Attackers Use AI to Automate EDR Evasion Testing
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
The forensic tool's driver was signed with a digital certificate that expired years ago, but major security gaps allowed Windows to load it.
The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks.
An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. [...]
The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware
A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft's Windows Error Reporting (WER) system. [...]
A threat actor is using a sophisticated EDR-killing malware tool in a campaign to maintain long-term, persistent access on Windows systems.
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. [...]
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. [...]
A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware
Vendors Consolidate Endpoint, Managed Offerings to Combat Major Industry PlayersRising competition from CrowdStrike and Microsoft is driving MDR and EDR providers to consolidate. Companies such as Sophos and Arctic Wolf are acquiring endpoint or managing security technology to enhance detection and response capabilities, signaling a shift toward full-stack security solutions.
A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions
Merger to Strengthen MDR, EDR, Consulting Services and Threat Intelligence GloballySoftBank-backed merger between Trustwave and Cybereason brings together leading MDR, EDR, DFIR, and threat intelligence capabilities. The combined organization aims to improve AI-driven detection and enhance Microsoft E5 support, targeting enterprise, mid-market, and public sector clients worldwide.
The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for the operation of security solutions and making restoration harder. [...]
Though the cybersecurity vendor has since reverted the update, chaos continues as companies continue to struggle to get back up and running.
Russian threat actor FIN17 has shifted gears multiple times in recent years, focusing now on helping ransomware groups be even more covertly effective.
Two new code-execution techniques, Poison Fiber and Phantom Thread, take advantage of a little-known Windows OS workhorse to sneak shellcode and other malware onto victim machines.
A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems
The Windows 11 22H2 KB5027231 cumulative update released during this month's Patch Tuesday also breaks Google Chrome on systems protected by Cisco and WatchGuard EDR and antivirus solutions. [...]
Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack