Attackers Use AI to Automate EDR Evasion Testing
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
CrowdStrike is a cybersecurity platform whose endpoint protection, incident response, and vulnerabilities can affect organizational systems and data.
Search across headline titles and summaries.
Background for this topic.
CrowdStrike provides a cloud-native endpoint detection and response platform that monitors devices for malicious activity using behavioral analytics and threat intelligence. Its architecture relies on lightweight agents that continuously collect and analyze endpoint data in real time, enabling rapid identification of malware, fileless attacks, and advanced persistent threats. The platform’s cloud-based design allows centralized visibility and automated threat hunting across distributed environments.
Security practitioners should note that CrowdStrike’s reliance on cloud connectivity introduces potential risks if agent communication channels are disrupted or compromised. Additionally, the platform’s extensive telemetry collection raises privacy considerations and requires careful access controls. Effective deployment involves tuning detection rules to reduce false positives while ensuring timely alerts for sophisticated intrusions, making it a critical tool for proactive endpoint defense and incident investigation workflows.
Weekly headline count for the current query.
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
From the MGM and Caesars fiasco and MOVEit's patch nightmare to epic business blunders and the jaded reality of living in a post-breach world, Dark Reading looks back at the mistakes, miscalculations, systemic failures, and cringeworthy moments that still have us shaking our heads.
Once CrowdStrike's nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry.
Credential misuse, AI tools, and security blind spots help attackers move through breached networks faster than ever, CrowdStrike finds.
Zscaler's acquisition of SquareX comes as competitors like CrowdStrike and Palo Alto Networks are also investing in secure browser technologies.
The browser protection and detection technology will be integrated into Falcon platform to protect endpoints, browser sessions, and cloud applications.
The CrowdStrike-SGNL deal underscores how identity security has become a critical component of enterprise cybersecurity as companies add cloud services and deploy AI-driven tools.
This acquisition will bring Onum's real-time data pipeline to CrowdStrike's Falcon Next-Gen SIEM platform to deliver autonomous threat detection capabilities.
From "eCrime" actors to fake IT tech workers, CrowdStrike researchers found that adversaries are using AI to enhance their offensive cyber operations.
A year after the largest outage in IT history, organizations need to make an active effort to diversify their technology and software vendors and create a more resilient cyber ecosystem moving forward.
The ever-growing volume of vulnerabilities and threats requires organizations to remain resilient and anti-fragile — that is, to be able to proactively respond to issues and continuously improve.
Microsoft and CrowdStrike announced an effort to deconflict the overlapping names of threat groups and reduce confusion for companies, but we've been here before.
Vixen Panda, Aquatic Panda — both Beijing-sponsored APTs and financially motivated criminal groups continued to pose the biggest threat to organizations in Central and South America last year, says CrowdStrike.
The impetus for CrowdStrike's new professional services came from last year's Famous Chollima threat actors, which used fake IT workers to infiltrate organizations and steal data.
Cybercriminals are luring victims into downloading the XMRig cryptomining malware via convincing emails, inviting them to schedule fake interviews using a malicious link.
In US Senate testimony, a CrowdStrike exec explained how this advanced persistent threat penetrated telcos in Asia and Africa, gathering SMS messages, unique identifiers, and other metadata along the way.
Adaptive Shield is the third security posture management provider the company has acquired in the last 14 months as identity-based attacks continue to rise.
Knee-jerk reactions to major vendor outages could do more harm than good.
Delta argues that it lost hundreds of million of dollars in downtime and other costs in the aftermath of the incident, while CrowdStrike says it isn't liable for more than $10 million.