Tag: edr
-
CNAPP-Kaufratgeber
Tags: access, ai, application-security, attack, authentication, cloud, container, detection, edr, encryption, framework, group, ibm, infrastructure, intelligence, kubernetes, linux, ml, monitoring, network, open-source, risk-management, saas, soar, software, supply-chain, threat, tool, vmware -
RSA Conference 2025, News and analysis
Tags: ai, automation, conference, cybercrime, cybersecurity, data, defense, detection, edr, identity, ransomware, regulation, tactics, threat, zero-trustAI in cybersecurity (both as a threat and a defense)Cloud security challenges and solutionsThe latest ransomware tactics and how to defend against themPrivacy regulations and data protectionEmerging threats like quantum computingKeep an eye out for emerging trends that will be highlighted at the conference. This year, expect a strong focus on topics such as XDR…
-
XDR, MDR, And EDR: Enhancing Your Penetration Testing Process With Advanced Threat Detection
Tags: attack, cyber, cybersecurity, defense, detection, edr, exploit, malicious, penetration-testing, strategy, threat, vulnerabilityIn the ever-evolving world of cybersecurity, organizations must continuously adapt their defense strategies to stay ahead of increasingly sophisticated threats. One of the most effective ways to identify and mitigate vulnerabilities is through penetration testing, a proactive approach that simulates real-world attacks to uncover weaknesses before malicious actors can exploit them. However, the effectiveness of…
-
Microsoft Defender XDR False Positive Leaked Massive 1,700+ Sensitive Documents to Publish
An alarming data leak involving Microsoft Defender XDR has exposed more than 1,700 sensitive documents from hundreds of organizations, following a chain reaction triggered by a critical false positive error. Security researchers at ANY.RUN first identified and reported the incident, highlighting major weaknesses in automated threat detection systems and the risks posed by user behaviors…
-
Microsoft Defender XDR stuft Adobe Acrobat Cloud-Links als bösartig ein Folge war, dass sensible Dokument öffentlich wurden
Es hat mal wieder arg “gerappelt”. Der Microsoft Defender XDR hat beim Adobe Acrobat Cloud-Links fälschlich als “bösartig” eingestuft. Das hatte und hat zur Folge, dass plötzlich Tausende Adobe-Nutzer mehr als 1.700 sensible Dokumente auf der Online-Plattform AnyRun prüfen ließen. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/24/microsoft-defender-xdr-stuft-adobe-acrobat-cloud-links-als-boesartig-ein-folge-war-dass-sensible-dokument-oeffentlich-wurden/
-
10 key questions security leaders must ask at RSA 2025
Tags: access, ai, api, application-security, authentication, automation, business, cisa, ciso, cloud, conference, control, corporate, cve, cyber, cybersecurity, data, defense, detection, edr, endpoint, fido, finance, gartner, google, government, healthcare, infrastructure, microsoft, mitigation, mitre, monitoring, mssp, network, nist, passkey, password, phone, programming, resilience, risk, risk-management, service, software, strategy, switch, threat, tool, training, vulnerability, zero-trustIs agentic AI more myth than reality?: Building on 2024’s AI enthusiasm, this year will be all about agentic AI, defined as “a type of AI that enables software systems to act autonomously, making decisions and taking actions based on goals, with minimal human intervention,” according to AI itself (source: Google Gemini). We’ll see lots…
-
White-Labeled XDR Platform
What is a White-Labeled XDR Platform? XDR stands for Extended Detection and Response, a security solution that integrates multiple security layers (endpoint, network, server, cloud, and more) into a unified system. It provides end-to-end visibility, real-time threat detection, and automated responses across the entire IT environment. Now add white labeling to the mix. A First…
-
Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware.This includes updated versions of a known backdoor called TONESHELL, as well as a new…
-
Chinese Hacker Group Mustang Panda Bypass EDR Detection With New Hacking Tools
The China-sponsored hacking group, Mustang Panda, has been uncovered by Zscaler ThreatLabz to employ new techniques and tools, including the updated backdoor ToneShell and a novel tool named StarProxy, to evade endpoint detection and response (EDR) systems. Mustang Panda’s New Techniques Mustang Panda, known for targeting government and military entities primarily in East Asia, has…
-
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak – P2
This is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by Mustang Panda that we have named PAKLOG and CorKLOG as well as an EDR evasion…
-
Latest Mustang Panda Arsenal: ToneShell and StarProxy – P1
IntroductionThe Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several previously undocumented tools. Mustang Panda, a China-sponsored espionage group, traditionally targets government-related entities, military entities, minority groups, and non-governmental organizations (NGOs) primarily…
-
OT-Security: Warum der Blick auf Open Source lohnt
Tags: ai, compliance, control, data, detection, edr, endpoint, Hardware, incident, incident response, intelligence, iot, microsoft, ml, monitoring, network, open-source, PCI, technology, threat, tool, vulnerability, vulnerability-managementAuch im OT-Security-Bereich stellen Open-Source-Lösungen eine kostengünstige Alternative zu kommerziellen Tools dar. Die zunehmende Digitalisierung und Vernetzung in der industriellen Produktion haben OT-Security (Operational Technology-Sicherheit) zu einem Kernthema in Unternehmen gemacht. Produktionsdaten, SCADA-Systeme (Supervisory Control and Data Acquisition) und vernetzte Maschinen sind in vielen Branchen essenziell und äußerst anfällig für Cyberangriffe. Ein Zwischenfall kann…
-
Chinese APTs Exploit EDR ‘Visibility Gap’ for Cyber Espionage
Blind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here’s how experts say you can get eyes on it all. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apt-exploit-edr-visibility-gap-cyber-espionage
-
Enhancing your DevSecOps with Wazuh, the open source XDR platform
Security shouldn’t wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline”, powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/enhancing-your-devsecops-with-wazuh-the-open-source-xdr-platform/
-
News alert: SpyCloud study shows gaps in EDR, antivirus, 66% of malware infections missed
Austin, TX, USA, April 7, 2025, CyberNewswire, SpyCloud, the leading identity threat protection company, today released new analysis of its recaptured darknet data repository that shows threat actors are increasingly bypassing endpoint protection solutions: 66% of malware infections… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/news-alert-spycloud-study-shows-gaps-in-edr-antivirus-66-of-malware-infections-missed/
-
EDR Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections SpyCloud Research
Deep visibility into malware-siphoned data can help close gaps in traditional defenses before they evolve into major cyber threats like ransomware and account takeover SpyCloud, the leading identity threat protection company, today released new analysis of its recaptured darknet data repository that shows threat actors are increasingly bypassing endpoint protection solutions: 66% of malware infections…
-
Open-Source-Security im Praxis-Check – Wazuh im Test: Flexibles SIEM mit XDR-Funktionen
First seen on security-insider.de Jump to article: www.security-insider.de/wazuh-open-source-siem-xdr-loesung-test-a-ba210f6ea5a61cdda169bfbf9b6f43f8/
-
EDR-as-a-Service makes the headlines in the cybercrime landscape
Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as “EDR-as-a-Service,” is taking hold in the cybersecurity landscape. In a nutshell, some criminal groups are exploiting compromised accounts belonging to law enforcement […]…
-
10 Best XDR (Extended Detection Response) Solutions 2025
As cyber threats grow increasingly sophisticated, traditional security tools often fall short in providing comprehensive protection. Extended Detection and Response (XDR) has emerged as a next-generation cybersecurity solution designed to unify and enhance threat detection, investigation, and response across an organization’s entire IT ecosystem. By integrating data from endpoints, networks, cloud workloads, and other security…
-
Visibility, Monitoring Key to Enterprise Endpoint Strategy
A successful enterprise security defense requires a successful endpoint security effort. With options ranging from EDR, SIEM, SOAR, and more, how do security teams cut through the clutter and focus on what matters? First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/visibility-monitoring-key-to-enterprise-endpoint-strategy
-
Das gehört in Ihr Security-Toolset
Tags: access, ai, antivirus, authentication, backup, breach, business, cloud, compliance, control, cyberattack, cybersecurity, data, data-breach, defense, detection, edr, firewall, gartner, governance, iam, identity, incident response, intelligence, iot, malware, mfa, ml, mobile, network, password, ransomware, risk, saas, service, software, spyware, threat, tool, update, vulnerability, vulnerability-managementLesen Sie, welche Werkzeuge essenziell sind, um Unternehmen gegen Cybergefahren abzusichern.Sicherheitsentscheider sind mit einer sich kontinuierlich verändernden Bedrohungslandschaft, einem zunehmend strengeren, regulatorischen Umfeld und immer komplexeren IT-Infrastrukturen konfrontiert. Auch deshalb wird die Qualität ihrer Sicherheits-Toolsets immer wichtiger.Das Problem ist nur, dass die Bandbreite der heute verfügbaren Cybersecurity-Lösungen überwältigend ist. Für zusätzliche Verwirrung sorgen dabei nicht…
-
Sliver Framework Customized Enhances Evasion and Bypasses EDR Detection
The Sliver Command & Control (C2) framework, an open-source tool written in Go, has been a popular choice for offensive security practitioners since its release in 2020. However, as detection mechanisms evolve, out-of-the-box Sliver payloads are increasingly flagged by Endpoint Detection and Response (EDR) solutions. Recent research demonstrates how minor yet strategic modifications to the…
-
CoffeeLoader Malware Is Stacked With Vicious Evasion Tricks
Next-level malware represents a new era of malicious code developed specifically to get around modern security software like digital forensics tools and EDR, new research warns. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/coffeeloader-malware-evasion-tricks
-
EDR killer links RansomHub with Play, Medusa, BianLian gangs
Tags: edrFirst seen on scworld.com Jump to article: www.scworld.com/news/edr-killer-use-links-ransomhub-with-play-medusa-bianlian-gangs
-
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection
Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that’s designed to download and execute secondary payloads.The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader. “The purpose of the malware is to download and execute second-stage payloads while evading First seen on thehackernews.com Jump…
-
Ransomware gangs increasingly brandish EDR bypass tools
Custom tool developed by RansomHub, dubbed “EDRKillShifter,” is used by several other rival ransomware gangs. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ransomware-gangs-vulnerable-drivers-edr-killers-increasing/743709/
-
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play.The connection stems from the use of a custom tool that’s designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used…