<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">

Watering Hole Attack on Leading Hong Kong Telecom Site Exploiting Flash Flaw (CVE-2018-4878)

Posted by Michael Gorelik on March 23, 2018 at 7:01 AM

On March 21,2018, Morphisec Labs began investigating the compromised website of a leading Hong Kong Telecommunications company after being alerted to it by malware hunter @PhysicalDrive0. The investigation, conducted by Morphisec researchers Michael Gorelik and Assaf Kachlon, determined that the Telecom group's corporate site had indeed been hacked. Attackers added an embedded Adobe Flash file that exploits the Flash vulnerability CVE-2018-4878 on the main home.php page.

Read More

Topics: Exploits, Cyber Attacks, Attack Analysis, Fileless Attacks, Threat Alerts

Top Seven Cybersecurity Predictions for 2018

Posted by Morphisec Team on January 11, 2018 at 3:16 PM

With a turbulent 2017 finally behind us, what’s the cybersecurity forecast for 2018? Some predictions need no crystal ball – the cyber labor shortage will continue, spending on security solutions will go up, the breaches that do occur will be bigger and messier. But what else is in store for 2018? Morphisec’s VP Sales Arthur Braunstein, VP Product Netta Schmeidler and our co-founder Dudu Mimram weigh in.

Read More

Topics: Cyber Attacks, Endpoint Security, Cyber Security, Fileless Attacks

Best of 2017: Our Top 5 Posts of the Year

Posted by Morphisec Team on December 28, 2017 at 5:52 PM

 

Read More

Topics: Moving Target Defense, Cyber Security, Attack Analysis, Fileless Attacks

Fileless Malware: Attack Trend Exposed

Posted by Michael Gorelik on November 29, 2017 at 6:22 PM

A report co-authored by Michael Gorelik, CTO and VP R&D, and Roy Moshailov, Malware Research Expert at Morphisec.

Fileless malware is a type of a malicious code execution technique that operates completely within process memory; no files are dropped onto the disk. Without any artifacts on the hard drive to detect, these attacks easily evade current detection solutions.

Read More

Topics: Cyber Attacks, Research, Attack Analysis, Fileless Attacks

The Question of Advanced Attack Protection - Reframed

Posted by Arthur Braunstein on October 5, 2017 at 1:49 AM

 

In about two weeks, I’ll be participating in the Mid Market CIO Forum in Austin, Texas. Events such as these are vital as they bring IT professionals together in a setting that is intimate enough to get real answers to their unique set of challenges. For cybersecurity practitioners in particular, the market is incredibly confusing. On top of a profusion of various technologies you have a rapidly changing threat landscape where the threat of the day seems to dictate the conversation.

The article below was sent to attendees of the Mid Market Forum, but is relevant to many of us in the security field. Only when asking different questions, moving beyond the standard security discussion, will security practitioners find the set of solutions that meets the specific needs of their business.

Read More

Topics: Events, Endpoint Security, Cyber Security, Fileless Attacks

Version 2.0 is Here!

Posted by Morphisec Team on August 2, 2017 at 3:41 PM

 

In the first half of 2017 alone, organizations have had to cope with a slew of new tactics: a surge in evasive, fileless attacks, record breaking attack propagation speeds and the rise of 64-bit attacks. The latest version of Morphisec Endpoint Threat Prevention gives security teams the answer to tackle these trends plus unknown threats to come.

Read More

Topics: Company News, Product, Endpoint Security, Cyber Security, Fileless Attacks

Hospitality Industry Needs Shelter From Cyber Threats

Posted by Shelley Leveson on June 27, 2017 at 2:25 AM

Two weeks ago, Morphisec Lab, led by VP R&D Michael Gorelik, warned of a new attack by the FIN7 cybercrime group against restaurants across the US. Earlier this year, the financially motivated FIN7 group, one of the leading threat actor groups operating today, targeted restaurant chains Chipotle, Baja Fresh and Ruby Tuesday, among others. And you certainly remember the massive 2016 attack on the Wendy’s fast food chain, which resulted in over 1000 Wendy’s locations hit by a credit card breach. Numbers were also big in the Arby’s data breach discovered in January 2017: according to the credit union service PSCU, 350,000 credit and debit card accounts might have been impacted by the hack on Arby’s point-of-sale (PoS) systems.

Read More

Topics: Cyber Attacks, Advanced Persistent Threats, Endpoint Security, Fileless Attacks

Iranian Fileless Attack Infiltrates Israeli Organizations

Posted by Michael Gorelik on April 27, 2017 at 12:11 PM

INTRODUCTION

From April 19-24, 2017, a politically-motivated, targeted campaign was carried out against numerous Israeli organizations. Morphisec researchers began investigating the attacks on April 24 and continue to uncover more details. Initial reports of the attacks, published April 26 (in Hebrew) by the Israel National Cyber Event Readiness Team (CERT-IL) and The Marker, confirm that the attack was delivered through compromised email accounts at Ben-Gurion University and sent to multiple targets across Israel. Ironically, Ben-Gurion University is home to Israel’s Cyber Security Research Center. Investigators put the origin of the attack as Iranian; Morphisec’s research supports this conclusion and attributes the attacks to the same infamous hacker group responsible for the OilRig malware campaigns.

Read More

Topics: 0-day exploits, Zero-day, Attack Analysis, Fileless Attacks

Morphisec Discovers New Fileless Attack Framework

Posted by Michael Gorelik on March 16, 2017 at 1:55 PM

Morphisec Discovers New Fileless Attack Framework

Ties Single Threat Actor Group to Multiple Campaigns, Interacts with Hacker.

On the 8th of March, Morphisec researchers began investigating a new fileless threat delivered via a macro-enabled Word document, which was attached to a phishing email sent to targeted high-profile enterprises. During the course of the investigation, we uncovered a sophisticated fileless attack framework that appears to be connected to various recent, much discussed attack campaigns.

Read More

Topics: Cyber Attacks, Cyber Security, Attack Analysis, Fileless Attacks

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts