Endpoint Security

Killer Ultra malware has been found to be targeting endpoint detection and response (EDR) tools from Symantec, Microsoft, and Sentinel One in ransomware attacks. Killer Ultra gathers all Windows event logs, clears them entirely, and...

Several new vulnerabilities have been discovered in Toshiba e-STUDIO Multi-Function Printers (MFPs) that are used by businesses and organizations worldwide. These vulnerabilities affect 103 different models of Toshiba Multi-Function Printers.  Vulnerabilities identified include Remote Code...

A new privilege escalation vulnerability has been discovered in Zscaler Client Connector, combining three different vulnerabilities. The three vulnerabilities were associated with Reverting password check (CVE-2023-41972), arbitrary code execution (CVE-2023-41973), and Arbitrary File Deletion (CVE-2023-41969). Though...

Researchers discovered REF4578, an intrusion set that uses vulnerable drivers to disable established security solutions (EDRs) for crypto mining and deploys a malicious payload known as GHOSTENGINE. GHOSTENGINE is in charge of locating and running...

Multiple vulnerabilities involving SQL injection have been identified in Ivanti Endpoint Manager. These vulnerabilities could potentially enable malicious actors to carry out various unauthorized actions, including initiating Denial of Service attacks and executing arbitrary...

Recent email campaigns distribute DanaBot malware through two document types: those using equation editor exploits and those containing external links, where attackers send emails disguised as job applications with a malicious Word document attached.  The...

In the rapidly evolving, complex threat landscape, EDR companies are constantly racing against new vectors. Recently, Helvio Benedito Dias de Carvalho Junior (aka M4v3r1ck) from Sec4US has developed an innovation called "HookChain." It is an...

Bitdefender GravityZone Update Server (versions 6.36.1, Endpoint Security for Linux 7.0.5.200089, and Endpoint Security for Windows 7.9.9.380) is vulnerable to server-side request forgery (SSRF) due to an incorrect regular expression.  The weakness allows an attacker...

COM (Component Object Model) hijacking is a technique in which threat actors exploit the core architecture of Windows by adding a new value on a specific registry key related to the COM object. This...

Endpoint security tools are important parts of cybersecurity in order to keep computers, phones, and servers safe from threats and bad behavior. Every enterprise, regardless of size, has a digital perimeter. This perimeter comprises all...