The Latest

Threat actors are leveraging the open-source EDRSilencer tool to evade endpoint detection and response systems, Trend Micro researchers have noticed.

About EDRSilencer

The software, which is intended for red teaming, is being abused to “silence” EDR solutions.

It works by leveraging the Windows Filtering Platform (WFP), which allows the creation of custom rules to monitor, block, and modify network traffic.

“The code leverages WFP [Windows Filtering Platform] by dynamically identifying running EDR processes and creating WFP filters to block their outbound network communications on both the internet protocols IPv4 and IPv6, effectively preventing EDRs from sending telemetry or alerts to their management consoles,” the researchers explained.

EDR evasion

How EDRSilencer operates (Source: Trend Micro)

It currently detects processes by a wide variety of EDR products: Carbon Black EDR, Cybereason, ESET Inspect, SentinelOne, Trellix EDR, Microsoft Defender for Endpoint and Microsoft Defender Antivirus, Tanium, TrendMicro Apex One, and others.

Trend Micro researchers also found that when some processes aren’t hardcoded in the tool’s list, they can be blocked with additional rules.

The rise of EDR evasion tools

FIN7 has been selling AvNeutralizer (aka AuKill) to multiple ransomware groups since early 2023. The tool uses Windows’ TTD Monitor Driver and the (Sysinternals) Process Explorer driver to”hang” or crash protected EDR processes.

The RansomHub RaaS has been using the EDRKillShifter and a variety of RaaS actors have been leveraging PoorTry (aka BurntCigar), a driver targeting security products for termination.

Qilin ransomware attackers have been leveraging “Killer Ultra”, which uses a vulnerable Zemana driver to terminate EDR and antivirus processes.

The mechanisms employed by the various tools may differ but the effect is the same: endpoint security solutions are prevented from functioning as they should.

“EDR evasion tools are typically sold as subscription services, starting as low as $350 per month or $300 for a single bypass. The low price point makes these tools highly accessible to ransomware affiliates and other threat actors, including those with lower levels of technical proficiency,” ExtraHop researchers shared.

“On the higher end, ExtraHop noticed several recent listings where threat actors priced their EDR bypass offerings for $7,500–and as high as $10,000 for a listing that packaged EDR evasion capabilities within an encryption locker.”

Organizations should employ advanced detection mechanisms and threat hunting strategies to counteract EDR-killing tools, Trend Micro researchers advised.

Intel471 researchers have recently delineated how to hunt for EDRKillshifter, and ConnectWise Cyber Research has shared advice on protecting organizations against BYOVD-based tools.


from Help Net Security https://ift.tt/syxLClo

Secuvy released several new features designed to enhance data security, mitigate insider threats, and streamline privacy operations. These innovations strengthen Secuvy’s capabilities in compliance, risk management, data leakage prevention, and secure collaboration, further empowering organizations to protect their critical data assets.

The new features include advanced integrations and policy-based engines that provide actionable insights and automation to address today’s most pressing security and compliance challenges.

1. Observability cassification: This feature enables organizations to establish a baseline of classification patterns and automate the creation of labeling configurations. By providing insights into data types, policy conventions, and user behaviors, Secuvy empowers teams to define more effective classification rules. Integration with DLP, SASE, IAM and CASB platforms to ensure labeling is applied as a first line of defense, reducing exposure to data breaches and insider threats.

2. Risk assessment with remediation: Secuvy’s risk assessment feature allows organizations to schedule automated scans to detect sensitive data misclassifications and elevate the security risk profile. The automated remediation capabilities help reduce the potential costs associated with unresolved risks. Security and governance teams can visualize the impact of these risks and adjust security controls accordingly.

3. Secuvy-Netskope integration: Through its integration with Netskope, Secuvy significantly improves the accuracy of DLP and CASB policies. By comparing CASB alerts and taking action on false positives and negatives, Secuvy enhances cloud security effectiveness. This integration allows users to update policies based on sensitivity classification and enforce appropriate actions for misclassified documents.

4. Secuvy-DRM integration for secure collaboration: With this integration, Secuvy enables secure collaboration through policy-based file encryption. Secuvy’s insights detect highly sensitive documents integrating with DRM platforms to encrypt and protect sensitive data, preventing data leakages during collaboration with external partners.

5. Privacy risk threshold review with DPIA/PIA delegation: Streamline privacy operations by automating DPIA and PIA workflows. Customizable surveys, case management, and task delegation simplify compliance efforts, enabling organizations to manage privacy risk efficiently. This solution reduces manual effort for Data Protection Officers (DPOs) by automating ROPA activities and generating accurate reports based on system scans rather than manual inputs.

“These new AI driven features are “game changers” and are redefining the ability to automate data protection” said Mike Seashols, CEO of Secuvy. “By integrating advanced automation and AI-driven insights, we are empowering organizations to safeguard their data with greater precision and ease.”


from Help Net Security https://ift.tt/HkGpQ0D

More than 50% of executives expect deepfake attacks to increase over the next 12 months, but only 7% report using new technologies to detect deepfakes. Meanwhile, researchers are repeatedly demonstrating how AI-generated ID documents, selfie photos, and videos can successfully fool antiquated Know Your Customer (KYC) verification checks.

Nametag Deepfake Defense

To address this gaping security hole, Nametag announced Deepfake Defense. This next-generation identity verification (IDV) engine is addressing the escalating global threats posed by modern AI-powered impersonation.

Nametag’s Deepfake Defense engine is the first scalable solution for remote identity verification that’s capable of blocking the AI deepfake attacks plaguing enterprises,” said Bruce Schneier, internationally renowned security technologist and cryptography expert. “This will make it much harder for bad actors to profit from deepfakes.”

Deepfake Defense for Okta

As a longtime working partner of Okta, Nametag also officially announced its membership in the Okta Elevate Partner Program. Nametag and Okta’s combined solution, powered by Deepfake Defense, helps enterprises protect their entire Okta user account lifecycle via self-service and agent assisted workflows, delivering on the two companies’ shared vision of deploying deepfake-protected identity security across every workforce and customer account.

“We’re thrilled to join Okta in creating the future of identity security. Our membership in the Okta Elevate partner program highlights our advanced identity verification technology and commitment to protecting workforce and customer identities,” said Leonard Navarro, VP Business Development at Nametag. “This partnership strengthens the Okta identity security ecosystem and gives our joint customers even easier access to proven tools and ready-to-use solutions for robust identity assurance.”

Introducing Nametag Deepfake Defense: A new standard for identity verification

Nametag Deepfake Defense connects the company’s proprietary technologies and patented innovations together into a unified IDV engine that unlocks greater outcomes across fraud prevention and user experience. Deepfake Defense blocks emerging, AI-powered impersonation threats while verifying legitimate users quickly and more securely. It’s the first and only IDV engine that:

  • Prevents injection attacks via Cryptographic Attestation which ensures data integrity using hardware-backed keystore assurance and secure enclave technology from Apple and Google.
  • Detects digital manipulation and forgery with Adaptive Document Verification, preventing the use of even the most sophisticated digitally-altered or counterfeit identity documents.
  • Confirms human likeness, liveness, and presence using Spatial Selfie technology to map a person’s 3-dimensional selfie to their 2-dimensional ID photo with biometrics and sensor data.

IDV with Deepfake Defense takes just a few seconds using a photo ID and a smartphone. It’s available today through Nametag’s solutions for self-service account recovery and helpdesk verification.

“Make no mistake: we’re facing a global deepfake pandemic that’s spreading ransomware and disinformation. Identity fraud runs rampant and enterprises are defenseless against AI-powered fraudsters. That’s why we’re introducing Deepfake Defense, the only identity verification engine that prevents, not just detects, the use of deepfakes,” said Aaron Painter, CEO of Nametag.

“As part of our partnership with Okta, we chose to launch Deepfake Defense for Okta customers. Today, this new technology is generally available and easily accessible to all organizations interested in protecting their users from the growing threat of deepfakes,” concluded Painter.


from Help Net Security https://ift.tt/kF7wSxN

Data Zoo launched its latest service, ID Fraud & Risk Signals. This new solution is designed to enhance customer identification and Know Your Customer (KYC) processes by providing deeper insights into fraud detection and risk assessment, helping businesses stay at the forefront of identity fraud prevention.

ID Fraud & Risk Signals integrates seamlessly into existing workflows, enabling businesses to quickly use mobile phone numbers, email addresses, domains and IP addresses to identify suspicious activities and prevent potential fraud attempts. By leveraging these new data sources, businesses will be able to detect phone numbers used in porting scams, email addresses involved in breaches or sold on the dark web, one-time phone numbers or suspicious email domains used to bypass two-factor authentication and to verify network operator, email domain and device IP address details.

With features that combine real-time data analytics, machine learning, and global intelligence from Mobile Network Operators (MNOs), email intelligence partners, and cybercrime analytics, this product provides a robust defense against identity fraud while ensuring regulatory compliance. It features:

  • Real-time alerts to detect fraudulent activities,
  • Comprehensive risk scoring based on behavioral and transactional data,
  • AI-driven analytics for improved accuracy in identifying high-risk customers,
  • Customizable risk thresholds to meet the specific needs of various industries.

Businesses will benefit from an added layer of data to flag synthetic or stolen identities, thereby quickly identifying potential fraud and preventing bad actors gaining access to funds or services. Pairing risk signals with identity data enables customers to detect potentially fraudulent transactions. The service is configurable to meet the unique requirements of any business or identity verification platform with fully-customizable risk scoring criteria.

“By integrating mobile phone, email, and IP address data into legacy customer onboarding processes, our ID Fraud & Risk Signals provides businesses with powerful tools to enhance fraud detection at onboarding and protect both their customers and bottom line,” said Charlie Minutella, CEO of Data Zoo. “Incorporating non-traditional data sources enables organizations to strengthen their customer identification processes while delivering a seamless customer experience.”


from Help Net Security https://ift.tt/ySGFvKZ

Gaming has evolved dramatically over the years, to the point you no longer need what is considered the most essential single piece of equipment to play video games: the console. Well, at least for the Xbox. After a partnership with Amazon and Microsoft, Fire Sticks can now use the Xbox app to directly cast your Xbox games on your TV without the need for an Xbox console. If this sounds interesting to you, Amazon has a Fire Stick bundle with everything you need to get started on your TV starting at $74.99 (originally $136.97), the lowest price the bundle has been, according to price-checking tools.

The bundle gives you an option between the Amazon Fire TV Stick 4K and the Amazon Fire TV Stick 4K Max. The main difference between the two is that the Max has Wi-Fi 6e compatibility, so if you have access to Wi-Fi 6e at home, the 4K Max bundle is a better bargain for $5 more. If not, save yourself the $5 and get yourself a nice pumpkin latte.

If you already have an Xbox controller and are not interested in playing Game Pass, all you need is the Fire Stick. Currently, the Fire Stick 4K Max has a $30 discount with on-page promo code FTVGAME4K.

As you can see in the IGN video, there are cons to this. You might notice a slightly delayed input lag and loading times might be a bit longer, but if that's the difference between playing and not playing at all, it's a small price to play. Just be ready for many updates and downloads to get the system set up on your TV. You can follow the steps from the IGN video.


from LifeHacker https://ift.tt/KNsOTEb

This is a current list of where and when I am scheduled to speak:

  • I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA. The event will be held on October 22 and 23, 2024, and my talk is  at 9:15 AM ET on October 22, 2024.

The list is maintained on this page.


from Schneier on Security https://ift.tt/fyB6mjG

There are a lot of us iPhone users out there, which means a lot of us are taking photos with Apple's cameras. That isn't a bad thing—iPhones have great cameras, after all—but it does mean that all of our photos end up looking just about the same. You might even start to dislike this specific style, with the extra processing Apple's computational photography adds to each. Personally, I dislike how my iPhone's photos are over-sharpened, oversaturated, and missing shadows.

There are a number of ways you can adjust the look of the photos you take with your iPhone, but one of the easiest (and underused) methods is through Photographic Styles. While this feature works with iPhone 13 and newer, if you have a new iPhone 16 or iPhone 16 Pro, you have a big advantage: With these new iPhones, Apple updated the existing Photographic Styles feature to give users way more control over how their photos look. If you don't mind spending a couple of minutes honing in your personal photography style, you'll likely be much happier with your photos going forward compared to Apple's defaults.

What are Photographic Styles?

Photographic Styles were first introduced with the iPhone 13 series, and are subsequently available for the iPhone 14 and iPhone 15 series as well. These are Apple's own take on photo filters, but rather than apply the effect in editing, you view them live when taking the photo. Once snapped, the filter is baked into the resulting image.

The main appeal of Photographic Styles is to personalize the look of your iPhone's camera, rather than accept Apple's default style. When I first started using it on my iPhone 13, I liked the Rich Contrast style that gave my images a high-contrast look, like you might find on a Pixel phone. There are five styles in total on these iPhones—Standard, Rich Contrast, Vibrant, Warm, and Cool.

Photographic Styles in iPhone 13 to iPhone 15 series.
Credit: Khamosh Pathak

If you're using an iPhone 13 to iPhone 15, you can go to Settings > Camera > Photographic Styles to see previews of all filters, and choose one to use in the Camera app as well. From here, go to the Camera app, swipe up to open the expanded menu, and choose the Photographic Styles button (three stacked squares) to open the presets. You can swipe between all the presets, and adjust the Tone and Warmth settings on each as you like.

Because the filters are baked in, once you snap a photo with, say, the Vibrant style, there is no going back. That said, Apple designed the feature to be opt-in every time. You might choose to shoot with the Warm filter for one photo session, but when you return to the Camera app next, you'll return to the default style, and will have to manually choose a Photographic Style again. If you want your Photographic Style to be the new default, however, you can do so by going to Settings > Camera > Preserve Settings > Photographic Styles. Once you select a style here, it'll be active each time you open your camera.

What's new with Photographic Styles on iPhone 16

With the launch of the iPhone 16 and iPhone 16 Pro, Photographic Styles received a huge upgrade, making it superior to the feature on older iPhones. Here's what's new:

  • There's a new wizard in the Settings app to figure out a style that works for you, and to make it your default going forward for all photos.

  • There are 15 styles to choose from, instead of the five. Too many to list, but the must-try styles are Amber, Gold, Rose Gold, Quiet, Ethereal, Vibrant, and Stark B&W.

  • Along with the tone, you can also customize the color in the image, and the intensity of the preset as well.

  • This feature now uses a touchpad, where you move your finger around to dial-in the look of photo that you want. It's much more intuitive than fiddling with any complex photography settings.

  • These photos are now non-destructive (if you shoot in HEIF). So, if you have a Photographic Style that works for most of the shots, you can easily revert it back when you don't like the look for a particular photo.

In my opinion, it's worth taking some time to figure out what your Photographic Style is on the 16 series, as you'll probably like the photos you take more going forward.

Creating your own default Photographic Style

Creating yourwn Photographic Style defaults on iPhone.
Credit: Khamosh Pathak

It's easy to create your own Photographic Style, whether you want something dramatic like the Vibrant or Gold styles, or an altered version of the Standard set with customization to boost shadows with less saturation.

Open the Settings app, go to Camera and choose Photographic Styles. Then, tap the Get Started button. Apple will ask you to pick four of your recent favorite photos to preview the live edits and presets. You can explore colorful styles like Amber and Gold, as well as Monochrome styles (there are 15 styles in total). If you don't like a style, but want to fix the tones and colors, stick to the Standard style and move to the next step. Once you find a preset that you like, tap on Continue.

The new part of this feature gives you control over the tone and the color of a photo, via the touchpad that you can use to customize the photo as you want. The Y Axis (top to bottom) is the tonal range, which is the difference between the lightest and darkest parts of the image (the contrast). The X Axis (left to right) is the color range, or the saturation. This is the intensity of color in the photos.

Below this, you will find a slider that lets you tweak the strength and intensity of the filter. Play with this a bit, and you can create a unique look that will stand out from the traditional iPhone-style photo. Hot tip: Even if you don't play around with filters, just knock down the Tone to -0.7 to boost shadows on the Standard preset. Trust me.

From here, tap Save Tone and Color. Now, the Photographic Style that you customized is the default option. So, whenever you open your iPhone 16's Camera app, you'll be shooting in your customized style.

Use Photographic Styles in the Camera app

Creating a default Photographic Style in iPhone Settings app.
Credit: Khamosh Pathak

If you don't want to make your Photographic Style the default, you can use it at any time for just a couple of photos directly from the Camera app.

Open the Camera app, and tap the new Touchpad icon in the top-right (the new icon with a square outline and dots inside). This will open the Photographic Styles interface in the live camera view. You'll see a familiar setup if you've followed the wizard in the above section. You can swipe through the styles, and pick one you like. Then, you can use the Touchpad to hone in on your look. Again, go up and down to change the tone, and left to right to change the color. Then, you can use the slider for the intensity.

Now, as long as you're in the Camera app, the chosen settings will apply. If you want to make it the default style, follow the steps we outlined in the section above.


from LifeHacker https://ift.tt/v3JLMft