< ciso
brief />
Tag Banner

All news with #endpoint security tag

76 articles · page 2 of 4

Apple's Camera Indicator Lights: Design and Security

🔒 Apple has implemented a camera-indicator approach that carefully blends hardware and system design to ensure users are alerted when the camera is active. While a dedicated LED appears inherently more tamper-resistant than an on-screen widget, Apple addresses overlay and spoofing concerns through integrated hardware–software controls and system-level protections. The result is a thoughtfully engineered notification mechanism that substantially reduces the risk of unnoticed camera use.
read more →

HP launches TPM Guard to block physical TPM attacks

🔒 HP announced TPM Guard, a hardware-plus-firmware solution introduced at its Imagine event, which creates an authenticated, encrypted tunnel between the TPM and the CPU to protect keys in transit. The design cryptographically binds the TPM to the host processor so the chip stops functioning if removed. HP says the feature thwarts low-cost physical attacks that can intercept TPM communications and will be available via firmware update on selected G2 commercial PCs starting in July, with broader integration in future models.
read more →

Endpoint Security Fails on One in Five Enterprise Devices

🛡️Research by Absolute Security finds endpoint cybersecurity software fails to protect one in five enterprise devices, creating an equivalent of 76 days per year of increased exposure to attackers. The 2026 Resilience Risk Index, published March 23, ties this gap to patch delays and rising endpoint complexity, with 24% of vulnerability platforms out of compliance. The report urges stronger enforcement of patch and update policies to reduce downtime and remediation costs.
read more →

54 EDR Killers Use BYOVD to Exploit 34 Signed Drivers

🔒 A new ESET analysis identified 54 EDR-killer tools that leverage BYOVD, abusing 34 signed vulnerable drivers to gain kernel-mode privileges and neutralize endpoint protection. These utilities are frequently reused in ransomware operations to disable defenses prior to encryption, decoupling evasion from the encryptor. ESET recommends blocking misused drivers and adopting layered detection to mitigate the threat.
read more →

EDR killers explained: Beyond vulnerable drivers and tactics

🔒 ESET's research examines the prevalence and mechanics of EDR killers—separate tools attackers deploy to neutralize endpoint protection immediately before executing encryptors. Based on telemetry and incident analysis of nearly 90 active samples, the blogpost covers BYOVD, anti-rootkit abuse, driverless disruption, commercialization of kits, and indicators suggestive of AI-assisted development. The authors highlight predictable affiliate-driven tooling choices and warn that driver-based attribution is often misleading; they recommend prevention-focused, multilayered defenses and rapid containment.
read more →

CISA Urges Hardening of Endpoint Management Systems

🔒 CISA warns of malicious activity targeting endpoint management systems following the March 11, 2026 attack against Stryker Corporation that affected its Microsoft environment. The agency urges organizations to harden endpoint management configurations and adopt Microsoft’s newly released best practices for securing Microsoft Intune, while applying those principles to other endpoint management tools. Key recommended controls include RBAC-based least-privilege administrative roles, phishing-resistant MFA and privileged access hygiene using Microsoft Entra ID, and configuring Multi Admin Approval policies for high-impact actions such as device wipes, application and script changes, and RBAC modifications.
read more →

Zombie ZIP attack evades AV and EDR by header abuse

🧟 Researchers disclosed a technique called 'Zombie ZIP' that manipulates ZIP headers to hide DEFLATE-compressed payloads so scanners treat them as uncompressed, producing widespread false negatives in antivirus and EDR tools. The author, Chris Aziz of Bombadil Systems, published proof-of-concept archives showing scanners trust the ZIP Method field and therefore scan raw bytes instead of compressed data. CERT/CC assigned CVE-2026-0866 and recommends stricter archive validation; end users should delete archives that raise 'unsupported method' or extraction errors.
read more →

BlackSanta EDR-Killer Targets HR and Recruitment Teams

🔍 Aryaka Threat Research Lab has identified a campaign that distributes resume-like attachments to target HR and recruiting staff, deploying a component named BlackSanta that attempts to disable endpoint detection and response. The multi-stage infection chain performs system reconnaissance, sandbox and VM checks, and geographic and language filtering before downloading further payloads. Attackers appear Russian-speaking and leverage routine hiring workflows to increase success, while encrypted communications and data exfiltration help maintain persistence.
read more →

Can Security Platforms Finally Deliver for Mid-Market?

🔒 This contributed piece from Bitdefender explains how a unified security platform can help mid-market organizations meet enterprise-level expectations without enterprise budgets. The article promotes Bitdefender GravityZone and an upcoming webinar that shows how consolidating tools can simplify operations, reduce costs, and strengthen security posture. It targets IT directors, CISOs, and lean security teams seeking practical steps to demonstrate reduced risk and free up resources.
read more →

SMBs, threat research and MDR: building a defensive edge

🔍 ESET’s threat research team combines telemetry, incident investigation and curated intelligence to help SMBs understand attacker methods and improve detections. Through MDR the company layers human-led hunting and rapid, tailored responses on top of endpoint protection, giving organizations clearer visibility and faster containment. This practical blend of technology and expertise makes advanced defence accessible without the cost of an in-house SOC.
read more →

Fake Zoom Meeting Installs Covert Employee Surveillance

🔒 Malwarebytes researchers warn of a convincing fake Zoom meeting page that silently downloads and installs a covert build of Teramind on Windows endpoints. Victims see scripted participants and an “Update Available” countdown that triggers a silent download while a fake Microsoft Store screen displays a staged installation. Because the payload is a repackaged commercial monitoring tool, many defenses may not flag it, so prompt verification and training are essential.
read more →

Locking Down Endpoint Vulnerabilities Across Laptops and IoT

🔒 Attackers frequently exploit common endpoint weaknesses—exposed Remote Desktop Protocol (RDP), sophisticated phishing, abused Remote Monitoring and Management (RMM) tools, and unpatched software—to gain access and persist. The article shows how brute-force RDP, AI-enhanced phishing, and misconfigured RMMs enable lateral movement and stealthy persistence. Implement MFA, regular patching, EDR, RMM audits, and user training to reduce risk.
read more →

Securing the Agentic Endpoint: New Protection Needed

🔒 Traditional endpoint defenses miss a growing class of non-binary software — browser extensions, code packages, IDE plugins, local servers, containers and model artifacts — that employees and developers install without centralized oversight. AI agents amplify that blind spot by acting with user credentials, autonomously discovering, invoking and installing components at machine speed. Palo Alto Networks says it intends to acquire Koi to deliver Agentic Endpoint Security, focused on visibility, continuous risk analysis and real-time policy enforcement to remediate risky behaviors.
read more →

NCSC Urges SMEs to Use Cyber Essentials as Threats Rise

🔐 The NCSC's CEO Richard Horne has warned that small and medium-sized enterprises (SMEs) wrongly assume they are not attractive to cybercriminals and are failing to take basic protective measures. He stressed that attackers seek opportunity and weaknesses rather than high-profile brands, and urged businesses to adopt Cyber Essentials. The scheme focuses on five core controls — secure configuration, user access control, malware protection, security update management and firewalls — to reduce the risk of common attacks. Horne warned that leaving these protections undone is comparable to operating without physical security or insurance and called on SMEs to act immediately as the NCSC reports rising incidents and risks to critical infrastructure.
read more →

Cyber Threats to the Defense Industrial Base & Supply Chain

🛡️ Google Threat Intelligence Group (GTIG) details persistent, multi-vector cyber threats to the defense industrial base. State-sponsored and hacktivist actors target UAVs and battlefield systems, exploit personnel and hiring processes, and increasingly compromise edge devices and appliances to bypass EDR. The report documents campaigns against messaging apps, Android and Windows malware, and recruitment-themed lures. It also highlights ransomware and supply‑chain risks that can disrupt production and surge capacity.
read more →

EDR, Email and SASE Miss an Entire Class of Browser Attacks

🔍 Most enterprise work now takes place in the browser, yet security architectures still center on endpoints, email, and network layers. Keep Aware calls this mismatch a "safe haven" that attackers exploit with user-driven flows that leave little forensic evidence. Common techniques include click‑prompt social engineering, malicious extensions, man‑in‑the‑browser variants, and HTML smuggling — all of which can appear legitimate to EDR, email security, or SASE. Without browser-level visibility, teams struggle to prevent, reconstruct, or learn from these incidents.
read more →

Attackers Use Decade-Old Windows Driver to Disable EDR

🛡️ Huntress reported attackers used a decade-old, signed EnCase kernel driver during an early 2026 intrusion to disable EDRs via a Bring Your Own Vulnerable Driver (BYOVD) technique. The incident began after compromised SonicWall SSL VPN credentials and involved a custom “EDR killer” that decoded and installed a kernel driver (OemHwUpd.sys) to terminate protected processes from kernel mode. Because the driver was timestamped while its certificate was valid, Windows still accepts its signature, allowing attackers to load the driver and repeatedly kill security tooling. Huntress recommends enabling Microsoft’s Vulnerable Driver Blocklist, enforcing MFA on VPNs, and enabling HVCI.
read more →

Fortinet Named Gartner Insights Customers' Choice for EPP

🛡️ Fortinet has been named a 2026 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms, marking its fourth consecutive year receiving the distinction. The recognition is based on verified end‑user reviews through November 2025, yielding a 4.8/5 overall rating and a 98% willingness to recommend from 168 ratings. Fortinet highlights its unified FortiEndpoint agent — combining FortiEDR and FortiClient — to deliver EPP, EDR, ZTNA, vulnerability management, centralized management, and simplified operations with minimal performance impact.
read more →

CrowdStrike Named Customers' Choice in 2026 Gartner EPP

🔒 CrowdStrike has been named a Customers’ Choice in the 2026 Gartner Peer Insights Voice of the Customer for Endpoint Protection Platforms report. The Falcon platform earned the most 5‑star ratings (592) and a 97% Willingness to Recommend score from roughly 800 responses, reflecting strong product capabilities and deployment experience. CrowdStrike credits its AI‑native architecture and recent innovations—APEX, remote ransomware prevention, automated leads, Malware Analysis Agent, and Charlotte Agentic SOAR—for improving detection, reducing false positives, and automating response workflows.
read more →

Android Theft Protection Updates: Smarter, Stronger

🔒 The Android Security Team announced a set of theft protection updates designed to make devices harder targets for criminals. Available on devices running Android 16+ and recovery tools on Android 10+, the changes add a dedicated toggle for Failed Authentication Lock, expand Identity Check coverage to all apps using the Biometric Prompt, and increase lockout times while preventing identical repeated guesses from counting toward retries. Remote Lock gains an optional security challenge, and new devices activated in Brazil will ship with Theft Detection Lock and Remote Lock enabled by default.
read more →