EDR
Qilin ransomware uses WSL to run Linux encryptors on Windows
Cybersecurity researchers have uncovered a tactic by the Qilin ransomware group that exploits Microsoft's Windows Subsystem for Linux (WSL) to execute Linux-based encryption tools on Windows machines. This method allows attackers to bypass many endpoint detection and response (EDR) systems by operating in a Linux sandbox environment that traditional tools often overlook. The technique highlights the growing sophistication of ransomware operations blending operating systems.
Researchers unveil Linux rootkit evading Elastic Security EDR
Security researchers have developed a sophisticated Linux rootkit named Singularity that bypasses Elastic Security's endpoint detection and response mechanisms. The tool demonstrates vulnerabilities in static and behavioral detection systems through advanced obfuscation techniques. Unveiled on GitHub by researcher 0xMatheuZ, it highlights ongoing challenges in kernel-level threat identification.