Attackers Use AI to Automate EDR Evasion Testing
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
Sophos provides cybersecurity software and appliances, whose vulnerabilities, advisories, and deployments can affect network defense and endpoint security.
Search across headline titles and summaries.
Background for this topic.
Sophos is a cybersecurity vendor whose products include endpoint and server protection, network firewalls, email security, cloud-based administration, and managed detection services. The tag generally covers vulnerabilities and security advisories affecting these products, as well as their detection capabilities, updates, integrations, and operational use.
Security concerns vary by deployment. Internet-facing Sophos Firewall appliances and management interfaces are high-value targets: an unpatched vulnerability or exposed administrative service can enable unauthorized access to the appliance or connected networks. Administrators should monitor Sophos advisories, apply firmware and software updates promptly, restrict management access, and use strong authentication. Sophos Central and endpoint agents also hold broad administrative authority and collect security telemetry, so compromised accounts, unsafe exclusions, faulty policy changes, or disabled agents can reduce detection and containment. During an investigation, preserve relevant endpoint and firewall logs and verify that alert forwarding and response integrations are functioning rather than assuming protection is active.
Weekly headline count for the current query.
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
Dark Reading Confidential Episode 9: Join us for a look around today's Dark Web, and find out how law enforcement, AI, nation-state activities, and more are reshaping the way cybercriminals conduct their dirty business online. Keith Jarvis, senior security researcher at Sophos' Counter Threat Unit joins Dark Reading's Alex Culafi for a conversation you don't want to miss.
Sophos researchers found this operation has similarities or connections to many other campaigns targeting GitHub repositories dating back to August 2022.
Sophos noted more than 15 attacks have been reported during the past three months.
The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.
Sophos CEO Joe Levy says $859 million deal to acquire SecureWorks from majority owner Dell Technologies will put the Taegis platform — with network detection and response, vulnerability detection and response, and identity threat detection and response capabilities — at the core.
In this Dark Reading News Desk segment, John Shier, Field CTO Commercial, Sophos, discusses the "Royal" ransomware.
John Shier of Sophos joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the latest active adversary reports.
Layoffs intended to cut costs, help company shift its focus on cybersecurity services, Sophos says.
Sophos research unveiled at Black Hat Europe details a thriving subeconomy of fraud on the cybercrime underground, aimed at Dark Web forum users.
Company research indicates ransomware gangs may be working in concert to orchestrate multiple attacks, explains Sophos’ John Shier.
Sophos' John Shier joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the ransomware problem.
Acquisition of cloud-based alert security company will help Sophos automate tasks bogging down security teams, the company says.