This week, there seems to be a focus on financial systems being a target of cyber-attacks with a fileless malware that has hit at least 140 enterprise networks, a massive malware attack hit Polish banks that stemmed from their financial regulator and another PoS attack was published, that hit twelve InterContinental hotels. (enSilo endpoint
In 2017, we predict that security – the good and the bad – will be moving down the stack.
Both sides — defense vs offense — are moving down the stack. On one side: the confidentiality, integrity and availability of data, operations and processes. On the other: threat actors that are looking to steal, tamper or disrupt these. (Note that enSilo
Windows environment variables can be used to run commands and can also be used to bypass UAC, allowing an attacker with limited privileges to take complete control of the system. This code leverages a rather unusual scenario within Windows OS.
This is a continuation of our research as described in a previous post: Elastic Boundaries – Elevating
TL;DR: We show AtomBombing modifications to enable us to inject code into CFG-protected processes.
Our research team has uncovered new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code. (This research is one way enSilo ensures complete endpoint protection.) Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that
TL;DR Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). Currently, this technique goes undetected by common security solutions that focus on preventing infiltration.
Today’s Microsoft September Patch Tuesday includes a patch to what they had tagged as a fix for Microsoft Office. Behind the scenes, however, that fix extends beyond Microsoft Office to hundreds of applications developed by Microsoft as well as hundreds of other software vendors. Accordingly, this fix affects millions of users – from those
BadBlock, Cerber, Chimera, CoinVault, Crypt0L0cker, CryptoJoker, CTB-Locker, Jigsaw, KeRanger, Locky, NanoLocker, Petya, Samas, TeslaCrypt, zCrypt… these are just a few out of the hundreds of ransomware cropping up in the past year. Your current endpoint security solution may not be enough to protect you.
Recently enSilo researchers, as part of our ongoing quest for endpoint protection, revealed a new way that attackers can bypass Microsoft’s User Access Control (UAC) mechanisms.
Even though any process is provided with variables from its environment, they are often overlooked by users, developers and sometimes even the OS itself.