The latest best practices and technologies for securing endpoints.
REMnux is a free community distribution that ethical hackers, security researchers, and many other security pros can leverage to build their own labs and speed up malware analysis. Whether you’re new to these specialties or an experienced investigator, REMnux contains many helpful Debian packages and configurations to perform advanced tasks, such as: We’ll examine the…
In the race to offer comprehensive cybersecurity solutions, the product known as network detection and response (NDR) is a standalone solution as well as a central component of XDR. Whereas older solutions like antivirus, firewalls, and endpoint detection and response (EDR) have long focused on threats at the network perimeter, the intent of NDR is…
Security researchers have uncovered an unusually sophisticated malware that has been targeting small office/home office (SOHO) routers for nearly two years, taking advantage of the pandemic and rapid shift to remote work. Such routers are rarely monitored or up-to-date, making them attractive targets for hackers to reach adjacent corporate networks. According to Lumen’s Black Lotus…
Given the insane security environment we are in, it may seem weird to suggest that a tech company is too good at security. How can you be too good at something that is critical to the safety and operational resilience of companies and nations? Security is weird that way. I grew up in the security…
Endpoint detection and response (EDR) solutions typically deploy in a standard configuration meant to deliver the least number of false positive alerts in a generic environment. This allows EDR to deploy very quickly, but it also allows for a number of security vulnerabilities. Here we’ll discuss why EDR vendors choose these configurations, and how organizations…
Bypassing detection tools is part of a hacker’s routine these days. Despite the incredible evolution of defensive technologies, attackers often remain undetected for weeks or months, earning the label advanced persistent threat (APT). Classic security tools are necessary but less and less sufficient. That’s why most security companies are now focusing on behavioral analysis and…
MITRE Engenuity has released the latest round of its ATT&CK endpoint security evaluations, and the results show some familiar names leading the pack with the most detections. The MITRE evaluations are unique in that they emulate advanced persistent threat (APT) and nation-state hacking techniques, making them different from tests that might look at static malware…
The Remote Desktop Protocol (RDP) has long been essential for IT service management and remote access. Still, in the wrong hands, RDP attacks and vulnerabilities related to remote desktop software are a severe threat. Recent years presented a torrent of research showing how vulnerable RDP systems are for organizations not taking additional cybersecurity precautions. Because…
Invisibility sounds like something out of a fantasy novel, but if done properly, we can use it to hide computers, gateways, or individual PCs by implementing specific firewall techniques like port knocking or single-packet authorization (SPA). The effectiveness of the technique has a lot in common with the traditional fantasy concept of invisibility and will be…
Most attacks make would-be victims click to install malware or redirect them to a phishing page to steal their credentials. Zero-click attacks remove this hurdle. They can compromise the targeted device despite a victim’s good security hygiene and practices. There is no need for social engineering, as the program can implant backdoors directly without forced…