Just weeks after the Shadow Brokers released the NSA Tools, the world has had its first taste of just how effective threats built with these tools can be. Beginning early on May 12th, a ransomware variant using the EternalBlue exploit for Microsoft Windows, began spreading like wildfire, locking down businesses and users in more than 90
See enSilo take down a nation-state quality attack tool, and stop it from stealing information on a compromised victim machine.
In late 2016, enSilo researchers shared AtomBombing with the security world. More of a “proof of concept” than an actual exploit, AtomBombing took advantage of Microsoft Windows built-in atom tables that would allow specific API calls to inject code into the read-write memory space of a targeted process.
(NOTE: enSilo endpoint protection
We are currently witnessing an active malware campaign involving the Hancitor Trojan/Pony botnet. Once installed on the victim’s machine, Hancitor prepares the groundwork for the download of further malicious modules such as ransomware or data stealing malware.
enSilo provides complete endpoint security, including blocking Hancitor/Pony
We predict that in 2017 enterprise network security will shift to the cloud and be offered as a service. (enSilo’s endpoint protection is already cloud-managed.)
In 2017, we predict that security – the good and the bad – will be moving down the stack.
Both sides — defense vs offense — are moving down the stack. On one side: the confidentiality, integrity and availability of data, operations and processes. On the other: threat actors that are looking to steal, tamper or disrupt these. (Note that enSilo
Our research team has uncovered new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code. (This research is one way enSilo ensures complete endpoint protection.) Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that
TL;DR Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). Currently, this technique goes undetected by common security solutions that focus on preventing infiltration.
Today’s Microsoft September Patch Tuesday includes a patch to what they had tagged as a fix for Microsoft Office. Behind the scenes, however, that fix extends beyond Microsoft Office to hundreds of applications developed by Microsoft as well as hundreds of other software vendors. Accordingly, this fix affects millions of users – from those
BadBlock, Cerber, Chimera, CoinVault, Crypt0L0cker, CryptoJoker, CTB-Locker, Jigsaw, KeRanger, Locky, NanoLocker, Petya, Samas, TeslaCrypt, zCrypt… these are just a few out of the hundreds of ransomware cropping up in the past year. Your current endpoint security solution may not be enough to protect you.