Insights

A newly discovered technique is being leveraged by threat actors to bypass Endpoint Detection and Response (EDR) protections-specifically those provided by SentinelOne-through an abuse of its own update process. Dubbed the "Bring Your Own Installer" (BYOI) technique, this method disables the EDR's defenses long enough to allow for the deployment of ransomware, such as variants of Babuk, without interference. How the BYOI Technique Works Most EDR platforms, including SentinelOne, are designed with anti-tamper features that prevent uninstallation or modification without authorization-typically requiring administrative access or a unique passphrase. However, attackers have found a workaround that exploits the EDR's legitimate update mechanism. During an upgrade or downgrade, SentinelOne temporarily stops its active protections to replace the running components. By forcibly interrupting this process mid-way, threat actors leave the system in a vulnerable state-protection disabled, upgrade incomplete, and no alerts triggered. At this point, ransomware can be deployed with impunity. This method…

In March 2025, Cobb County, Georgia, became the target of a significant ransomware attack orchestrated by the Russian-speaking cybercriminal group known as Qilin. This breach resulted in the compromise of approximately 150 gigabytes of sensitive data, encompassing over 400,000 files. The stolen information reportedly includes autopsy photographs, Social Security numbers, driver's license images, and internal government documents. FOX 5 Atlanta The Attack and Its Implications The cyberattack led to noticeable disruptions in county services, prompting officials to take systems offline temporarily. Qilin, operating under a ransomware-as-a-service model, demanded a ransom to prevent the public release of the stolen data. To demonstrate the severity of the breach, the group released 16 sample images on the dark web, which included sensitive personal information. FOX 5 Atlanta Cobb County officials have confirmed the breach but have opted not to engage with the attackers' demands. In a public statement, the county emphasized its stance…

AI notetakers are the latest productivity darlings. They join your Zoom or Teams meeting, record the discussion, transcribe it with shocking accuracy, and hand you a summary before you've even poured a coffee. That's helpful-until the conversation turns to legal matters, tax strategy, estate plans, or private equity exposure across multiple jurisdictions. For multi-family offices, where wealth preservation meets legacy management, privacy is non-negotiable. And third-party AI notetakers? They weren't built with your clients in mind. How Do Notetaking Tools Work? Understanding how these platforms function helps explain where risk creeps in: Audio Capture and Transcription - Tools either join meetings as a virtual participant (bot-based) or capture audio directly from a user's device (bot-free), then transcribe into written text-often with high accuracy and speaker identification. Summarization and Key Point Extraction - Using natural language processing (NLP), they extract key decisions, action items, and deliver concise summaries. Organization and Searchability…

A critical security vulnerability, identified as CVE-2025-2538, has been discovered in specific deployments of Esri's ArcGIS Enterprise. This flaw resides in the Password Recovery feature of the Portal component and could allow unauthorized attackers to reset the password of the built-in admin account, leading to potential unauthorized access and data compromise.​ Vulnerability Details The vulnerability affects the following versions of Portal for ArcGIS on Windows: 10.9.1​ 11.1​ 11.2 This issue has been assigned a CVSS v3.1 score of 9.8 (Critical), indicating its high severity. The vulnerability stems from the use of hard-coded credentials (CWE-798), which can be exploited over a network without requiring authentication. Recommended Actions Esri has released the "Portal for ArcGIS Security 2025 Update 1 Patch" to address this vulnerability. It is imperative for organizations utilizing the affected versions to apply this patch immediately to mitigate potential risks. Additional Recommendations Review Access Logs: Examine system logs for any…