineering, for instance, is one emerging requirement. In an AI-enabled…
-
Sophos stellt praktische Tipps für eine stärkere Cyberabwehr zur Verfügung
In diesem Guide finden Sie 11 zentrale Cybersecurity-Kontrollen, die jedes Unternehmen durchführen sollte von Identitäts- und Zugriffsmanagement bis XDR und Backup Readiness. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-stellt-praktische-tipps-fuer-eine-staerkere-cyberabwehr-zur-verfuegung/a43982/
-
Challenges and projects for the CISO in 2026
Tags: access, ai, authentication, automation, awareness, cisco, ciso, cloud, communications, control, credentials, cybersecurity, data, defense, detection, edr, email, encryption, endpoint, finance, framework, group, identity, intelligence, leak, mobile, network, service, soc, sophos, strategy, technology, trainingHazel DÃez (Banco Santander), Roberto Lara (Vodafone), Marijus Briedis (NordVPN), Ãlvaro Fernández (Sophos), and Ãngel Ortiz (Cisco). Banco Santander, Vodafone, NordVPN, Sophos y Cisco. Montaje: Foundry Against this backdrop, Cisco defines AI as “the fundamental technology that will set the cybersecurity agenda in 2026,” in the words of Ortiz, who refers to the company’s Integrated…
-
Raubkopien öffnen Tür für Malware
Mehrere aktuelle Vorfälle zeigen, dass das Risiko nicht nur von außen kommt: Das Sicherheitsteam von Barracuda Managed XDR hat im vergangenen Monat wiederholt Versuche registriert, bei denen Mitarbeitende raubkopierte oder manipulierte Software auf ihren Dienstgeräten installieren wollten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/raubkopien-oeffnen-tuer-fuer-malware
-
Cybersecurity’s Fundamental Flaw: It’s Still an Open-Loop System
<div cla The cybersecurity industry has no shortage of tools, frameworks, controls, and acronyms. Organizations deploy SIEM/SOARs, vulnerability scanners, EDRs, IAM platforms, SSE, and Zero Trust architectures, often simultaneously. Yet breaches continue. And they’re accelerating. This isn’t a tooling failure. It’s a systems-engineering failure. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/cybersecuritys-fundamental-flaw-its-still-an-open-loop-system/
-
OAuth phishers make ‘check where the link points’ advice ineffective
Tags: authentication, automation, awareness, business, cloud, control, edr, email, encryption, endpoint, exploit, governance, identity, login, malicious, microsoft, monitoring, phishing, saas, threat, toolContext, not the URL, is the new red flag: Sakshi Grover, Senior Research Manager at IDC Asia/Pacific, said the longstanding advice to hover over a link and verify its domain was built for an era of lookalike domains and that it no longer holds in environments where authentication flows routinely pass through trusted identity providers.”Organizations…
-
5 trends that should top CISO’s RSA 2026 agendas
Tags: access, ai, attack, authentication, backup, business, cio, ciso, cloud, conference, control, corporate, cryptography, cyber, cybersecurity, data, defense, detection, edr, finance, framework, governance, group, healthcare, identity, incident response, intelligence, network, okta, resilience, risk, saas, service, skills, software, strategy, tactics, technology, threat, tool, training, update, vulnerability, zero-trustCTEM in the spotlight: In another evolutionary trend, most organizations are moving beyond scanning for software snafus to continuous threat exposure management (CTEM). By doing so, security teams hope to get a full picture of all assets, as well as their configurations, locations, software vulnerabilities, ownership, and business criticality.Armed with this data, CTEM platforms look…
-
Hackers Exploit Cortex XDR Live Terminal for C2 Communications
Hackers can repurpose the Cortex XDR Live Terminal feature as a stealthy, EDR”‘trusted command”‘and”‘control (C2) channel, effectively turning a built”‘in response tool into a “living off the land” backdoor on protected endpoints. This abuse leverages the agent’s trusted communications and flexible remote”‘execution capabilities to blend malicious operations into normal Cortex XDR traffic. Cortex XDR Live…
-
Compromised npm package silently installs OpenClaw on developer machines
Update to the latest version: npm install “-g cline@latest.”If on version 2.3.0, update to 2.4.0 or higher.Check for and immediately remove OpenClaw if it hadn’t been intentionally installed (“npm uninstall -g openclaw”).Gooding noted, “nothing ran automatically beyond the install,” but added there was still a risk: “OpenClaw is a capable agentic tool with broad system…
-
What the Nike Breach Teaches Us About the Microsegmentation Imperative of Integrating with EDR
At 14:37 UTC on January 22, 2026, Nike appeared on WorldLeaks’ Tor-based leak site. The countdown timer showed 48 hours until 1.4 terabytes, 188,347 files, would be dumped onto the dark web for anyone to download. Included in the trove of files are assets from Nike’s research and development (R&D) and product creation… First seen…
-
Koi Purchase Bolsters Palo Alto’s AI Attack Surface Defense
$300M Acquisition Strengthens Palo Alto Networks’ XDR and AI Governance Platform. Palo Alto Networks plans to acquire Koi Security for $300 million to address growing AI-driven endpoint risks. The startup’s technology adds deep visibility into AI agents plug-ins and nonbinary code, enhancing Cortex XDR and Prisma AIRS as enterprises confront a growing unmanaged AI attack…
-
A new approach for GenAI risk protection
Solution 1: GenAI enterprise model: Implement enterprise licenses for approved GenAI solutions (such as ChatGPT Enterprise or Microsoft CoPilot 365, which is integrated into existing O365 tenants). Enterprise GenAI solutions typically include a robust set of built-in security tools that allow organizations to secure their data and implement DLP controls within the enterprise GenAI solution…
-
Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident
<div cla An attacker’s initial access, whether through phishing, unmanaged devices, exploited vulnerabilities, or a compromised supply chain, marks the beginning of a dangerous chain of events. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/master-xdr-investigations-a-deep-dive-into-the-gravityzone-xdr-demo-incident/
-
Cyber Startups to Take Innovation Spotlight at RSAC 2026
As Innovation Sandbox Turns 21, AI-Based Solutions Dominate Annual Contest. Next month in San Francisco, the Innovation Sandbox at RSAC Conference will celebrate its 21st year of choosing key emerging solutions in cybersecurity. Past winners and finalists range from EDR and XDR giant SentinelOne in 2014 to cloud security phenom Wiz in 2021. First seen…
-
The 20 Coolest Endpoint And Managed Security Companies Of 2026: The Security 100
CRN’s Security 100 list of the coolest endpoint and managed security companies includes vendors with AI-powered EDR and MDR offerings such as CrowdStrike, Microsoft, SentinelOne and Sophos. First seen on crn.com Jump to article: www.crn.com/news/security/2026/the-20-coolest-endpoint-and-managed-security-companies-of-2026-the-security-100