- #Webroot antivirus reddit update#
- #Webroot antivirus reddit professional#
- #Webroot antivirus reddit download#
At the time, a threat actor was using an Oracle WebLogic zero-day to hack into company networks and deploy the ransomware. The Sodinokibi ransomware is a relatively new ransomware strain, discovered in late April. We are always closely monitoring the threat environment, and will continue to take proactive measures like this to provide the best protection possible for customers." "We all know that two-factor authentication (2FA) is a cyber hygiene best practice, and we've encouraged customers to use the Webroot Management Console's built-in 2FA for some time.
#Webroot antivirus reddit update#
We did this by conducting a console logout and software update the morning of June 20," he added. "To ensure the best protection for the entire Webroot customer community, we decided it is time to make two-factor authentication mandatory. "Recently, Webroot's Advanced Malware Removal team discovered that a small number of customers were impacted by a threat actor exploiting a combination of customers' weak cyber hygiene practices around authentication and RDP," Chad Bacher, SVP of Products, WEBROOT, a Carbonite company, told ZDNet via email. In the email, the company said it would re-enable 2FA, without the option for users to disable it. SecureAnywhere supports 2FA, which is enabled by default for all users, but some users had apparently turned it off.
Later in the day, Webroot began forcibly enabling two-factor authentication (2FA) for SecureAnywhere accounts, according to an email Hanslovan received, hoping to prevent hackers from using any other potentially hijacked accounts to deploy new ransomware throughout the day.
#Webroot antivirus reddit download#
"Considering Webroot's management console allows administrators to remotely download and execute files to endpoints, this seems like a plausible attack vector." Webroot deploys 2FA for SecureAnywhere accounts "Two companies mentioned only the hosts running Webroot were infected," Hanslovan said. Some Reddit users also reported that in some cases, hackers might have also used the Kaseya VSA remote management console, but this was never formally confirmed. The Huntress Lab CEO said at least three MSPs had been hacked this way. In the next stage of the attack, the hackers searched for accounts for Webroot SecureAnywhere, remote management software (console) used by MSPs to manage remotely-located workstations (in the network of their customers).Īccording to Hanslovan, the hackers used the console to execute a Powershell script on remote workstations script that downloaded and installed the Sodinokibi ransomware. Hanslovan said hackers breached MSPs via exposed RDP (Remote Desktop Endpoints), elevated privileges inside compromised systems, and manually uninstalled AV products, such as ESET and Webroot. Kyle Hanslovan, co-founder and CEO of Huntress Lab, was online and helped some of the impacted MSPs investigate the incidents.
I'm not the best one to ask about network security schools. Microsoft Security Essentials is not a good security solution and they recently failed to achieve any level of certification from. I spend a good deal of time looking into these tactics and spreading education to protect users.
#Webroot antivirus reddit professional#
Does social engineering ever play a roll in what you do, if so, how so? What's your professional take on Microsoft Security Essentials? If you could recommend a school to study network security, what would it be? Where do you predict the market will head in the future? What's your response () (okay not quite so recent but still) that all antivirus devs are having a hard time? Social engineering is one of the most effective ways hackers gain access to protected systems and definitely plays a roll in what I do.