<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">
Posted by Andrew Homer on January 21, 2020

Recently, news came out about a vulnerability (CVE-2020-0674) in Microsoft’s Internet Explorer scripting engine based on how the browser handles memory. More specifically, within the JScript component of the scripting engine is an unspecified memory corruption vulnerability. What this means in practice is that any application that supports embedding Internet Explorer or its scripting engine can be leveraged as an attack vector.

Read More
Posted by Daniel Petrillo on January 16, 2020

 

Antivirus protection is a baseline cost of doing business for the modern organization. At first, companies and governments only needed signature-based antivirus that tracked known malware. As fileless malware and exploits accelerated, next-gen antivirus that leveraged AI and behavioral analysis came on the scene to respond.

Read More
Posted by Matthew Delman on January 8, 2020

The 2018 Starwood Hotels breach is only the latest in a long line of high profile intrusions that hotels have faced. It’s notable primarily for how many customer records were exposed — 500 million worldwide according to parent company Marriott — and that the breach wasn’t discovered for four years. This makes the breach a particularly extreme outlier according to Ponemon Institute research data. A recent Ponemon report found that it takes an average of 197 days to discover a breach, and an average of 69 days to close it.

Read More
Posted by Morphisec Team on December 24, 2019
Posted by Arnold Osipov on December 19, 2019

A whopping 186.4 million Americans shopped in stores and online between Black Friday and Cyber Monday this year, according to the National Retail Federation. On average, these shoppers spent $361.90 per person over the five-day Thanksgiving weekend.

Read More
Posted by Alon Groisman on December 18, 2019

In April 2019, attackers who breached IT supplier Wipro leveraged the ConnectWise Control (formerly ScreenConnect) remote desktop application as a major component of their attack.

Read More
Posted by Matthew Delman on December 4, 2019

Retailers aren’t the only ones who benefit from the holiday shopping season. Cyberattacks cost retailers more than $30 billion annually, and losses often mount during the highly profitable holiday season.

Read More
Posted by Daniel Petrillo on November 20, 2019

Last week, Intezer and IBM X-Force released new research identifying a new form of ransomware, which they named PureLocker. Written in PureBasic and designed to attack servers, this damaging new malware has been described as Malware-as-a-Service in a recent ZDNet article

Read More
Posted by Morphisec Labs on October 16, 2019

In this blog, we will present some findings on how NanoCore RAT 1.2.2.0 is actively being delivered in new and different ways that we discovered at Morphisec Labs in the last couple of months. Specifically, we will focus on the sophisticated fileless methods for delivering the RAT without touching the disk.

Read More
Posted by Michael Gorelik on October 10, 2019

In August of 2019, just a month after our publication on a targeted BitPaymer/IEncrypt campaign, Morphisec identified a new and alarming evasion technique that the same adversaries adopted while targeting yet another enterprise in the automotive industry.

Read More