Morphisec Cyber Security Blog

With October National Cybersecurity Awareness Month (NCSAM) and November Critical Infrastructure Security and Resilience Month, Morphisec is publishing a series posts on industries included in the DHS list of 16 critical infrastructure sectors.

The healthcare industry needs to focus on its own cyber health. That’s the upshot of the latest round of reports and announcements from industry experts across the board.

ECRI Institute, a leading patient safety and medical technology research organization, recently released their 2019 Top Health Technology Hazards. Cybersecurity topped the annual list,

Topics: Endpoint Security, Cyber Security, Moving Target Defense

Cybersecurity is an enormous investment with even more enormous consequences for mistakes. To build an optimal security stack you need to balance residual risks with total cost of ownership of the cyber security stack and with minimal disruption to operations.

Topics: CISO, Endpoint Security, Moving Target Defense, Cyber Security

Fileless malware is a type of a malicious code execution technique that operates completely within process memory; no files are dropped onto the disk. Without any artifacts on the hard drive to detect, these attacks easily evade most security solutions.

Topics: Threat Alerts, Endpoint Security, Cyber Attacks, Sandbox evasion, Fileless Attacks

So far, 2018 has turned out to be anything but business as usual, at least on the cybersecurity front. The revelation about CPU vulnerabilities Meltdown and Spectre (and all the offshoots); the explosion in cryptojacking – which is likely even more widespread than current estimates; the lightning speed at which the newest sophisticated attack technology is adopted by mass market criminals.

Topics: MLTR, Threat Report, Research, CISO, Mordechai Guri, Endpoint Security, Cyber Security

 

After more than four years with no weaponized exploits for Adobe Acrobat Reader, researchers at ESET identified a weaponized PDF that allows attackers to execute arbitrary code on the targeted machine and eventually assume full system control. The PDF exploits two previously unknown vulnerabilities, Acrobat Reader vulnerability CVE-2018-4990 and a privilege escalation vulnerability in Microsoft Windows, CVE-2018-8120.

Adobe Reader has a built-in sandbox feature that usually makes exploitation difficult. By combining vulnerabilities, this attack achieves code execution and then bypasses the sandbox protection to fully compromise the targeted system.

Topics: Threat Alerts, Attack Analysis, Endpoint Security, Zero-day, Research

We all wish we were smarter. And I believe that the vast majority of people, in some way, strive to GET smarter.

As someone who has been involved in the cybersecurity industry for years, and watched it evolve, I see countless companies in this market using the aspect of intelligence to position themselves as being smarter than others. But if you have to proclaim your intelligence, are you actually smart? Or even smarter than me? Or than the next company?

Topics: Cyber Security, Endpoint Security, Moving Target Defense, CISO

After less than two years in the market, Morphisec has deployed its Endpoint Threat Prevention platform to over one million endpoints worldwide, making it the fastest subscription-based B2B cybersecurity company to reach this milestone.

Topics: Company News, Moving Target Defense, Endpoint Security

 

If you’ve stayed at any large hotel chain in the past year, there’s a good chance your personal details have been compromised. According to Verizon’s 2018 Data Breach Investigations Report, the accommodation industry had one of the highest number of breaches, second only to healthcare. 

Topics: Endpoint Security, Cyber Security, Case Study, CISO

Morphisec Moving Target Defense verified as Citrix Ready to enhance protection with Citrix XenApp and XenDesktop

Topics: Cyber Security, Endpoint Security, Industry News, Company News, Moving Target Defense

CISOs face an escalating battle on two fronts: externally from ever-more sophisticated attackers and internally in managing all the threat protection and additional security layers they put in to stop them. And they are losing. Despite added technology complexity and operational overhead, cyber criminals still manage to get past defenses.

According to a a new report from analyst firm ESG, 72% of organizations believe that security operations are more difficult today than they were two years ago yet 54% still suffered at least one security incident.

Topics: Cyber Security, Endpoint Security, Industry News, Company News, Moving Target Defense