SentinelOne
Ransomware IAB abuses EDR for stealthy malware execution
An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. The threat actor has moved beyond mass phishing and adopted stealthier, more advanced methods that prove effective and difficult for defenders to counter, even if well documented. In […]
SentinelOne shares new details on China-linked breach attempt
SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm. SentinelOne is an American endpoint protection (EDR/XDR) solutions provider that protects critical infrastructure in the country and numerous large enterprises. It is a high-value target for […]
SentinelOne: Last week’s 7-hour outage caused by software flaw
American cybersecurity company SentinelOne revealed over the weekend that a software flaw triggered a seven-hour-long outage on Thursday. This massive outage affected multiple customer-facing services in what SentinelOne described as a “global service disruption.” SentinelOne acknowledged the outage in a post published Thursday, reassuring customers that their systems were still protected. “Customer endpoints are still […]
New “Bring Your Own Installer” EDR bypass used in ransomware attack
A new “Bring Your Own Installer” EDR bypass technique is exploited in attacks to bypass SentinelOne’s tamper protection feature, allowing threat actors to disable endpoint detection and response (EDR) agents to install the Babuk ransomware. This technique exploits a gap in the agent upgrade process that allows the threat actors to terminate running EDR agents, leaving […]