Melting Down PatchGuard: Leveraging KPTI to Bypass Kernel Patch Protection

cybersecurity, Windows, enSilo Breaking Malware, meltdown, KPTI, PatchGuard

The mitigation for Meltdown created a new part in the kernel which PatchGuard left unprotected, making hooking of system calls and interrupts possible, even with HVCI enabled.

Read More

Excel ScriptLet Attack Blocked By enSilo

Windows, Malware, enSilo Corporate and Product, excel-scriptlet

On December 8, 2017, enSilo, a unified endpoint security platform that provides both pre- and post-infection protection in real-time, blocked a new attack technique used to exploit the linked file mechanism in Microsoft Excel. During the time of detection, a spreadsheet file PAYMENT DETAILS.xlsx was used to run the malicious code on the

Read More

enSilo’s Process Doppelganging Security Check

Windows, Malware, enSilo Corporate and Product, Process Doppelganging

WHAT IS PROCESS DOPPELGANGING?

Process Doppelganging is a technique that allows bypassing real-time file scanning of all tested AV and NGAV products on Microsoft Windows starting from Windows Vista. It was first shown by a team of researchers from enSilo during BlackHat Europe 2017 on December 7th in London.

Read More

Webinar: Process Doppelgänging Blocked by enSilo

Windows, Malware, enSilo Corporate and Product, Process Doppelganging

enSilo is real-time endpoint security software that protects against Process Doppelganging (and lots more). See the on-demand webinar of Lost in Transaction: Process Doppelganging featured at BlackHat Europe.

Read More

Scarab Ransomware Blocked by enSilo

Windows, Malware, enSilo Corporate and Product, Ransomware, Scarab

CUSTOMER ADVISORY WARNING: During June 2017, the Scarab ransomware was detected for the first time by several security professionals. Scarab ransomware spreads to victims across the world via necurs, which is the largest email spam botnet spreading across the Internet. (Protection from this and other malware is why you should use enSilo's

Read More

CryFile - From 0-Day to detection in 48 hours

Windows, Malware, enSilo Corporate and Product, Ransomware, CryFile

CUSTOMER ADVISORY WARNING: A new variant of CryFile ransomware.
Read More

Customers Say it Best - Media Broadcast

Windows, Malware, RAT, enSilo Corporate and Product, media

enSilo's single endpoint security agent provides both pre- and post-infection protection even when machines are compromised.

Read More

enSilo Protects OOTB: Bad Rabbit Ransomware

Windows, enSilo Corporate and Product, Bad Rabbit, Ransomware

WHAT IS KNOWN?

Bad Rabbit is a new ransomware campaign discovered yesterday, October 24, 2017, by ESET researchers. (enSilo’s endpoint protection platform already protects against this.)

Read More

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 2)

Windows, documentation, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime. And the fix for it isn’t as foolproof as you would’ve hoped. 

Read More

Cyber Security in 120 Secs: Cyber Weapon Toolbox

Weekly Security News, Windows, Malware, exploit, enSilo Corporate and Product, WannaCry

This week ShadowBrokers released another NSA exploit, UNITEDRAKE that will probably not be noticed due to the Equifax data breach that affected at least 143 million;  Apache Struts released a patch for a vulnerability that could potentially take over a website.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting

Read More