Tag: edr
-
New Obex Tools Blocks Runtime Loading of EDR Dynamic Libraries
Obex, a newly released proof-of-concept utility by security researcher dis0rder0x00, demonstrates a simple but effective user-mode method to stop unwanted security and monitoring modules from loading into Windows processes. The tool launches a target process under debugger control and enforces a configurable DLL blocklist, preventing both startup and runtime loads of designated libraries. A demonstration…
-
Ganzheitliche Cybersicherheit – Wie Managed XDR Unternehmen gegen KI-Angriffe stärkt
First seen on security-insider.de Jump to article: www.security-insider.de/managed-xdr-ki-angriffe-a-2fa36f3ab50a4fb361d8c7c3129b8156/
-
6 Best Enterprise Antivirus Software Choices
We reviewed the leading enterprise antivirus and EDR tools and found SentinelOne Singularity to be the best overall, followed closely by Microsoft Defender and CrowdStrike Falcon. The post 6 Best Enterprise Antivirus Software Choices appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/best-antivirus-software/
-
XWorm campaign shows a shift toward fileless malware and in-memory evasion tactics
Tags: api, control, detection, edr, encryption, injection, malware, monitoring, office, open-source, powershell, software, tacticsDodging sandboxes and scanners: The attackers relied on well-known evasion techniques throughout the chain, including API hashing to hide intent, API calls that bypass user-mode hooks installed by security software, and multiple encryption layers inside .NET DLLs.”The DLL file uses several encryption techniques for analysis to be difficult, such as RSACryptor, Virtualization, Fake.cctor, and many…
-
XWorm campaign shows a shift toward fileless malware and in-memory evasion tactics
Tags: api, control, detection, edr, encryption, injection, malware, monitoring, office, open-source, powershell, software, tacticsDodging sandboxes and scanners: The attackers relied on well-known evasion techniques throughout the chain, including API hashing to hide intent, API calls that bypass user-mode hooks installed by security software, and multiple encryption layers inside .NET DLLs.”The DLL file uses several encryption techniques for analysis to be difficult, such as RSACryptor, Virtualization, Fake.cctor, and many…
-
XWorm campaign shows a shift toward fileless malware and in-memory evasion tactics
Tags: api, control, detection, edr, encryption, injection, malware, monitoring, office, open-source, powershell, software, tacticsDodging sandboxes and scanners: The attackers relied on well-known evasion techniques throughout the chain, including API hashing to hide intent, API calls that bypass user-mode hooks installed by security software, and multiple encryption layers inside .NET DLLs.”The DLL file uses several encryption techniques for analysis to be difficult, such as RSACryptor, Virtualization, Fake.cctor, and many…
-
Chinese APT Drops ‘Brickstorm’ Backdoors on Edge Devices
The China-linked cyber-espionage group UNC5221 is compromising network appliances that cannot run traditional EDR agents to deploy new versions of the Brickstorm backdoor. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-apt-brickstorm-backdoors-edge-devices
-
Cyber-Resilienz stärken – Warum MDR statt XDR für den Mittelstand oft die bessere Wahl ist
First seen on security-insider.de Jump to article: www.security-insider.de/mdr-cybersicherheit-kmu-a-628535a4dec4dd8425d8e0d13b3dc896/
-
Cyber-Resilienz stärken – Warum MDR statt XDR für den Mittelstand oft die bessere Wahl ist
First seen on security-insider.de Jump to article: www.security-insider.de/mdr-cybersicherheit-kmu-a-628535a4dec4dd8425d8e0d13b3dc896/
-
Anton’s Security Blog Quarterly Q3 2025
Tags: ai, automation, breach, ciso, cloud, cyber, defense, detection, edr, google, governance, guide, metric, office, RedTeam, risk, siem, soc, software, supply-chain, threat, vulnerability, vulnerability-management, zero-trustAmazingly, Medium has fixed the stats so my blog / podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify). Gemini for docs based on this blog Top 10 posts with the most…
-
New EDR-Freeze tool uses Windows WER to suspend security software
A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft’s Windows Error Reporting (WER) system. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-edr-freeze-tool-uses-windows-wer-to-suspend-security-software/
-
Hackers Deploy New EDR-Freeze Tool to Disable Security Software
A security researcher has released a new tool that can temporarily disable endpoint detection and response (EDR) systems and antivirus software without requiring vulnerable drivers, marking a significant evolution in attack techniques targeting security solutions. Advanced Evasion Through Windows Components The tool, dubbed EDR-Freeze and developed by researcher TwoSevenOneT, exploits Windows Error Reporting functionality to suspend security…
-
Sophos Threat-Hunter-Analyse: Neue Ransomware-Gruppe sorgt für Aufsehen
Darüber hinaus umging die Gruppe eine EDR-Lösung mithilfe der BYOVD-Technik (Bring Your Own Vulnerable Driver). Konkret setzten sie einen anfälligen Baidu-Antivirus-Treiber (umbenannt in googleApiUtil64.sys) ein, der das Beenden beliebiger Prozesse erlaubt (CVE-2024-51324) und damit auch den Stopp des EDR-Agenten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-threat-hunter-analyse-neue-ransomware-gruppe-sorgt-fuer-aufsehen/a42049/
-
Palo Alto Networks and Microsoft Featured in MITRE ATTCK Evaluations 2026
Two cybersecurity industry leaders have made significant announcements regarding their participation in the upcoming MITRE ATT&CK Evaluations, marking a notable shift in how major security vendors approach independent testing validation. Diagram illustrating core features of Palo Alto Networks’ Cortex XDR cybersecurity platform, including threat intelligence, endpoint protection, and automation Palo Alto Networks Steps Back After…
-
Ransomware attackers used incorrectly stored recovery codes to disable EDR agents
All target organizations are different, but ransomware attackers are highly adaptive and appreciate and will exploit any mistake you make. The latest Akira … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/16/akira-ransomware-disable-edr/
-
Ransomware attackers used incorrectly stored recovery codes to disable EDR agents
All target organizations are different, but ransomware attackers are highly adaptive and appreciate and will exploit any mistake you make. The latest Akira … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/16/akira-ransomware-disable-edr/
-
New ransomware Yurei adopts open-source tools for double-extortion campaigns
Tags: access, attack, authentication, backup, breach, ciso, cloud, control, data, edr, extortion, flaw, intelligence, Internet, mfa, network, open-source, phishing, powershell, ransomware, resilience, risk, service, switch, threat, tool, windowsBigger risks beyond downtime: The double-extortion ransomware appears to be an early version, as it has loopholes. Ransomware often targets and deletes shadow copies to block victims from using Windows’ built-in recovery options. But Yurei did not delete the shadow copies, which, if enabled, can allow the victim to restore their files to a previous…
-
OT security: Why it pays to look at open source
Tags: access, ai, attack, compliance, control, data, defense, detection, edr, endpoint, Hardware, intelligence, iot, microsoft, ml, monitoring, network, open-source, PCI, service, strategy, threat, tool, vulnerabilityOT security at the highest level thanks to open-source alternatives: Commercial OT security solutions such as those from Nozomi Networks, Darktrace, Forescout or Microsoft Defender for IoT promise a wide range of functions, but are often associated with license costs in the mid to high six-figure range per year. Such a high investment is often…
-
‘MostereRAT’ Malware Blends In, Blocks Security Tools
A threat actor is using a sophisticated EDR-killing malware tool in a campaign to maintain long-term, persistent access on Windows systems. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/mostererat-blocks-security-tools
-
Raw Disk Reads: The EDR Blind Spot Threat Actors Love
Attackers use raw disk reads to evade EDR and steal Windows credential files, exposing a major blind spot in enterprise defenses. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/edr-blind-spots-workday/
-
Hackers Exploit Raw Disk Reads to Evade EDR and Steal Sensitive Files
Attackers can bypass Endpoint Detection and Response (EDR) tools and file locks by reading raw disk sectors directly, highlighting the urgent need for organizations to audit and secure the drivers installed on their Windows systems. In modern Windows environments, drivers provide low-level access to hardware and disk functions. A recent investigation by Workday’s Offensive Security…
-
How Strong Device Policies Can Help Solve Your Shadow IT Problem
Remote work fuels Shadow IT risks. Learn how to manage USBs and portable storage with encryption, EDR, and policies that balance security with usability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/how-strong-device-policies-can-help-solve-your-shadow-it-problem/
-
How Strong Device Policies Can Help Solve Your Shadow IT Problem
Remote work fuels Shadow IT risks. Learn how to manage USBs and portable storage with encryption, EDR, and policies that balance security with usability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/how-strong-device-policies-can-help-solve-your-shadow-it-problem/
-
Sophos integriert Endpoint-Schutz in Taegis-MDR und -XDR
Die native Integration von Sophos-Endpoint in die cloud-native Sicherheitsplattform Taegis hebt die Security-Performance auf ein neues Niveau, indem sie eine einheitliche Plattform für leistungsstarke Prävention, Erkennung und Reaktion bereitstellt. Damit erhalten Kunden unmittelbar Zugang zu einer vollständig integrierten Plattform für Cyber-Prävention und -Erkennung sowie für die Reaktion auf Cybervorfälle bei geringeren Kosten und deutlich vereinfachtem […]…
-
Sophos erhöht die Security Performance und integriert den Endpoint-Schutz in Taegis MDR und XDR
Damit erhalten Unternehmen ohne zusätzliche Lizenzkosten Zugriff auf eine zentrale Plattform, die Prävention, Erkennung und Reaktion auf Cyberangriffe vereint und das mit weniger Komplexität und geringeren Betriebskosten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-erhoeht-die-security-performance-und-integriert-den-endpoint-schutz-in-taegis-mdr-und-xdr/a41882/
-
Hackers Exploit Windows Defender Policies to Shut Down EDR Agents
Cybercriminals are now weaponizing Windows Defender Application Control (WDAC) policies to disable Endpoint Detection and Response (EDR) agents en masse. What began as a proof-of-concept research release in December 2024 has quickly evolved into an active threat, with multiple malware families adopting WDAC policy abuse to evade detection and block security tools entirely. The original…