The mitigation for Meltdown created a new part in the kernel which PatchGuard left unprotected, making hooking of system calls and interrupts possible, even with HVCI enabled.
On December 8, 2017, enSilo, a unified endpoint security platform that provides both pre- and post-infection protection in real-time, blocked a new attack technique used to exploit the linked file mechanism in Microsoft Excel. During the time of detection, a spreadsheet file PAYMENT DETAILS.xlsx was used to run the malicious code on the
WHAT IS PROCESS DOPPELGANGING?
Process Doppelganging is a technique that allows bypassing real-time file scanning of all tested AV and NGAV products on Microsoft Windows starting from Windows Vista. It was first shown by a team of researchers from enSilo during BlackHat Europe 2017 on December 7th in London.
enSilo is real-time endpoint security software that protects against Process Doppelganging (and lots more). See the on-demand webinar of Lost in Transaction: Process Doppelganging featured at BlackHat Europe.
CUSTOMER ADVISORY WARNING: During June 2017, the Scarab ransomware was detected for the first time by several security professionals. Scarab ransomware spreads to victims across the world via necurs, which is the largest email spam botnet spreading across the Internet. (Protection from this and other malware is why you should use enSilo's
enSilo's single endpoint security agent provides both pre- and post-infection protection even when machines are compromised.
WHAT IS KNOWN?
Bad Rabbit is a new ransomware campaign discovered yesterday, October 24, 2017, by ESET researchers. (enSilo’s endpoint protection platform already protects against this.)
TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime. And the fix for it isn’t as foolproof as you would’ve hoped.
This week ShadowBrokers released another NSA exploit, UNITEDRAKE that will probably not be noticed due to the Equifax data breach that affected at least 143 million; Apache Struts released a patch for a vulnerability that could potentially take over a website.
Highlighting the cyber-security news from the past week in a 120 sec. read. Starting