<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">

Case Study: Dan Hotel Group Stays Off the Breach List

Posted by Shelley Leveson on May 17, 2018 at 11:50 PM

 

If you’ve stayed at any large hotel chain in the past year, there’s a good chance your personal details have been compromised. According to Verizon’s 2018 Data Breach Investigations Report, the accommodation industry had one of the highest number of breaches, second only to healthcare. 

Read More

Topics: Endpoint Security, Cyber Security, Case Study, CISO

New Info-Stealing Trojan Spotted in HSBC Malspam Campaign

Posted by Roy Moshailov on May 9, 2018 at 10:38 AM

On the 12th of April, Morphisec, identified and prevented a major wave of malspam purporting to be from HSBC Bank. The phishing campaign targeted several industrial manufacturing and service enterprises in Asia, using standard but still often effective social engineering tactics. The malicious email delivered a sophisticated info-stealing trojan via a weaponized ISO attachment. ISO files are a type of image archive format used for optical disk images, which can be opened using WinRAR and other programs.

Read More

Topics: Malspam, Attack Analysis, Threat Profile, Research

Morphisec Honored at MMCIO Spring Forum

Posted by Shelley Leveson on May 3, 2018 at 1:02 PM

Morphisec is honored to have received awards in three out of six categories at this year's Midmarket CIO Spring Forum. The annual Vendor Excellence and Midmarket CIO Awards recognize leaders in technology collaboration. 

Over 77% of all cyber crimes target small and midsize enterprises. According to the 2017 State of Cybersecurity in Small & Medium-Sized Businesses (SMB) report by the Ponemon Institute, cyberattacks cost small and medium-sized businesses an average of $2,235,000.

Read More

Topics: Company News, Cyber Security, CISO

GDPR and Your Cybersecurity Strategy

Posted by Netta Schmeidler on April 26, 2018 at 9:28 PM

One of the hottest topics at last week’s RSA Conference was GDPR. Over twenty sessions covered GDPR from various angles and many more touched upon the subject in some way. This was hardly surprising – with the May 25th compliance deadline looming, companies are frantically trying to understand the implications, their responsibilities and actions they need to take.

Read More

Topics: GDPR

Women Underrepresented at RSAC - Let's Do Something About It

Posted by Netta Schmeidler on April 19, 2018 at 5:27 PM

 

Although I’m excited to be at the RSA Conference with my Morphisec colleagues, it reminds me of the impetus for starting our Women in Cybersecurity Scholarship. Of 28 keynote speakers at RSAC, only seven are women, and six of these were added at the last minute following a string of scathing tweets and articles. This 25% figure seems to be the average percentage in the general sessions as well. I attended several that were one woman in a panel of four, a few that had only male speakers and a single session that had a majority female panel. If I had to guess the overall attendee and exhibitor gender split I’d say it fell along the same lines, but that percent is skewed by the number of women simply scanning badges.

Read More

Topics: Events, Cyber Security, Company News

Morphisec Joins Citrix Ready Partner Program

Posted by Shelley Leveson on April 17, 2018 at 9:42 AM

Morphisec Moving Target Defense verified as Citrix Ready to enhance protection with Citrix XenApp and XenDesktop

Read More

Topics: Cyber Security, Endpoint Security, Industry News, Company News, Moving Target Defense

ESG Report Reviews Morphisec for Advanced Prevention Defense

Posted by Shelley Leveson on April 12, 2018 at 5:11 PM

CISOs face an escalating battle on two fronts: externally from ever-more sophisticated attackers and internally in managing all the threat protection and additional security layers they put in to stop them. And they are losing. Despite added technology complexity and operational overhead, cyber criminals still manage to get past defenses.

According to a a new report from analyst firm ESG, 72% of organizations believe that security operations are more difficult today than they were two years ago yet 54% still suffered at least one security incident.

Read More

Topics: Cyber Security, Endpoint Security, Industry News, Company News, Moving Target Defense

Watering Hole Attack on Leading Hong Kong Telecom Site Exploiting Flash Flaw (CVE-2018-4878)

Posted by Michael Gorelik on March 23, 2018 at 7:01 AM

On March 21,2018, Morphisec Labs began investigating the compromised website of a leading Hong Kong Telecommunications company after being alerted to it by malware hunter @PhysicalDrive0. The investigation, conducted by Morphisec researchers Michael Gorelik and Assaf Kachlon, determined that the Telecom group's corporate site had indeed been hacked. Attackers added an embedded Adobe Flash file that exploits the Flash vulnerability CVE-2018-4878 on the main home.php page.

Read More

Topics: Threat Alerts, Fileless Attacks, Attack Analysis, Exploits, Cyber Attacks

Threat Profile: Dofoil (Smoke Loader) Trojan with Coin-Miner 

Posted by Roy Moshailov on March 22, 2018 at 8:08 AM

 

These days, most malware employs a long attack chain with anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. More and more frequently, they are also incorporating coin miners in attacks. Such is the case with a newly observed variant of the Dofoil (also known as Smoke Loader) trojan, which includes a resource-draining cryptocurrency-mining payload. This latest Dofoil strain entered the scene earlier this month and is currently still active.

Read More

Topics: Threat Profile, Attack Analysis, Cyber Attacks

Webinar: Dynamic Endpoint Protection for Virtual Environments

Posted by Tom Bain on March 20, 2018 at 1:35 AM

Register for our webinar Dynamic Endpoint Protection for Virtual Environments on March 21, 2018.

Virtual Desktop Infrastructure (VDI) offers many advantages but it is not attack proof and highly advanced cyberattacks present an ever growing threat. IT and Security teams need to rethink the fabric, the costs and the risks inherent within virtual environments. Endpoint protection for VDIs has always been problematic as they are extremely sensitive to the performance impact of security products. The wrong security tools will consume resources, slow system boot up and impede productivity.

Read More

Topics: Webinars, VDI, Endpoint Security

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts