TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime.
In March 2017, Microsoft (known for fixing vulnerabilities in their software products once a month on “Patch Tuesday”) recently addressed post-infection detection, investigation, and response with their Windows Defender Advanced Threat Protection [ATP]). Microsoft is a company that is continuing to evolve in product/services, and is now
Earlier today, we caught a new in-the-wild version of what seemed to be WannaCry. A check with VirusTotal showed that this sample hasn't been seen before. After a brief investigation, we can conclude that this is WannaCry with slight variations. Notably, malware writers removed the kill switch from the original version. The fact that
This week NotPetya ran a campaign that was intially thought to be ransomware shutting down computers worldwide; A researcher revealed that Microsoft's new Surface laptop can be interupted by ransomware; Anthem agrees to $115M in settlement fees for the 2015 data breach.
Highlighting the cyber-security news from the past week in a 120 sec. read.
In the past few days a new Petya-like ransomware, dubbed NotPetya, infected machines across the world by leveraging some of the NSA’s exploits for the SMB protocol (EternalBlue, EternalRomance), similarly to the WannaCry attack last month. This attack overwrites the MBR (Master Boot Record) and encrypts the file-system, rendering the system
Today, enSilo has issued a patch that protects these vulnerable users from Windows' ESTEEMAUDIT, a remote desktop protocol (RDP) vulnerability that leaves users exposed to ransomware, espionage campaigns and other malicious code that can propagate in the enterprise.
By now everyone knows about WannaCry and the problem with unpatched systems.
Just weeks after the Shadow Brokers released the NSA Tools, the world has had its first taste of just how effective threats built with these tools can be. Beginning early on May 12th, a ransomware variant using the EternalBlue exploit for Microsoft Windows, began spreading like wildfire, locking down businesses and users in more than 90
See enSilo take down a nation-state quality attack tool, and stop it from stealing information on a compromised victim machine.
In late 2016, enSilo researchers shared AtomBombing with the security world. More of a “proof of concept” than an actual exploit, AtomBombing took advantage of Microsoft Windows built-in atom tables that would allow specific API calls to inject code into the read-write memory space of a targeted process.
(NOTE: enSilo endpoint protection
We are currently witnessing an active malware campaign involving the Hancitor Trojan/Pony botnet. Once installed on the victim’s machine, Hancitor prepares the groundwork for the download of further malicious modules such as ransomware or data stealing malware.
enSilo provides complete endpoint security, including blocking Hancitor/Pony