Recent Webinar: Building an Adaptive Cyber Resilient Cloud
arrow-white arrow-white Watch now
close
Posted by Roy Moshailov on February 23, 2018

GandCrab Ransomware

Here is a look at GandCrab ransomware and some techniques it uses to evade detection and analysis. These days, most malware employs long-chain attack and anti-analysis techniques to make it more difficult to detect the payload...

Read More
Posted by Michael Gorelik on February 8, 2018

Before diving into the analysis of CVE-2018-4878, a quick reminder that this is the continuation of our previous post, which provided background on CVE-2018-4878, including a  video of how Morphisec prevents any attacks leveraging this Flash...

Read More
Posted by Roy Moshailov on January 29, 2018

Introduction

Towards the end of 2017, a group of researchers at Embedi discovered a Microsoft Office vulnerability that’s been quietly putting systems in danger for about 17 years. 

Read More
Posted by Michael Gorelik on January 5, 2018

The IT world is still shaking from the news that most modern processors have severe architecture flaws. This makes it possible for attackers to gain access to user mode and kernel memory data to leak crypto-keys, passwords, memory structures like...

Read More
Posted by Roy Moshailov on January 2, 2018

Introduction

RokRAT is a sophisticated Remote Access Trojan (RAT) that is skilled at evading detection and uses multiple techniques to make analysis difficult. The current RokRAT campaign was identified by Cisco Talos in November 2017. The earliest...

Read More
Posted by Roy Moshailov on December 19, 2017

Ransomware remained a major cybersecurity threat in 2017, leaving a trail of victims across all industries, company sizes and geographical borders. Phishing emails are the top ransomware delivery mechanism and they grow in number and...

Read More
Posted by Morphisec Labs on December 13, 2017

Two days ago, researchers at TarLogic published a proof-of-concept APT that leverages CVE-2017-11826, a Microsoft Office 0-day vulnerability existing in all Office versions.  Microsoft issued a patch for the vulnerability in October, however many...

Read More
Posted by Michael Gorelik on October 13, 2017
Posted by Michael Gorelik on September 26, 2017

This report was authored by: Michael Gorelik and Assaf Kachlon.

Last week’s malware news was filled with the CCleaner backdoor exposed by Morphisec’s security solution. This week Morphisec uncovered another ongoing malware campaign, this one a...

Read More
Posted by Michael Gorelik on September 18, 2017

As widely reported today, the Avast-owned security application CCleaner was illegally modified by hackers. According to Avast, some 2.27 million users were running the weaponized version 5.33 of CCleaner. In addition, the CCleaner cloud version 1.07...

Read More
Posted by Michael Gorelik on June 9, 2017

Introduction

On June 7, 2017, Morphisec Lab identified a new, highly sophisticated fileless attack targeting restaurants across the US. The ongoing campaign allows hackers to seize system control and install a backdoor to steal financial information...

Read More
Posted by Morphisec Team on May 19, 2017

Last week, a massive wave of spam email that infects victims with a new type of ransomware, dubbed "Jaff", flooded networks across Europe, North America and Australia. Estimates put the number of malicious emails in the tens of millions.

Read More
Posted by Michael Gorelik on April 27, 2017

Introduction

From April 19-24, 2017, a politically motivated, targeted campaign was carried out against numerous Israeli organizations. Morphisec researchers began investigating the attacks on April 24 and continue to uncover more details. Initial...

Read More
Posted by Michael Gorelik on March 16, 2017

Introduction

On the 8th of March,, Morphisec researchers began investigating a new fileless threat delivered via a macro-enabled Word document, which was attached to a phishing email sent to targeted high-profile enterprises. During the course of...

Read More
Posted by Roy Moshailov on March 13, 2017

Introduction

Packer-based malware is malware which is modified in the runtime memory using different and sophisticated compression techniques. Such malware is hard to detect by known malware scanners and anti-virus solutions. In addition, it is a...

Read More
Posted by Roy Moshailov on December 27, 2016

 The full report is also available as PDF. 

On December 12, 2016 Morphisec identified and monitored a new wave of sophisticated malware delivered via targeted phishing emails with malicious macro-based documents attached. The malicious documents...

Read More
Posted by Ursula Ron on December 8, 2016

They’re starting to be as reliable as clockwork. Every 3-4 weeks a new wave of Hancitor campaigns hit, with improved targeting and new tricks to evade detection. The latest variant comes via a malicious MS Word attachment to a fairly convincing...

Read More
Posted by Ursula Ron on December 7, 2016

The FireFox zero-day recently used in the wild made headlines when TOR users that fell victim to the attack lost the one thing they were looking for: anonymous browsing. Speculation ran rife that the exploit may have been created by the FBI or...

Read More
Posted by Roy Moshailov on November 26, 2016

 The full report is also available as PDF. 

From November 7 – 15, 2016, Morphisec identified and monitored a new wave of sophisticated malware attacks using a modified version of the Hancitor downloader. The malware is delivered via targeted...

Read More
Posted by Michael Gorelik on October 22, 2016

UPDATED POST  - NOW WITH DETAILED TECHNICAL ANALYSIS!

During October 17 to 21, Morphisec identified and prevented several malicious and sophisticated macro-based documents at the site of one of our customers delivering a fileless Kovter backdoor...

Read More