Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1)

documentation, enSilo Breaking Malware, Windows, enSilo Corporate and Product

TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime.

Read More

Microsoft’s Response to AtomBombing is Post-Infection Detection

Weekly Security News, enSilo Corporate and Product, AtomBombing, Windows, Malware, code injection

In March 2017, Microsoft (known for fixing vulnerabilities in their software products once a month on “Patch Tuesday”) recently addressed post-infection detection, investigation, and response with their Windows Defender Advanced Threat Protection [ATP]). Microsoft is a company that is continuing to evolve in product/services, and is now

Read More

WannaCry Jr. : The Little Ransom That Couldn't

Research, enSilo Corporate and Product, Windows, Malware, WannaCry

Earlier today, we caught a new in-the-wild version of what seemed to be WannaCry. A check with VirusTotal showed that this sample hasn't been seen before. After a brief investigation, we can conclude that this is WannaCry with slight variations. Notably, malware writers removed the kill switch from the original version. The fact that

Read More

Cyber-Security in 120 Secs:  A Cyber Weapon Disguised as Ransomware

Weekly Security News, enSilo Corporate and Product, Windows, Malware, Ransomware, NotPetya

This week NotPetya ran a campaign that was intially thought to be ransomware shutting down computers worldwide; A researcher revealed that Microsoft's new Surface laptop can be interupted by ransomware; Anthem agrees to $115M in settlement fees for the 2015 data breach.

Highlighting the cyber-security news from the past week in a 120 sec. read.

Read More

The NotPetya ‘Not’ Killswitch

Research, enSilo Corporate and Product, NotPetya, Windows, Malware, Ransomware, NSA

In the past few days a new Petya-like ransomware, dubbed NotPetya, infected machines across the world by leveraging some of the NSA’s exploits for the SMB protocol (EternalBlue, EternalRomance), similarly to the WannaCry attack last month. This attack overwrites the MBR (Master Boot Record) and encrypts the file-system, rendering the system

Read More

enSilo Releases Free Patch for Windows ESTEEMAUDIT Exploit

Windows XP, Patch, ESTEEMAUDIT, enSilo Corporate and Product, Windows, Malware

Today, enSilo has issued a patch that protects these vulnerable users from Windows' ESTEEMAUDIT, a remote desktop protocol (RDP) vulnerability that leaves users exposed to ransomware, espionage campaigns and other malicious code that can propagate in the enterprise.

By now everyone knows about WannaCry and the problem with unpatched systems.

Read More

enSilo protects against “WannaCry” and stolen NSA Tools out of the box

Business, Industry, cybersecurity, enSilo Corporate and Product, WannaCry, Windows, NSA, Ransomware, Malware

Just weeks after the Shadow Brokers released the NSA Tools, the world has had its first taste of just how effective threats built with these tools can be. Beginning early on May 12th, a ransomware variant using the EternalBlue exploit for Microsoft Windows, began spreading like wildfire, locking down businesses and users in more than 90

Read More

NSA Tools vs. enSilo

Business, enSilo Corporate and Product, NSA, Windows, Malware

See enSilo take down a nation-state quality attack tool, and stop it from stealing information on a compromised victim machine.

Read More

AtomBombing Goes Nuclear

Research, cybersecurity, enSilo Corporate and Product, AtomBombing, code injection, Windows, Malware

In late 2016, enSilo researchers shared AtomBombing with the security world. More of a “proof of concept” than an actual exploit, AtomBombing took advantage of Microsoft Windows built-in atom tables that would allow specific API calls to inject code into the read-write memory space of a targeted process.

(NOTE: enSilo endpoint protection

Read More

Customer Advisory Warning: The Comeback of the Hancitor Campaign

Research, enSilo Corporate and Product, Hancitor, Malware, Windows, Fileless Malware

We are currently witnessing an active malware campaign involving the Hancitor Trojan/Pony botnet. Once installed on the victim’s machine, Hancitor prepares the groundwork for the download of further malicious modules such as ransomware or data stealing malware.

enSilo provides complete endpoint security, including blocking Hancitor/Pony

Read More