In August of 2019, just a month after our publication on a targeted BitPaymer/IEncrypt campaign, Morphisec identified a new and alarming evasion technique that the same adversaries adopted while targeting yet another enterprise in the automotive...
Read MoreDuring the period of March to May 2019, Morphisec Labs observed a new, highly sophisticated variant of the ShellTea / PunchBuggy backdoor malware that attempted to infiltrate a number of machines within the network of a customer in the...
Read MoreIntroduction
This week, Kaspersky Lab reported initial details of a new supply chain attack on systems by computer giant ASUS. Dubbed ShadowHammer by Kaspersky, the attack leveraged a malicious version of ASUS Live Update,
Read MoreLet’s face it – there are a lot of threat reports and threat data floating around. What makes the Morphisec Labs Threat Report different is the type of threats it analyzes. It focuses on the threats that pose a real risk to organizations, the ones...
Read MoreMicrosoft has introduced significant changes in the loader functionality as part of its new re-release of Windows 10 v. 1809.
Morphisec and Microsoft identified an issue impacting users running Morphisec’s ETP agent on top of Windows 10 v. 1809 with...
Read MoreNote: This post was updated 11-30-18 with details of a new intercepted attack. See technical description below.
Over the past three days, Morphisec Labs researchers have discovered a widespread cyber campaign hitting multiple targets. Morphisec...
Read MoreThis blog was co-authored by Alon Groisman.
It seems like the rumors of FIN7’s decline have been hasty. Just a few months after the well-publicized indictment of three high-ranking members in August, Morphisec has identified a new FIN7 campaign...
Read MoreOver the past year, Morphisec and several other endpoint protection companies have been tracking a resurgence in activity from the Cobalt Group. Cobalt is one of the most notorious cybercrime operations, with attacks against more than 100 banks...
Read MoreSo far, 2018 has turned out to be anything but business as usual, at least on the cybersecurity front. The revelation about CPU vulnerabilities Meltdown and Spectre (and all the offshoots); the explosion in cryptojacking – which is likely even more...
Read MoreAfter more than four years with no weaponized exploits for Adobe Acrobat Reader, researchers at ESET identified a weaponized PDF that allows attackers to execute arbitrary code on the targeted machine and eventually assume full system control. The...
Read MoreIn April, researchers at Qihoo 360 Core Security Division discovered a VBScript vulnerability actively exploited in targeted attacks. Since then, it has appeared in additional attack campaigns. The vulnerability, CVE-2018-8174, dubbed "Double...
Read MoreOn March 21,2018, Morphisec Labs began investigating the compromised website of a leading Hong Kong Telecommunications company after being alerted to it by malware hunter @PhysicalDrive0. The investigation, conducted by Morphisec researchers...
Read MoreMorphisec researchers Michael Gorelik and Andrey Diment have discovered CIGslip, a new method which can be exploited by attackers to bypass Microsoft’s Code Integrity Guard and load malicious libraries into protected processes such as Microsoft Edge.
Read MoreThe Lazarus Group, also known as Hidden Cobra, may be in play again. The notorious cybercrime group is allegedly responsible for some of the most devastating attacks over the past few years, including the SWIFT network hack that stole $81 million...
Read MoreOn February 22, 2018, Morphisec Labs spotted several malicious word documents exploiting the latest Flash vulnerability CVE-2018-4878 in the wild in a massive malspam campaign. Adobe released a patch early February, but it will take some companies...
Read MoreBefore diving into the analysis of CVE-2018-4878, a quick reminder that this is the continuation of our previous post, which provided background on CVE-2018-4878, including a video of how Morphisec prevents any attacks leveraging this Flash...
Read MoreHow an organization handles the time between the unleashing of a zero-day and the availability of a patch is telling. There are basically two kinds of companies – those that try to mitigate the risk as best they can while they wait for a patch and...
Read MoreThe IT world is still shaking from the news that most modern processors have severe architecture flaws. This makes it possible for attackers to gain access to user mode and kernel memory data to leak crypto-keys, passwords, memory structures like...
Read MoreA report co-authored by Michael Gorelik, CTO and VP R&D, and Roy Moshailov, Malware Research Expert at Morphisec.
Fileless malware is a type of a malicious code execution technique that operates completely within process memory; no files are dropped...
Read MoreSearch Our Site
Recent Posts
Posts by Tag
- Moving Target Defense (129)
- Cyber Security News (124)
- Morphisec Labs (113)
- Threat Research (65)
- Threat Post (62)
- Morphisec News (52)
- Automated Moving Target Defense (11)
- Defense-in-Depth (6)
- in-memory attacks (6)
- Gartner (5)
- Ransomware (4)
- runtime attacks (4)
- Legacy security (3)
- Linux cyber security (3)
- advanced threat defense (3)
- threat and vulnerability management (3)
- Adaptive Exposure Management (2)
- ChatGPT (2)
- Evasive loader (2)
- Fileless malware (2)
- Gartner endpoint protection (2)
- financial cybersecurity (2)
- patch management (2)
- Anti-tampering (1)
- Critical Threat Exposure Management (CTEM) (1)
- Gartner Emerging Tech (1)
- Healthcare cybersecurity (1)
- IoT security (1)
- Securing IoT devices (1)
- Server security (1)