<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">

Adobe Flash Zero-Day Prevented by Morphisec (CVE-2018-4878)

Posted by Michael Gorelik on February 6, 2018 at 9:10 AM

How an organization handles the time between the unleashing of a zero-day and the availability of a patch is telling. There are basically two kinds of companies – those that try to mitigate the risk as best they can while they wait for a patch and those that have a security tool able to prevent zero-days. The latest Flash-Player zero-day CVE-2018-4878 is yet another example.

Read More

Topics: Exploits, Cyber Attacks, Zero-day

Threat Profile: Microsoft Equation Editor Backdoor

Posted by Roy Moshailov on January 29, 2018 at 1:19 PM

Towards the end of 2017, a group of researchers at Embedi discovered a Microsoft Office vulnerability that’s been quietly putting systems in danger for about 17 years.

Read More

Topics: Threat Profile, Exploits, MS Office Exploits, Cyber Attacks

Top Seven Cybersecurity Predictions for 2018

Posted by Morphisec Team on January 11, 2018 at 3:16 PM

With a turbulent 2017 finally behind us, what’s the cybersecurity forecast for 2018? Some predictions need no crystal ball – the cyber labor shortage will continue, spending on security solutions will go up, the breaches that do occur will be bigger and messier. But what else is in store for 2018? Morphisec’s VP Sales Arthur Braunstein, VP Product Netta Schmeidler and our co-founder Dudu Mimram weigh in.

Read More

Topics: Cyber Security, Endpoint Security, Fileless Attacks, Cyber Attacks

Threat Alert: Memory Corruption Vulnerability CVE-2017-11826

Posted by Morphisec Team on December 13, 2017 at 2:45 PM

Two days ago, researchers at TarLogic published a proof-of-concept APT that leverages CVE-2017-11826, a Microsoft Office 0-day vulnerability existing in all Office versions.  Microsoft issued a patch for the vulnerability in October, however many systems still remain at risk.

Read More

Topics: APT, Cyber Attacks, Zero-day, 0-day exploits, Endpoint Security, Threat Alerts

How to Create a Safer Shopping Experience

Posted by Mordechai Guri, Ph.D. on December 6, 2017 at 4:11 PM

The annual holiday season has arrived. The air grows crisp (at least in the Northern hemisphere), new, cool gadgets are released and cyberattacks, along with cologne ads, proliferate. Cyber threats aren’t deterring shoppers though: The National Retail Federation expects online holiday sales to increase by 7 to 10 percent over last year, reaching as much as $117 billion. With e-commerce attacks in Q3 2016 increasing by 60 percent over the previous year, shopping hazards can hit from all sides. From phishing sites to online card skimming to compromised terminals in stores; even gifts themselves pose security risks. Still, there is much both consumers and retailers can do in order to make an all around safer shopping experience.

Read More

Topics: Cyber Security, Cyber Attacks, Endpoint Security

Fileless Malware: Attack Trend Exposed

Posted by Michael Gorelik on November 29, 2017 at 6:22 PM

A report co-authored by Michael Gorelik, CTO and VP R&D, and Roy Moshailov, Malware Research Expert at Morphisec.

Fileless malware is a type of a malicious code execution technique that operates completely within process memory; no files are dropped onto the disk. Without any artifacts on the hard drive to detect, these attacks easily evade current detection solutions.

Read More

Topics: Attack Analysis, Fileless Attacks, Cyber Attacks, Research

Preventing Bad Rabbit Is Only Remarkable If It's Unremarkable

Posted by Arthur Braunstein on October 27, 2017 at 1:55 PM

In the last 48 hours, a hurricane of e-mails has crossed my Inbox, with breathless and self-congratulatory subject lines like "Our latest release detects Bad Rabbit" and "XYZ now protects XYZ customers from Bad Rabbit." In other words, "If you use our product, you were exposed to Bad Rabbit, but now that we know about it (from someone else) we deployed an update." Once you decode the messages, it’s clear that the content is not newsworthy, differentiating or exciting, it’s just an excuse to partake in the latest frenzy.

Read More

Topics: Cyber Attacks, Cyber Security, Ransomware

Hospitality Industry Needs Shelter From Cyber Threats

Posted by Shelley Leveson on June 27, 2017 at 2:25 AM

Two weeks ago, Morphisec Lab, led by VP R&D Michael Gorelik, warned of a new attack by the FIN7 cybercrime group against restaurants across the US. Earlier this year, the financially motivated FIN7 group, one of the leading threat actor groups operating today, targeted restaurant chains Chipotle, Baja Fresh and Ruby Tuesday, among others. And you certainly remember the massive 2016 attack on the Wendy’s fast food chain, which resulted in over 1000 Wendy’s locations hit by a credit card breach. Numbers were also big in the Arby’s data breach discovered in January 2017: according to the credit union service PSCU, 350,000 credit and debit card accounts might have been impacted by the hack on Arby’s point-of-sale (PoS) systems.

Read More

Topics: Endpoint Security, Fileless Attacks, Cyber Attacks, APT

FIN7 Takes Another Bite at the Restaurant Industry

Posted by Michael Gorelik on June 9, 2017 at 11:40 AM

INTRODUCTION

On June 7, 2017, Morphisec Lab identified a new, highly sophisticated fileless attack targeting restaurants across the US. The ongoing campaign allows hackers to seize system control and install a backdoor to steal financial information at will. It incorporates some never before seen evasive techniques that allow it to bypass most security solutions – signature and behavior based.

Read More

Topics: Cyber Attacks, Cyber Security, Endpoint Security, Attack Analysis

Threat Profile: Jaff Ransomware

Posted by Morphisec Team on May 19, 2017 at 7:03 PM

Last week, a massive wave of spam email that infects victims with a new type of ransomware, dubbed "Jaff", flooded networks across Europe, North America and Australia. Estimates put the number of malicious emails in the tens of millions.

Read More

Topics: Cyber Attacks, Cyber Security, Endpoint Security, Ransomware, Threat Profile

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts