This week, headlines blew up with warnings of a design flaw in the CTF subsystem (msctf) of the Windows Text Services Framework that affects all current Windows systems and those going back as far as twenty years.

With their highly valuable payment card and personal sensitive information, Point-of-Sale (POS) systems present a ripe target for cybercrime groups. A successful breach can have enormous consequences for the attacked organization, from detecting and responding, to notifying victims, post-response support, lost business and potentially hefty government fines. Modern POS environments are complicated systems with multiple entry points for attack, from phishing emails or drive-by-download exploits on employee computers to vulnerable third-party suppliers. And while payment card security standards have introduced a basic protection framework, POS-attacks have not abated under the regulations — some of the largest breaches of the past several years are due to POS attacks.

Morphisec Labs recently investigated an ongoing BitPaymer ransomware campaign that has been attacking companies across the U.S., both public and private, over the last 3 months.

Cybercrime has turned its attention toward city and regional governments and the scale and scope of the problem will continue to grow. That was one of the main threads at the recent U.S. House of Representatives hearing on Cybersecurity Challenges for State and Local Governments

Enterprises migrating to or already on Windows 10 have the perfect opportunity to greatly improve their security profile and simplify operations at the same time – without incurring more costs. The key is fully leveraging the integrated Windows 10 security tools while adding innovative technology purpose built to provide a critical protection layer against advanced memory attacks, exploits, fileless attacks, zero-days and evasive malware. Those integrated security tools include Windows Defender antivirus and that disruptive technology is Morphisec’s Moving Target Defense.

When looking at cyber defense best practices and models, one driving question, which also keeps CISOs up at night, is this:

What's the best way to orchestrate security telemetry and processes so that SOC operators and security teams can prevent more threats and scale threat response as a formidable force multiplier against the onslaught of unknown attacks and exploits?

It seems that the only thing constant about cybersecurity (besides change) is our love of acronyms. We get it, time is too short for wasted words. But this can make it even more difficult to wade through the varied, often overlapping claims, of an already confusing space.

You may have noticed something different about the Morphisec website. If so, thank you. That means you are helping Morphisec continue to climb in the Google ranks :).

But seriously, we have redesigned the new site, not just to look better (although we hope you find it as appealing as we do), or to reflect our brand better

Make 2019 the year you focus on the ROI of your cyber security initiatives.

By now you’ve heard all the 2019 predictions from cybersecurity vendors and practitioners. As every year, many are insightful and thought-provoking, some meant to invoke self-serving fear and doubt about the next big threat, others just repeats from the year prior.

Just in time for the new year, Morphisec has released a new version of our Endpoint Threat Prevention platform. Version 3.0 features enhanced, advanced analytics and SOC dashboarding, richer, SOC-enabled threat intelligence capabilities, and a new pre-installation application adware sanitizer module.