Industry best practices demand patching software vulnerabilities as soon as a patch is released, in order to shorten the time period in which the organization is at risk. But industry surveys show that IT organizations are overburdened with patches, and many IT administrators admit they simply can’t keep up.
Read More
With October National Cybersecurity Awareness Month (NCSAM) and November Critical Infrastructure Security and Resilience Month, Morphisec is publishing a series posts on industries included in the DHS list of 16 critical infrastructure sectors.
When we think about critical infrastructure, we are more likely to think of energy or transportation before manufacturing, but the sector is crucial to national economic prosperity and continuity. As the Department of Homeland Security (DHS) points out, a direct attack on or
Read MoreThe recent Meltdown and Spectre CPU vulnerabilities took almost everyone by surprise. Widespread panic was staved off only by the promise of a nearly-ready OS patching fix, which it turned out, excluded a large swath of systems and created its own set of problems.
Users are still scrambling to patch systems with an extremely complex mixture of OS, firmware and application updates. Organizations are encountering slowdowns, blue screens and reboot problems in their rush to avoid security problems. The entire stack of Spectre and Meltdown fixes has not yet been properly tested and will take time to reach anything resembling stability.
Read MoreThe FireFox zero-day recently used in the wild made headlines when TOR users that fell victim to the attack lost the one thing they were looking for: anonymous browsing. Speculation ran rife that the exploit may have been created by the FBI or another governmental agency, especially as the attack resembled past investigations used to identify Tor users.
Read MoreMicrosoft released its October patching update today and, as announced, it introduces a major change that has many system administrators wondering just what to do.
Read MoreThe ancients’ experience of modern computing was limited to say the least, but they gave us a nice framework, the Socratic Method , that moderns can use for dealing with the problem of cyber security. The Socratic Method is a process of question and response, designed to challenge and eliminate bad ideas, refine good ideas, and arrive at sound conclusions. If it worked for Socrates, maybe it will work for us. Here is dialogue that unfolds between Socrates and the Security Architect of, for the purposes of this exercise, the Bank of The Peloponnese.
Read MoreThe pain of patching - how to achieve a strategic balance between security, compliance and business goals
Modern cyber attacks are targeted, stealthy and evasive. Cybercriminals commonly attempt to penetrate enterprise networks by exploiting vulnerabilities in applications, web browsers and operating systems. The best defense available to enterprises is to rapidly patch these vulnerabilities -- or is it?
Read MoreEarlier this year, Microsoft announced its Windows updates for business, which was proclaimed as a way to "empower IT Professionals to keep the Windows devices in their organization always up to date with the latest security defenses and Windows features." If there is one thing most IT Pros agree on, it is that patching is a pain – it is something that must be done for the long-term security of the organization, but it is disruptive so it gets delayed (and the new Microsoft service will attempt to shorten these delays). And even worse than the business interruption patching causes, on its own, patching is never sufficient.
Read MoreSearch Our Site
Recent Posts
Posts by Tag
- Cyber Security (98)
- Endpoint Security (78)
- Cyber Attacks (48)
- Attack Analysis (46)
- Company News (38)
- Moving Target Defense (37)
- Exploits (30)
- Morphisec Labs (29)
- Ransomware (24)
- Threat Alerts (19)
- Fileless Attacks (18)
- Threat Profile (18)
- APT (16)
- Zero-day (16)
- Industry News (15)
- Research (15)
- CISO (14)
- Events (14)
- Product (12)
- 0-day exploits (10)
- Malware (10)
- Patching (9)
- Sandbox evasion (6)
- VDI (6)
- virtual desktop security (6)
- Exploit Kit (5)
- Mordechai Guri (5)
- Remote Employees (5)
- Work from Home Security (5)
- advanced endpoint protection (5)
- virtual desktop infrastructure (5)
- ASLR (4)
- Custom Packer (4)
- Cyber Security Predictions 2017 (4)
- Proactive Cyber Defense (4)
- Threat Report (4)
- cloud workload security (4)
- Angler Kit (3)
- Cyber Security Stack (3)
- FIN7 (3)
- Holidays (3)
- Malspam (3)
- Ransomware Prevention (3)
- cloud workload protection (3)
- remote workforce (3)
- vdi security (3)
- Case Study (2)
- Collaboration Applications (2)
- Cyber threat landscape (2)
- Hospital Cybersecurity (2)
- MLTR (2)
- MS Office Exploits (2)
- Microsoft (2)
- POS (2)
- Proactive Prevention (2)
- Remote Access Trojan (2)
- Security Stack (2)
- Webinars (2)
- cloud security (2)
- non-persistent VDI (2)
- proactive cloud workload security (2)
- protect cloud workloads (2)
- Cerber (1)
- Citized Threat Index (1)
- Cobalt Group (1)
- Cyber Hygiene (1)
- Cyber hygiene practices (1)
- Cybersecurity Measures (1)
- Defender for Endpoint (1)
- Defending infrastructure against cyber threats (1)
- EDR (1)
- Emerging cyber threats (1)
- Emerging threats (1)
- Endpoint Detection and Response (1)
- Evasive Malware (1)
- FALLOUT EXPLOIT KIT (1)
- Fallout activity (1)
- Flash wrapper (1)
- FlawedAmmyy (1)
- GDPR (1)
- GRANDCRAB RANSOMWARE (1)
- Gozi (1)
- HEALTHCARE CYBERSECURITY (1)
- HEALTHCARE'S CYBERSECURITY WEAK SPOTS (1)
- Hancitor (1)
- Healthcare (1)
- Higher Education Cybersecurity (1)
- Hospitality Threat Index (1)
- Hotel Cybersecurity (1)
- Kovter (1)
- Morphisec Guard (1)
- NGAV (1)
- OCR Bypass (1)
- POS intrusions (1)
- PROTECT YOURSELF FROM GRANDCRAB (1)
- Pied Piper Campaign (1)
- Proactive Endpoint Protection (1)
- Product News (1)
- REMOTE COLLABORATION APPLICATIONS (1)
- Retail Cybersecurity (1)
- SECURITY RESILIENCY (1)
- SecOps (1)
- Supply Chain attack (1)
- ThreadKit (1)
- Ursnif (1)
- Zoom Security (1)
- advanced cyberthreat tactics (1)
- advanced threat prevention (1)
- advanced threat tactics (1)
- antivirus scanning processes (1)
- browser attacks (1)
- cloud misconfigurations (1)
- code injection (1)
- cyber prevention mechanisms (1)
- cyber strategies (1)
- cyberattack landscape (1)
- cybersecurity resilience (1)
- end to end visibility (1)
- endpoint security breaches (1)
- fallout protection (1)
- financial cyberattacks (1)
- financial cyberthreat (1)
- financial system threat (1)
- healthcare phishing schemes (1)
- malware authors (1)
- patch management processes (1)
- persistent VDI (1)
- proactive threat prevention (1)
- remote collaboration app security loopholes (1)
- remote workforce hidden risks (1)
- retail cybersecurity risks (1)
- threat prevention (1)
- virtual endpoints (1)
- zoom malware (1)
- zoom weaknesses (1)