In the rapidly evolving landscape of cybersecurity threats, a new adversary has emerged, drawing inspiration from one of the internet’s most enigmatic puzzles—Cicada3301. This new threat, dubbed Cicada3301 ransomware, was identified in a Morphisec...
Read MoreA recent faulty configuration file in CrowdStrike's Falcon platform caused a significant IT disruption, rendering millions of Windows machines inoperable. The result was a multi-day outage event, which affected critical sectors such as airlines,...
Read MoreMorphisec researchers have identified a significant vulnerability, CVE-2024-38021 — a zero-click remote code execution (RCE) vulnerability that impacts most Microsoft Outlook applications.
Read MoreYou’ve Got Mail: Critical Microsoft Outlook Vulnerability CVE-2024-30103 Executes as Email is Opened
In the ever-evolving landscape of cybersecurity, staying ahead of threats is paramount. At Morphisec, our team of dedicated researchers continuously strives to identify and mitigate emerging vulnerabilities to protect organizations worldwide.
...
Read MoreThe Cybersecurity and Infrastructure Security Agency (CISA) recently sounded the alarm on the widespread exploitation of the Citrix Bleed vulnerability. This critical security flaw has had a significant impact across various industries in the United...
Read MoreAs of January 10th 2023, Windows 7, Windows 8, 8.1, their Windows embedded derivatives, and Windows Server 2008 R2 will no longer receive patches from Microsoft. Millions of devices will now become "legacy" and create a suite of new legacy security...
Read MoreToday’s cyber security solutions aren’t countering threat actors’ advanced attacks. In the wake of the SolarWinds breach, even the largest companies and most-secure public agencies have had serious vulnerabilities exposed. If existing solutions...
Read MoreOn December 9th, 2021, reports surfaced about a new zero-day vulnerability, termed Log4j (Log4Shell), impacting Minecraft servers. [see “Protecting Against the Log4J Vulnerability”] Countless millions of devices instantly became at risk of attack,...
Read MoreOn December 9th, 2021, reports surfaced about a new zero-day vulnerability, termed Log4j (Log4Shell), impacting Minecraft servers. Now, almost one week later, it is clear that countless millions of devices are at risk, and Log4j may rank among the...
Read MoreRansomware attacks are soaring. By the end of this year, the global costs incurred by ransomware will be more than $20 billion annually – 57 times what they were in 2015 . For individual organizations feeling the sharp end of this exponential rise,...
Read MoreAlmost a year after an international law enforcement effort supposedly defeated it, Emotet, aka "the world's most dangerous botnet," has returned. Earlier this week, German security researcher Luca Ebach reported seeing malware with Emotet-like...
Read MoreIn the past month, Morphisec has investigated the origin of several increasingly prevalent infostealers. These include Redline, Taurus, Tesla, and Amadey.
As part of our research, we identified pay-per-click (PPC) ads in Google’s search results that...
Read MoreThe developers of the Phobos ransomware have added new fileless and evasive techniques to their arsenal. Constantly keeping their attack up to date helps them bypass detection technologies through several distinct approaches, the latest of which we...
Read MoreMicrosoft recently published details of an attack showing how a threat actor used zero-day exploits to access Microsoft Exchange Servers. The new exploit enabled access to email accounts and allowed the installation of additional malware to...
Read MoreIntroducing egregor ransomware
Egregor is considered to be one of the most prolific ransomware threat groups. Yet it gained this reputation in a very short time due to its uncompromising double extortion methodology.
Read MoreIntroduction
The Agent Tesla information stealer has been around since 2014. During the last two to three years, it's also had a significant distribution growth factor partially due to the fact that cracked versions of it have been leaked.
Read MoreGarmin has confirmed that the recent outage its users experienced was indeed the result of a successful ransomware attack. However, the extent of the damage done is still unclear. The attack, which compromised Garmin’s servers for five days,...
Read MoreAdvanced persistent threats describes the highly evolved nature of today’s cyberattacks. Hackers have developed sophisticated techniques – in-memory exploits, living-off-the-land attacks, remote access trojans, and more – that allow them to evade...
Read MoreSearch Our Site
Recent Posts
Posts by Tag
- Automated Moving Target Defense (151)
- Cyber Security News (131)
- Threat Research (131)
- Morphisec Labs (120)
- Morphisec News (55)
- Defense-in-Depth (12)
- Gartner (9)
- Ransomware (9)
- Adaptive Exposure Management (8)
- Continuous Threat Exposure Management (CTEM) (8)
- In-Memory Attacks (7)
- Threat and Vulnerability Management (5)
- Advanced Threat Defense (4)
- Microsoft (4)
- Runtime Attacks (4)
- ChatGPT (3)
- Evasive Loader (3)
- Fileless Malware (3)
- Financial Cybersecurity (3)
- Legacy Security (3)
- Linux Cybersecurity (3)
- Product Blogs (3)
- Healthcare Cybersecurity (2)
- Patch Management (2)
- Anti-tampering (1)
- Artificial Intelligence (1)
- IoT Security (1)
- Managed Service Providers (1)
- Server Security (1)