<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">

Cobalt Group 2.0

Posted by Michael Gorelik on October 8, 2018 at 2:46 PM

 

Over the past year, Morphisec and several other endpoint protection companies have been tracking a resurgence in activity from the Cobalt Group. Cobalt, also known as Carbanak and Anunak, is one of the most notorious cybercrime operations, with attacks against more than 100 banks across 40 countries attributed to the group. The most recent attacks can be grouped

Read More

Topics: Threat Alerts, Fileless Attacks, Attack Analysis, APT, Moving Target Defense

Increasing Fallout from the Fallout Exploit Kit

Posted by Shelley Leveson on September 28, 2018 at 4:40 PM

The Fallout exploit kit, named for its similarities to the once notorious Nuclear exploit kit, already shows signs of reaching the levels of popularity of its namesake. Since its discovery by security researchers at the end of August, Fallout has been seen distributing the SmokeLoader trojan, GandCrab ransomware, CoalaBot, various potentially unwanted programs (PUPs) and, most recently, a new ransomware strain called SAVEfiles.

Read More

Topics: Threat Alerts, Exploit Kit, Exploits, Cyber Security, Sandbox evasion

SharpShooter Pen Testing Framework Used by Attackers

Posted by Roy Moshailov on August 12, 2018 at 1:39 PM

Fileless malware is a type of a malicious code execution technique that operates completely within process memory; no files are dropped onto the disk. Without any artifacts on the hard drive to detect, these attacks easily evade most security solutions.

Read More

Topics: Threat Alerts, Endpoint Security, Cyber Attacks, Sandbox evasion, Fileless Attacks

GandCrab Ransomware Version 4.0/4.1

Posted by Roy Moshailov on July 18, 2018 at 4:22 PM

July has been a busy month for the distributors of GandCrab ransomware. After about two months with no major update, the cybercrime gang behind GandCrab released version 4, and a few days later, version 4.1. The primary delivery method is via compromised WordPress websites, which have been hijacked to include fake crack application pages, which in turn redirect to the GandCrab executable. Other distribution methods are Exploit Kits (EK) and malicious email campaigns.

Read More

Topics: Threat Alerts, Custom Packer, Ransomware, Exploit Kit

Threat Alert: MyloBot  - New Highly Sophisticated Botnet

Posted by Roy Moshailov on June 27, 2018 at 10:54 AM

A new highly sophisticated botnet incorporating numerous malicious, evasive techniques is quickly spreading its tentacles. Dubbed MyloBot, the botnet uses an usually complex chain attack and combines multiple anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. Initial research published by Deep Instinct points out that everything on the victim’s end takes place in memory, while the main business logic of the botnet is executed in an external process using code injection. This makes it even harder to detect and trace.

Read More

Topics: Threat Alerts, Fileless Attacks, Cyber Security, Advanced Persistent Threats

Threat Alert: Flash Vulnerability CVE-2018-5002

Posted by Morphisec Team on June 22, 2018 at 4:33 PM

Adobe disclosed that a Flash zero-day was being exploited in targeted attacks against Windows users. The critical vulnerability was discovered and independently reported by several security firms. Successful exploitation of the vulnerability allows arbitrary code execution which can ultimately lead to an attacker assuming full system control.

Read More

Topics: Threat Alerts, Zero-day, Cyber Security

[CRITICAL ALERT] CVE-2018-4990 Acrobat Reader DC Double-Free Vulnerability

Posted by Michael Gorelik on June 18, 2018 at 6:20 PM

 

After more than four years with no weaponized exploits for Adobe Acrobat Reader, researchers at ESET identified a weaponized PDF that allows attackers to execute arbitrary code on the targeted machine and eventually assume full system control. The PDF exploits two previously unknown vulnerabilities, Acrobat Reader vulnerability CVE-2018-4990 and a privilege escalation vulnerability in Microsoft Windows, CVE-2018-8120.

Adobe Reader has a built-in sandbox feature that usually makes exploitation difficult. By combining vulnerabilities, this attack achieves code execution and then bypasses the sandbox protection to fully compromise the targeted system.

Read More

Topics: Threat Alerts, Attack Analysis, Endpoint Security, Zero-day, Research

CVE-2018-8174 Blows the VBScript Attack Door Wide Open

Posted by Michael Gorelik on May 25, 2018 at 5:42 PM

 

In April, researchers at Qihoo 360 Core Security Division discovered a VBScript vulnerability actively exploited in targeted attacks. Since then, it has appeared in additional attack campaigns. The vulnerability, CVE-2018-8174, dubbed "Double Kill",  is significant on several counts.

Read More

Topics: Threat Profile, Threat Alerts, Exploits, Cyber Security

Watering Hole Attack on Leading Hong Kong Telecom Site Exploiting Flash Flaw (CVE-2018-4878)

Posted by Michael Gorelik on March 23, 2018 at 7:01 AM

On March 21,2018, Morphisec Labs began investigating the compromised website of a leading Hong Kong Telecommunications company after being alerted to it by malware hunter @PhysicalDrive0. The investigation, conducted by Morphisec researchers Michael Gorelik and Assaf Kachlon, determined that the Telecom group's corporate site had indeed been hacked. Attackers added an embedded Adobe Flash file that exploits the Flash vulnerability CVE-2018-4878 on the main home.php page.

Read More

Topics: Threat Alerts, Fileless Attacks, Attack Analysis, Exploits, Cyber Attacks

Threat Alert: Memory Corruption Vulnerability CVE-2017-11826

Posted by Morphisec Team on December 13, 2017 at 2:45 PM

Two days ago, researchers at TarLogic published a proof-of-concept APT that leverages CVE-2017-11826, a Microsoft Office 0-day vulnerability existing in all Office versions.  Microsoft issued a patch for the vulnerability in October, however many systems still remain at risk.

Read More

Topics: APT, Cyber Attacks, Zero-day, 0-day exploits, Endpoint Security, Threat Alerts

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts