Cybersecurity Blog

This week, headlines blew up with warnings of a design flaw in the CTF subsystem (msctf) of the Windows Text Services Framework that affects all current Windows systems and those going back as far as twenty years.

For the second year in a row, Morphisec has awarded three scholarships to top female students pursuing cybersecurity degrees around the world. The latest numbers still place women’s employment in the cybersecurity industry at only 24%, but the dedication and talent of the more than 400 applications that poured in from the United States, Europe and Israel are a testament to womens’ determination to change this statistic.

With their highly valuable payment card and personal sensitive information, Point-of-Sale (POS) systems present a ripe target for cybercrime groups. A successful breach can have enormous consequences for the attacked organization, from detecting and responding, to notifying victims, post-response support, lost business and potentially hefty government fines. Modern POS environments are complicated systems with multiple entry points for attack, from phishing emails or drive-by-download exploits on employee computers to vulnerable third-party suppliers. And while payment card security standards have introduced a basic protection framework, POS-attacks have not abated under the regulations — some of the largest breaches of the past several years are due to POS attacks.

Cybercrime has turned its attention toward city and regional governments and the scale and scope of the problem will continue to grow. That was one of the main threads at the recent U.S. House of Representatives hearing on Cybersecurity Challenges for State and Local Governments

Despite enormous investments in cybersecurity by their financial service providers, customers still feel that they are not doing enough to protect their financial assets and data. That was just one of the findings of Morphisec's new 2019 Consumer Finance Cybersecurity Threat Index.

During the period of March to May 2019, Morphisec Labs observed a new, highly sophisticated variant of the ShellTea / PunchBuggy backdoor malware that attempted to infiltrate a number of machines within the network of a customer in the hotel-entertainment industry. It is believed that the malware was deployed as a result of several phishing attempts.

Enterprises migrating to or already on Windows 10 have the perfect opportunity to greatly improve their security profile and simplify operations at the same time – without incurring more costs. The key is fully leveraging the integrated Windows 10 security tools while adding innovative technology purpose built to provide a critical protection layer against advanced memory attacks, exploits, fileless attacks, zero-days and evasive malware. Those integrated security tools include Windows Defender antivirus and that disruptive technology is Morphisec’s Moving Target Defense.

Americans Fear of an Imminent or Elevated Cyber Threat Against the Nation Drops to 51%; But 27% of Citizens Believe There Are Lingering Effects on Cyber Defenses from the Government Shutdown

It seems that the only thing constant about cybersecurity (besides change) is our love of acronyms. We get it, time is too short for wasted words. But this can make it even more difficult to wade through the varied, often overlapping claims, of an already confusing space.

Despite HIPAA regulations designed to keep them informed on the security of their personal health data, patients still seem to be in the dark. That was just one of the findings of Morphisec's new 2019 Consumer Healthcare Cybersecurity Threat Index.