In August of 2019, just a month after our publication on a targeted BitPaymer/IEncrypt campaign, Morphisec identified a new and alarming evasion technique that the same adversaries adopted while targeting yet another enterprise in the automotive industry.
Read MoreThis week, headlines blew up with warnings of a design flaw in the CTF subsystem (msctf) of the Windows Text Services Framework that affects all current Windows systems and those going back as far as twenty years.
Read MoreThe recent Meltdown and Spectre CPU vulnerabilities took almost everyone by surprise. Widespread panic was staved off only by the promise of a nearly-ready OS patching fix, which it turned out, excluded a large swath of systems and created its own set of problems.
Users are still scrambling to patch systems with an extremely complex mixture of OS, firmware and application updates. Organizations are encountering slowdowns, blue screens and reboot problems in their rush to avoid security problems. The entire stack of Spectre and Meltdown fixes has not yet been properly tested and will take time to reach anything resembling stability.
Read MoreTwo days ago, researchers at TarLogic published a proof-of-concept APT that leverages CVE-2017-11826, a Microsoft Office 0-day vulnerability existing in all Office versions. Microsoft issued a patch for the vulnerability in October, however many systems still remain at risk.
Read More
Fueled by access to ever-increasing computational power, the past few decades have seen an explosion in Artificial Intelligence (AI) capabilities and applications. Today, AI is used in everything from image and speech recognition, to recommendation systems, to biomedical informatics to self-driving cars. Recently, various cyber security vendors are adapting "AI Technologies" in their products in order to improve the detection rate of malware and attacks. In particular, AI is expected to slowly replace the old-style signature-based detection of malware. Signature-based detection has proved to be ineffective against today's "one-million-new-samples-per-day" malware variants. But what does it really mean to use AI in detection of attacks and malware; can it really live up to its promises?
Read MoreINTRODUCTION
From April 19-24, 2017, a politically-motivated, targeted campaign was carried out against numerous Israeli organizations. Morphisec researchers began investigating the attacks on April 24 and continue to uncover more details. Initial reports of the attacks, published April 26 (in Hebrew) by the Israel National Cyber Event Readiness Team (CERT-IL) and The Marker, confirm that the attack was delivered through compromised email accounts at Ben-Gurion University and sent to multiple targets across Israel. Ironically, Ben-Gurion University is home to Israel’s Cyber Security Research Center. Investigators put the origin of the attack as Iranian; Morphisec’s research supports this conclusion and attributes the attacks to the same infamous hacker group responsible for the OilRig malware campaigns.
Read MoreImagine this. You are in charge of public health and must deal with an unrelenting epidemic. You have two options for protecting the population.
The first option is to monitor each person for symptoms of infection. You buy analytical technology and infrastructure, hire staff and build hospitals. You send forth specialists to monitor everyone. When they notice symptoms, more tests are performed. The symptoms are
subtle (fatigue, headache, stiffness), and healthy and sick people look a lot alike, so to be on the safe side you test far more people than are truly ill. Once you suspect infection, you quarantine the person and start a course of treatment. Sometimes the people are cured. Sometimes they are not. You can’t guarantee that you will find everyone who is infected. Or that everyone you treat is ill. The monitoring and mandatory quarantine intrude on civil liberties, disrupt lives and interfere with the economy. To compound matters, the disease mutates, so you have to continually design new screening tests and retrain the specialists.
The recent FireEye discovery of an Angler Exploit Kit variant that bypasses Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) has taken the cyber security world by surprise – but it shouldn’t have. New variants of the Angler EK crop up constantly (see Javascript in IE Overtakes Flash as Number One Target for Angler Exploit Kit) and EMET was never meant to be infallible, just make it more difficult for hackers. EMET, which uses a set of predefined rules to prevent specific malware, is often relied upon to stop zero-day attacks on Windows systems until a patch is developed for the vulnerability. Although researchers have previously discovered vulnerabilities that allowed them to bypass EMET defenses, this is the first time an exploit in the wild has been successful.
Read MoreEarlier this year, Microsoft announced its Windows updates for business, which was proclaimed as a way to "empower IT Professionals to keep the Windows devices in their organization always up to date with the latest security defenses and Windows features." If there is one thing most IT Pros agree on, it is that patching is a pain – it is something that must be done for the long-term security of the organization, but it is disruptive so it gets delayed (and the new Microsoft service will attempt to shorten these delays). And even worse than the business interruption patching causes, on its own, patching is never sufficient.
Read MoreHave you ever wondered what happens to zero-day exploits after their big splash on day zero? Often 0-days are developed to target a specific organization, as in this Pawn Storm-related instance reported by Trend Micro, which targeted specific people within the Foreign Affairs Ministry.
Read MoreSearch Our Site
Recent Posts
Posts by Tag
- Cyber Security (98)
- Endpoint Security (83)
- Cyber Attacks (48)
- Attack Analysis (46)
- Company News (38)
- Moving Target Defense (37)
- Morphisec Labs (35)
- Ransomware (31)
- Exploits (30)
- Threat Alerts (19)
- Threat Profile (19)
- Fileless Attacks (18)
- Industry News (18)
- Zero-day (17)
- APT (16)
- Research (15)
- CISO (14)
- Events (14)
- Product (12)
- Malware (11)
- 0-day exploits (10)
- Security News (10)
- Patching (9)
- Sandbox evasion (6)
- VDI (6)
- advanced endpoint protection (6)
- virtual desktop security (6)
- Exploit Kit (5)
- Microsoft (5)
- Mordechai Guri (5)
- Remote Employees (5)
- Threat Report (5)
- Work from Home Security (5)
- virtual desktop infrastructure (5)
- ASLR (4)
- Custom Packer (4)
- Cyber Security Predictions 2017 (4)
- Cyber Security Stack (4)
- Proactive Cyber Defense (4)
- Ransomware Prevention (4)
- Remote Access Trojan (4)
- cloud workload security (4)
- Angler Kit (3)
- Cyber threat landscape (3)
- Cybersecurity Measures (3)
- FIN7 (3)
- Holidays (3)
- Malspam (3)
- Proactive Endpoint Protection (3)
- cloud workload protection (3)
- remote workforce (3)
- vdi security (3)
- Case Study (2)
- Collaboration Applications (2)
- Evasive Malware (2)
- Hospital Cybersecurity (2)
- Linux Security (2)
- MLTR (2)
- MS Office Exploits (2)
- POS (2)
- Proactive Prevention (2)
- Security Stack (2)
- State and Local Government Cybersecurity (2)
- Threat Research (2)
- Webinars (2)
- cloud security (2)
- non-persistent VDI (2)
- proactive cloud workload security (2)
- protect cloud workloads (2)
- Antivirus (1)
- Banking Trojans (1)
- COVID-19 ransomware prevention (1)
- Cerber (1)
- Citized Threat Index (1)
- Cobalt Group (1)
- Crypters (1)
- Cuba ransomware gang (1)
- Cyber Hygiene (1)
- Cyber hygiene practices (1)
- Cybersecurity Spending (1)
- Defender for Endpoint (1)
- Defending infrastructure against cyber threats (1)
- EDR (1)
- Egregor (1)
- Egregor ransomware (1)
- Emerging cyber threats (1)
- Emerging threats (1)
- Endpoint Detection and Response (1)
- Exchange Server (1)
- FALLOUT EXPLOIT KIT (1)
- Fallout activity (1)
- Flash wrapper (1)
- FlawedAmmyy (1)
- GDPR (1)
- GOOGLE FUNDING SECURITY DEVELOPMENT (1)
- GRANDCRAB RANSOMWARE (1)
- Gozi (1)
- HEALTHCARE CYBERSECURITY (1)
- HEALTHCARE'S CYBERSECURITY WEAK SPOTS (1)
- Hancitor (1)
- Healthcare (1)
- Higher Education Cybersecurity (1)
- Hospitality Threat Index (1)
- Hotel Cybersecurity (1)
- Kovter (1)
- MODERN CYBERSECURITY (1)
- Microsoft Defender (1)
- Morphisec Guard (1)
- NGAV (1)
- OCR Bypass (1)
- OS-Native Security (1)
- Osiris (1)
- POS intrusions (1)
- PROTECT YOURSELF FROM GRANDCRAB (1)
- Phobos ransomware (1)
- Pied Piper Campaign (1)
- Product News (1)
- REMOTE COLLABORATION APPLICATIONS (1)
- RYUK RANSOMWARE (1)
- Retail Cybersecurity (1)
- Risk Reduction (1)
- SECURITY RESILIENCY (1)
- SecOps (1)
- Server Security (1)
- Supply Chain attack (1)
- ThreadKit (1)
- Ursnif (1)
- Zoom Security (1)
- advanced cyberthreat tactics (1)
- advanced threat prevention (1)
- advanced threat tactics (1)
- antivirus scanning processes (1)
- aslr meaning (1)
- browser attacks (1)
- cloud misconfigurations (1)
- code injection (1)
- cyber defense technology (1)
- cyber prevention mechanisms (1)
- cyber strategies (1)
- cyberattack landscape (1)
- cybersecurity acronyms (1)
- cybersecurity resilience (1)
- end to end visibility (1)
- endpoint security breaches (1)
- fallout protection (1)
- financial cyberattacks (1)
- financial cyberthreat (1)
- financial system threat (1)
- healthcare phishing schemes (1)
- malware authors (1)
- patch management processes (1)
- persistent VDI (1)
- proactive threat prevention (1)
- remote collaboration app security loopholes (1)
- remote workforce hidden risks (1)
- retail cybersecurity risks (1)
- threat prevention (1)
- virtual endpoints (1)
- zoom malware (1)
- zoom weaknesses (1)