Recently, news came out about a vulnerability (CVE-2020-0674) in Microsoft’s Internet Explorer scripting engine based on how the browser handles memory. More specifically, within the JScript component of the scripting engine is an unspecified memory corruption vulnerability. What this means in practice is that any application that supports embedding Internet Explorer or its scripting engine can be leveraged as an attack vector.Read More
Antivirus protection is a baseline cost of doing business for the modern organization. At first, companies and governments only needed signature-based antivirus that tracked known malware. As fileless malware and exploits accelerated, next-gen antivirus that leveraged AI and behavioral analysis came on the scene to respond.Read More
The 2018 Starwood Hotels breach is only the latest in a long line of high profile intrusions that hotels have faced. It’s notable primarily for how many customer records were exposed — 500 million worldwide according to parent company Marriott — and that the breach wasn’t discovered for four years. This makes the breach a particularly extreme outlier according to Ponemon Institute research data. A recent Ponemon report found that it takes an average of 197 days to discover a breach, and an average of 69 days to close it.Read More
A whopping 186.4 million Americans shopped in stores and online between Black Friday and Cyber Monday this year, according to the National Retail Federation. On average, these shoppers spent $361.90 per person over the five-day Thanksgiving weekend.Read More
Retailers aren’t the only ones who benefit from the holiday shopping season. Cyberattacks cost retailers more than $30 billion annually, and losses often mount during the highly profitable holiday season.Read More
In this blog, we will present some findings on how NanoCore RAT 126.96.36.199 is actively being delivered in new and different ways that we discovered at Morphisec Labs in the last couple of months. Specifically, we will focus on the sophisticated fileless methods for delivering the RAT without touching the disk.Read More
Subscribe to our blog
Stay in the loop with industry insight, cyber security trends, and cyber attack information and company updates.