Blogs About Threat Post

Towards the end of 2017, a group of researchers at Embedi discovered a Microsoft Office vulnerability that’s been quietly putting systems in danger for about 17 years.

The IT world is still shaking from the news that most modern processors have severe architecture flaws. This makes it possible for attackers to gain access to user mode and kernel memory data to leak crypto-keys, passwords, memory structures like...

RokRAT is a sophisticated Remote Access Trojan (RAT) that is skilled at evading detection and uses multiple techniques to make analysis difficult. The current RokRAT campaign was identified by Cisco Talos in November. The earliest known RokRAT...

Ransomware remained a major cybersecurity threat in 2017, leaving a trail of victims across all industries, company sizes and geographical borders. Phishing emails are the top ransomware delivery mechanism and they grow in number and...

Two days ago, researchers at TarLogic published a proof-of-concept APT that leverages CVE-2017-11826, a Microsoft Office 0-day vulnerability existing in all Office versions.  Microsoft issued a patch for the vulnerability in October, however many...

This report was authored by: Michael Gorelik and Assaf Kachlon.

Last week’s malware news was filled with the CCleaner backdoor exposed by Morphisec’s security solution. This week Morphisec uncovered another ongoing malware campaign, this one a...

As widely reported today, the Avast-owned security application CCleaner was illegally modified by hackers. According to Avast, some 2.27 million users were running the weaponized version 5.33 of CCleaner. In addition, the CCleaner cloud version...

Last week, a massive wave of spam email that infects victims with a new type of ransomware, dubbed "Jaff", flooded networks across Europe, North America and Australia. Estimates put the number of malicious emails in the tens of millions.

They’re starting to be as reliable as clockwork. Every 3-4 weeks a new wave of Hancitor campaigns hit, with improved targeting and new tricks to evade detection. The latest variant comes via a malicious MS Word attachment to a fairly convincing...

The FireFox zero-day recently used in the wild made headlines when TOR users that fell victim to the attack lost the one thing they were looking for: anonymous browsing. Speculation ran rife that the exploit may have been created by the FBI or...

 The full report is also available as PDF. 

From November 7 – 15, 2016, Morphisec identified and monitored a new wave of sophisticated malware attacks using a modified version of the Hancitor downloader. The malware is delivered via targeted...

Morphisec Prevents Major Malspam campaign - Again

In our report at the beginning of September about a large-scale malspam campaign discovered and stopped by Morphisec, we pointed out the central role that malware spam plays for hackers and the...

New Locky – Zepto variant prevented by Morphisec

Since Locky’s discovery in February 2016, it has emerged as one of the most prevalent and devastating ransomware threats of 2016. Over the last two months, ransomware in general has evolved greatly in...

Spam is still the preferred attack vector for cyber criminals and malware spam campaigns continue to increase. According to the Symantec Internet Threat Report, 1 in 220 emails in 2015 contained malware. While this figure may seem low, consider that...

Angler Hangs Up Its Pole

Back in April, more than 80% of drive by download attacks were attributed to Angler. Now? Nearly zero. Speculation abounds regarding its disappearance earlier this month. A vacation by Angler operators? Black market price...

The disappearance of Angler has left a gaping hole in the malware market which cybercriminals are only to happy to fill with new variants of old standbys. The latest to reemerge after a period of disuse are Locky and Dridex. A new Locky campaign...

The recent FireEye discovery of an Angler Exploit Kit variant that bypasses Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) has taken the cyber security world by surprise – but it shouldn’t have. New variants of the Angler EK crop up...

Yet another critical Flash vulnerability was uncovered this month, thanks to researchers at FireEye. The vulnerability, CVE-2016-4117, exists in Flash 21.0.0.226 and earlier versions for Windows, Mac, Linux, and Chrome OS. It received a CVSS v3...

A few days ago @PhysicalDrive0 (malware hunter) published a new word document sample that we were intrigued to check-in Morphisec Labs.  We wanted to see if our product performs its immediate prevention objective. And it did, as expected.

Earlier this year, Microsoft announced its Windows updates for business, which was proclaimed as a way to "empower IT Professionals to keep the Windows devices in their organization always up to date with the latest security defenses and Windows...