City of Atlanta Ransomware Attack

cybersecurity, enSilo Corporate and Product

Overview

On March 22 of this year, the City of Atlanta experienced one of the most devasting and costly ransomware attacks to date in the US. For one week, the city floundered while five of its thirteen local government departments were held hostage, unable to perform their functions. For city employees logging-in to their devices that morning,

Read More

Enter The DarkGate: New Cryptocurrency Mining and Ransomware Campaign

enSilo Breaking Malware

An active and stealthy cryptocurrency mining and ransomware campaign infecting targets in Spain and France which leverages multiple bypass techniques to evade detection by traditional AV.

Read More

Exactis Data Breach: The Risk of Data Exposure Without Endpoint Protection

cybersecurity, enSilo Corporate and Product

Earlier this year Exactis, a Florida-based marketing data broker, had their database (close to 340 million individual records) exposed on a public server. Though hacking efforts didn't expose the data, the personally identifiable information was inexplicably left on an unsecured server without basic security safeguards. 
Read More

Melting Down PatchGuard: Leveraging KPTI to Bypass Kernel Patch Protection

cybersecurity, Windows, enSilo Breaking Malware, meltdown, KPTI, PatchGuard

The mitigation for Meltdown created a new part in the kernel which PatchGuard left unprotected, making hooking of system calls and interrupts possible, even with HVCI enabled.

Read More

Game of Trojans: Dissecting the #Khalesi Infostealer Malware

Business, Industry, Malware, enSilo Corporate and Product

Summary

During the end of August 2018, the security community discovered an infostealer malware in the wild named Khalesi. This malware was identified by the security community as part of the Kpot malware campaign. Some of the recent Khalesi variants in this campaign were compiled with a Visual Basic 6 (VB6) compiler while the others were

Read More

enSilo Honored as Gold Winner in the 10th Annual 2018 Golden Bridge Awards®in the Endpoint Security Solution Category

enSilo Corporate and Product

enSilo has earned the prestigious Gold status in the Golden Bridge Awards® for their  product in the Endpoint Security Solution Innovations category. The coveted annual Golden Bridge Awards program encompasses the world’s best in organizational performance, innovations, products and services, executives and management teams, women in business

Read More

enSilo Blocks LokiBot Infostealer

cybersecurity, enSilo Corporate and Product

enSilo’s Endpoint Security Platform detected and blocked a new variant of the LokiBot malware in July, 2018. During that time, VirusTotal exhibited only twelve commercial Anti-Virus (AV) applications having a virus definition for this malware, which indicates a low detection rate:

Read More

Turning (Page) Tables: Bypassing Kernel Mitigations to Successfully Escalate Privileges

cybersecurity, enSilo Breaking Malware

On August 8th, at the BSides Conference in Las Vegas, we unveiled a new exploitation technique against the Microsoft Windows operating system. It's a general technique to leverage with kernel vulnerabilities and make privilege escalation easier.

Read More

Supporting the Growth of Managed Detection and Response Services

cybersecurity, enSilo Corporate and Product

Gartner says it best in its most recent Market Guide for Managed Detection and Response (MDR) Services: “Managed detection and response improves threat detection monitoring and incident response capabilities via a turnkey approach to detecting threats that have bypassed other controls. Security and risk management leaders need to understand

Read More

enSilo Terminates DLL Search Order Hijacking

cybersecurity, enSilo Corporate and Product

In June 2018, Cybereason posted a blog about a malicious Dynamic-Link Library (DLL) file exhibiting a behavior associated with credential theft. Their analysis discovered that the malicious DLL MSVCR100.dll was leveraging the DLL search-order hijacking technique to load itself during the execution of unpack200.exe – an Oracle verified Portable

Read More