Endpoint Security

A significant security vulnerability has been discovered in Palo Alto Networks' GlobalProtect app, potentially allowing attackers to escalate privileges on affected systems. The flaw, which stems from insufficient certification validation, enables malicious actors to...

AV, anti-malware, and EDR are tools that are primarily used to detect and prevent cyber-attacks. While the AV/EDR bypass tools are designed to evade detection by AV and EDR systems. These tools are often used...

Safe Mode is an operating system diagnostic mode. It is primarily used to troubleshoot issues by loading only essential "drivers" and "services." In Safe Mode, the system operates with minimal functionality, which makes it easier...

RansomHub is well-known for its affiliate scheme and for employing methods to turn off or disable endpoint detection and response (EDR) to avoid discovery and extend its existence on hacked devices or networks. Experts discovered...

The Windows MiniFilter driver, like the Sysmon driver, can be abused to prevent EDR drivers from loading.  Endpoint Detection and Response (EDR) processes are difficult for adversaries to stop, even with local administrator or system-level...

Microsoft will host the Windows Endpoint Security Ecosystem Summit at its headquarters in Redmond, Washington. The event will bring together Microsoft, CrowdStrike, and other key partners in the endpoint security sector to discuss strategies...

Endpoint security tools are software applications that protect endpoints such as desktops, laptops, and mobile devices from cybersecurity threats. These tools secure entry points of end-user devices from being exploited by malicious actors. They...

Killer Ultra malware has been found to be targeting endpoint detection and response (EDR) tools from Symantec, Microsoft, and Sentinel One in ransomware attacks. Killer Ultra gathers all Windows event logs, clears them entirely, and...

Several new vulnerabilities have been discovered in Toshiba e-STUDIO Multi-Function Printers (MFPs) that are used by businesses and organizations worldwide. These vulnerabilities affect 103 different models of Toshiba Multi-Function Printers.  Vulnerabilities identified include Remote Code...

A new privilege escalation vulnerability has been discovered in Zscaler Client Connector, combining three different vulnerabilities. The three vulnerabilities were associated with Reverting password check (CVE-2023-41972), arbitrary code execution (CVE-2023-41973), and Arbitrary File Deletion (CVE-2023-41969). Though...