BLOGS By Jay Kurup

In late 2023, Microsoft Windows Server 2012 and 2012 R2 reached their end of life. Microsoft is ending free updates, bug fixes, and technical support to an operating system still used in hundreds of thousands of enterprise servers.

Ransomware has become one of the most prevalent and damaging forms of cybercrime in recent years, affecting businesses, governments and individuals worldwide. The 2024 Verizon Data Breach Investigations Report highlights ransomware as one of the...

Mandiant cybersecurity researchers recently released a blog on a memory-only dropper which uses a complex multi-stage infection process. This PowerShell-based downloader is being tracked as PEAKLIGHT. Mandiant researcher findings note that this...

The evolution of cybersecurity has been a journey of increasingly sophisticated defense innovations. It began with basic anti-virus (AV) software, which relied on static analysis to identify known threats by scanning binaries and files. 

As part of our ongoing efforts to identify newer vulnerabilities in Microsoft Office applications, Morphisec researchers have discovered two additional critical vulnerabilities in the Microsoft Outlook application which were reported to Microsoft...

The cyber threat landscape is undeniably complex and dynamic. Traditional cybersecurity measures are struggling to detect and stop attacks before they can cause damage. The IBM Cost of a Data Breach Report for 2023 found that only one-third of...

Morphisec has successfully identified and prevented a new variant of IDAT loader. This loader is used to deliver a range of malware payloads based on the attacker's assessment of the victim's system. Distinguished by its modular architecture, IDAT...

CVE-2024-2883 is a critical vulnerability found in ANGLE, a component of Google Chrome and Microsoft Edge. The vulnerability is exploitable via crafted HTML pages, allowing remote attackers to exploit heap corruption. The potential impact is high,...

This blog examines the Akira Ransomware as a Service (RaaS) group, to understand their Tactics, Techniques, and Procedures (TTPs), and validate how Morphisec’s patented Anti-Ransomware solution powered by Automated Moving Target Defense (AMTD) can...

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Security leaders are acutely aware of vulnerability risks. Organizations continue to allocate thousands of dollars to periodic vulnerability assessments, and thousands more to technology and resources for mitigation — yet vulnerability-based breach...

Apple Security Engineering and Architecture (SEAR) and the Citizen Lab opened a pair of critical vulnerabilities relating to the abuse of WebP images which could lead to exploitation of Google Chrome and Chromium-based browsers, as well as the...