Cybersecurity in 120 Secs: Cyber-Attacks on Banks

Weekly Security News, Windows, enSilo Corporate and Product, Fileless Malware

This week, there seems to be a focus on financial systems being a target of cyber-attacks with a fileless malware that has hit at least 140 enterprise networks, a massive malware attack hit Polish banks that stemmed from their financial regulator and another PoS attack was published, that hit twelve InterContinental hotels. (enSilo endpoint

Read More

Predictions 2017: Security Moves Down the Stack

Industry, Windows, Malware, enSilo Corporate and Product, Android

In 2017, we predict that security – the good and the bad – will be moving down the stack.

Both sides — defense vs offense — are moving down the stack. On one side: the confidentiality, integrity and availability of data, operations and processes. On the other: threat actors that are looking to steal, tamper or disrupt these. (Note that enSilo

Read More

Command Injection/Elevation – Environment Variables Revisited

Vulnerabilities, Windows, code injection, elevation, command injection, UAC, variables, enSilo Breaking Malware

Windows environment variables can be used to run commands and can also be used to bypass UAC, allowing an attacker with limited privileges to take complete control of the system. This code leverages a rather unusual scenario within Windows OS.

This is a continuation of our research as described in a previous post: Elastic Boundaries – Elevating

Read More

AtomBombing CFG-Protected Processes

Windows, Injection Techniques, code injection, AtomBombing, CFG, Control Flow Guard, enSilo Breaking Malware

TL;DR: We show AtomBombing modifications to enable us to inject code into CFG-protected processes.

Read More

AtomBombing: A Code Injection that Bypasses Current Security Solutions

Research, Windows, Malware, code injection, AtomBombing, enSilo Corporate and Product

Our research team has uncovered new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code.  (This research is one way enSilo ensures complete endpoint protection.) Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that

Read More

AtomBombing: Brand New Code Injection for Windows

Research, Windows, Injection Techniques, Malware, code injection, AtomBombing, APC, enSilo Breaking Malware

TL;DR Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). Currently, this technique goes undetected by common security solutions that focus on preventing infiltration.

Read More

FindADetour: The Tool that Tests for Vulnerable Microsoft's Detours

Research, Windows, Malware, hooking, enSilo Corporate and Product, FindADetour

Today’s Microsoft September Patch Tuesday includes a patch to what they had tagged as a fix for Microsoft Office. Behind the scenes, however, that fix extends beyond Microsoft Office to hundreds of applications developed by Microsoft as well as hundreds of other software vendors. Accordingly, this fix affects millions of users – from those

Read More

Everything You Always Wanted to Know about Ransomware but Were Afraid to Ask

Industry, Windows, Malware, enSilo Corporate and Product, Ransomware

BadBlock, Cerber, Chimera, CoinVault, Crypt0L0cker, CryptoJoker, CTB-Locker, Jigsaw, KeRanger, Locky, NanoLocker, Petya, Samas, TeslaCrypt, zCrypt… these are just a few out of the hundreds of ransomware cropping up in the past year. Your current endpoint security solution may not be enough to protect you.

Read More

Adding UAC Bypass to the Attacker’s Tool Set

Research, Windows, Malware, UAC, enSilo Corporate and Product

Recently enSilo researchers, as part of our ongoing quest for endpoint protection, revealed a new way that attackers can bypass Microsoft’s User Access Control (UAC) mechanisms.

Read More

Elastic Boundaries – Elevating privileges by environment variables expansion

Vulnerabilities, Windows, code injection, bypass UAC, elevation, environment variable, path redirect, UAC, variable expansion, enSilo Breaking Malware

Even though any process is provided with variables from its environment, they are often overlooked by users, developers and sometimes even the OS itself.

Read More