Breach Prevention Blog

In August of 2019, just a month after our publication on a targeted BitPaymer/IEncrypt campaign, Morphisec identified a new and alarming evasion technique that the same adversaries adopted while targeting yet another enterprise in the automotive...

This week, headlines blew up with warnings of a design flaw in the CTF subsystem (msctf) of the Windows Text Services Framework that affects all current Windows systems and those going back as far as twenty years.

The recent Meltdown and Spectre CPU vulnerabilities took almost everyone by surprise.  Widespread panic was staved off only by the promise of a nearly-ready OS patching fix, which it turned out, excluded a large swath of systems and created its...

Two days ago, researchers at TarLogic published a proof-of-concept APT that leverages CVE-2017-11826, a Microsoft Office 0-day vulnerability existing in all Office versions.  Microsoft issued a patch for the vulnerability in October, however many...

Fueled by access to ever-increasing computational power, the past few decades have seen an explosion in Artificial Intelligence (AI) capabilities and applications. Today, AI is used in everything from image and speech recognition, to...

INTRODUCTION

From April 19-24, 2017, a politically motivated, targeted campaign was carried out against numerous Israeli organizations. Morphisec researchers began investigating the attacks on April 24 and continue to uncover more details....

Imagine this. You are in charge of public health and must deal with an unrelenting epidemic. You have two options for protecting the population.

The recent FireEye discovery of an Angler Exploit Kit variant that bypasses Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) has taken the cyber security world by surprise – but it shouldn’t have. New variants of the Angler EK crop up...

Earlier this year, Microsoft announced its Windows updates for business, which was proclaimed as a way to "empower IT Professionals to keep the Windows devices in their organization always up to date with the latest security defenses and Windows...

Have you ever wondered what happens to zero-day exploits after their big splash on day zero? Often 0-days are developed to target a specific organization, as in this Pawn Storm-related instance reported by Trend Micro, which targeted specific...