Skip to main content

Tag: edr

5 articles

Cluttered home office desk with Mac laptop, coffee cup, and papers, conveying everyday use and vulnerability.

macOS Flaw Enables Users to Disable EDR, MDM Tools

A security flaw in macOS has been discovered that allows users to quietly disable crucial enterprise security tools, including EDR and MDM, without needing administrator privileges. This gap in endpoint security models could leave businesses vulnerable to attacks.

Analyst 207
Cluttered office workstation with laptop and security software dashboard.

Gentlemen Ransomware Targets 400 Security Processes with GentleKiller EDR Framework

Meet GentleKiller, a sophisticated EDR-killer framework used by The Gentlemen ransomware-as-a-service operation to evade detection by targeting 400 security processes from 48 distinct programs. This framework comes in eight variants, each designed to mimic a legitimate product and exploit a vulnerable driver.

Analyst 207
Disrupted city transit platform with security router amid anxious bystanders.

Gentlemen Ransomware Targets EDR Defenses With Suite of Killers

Meet GentleKiller, a powerful tool used by Gentlemen ransomware to disable EDR defenses by targeting over 400 processes from 48 security vendors, allowing for smooth data theft and encryption. This sneaky utility relies on the bring your own vulnerable driver (BYOVD) technique to outsmart security engines.

Analyst 207
Security team working in office with computer screens and natural daylight pouring in through a large window.

EDR Adoption Falls Short on Cyber Resilience

Many organizations have invested in advanced endpoint detection and response (EDR) platforms, but struggle to turn that visibility into real-world protection, leaving them vulnerable to cyber threats. The harsh reality is that EDR is only as effective as the team's ability to act on its alerts.

Analyst 207
Security professionals monitor threat detection interface in a brightly-lit operations center.

SOCs Shut Down Incident Risks with Proactive Threat Detection

Stay ahead of incident risks with proactive threat detection from ANY.RUN's Threat Intelligence Feeds, which deliver a continuous stream of high-confidence threat data from a vast network of organizations and SOC professionals. By shrinking the time between detection and understanding, modern Security Operations Centers (SOCs) can effectively shut down threats before they cause harm.

Analyst 207