Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win



Designed with MSPs, resellers, and distributors in mind, the Webroot® Channel Edge® Program offers
competitive margins, recurring revenue, lower operational costs, improved productivity, and innovative
enablement tools. Through its web-based management console and integration with RMM and PSA
platforms, Webroot provides easy-to-deploy, cloud-based security for endpoint, mobile, and web.
Partnering with businesses of all sizes, Webroot secures your clients against sophisticated threats—no
matter how or where users connect. For more information, visit www.webroot.com/MSPpartners

Share tech news, updates, or what's on your mind.

Sign up to Post

Cyber News Rundown: 10/13/17

Rigzone Founder Caught Stealing Data

Over the last few months, officials have been piecing together the case against Rigzone founder, David Kent. After selling the Rigzone domain several years ago, Kent used several backdoors he’d implemented to access account information for over 700,000 customers, which he then attempted to sell back to Rigzone. By setting up several dummy accounts, Rigzone staff determined the specific IP address Kent used and apprehend him.

Criminals Hack Eastern Europe Bank for Millions

In the last year, banks in several Eastern European countries have seen a drastic rise in fraudulent charges at ATMs that have allowed hackers to make off with nearly $40 million dollars. Attackers start by manipulating the banks overdraft protection and setting up proxies to allow accomplices in other countries withdraw massive quantities of money from separate accounts. In addition to spoofing the overdraft system, the attackers also installed remote access software on bank computers to enable further intrusion to the institution’s systems.

More on our blog here.
Cyber Threats to Small Businesses (Part 2)
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.


I am continuously getting event id: 4005 on RDS server.  

Server OS: Microsoft Windows Server 2012 R2 Standard.

The Winlogon process terminates unexpectedly and prevents new logins from processing.  However, the only way to get login process work after the power cycle the server.

Webroot antivirus agent is installed on the server.

Event Logs:
Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          10/9/2017 4:30:19 PM
Event ID:      4005
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
The Windows logon process has unexpectedly terminated.

Below mentioned steps which I have performed on the server:

-- Ran SFC /Scannnow command and successfully repaired the Windows Resource Protection corruption.
-- Ran DISM ScanHealth command on the server and no component store corruption detected.
-- Installed latest Microsoft released updates on the server.

SFC /Scannnow command Result:
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Windows\system32 sfc /scannow

Beginning system scan.  This process will take some time.

Beginning …
Cyber News Rundown: 10/06/17

Yahoo Breach Expands to All 3 Billion Users

In a recent statement, Yahoo announced that its 2013 breach, which took nearly 4 years to investigate, has impacted all 3 billion of their site’s unique users. Along with this recent update, the company is still reeling from a separate 2014 breach, which holds the dubious title of 2nd largest data breach to date. This update to the total affected users isn’t surprising, given that the original breach left questions as to why some accounts were compromised, while others remained untouched and showed no signs of malicious activity.

Facebook Under Fire After Russia-Based Ads Overwhelm Users

Recently, Facebook founder Mark Zuckerberg issued an apology for the site’s lack of action in stopping Russian advertisements and fake news articles, which have been circulating heavily since the 2016 election season. His statement goes on to promise that additional safeguards will be implemented to ensure Facebook can continue to be a safe platform for users to voice their opinions.
More stories you might have missed this week on the Webroot Blog!
Don't Get Hooked!

Another day, another phishing attack. From businesses to consumers, phishing attacks are becoming a more widespread and dangerous online threat every year. One wrong click could quickly turn into a nightmare if you aren’t aware of the current techniques cyber scammers are using to get access to your valuable personal information.

Stay safe with these tips.

Cyber News Rundown: Edition 9/29/17

Showtime Site Found Using Cryptocurrency Miner

Following the discovery last week that ThePirateBay has been using a Monero miner to experiment with revenue alternatives for the site, researchers have found that both Showtime.com and ShowtimeAnytime.com have embedded code for similar cryptocurrency mining. The code itself runs only while the user is on the site, and ceases once they navigate away. The main concern, however, was the high CPU usage users experienced. The script in question was removed after several days of testing, but Showtime has yet to comment on their implementation of the crypto-miner or its intended outcome.

Massive Stash of Credit Card Info Linked to Sonic Breach

In the past few days, researchers have found a trove of credit card data that could be tied to a recent breach at Sonic, the popular drive-in restaurant. The data is organized by the location of each card, and currently contains nearly 5 million unique card numbers and related info. While Sonic has not yet determined the cause of the breach, they have been working with their credit processing company to identify the compromised store locations and implement credit monitoring for affected customers.

More cybersecurity news you might have missed from the week on our blog.

Expert Comment

I was thinking can they really make that much money from it, as I remembered it it was like pennies if even that
Then I read https://www.lifewire.com/cryptocoin-mining-for-beginners-2483064 and it seems there could be big money to be made where popular sites like this are using it. Why invest money when you can get your customers to make you money

But on the flip side if I am giving away a few CPU cycles that meant no ads then is it really a bad thing...
Thoughts from Webroot’s new President and CEO, Mike Potts

Mike Potts, Webroot's new President and CEO, shares his thoughts on why he joined Webroot and where he sees the cybersecurity industry going.

I’m delighted to join the Webroot team officially today as CEO. We helped define the cybersecurity field in our first 20 years, but I believe our best days are ahead. With this introductory post, I thought I’d let you know where I intend to focus in my first months at Webroot, with the goal of taking our customers, partners, and company to the next level of success.

More from Mike on our blog about his plans for the future of Webroot.
Ransomware Spares No One: How to Avoid the Next Big Attack

With global ransomware attacks, such as WannaCry and not-Petya, making big headlines this year, it seems the unwelcomed scourge of ransomware isn’t going away any time soon. While large-scale attacks like these are most known for their ability to devastate companies and even whole countries, the often under-reported victim is the average home user.

We sat down with Tyler Moffit, senior threat research analyst at Webroot, to talk ransomware in plain terms to help you better understand how to stop modern cybercriminals from hijacking your most valuable data.
Protect DNS: A Conversation With Dave Dufour of Webroot

DNS is one of the basic services on which the web is based and it has proven to be robust and scalable to an astounding degree. Unfortunately, it's also vulnerable to hacking and can be a serious attack vector if left unprotected. Dave Dufour, director of cybersecurity and engineering at Webroot, is an expert on DNS and its implications in network security. Security Now talked with Dufour about the issues with DNS and what organizations should be doing to protect their networks, employees and customers from DNS-based threats.

Read more of the interview on Security Now.
What we learned in Webroot's webinar on multi-vector protection.
Cyber News Rundown: Edition 9/15/17

German Voting Software Raises Concerns

With German elections only a couple weeks away, researchers have been working to determine how secure the voting systems really are. Per a recent study, the software being used contains multiple vulnerabilities that could lead to devastating results if the election is compromised. Meanwhile, the software creator maintains there is nothing wrong with the system and any tampering would only lead to confusion, rather than truly affecting the vote’s outcome.

Upgraded Android OS Slows Tide of Overlay Attacks

While overlay attacks are nothing new to Android™ users, the Toast window is a surprisingly fresh take on this technique. Google has already patched the issue being exploited, but many users unintentionally fell victim and gave permissions to a malicious app using the Toast window overlay on a legitimate page to spoof the users input. This type of attack can range from simply installing an annoying piece of malware on the device, all the way up to locking the device down and demanding a ransom.
Automating Your MSP Business
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

[Webinar] Multi-Vector Protection from Cyber attacks
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data.

But that feeling is fleeting. Attacks these days can happen in many ways and from angles we never saw coming. That’s why companies like Webroot, who focus on security solutions, want to inform those of us in the IT security industry on best ways to protect ourselves from multi-vector attacks, not single endpoint protection.

Watch Webroot’s discussion of the complexities of modern-day cyber threats and how we can properly practice multi-vector protection for maximum security.
Cyber News Rundown: Edition 9/8/17

The Cyber News Rundown brings you the latest happenings in cyber news weekly.
If you have any other questions, just ask!

Consumer Credit Reporting Agency Equifax Suffers Cyberattack Affecting 143 Million Customers

Equifax announced hackers gained access to sensitive company data that potentially compromised information for 143 million American consumers, including Social Security numbers, driver’s license information, and credit card details. This is the third major cybersecurity incident for the agency since 2015. Most concerning, Equifax knew of the breach on June 29 but waited until September 7 to disclose the information.

Instagram Hack Exposes Millions of Accounts
A group of hackers recently gained access to a large number of Instagram accounts for high-profile celebrities and other victims. The attackers were able to use an exploit in the Insta app to retrieve the email addresses and phone numbers for millions of account holders. They then used this information to take control of more valuable accounts and posted the credentials for sale on the dark web. While Instagram was quick to fix the bug, it is still unclear just how many accounts were compromised.

Customer Databases Belonging to Time Warner Cable Publicly Exposed
Check out what's been happening in the Experts Exchange community.
New Leadership at Webroot

Dick Williams has decided to retire after 8 years at Webroot, and more than five decades in the business world. Webroot has named a new CEO, Mike Potts, who will start September 25. Dick will remain on Webroot’s Board of Directors.
Mike brings more than 25 years of experience as a seasoned technology industry veteran spanning the application and security sectors. He most recently served as an integration executive in the security business group at Cisco after the acquisition of Lancope, where he served as president and CEO. Prior to Lancope, Mike was president and CEO of Air Defense, which was acquired by Motorola in 2008. He has a long history of driving innovation and growth and is the right person to continue our path to success at Webroot.

Dick expresses his sincere thanks and appreciation to all of our customers and advocates for helping Webroot achieve its current success, and for being incredible partners over the years.

Check out Dick's blog and our press release for more information on this announcement.
Cyber News Rundown: 9/1/17

IRS-Themed Ransomware Using Old-School Tactics

Over the past week, researchers have discovered a new ransomware variant that attempts to impersonate both the IRS and the FBI, similar to the FBI lockscreen malware that was popular several years ago. By tricking the victim into opening a link to a fake FBI questionnaire, the ransomware is downloaded onto the machine and begins encrypting. Fortunately, both the FBI and the IRS are taking great measures to alert possible victims and to catalog any scam emails that are being sent out.

History Repeats Itself at UK NHS District

Back in May, the UK’s National Health Services fell victim to a large WannaCry ransomware attack. While most of the districts have since regained full functionality, the district of Lanarkshire has once again been targeted. A cyberattack on its staffing and telephone systems left the district with only emergency services for several days. This event just reinforces the importance of updating security on critical systems before an attack, and even more so after one as devastating as WannaCry.

To read all of the stories, visit the Webroot Threat Blog.
Cyber News Rundown: Edition 8/25/17

The Cyber News Rundown brings you the latest happenings in cyber news weekly.
If you have any other questions, just ask!

UK NHS Database Exposes Over 1 Million Patient Records
During the past week, a breach was discovered in patient booking system SwiftQueue, which is widely used by several National Health Service (NHS) facilities. The database may have contained patient information for up to 1.2 million UK citizens, though the actual data has yet to be fully examined. Even worse, attackers now claim they have found additional SwiftQueue vulnerabilities and are in possession of all 11 million records stored by the company.

Booking Provider’s Data Found in Public Data Dump
Researchers recently discovered a large customer data dump in a publicly-facing Amazon S3 bucket. The data in question belongs to Groupize, a groups and meetings solution, and contains everything from customer interactions to full credit card information used to book hotels and other meeting spaces. Fortunately for anyone who has used the service, the data was properly secured within a week of the discovery.

Phishing Site Hosted on .fish Domain
Your Identity Is Yours. Here’s How To Keep It That Way.

Have you ever been out with friends, had a little too much to drink, and left your credit card in a bar? Or maybe you thought you’d stowed your child’s social security card safely away in your desk drawer, but now you can’t find it. It may seem like losing these items is just an inconvenience, but the reality is that simple slip-ups like these can spell disaster for you and your family.
We recently took to the streets of Denver to get a feel for how average Americans are staying safe from identity theft. Their responses were not so surprising.  
How are you protecting your identity?

Expert Comment

by:Brian Matis
How are you protecting your identity?
I'm with you on the credit monitoring and credit freeze. Although, full disclosure, I did spend many years working for one of the major credit bureaus on their consumer credit monitoring products and wrote the business requirements for my team's portion of the credit lock feature—still one of my favorite projects from when I was there. We made it so much easier for customers to manage their freeze status through our service. :-)

Author Comment

by:Drew Frey
The credit piece is a big one that I think many don't pay enough attention to. It's important to know where you stand and stay up to date with your credit score and in some cases, freeze when needed.

That project sounds really interesting! Fun that you got to work on that Brian!
Locky ransomware rises from the crypt

New variants of Locky—Diablo and Lukitus—have surfaced from the ransomware family presumed by many to be dead. After rising to infamy as one of the first major forms of ransomware to achieve global success, Locky’s presence eventually faded. However, it appears this notorious attack is back with distribution through the Necurs botnet, one of the largest botnets in use today.
Webroot protects against Diablo and Lukitus
For the initial list of MD5s and more detail on Locky.
Webroot Acquires Securecast, Launches Webroot Security Awareness Training

Beta Program Available Immediately to Help Businesses Reduce the Risks and Costs of Cyber Threats with End User Education

Webroot has acquired the assets of Securecast, a security awareness training platform. Building on Securecast, Webroot Security Awareness Training will give managed service providers (MSPs) and businesses a solution to reduce the risks and costs of phishing, ransomware, and other cyber threats with end-user education.

Webroot Security Awareness Training is available today as a beta program, with general availability scheduled for later this fall. The beta will allow participants to operate phishing simulations and provide a test course to address the weakest link in an organization’s security posture: the human factor. By combining the latest threat intelligence, technology, and training, Webroot enables businesses to reduce their security risks by continually educating their users and testing their awareness on cybersecurity best practices.

Explore Webroot Security Awareness Training

Webroot Security Awareness Training Beta Key Facts:
  • Webroot Security Awareness Training is a fully hosted Awareness-as-a-Service platform with an end user training program and a sophisticated phishing simulator.
  • The phishing
2017 Webroot Threat Report
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

The Future of Cyber Security - Facts & Predictions

Ransomware, one of today's biggest security threats, has become a massive growth opportunity for our channel. As key stakeholders fear now that their organisation will eventually be hit by a ransomware attack, they are willing to spend more on IT security solutions.
Join our Live Webinar on 24th August 2017
  • Why is NHS spending 50 million pounds to improve its cyber security?
  • Why are schools and top universities the perfect targets for the file-encrypting attacks?
  • How much are businesses willing to invest after their first ransomware attack?
  • How to remain competitive and win the cyber security market?

Register Now and Secure your Spot!
I have a client with a PC with Windows 10 Home. It hangs during startup. It has Webroot SecureAnywhere in its list of Features and Apps. Trying to uninstall from there brings up a message that it cannot find a certain uninstall program. I downloaded WRUpdaterTool.exe and ran it. It display messages as it ran indicating that it was succeeding, but in the end, the app still shows in Features and Apps. Does anyone know any other means to get rid of it? Thanks.

71% of SMBs aren't prepared for cybersecurity risks

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies (with between 100 and 499 employees) in the U.S., U.K., and Australia. The survey focused on how these small businesses perceived new threats facing their organizations.

Some of the answers were surprising.

Key stats:

  • 96% of those surveyed believe they are susceptible to cyber threats.
  • 80% use third-party IT security resources (mixed-use IT and security teams).
  • 94% are updating their security budgets to account for mitigating new threats.
  • 71% still admit not being ready to address cybersecurity threats.

Get the full report and more stats here.
You need to assemble a crack AI team: Where do you even start?

AI is finding its way into every day business and government. The idea of AI is not a new, but what is different is that today's hardware and software is bringing the various concepts underpinning AI to a mass market.

What’s new, too, is the driver: from bots and digital assistants to autonomous vehicles Google, Microsoft, Facebook, Nvidia and others in Silicon Valley are setting a drum beat to which the rest of are marching.

View All
How machine learning enables your best employees to work 24/7

A recent incent industry report states that artificial intelligence and machine learning have great potential, but can’t yet match the breadth of human intelligence. While I would argue you can’t have one without the other, meaning humans are an integral part of both AI and machine learning, both of these technologies have the power to be better than any single employee.

Our CTO, Hal Lonas, talks Artificial Intelligence and machine learning with Information-Management.
Webroot Certification Program
We're excited to announce the launch of our Webroot Certification Program.

The Webroot Certification Program covers key feature differentiators, deployment best practices, cybersecurity management, and basic troubleshooting techniques for SecureAnywhere® Business Endpoint Protection. The program enables the sales and technical teams at managed service providers (MSPs), value-added resellers (VARs), and other distributor partners to better sell and support the solution, as well as streamline and enhance their IT services business.

Get certified by signing up here.


Designed with MSPs, resellers, and distributors in mind, the Webroot® Channel Edge® Program offers
competitive margins, recurring revenue, lower operational costs, improved productivity, and innovative
enablement tools. Through its web-based management console and integration with RMM and PSA
platforms, Webroot provides easy-to-deploy, cloud-based security for endpoint, mobile, and web.
Partnering with businesses of all sizes, Webroot secures your clients against sophisticated threats—no
matter how or where users connect. For more information, visit www.webroot.com/MSPpartners

Top Experts In