A new, highly sophisticated campaign that delivers the Orcus Remote Access Trojan is hitting victims in ongoing, targeted attacks. Morphisec identified the campaign after receiving notifications from its advanced prevention solution at several deployment sites.Read More
Today Adobe disclosed a new Flash zero-day, releasing a patch for the critical vulnerability in an out-of-band update. Successful exploitation gives attackers the ability to execute arbitrary code on the targeted machine, and eventually assume full system control. Morphisec customers are already protected from attacks exploiting this vulnerability.Read More
Note: This post was updated 11-30-18 with details of a new intercepted attack. See technical description below.
Over the past three days, Morphisec Labs researchers have discovered a widespread cyber campaign hitting multiple targets. Morphisec researchers dubbed the campaign “Pied Piper”as it delivers various Remote Access Trojan (RAT) payloads via phishing, across multiple countries.Read More
Data Shows Careless Employee Behavior Make the Holidays the Most Challenging Time of Year for Enterprise Security Teams
The holiday season is fraught with consumer fraud. Holiday shoppers - both in-store and online - open themselves up to substantially higher risk without even knowing it.Read More
This blog was co-authored by Alon Groisman.
It seems like the rumors of FIN7’s decline have been hasty. Just a few months after the well-publicized indictment of three high-ranking members in August, Morphisec has identified a new FIN7 campaign that appears to be targeting the restaurant industry.Read More
Morphisec’s U.S. Citizen Threat Index Study Looks at Perceived Threats in the Run-Up to the 2018 Midterms
With the US midterm elections just days away, the team at Morphisec wanted to look at how American citizens feel about state-sponsored attacks and other cyber threats that could pose a threat to US election security, and ultimately, American democracy.Read More
Fileless malware is a type of a malicious code execution technique that operates completely within process memory; no files are dropped onto the disk. Without any artifacts on the hard drive to detect, these attacks easily evade most security solutions.Read More
On March 21,2018, Morphisec Labs began investigating the compromised website of a leading Hong Kong Telecommunications company after being alerted to it by malware hunter @PhysicalDrive0. The investigation, conducted by Morphisec researchers Michael Gorelik and Assaf Kachlon, determined that the Telecom group's corporate site had indeed been hacked. Attackers added an embedded Adobe Flash file that exploits the Flash vulnerability CVE-2018-4878 on the main home.php page.Read More
These days, most malware employs a long attack chain with anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. More and more frequently, they are also incorporating coin miners in attacks. Such is the case with a newly observed variant of the Dofoil (also known as Smoke Loader) trojan, which includes a resource-draining cryptocurrency-mining payload. This latest Dofoil strain entered the scene earlier this month and is currently still active.Read More
On February 22, 2018, Morphisec Labs spotted several malicious word documents exploiting the latest Flash vulnerability CVE-2018-4878 in the wild in a massive malspam campaign. Adobe released a patch early February, but it will take some companies weeks, months or even years to rollout the patch and cyber criminals keep developing new ways to exploit the vulnerability in this window.Read More
Subscribe to our blog
Stay in the loop with industry insight, cyber security trends, and cyber attack information and company updates.