Protecting Systems During Patching Gaps

Posted by Tom Bain on Jan 22, 2018 7:18:08 PM

The recent Meltdown and Spectre CPU vulnerabilities took almost everyone by surprise.  Widespread panic was staved off only by the promise of a nearly-ready OS patching fix, which it turned out, excluded a large swath of systems and created its own set of problems. 

Users are still scrambling to patch systems with an extremely complex mixture of OS, firmware and application updates. Organizations are encountering slowdowns, blue screens and reboot problems in their rush to avoid security problems. The entire stack of Spectre and Meltdown fixes has not yet been properly tested and will take time to reach anything resembling stability. 

Read More

Topics: Exploits, 0-day exploits, Moving Target Defense, Patching, Endpoint Security

Threat Alert: Memory Corruption Vulnerability CVE-2017-11826

Posted by Morphisec Team on Dec 13, 2017 9:45:10 PM

Two days ago, researchers at TarLogic published a proof-of-concept APT that leverages CVE-2017-11826, a Microsoft Office 0-day vulnerability existing in all Office versions.  Microsoft issued a patch for the vulnerability in October, however many systems still remain at risk.

Read More

Topics: Cyber Attacks, 0-day exploits, Zero-day, Endpoint Security, APT

Artificial Intelligence for Security: Real Limitations

Posted by Mordechai Guri, Ph.D. on Jun 14, 2017 11:24:29 AM

 

Fueled by access to ever-increasing computational power, the past few decades have seen an explosion in Artificial Intelligence (AI) capabilities and applications. Today, AI is used in everything from image and speech recognition, to recommendation systems, to biomedical informatics to self-driving cars. Recently, various cyber security vendors are adapting "AI Technologies" in their products in order to improve the detection rate of malware and attacks. In particular, AI is expected to slowly replace the old-style signature-based detection of malware. Signature-based detection has proved to be ineffective against today's "one-million-new-samples-per-day" malware variants. But what does it really mean to use AI in detection of attacks and malware; can it really live up to its promises?

Read More

Topics: 0-day exploits, Advanced Persistent Threats, Endpoint Security, Mordechai Guri, Cyber Security

Iranian Fileless Attack Infiltrates Israeli Organizations

Posted by Michael Gorelik on Apr 27, 2017 7:11:43 PM

INTRODUCTION

From April 19-24, 2017, a politically-motivated, targeted campaign was carried out against numerous Israeli organizations. Morphisec researchers began investigating the attacks on April 24 and continue to uncover more details. Initial reports of the attacks, published April 26 (in Hebrew) by the Israel National Cyber Event Readiness Team (CERT-IL) and The Marker, confirm that the attack was delivered through compromised email accounts at Ben-Gurion University and sent to multiple targets across Israel. Ironically, Ben-Gurion University is home to Israel’s Cyber Security Research Center. Investigators put the origin of the attack as Iranian; Morphisec’s research supports this conclusion and attributes the attacks to the same infamous hacker group responsible for the OilRig malware campaigns.

Read More

Topics: 0-day exploits, Zero-day, Attack Analysis, Fileless Attacks

Malware Is a Symptom – Don’t Treat Symptoms

Posted by Arthur Braunstein on Mar 30, 2017 3:00:29 AM

Imagine this. You are in charge of public health and must deal with an unrelenting epidemic. You have two options for protecting the population.

The first option is to monitor each person for symptoms of infection. You buy analytical technology and infrastructure, hire staff and build hospitals. You send forth specialists to monitor everyone. When they notice symptoms, more tests are performed. The symptoms are
subtle (fatigue, headache, stiffness), and healthy and sick people look a lot alike, so to be on the safe side you test far more people than are truly ill. Once you suspect infection, you quarantine the person and start a course of treatment. Sometimes the people are cured. Sometimes they are not. You can’t guarantee that you will find everyone who is infected. Or that everyone you treat is ill. The monitoring and mandatory quarantine intrude on civil liberties, disrupt lives and interfere with the economy. To compound matters, the disease mutates, so you have to continually design new screening tests and retrain the specialists.

Read More

Topics: 0-day exploits, Moving Target Defense, Advanced Persistent Threats, Endpoint Security

Surprise, Surprise, Angler EK Has a New Angle

Posted by Ursula Ron on Jun 8, 2016 4:23:12 PM

The recent FireEye discovery of an Angler Exploit Kit variant that bypasses Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) has taken the cyber security world by surprise – but it shouldn’t have. New variants of the Angler EK crop up constantly (see Javascript in IE Overtakes Flash as Number One Target for Angler Exploit Kit) and EMET was never meant to be infallible, just make it more difficult for hackers. EMET, which uses a set of predefined rules to prevent specific malware, is often relied upon to stop zero-day attacks on Windows systems until a patch is developed for the vulnerability. Although researchers have previously discovered vulnerabilities that allowed them to bypass EMET defenses, this is the first time an exploit in the wild has been successful.

Read More

Topics: Exploits, 0-day exploits, Angler Kit, Ransomware

Patch Me if You Can

Posted by Mordechai Guri, Ph.D. on Dec 7, 2015 8:50:47 AM

Earlier this year, Microsoft announced its Windows updates for business, which was proclaimed as a way to "empower IT Professionals to keep the Windows devices in their organization always up to date with the latest security defenses and Windows features." If there is one thing most IT Pros agree on, it is that patching is a pain – it is something that must be done for the long-term security of the organization, but it is disruptive so it gets delayed (and the new Microsoft service will attempt to shorten these delays). And even worse than the business interruption patching causes, on its own, patching is never sufficient.

Read More

Topics: 0-day exploits, Zero-day, Patching

Flash Zero-day Quickly Propagates to Unaware Sites

Posted by Michael Gorelik on Nov 9, 2015 7:15:04 PM

Have you ever wondered what happens to zero-day exploits after their big splash on day zero? Often 0-days are developed to target a specific organization, as in this Pawn Storm-related instance reported by Trend Micro, which targeted specific people within the Foreign Affairs Ministry.

Read More

Topics: Exploits, Cyber Attacks, 0-day exploits, Moving Target Defense, Zero-day, Attack Analysis

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts