Breach Prevention Blog

Every week, the Morphisec team works hard to bring you the top stories from around the security media-sphere to make your job and securing your critical infrastructure easier.

In today’s weekly edition of Security News in Review, you’ll find news...

An Infostealer is a trojan that is designed to gather and exfiltrate private and sensitive information from a target system. There is a large variety of info stealers active in the wild, some are independent and some act as a modular part of a...

Recently, news came out about a CVE-2020-0674 vulnerability in Microsoft’s Internet Explorer scripting engine based on how the browser handles memory. More specifically, within the JScript component of the scripting engine is an unspecified...

In August of 2019, just a month after our publication on a targeted BitPaymer/IEncrypt campaign, Morphisec identified a new and alarming evasion technique that the same adversaries adopted while targeting yet another enterprise in the automotive...

Today Adobe disclosed a new Flash zero-day, releasing a patch for the critical vulnerability in an out-of-band update. Successful exploitation gives attackers the ability to execute arbitrary code on the targeted machine, and eventually assume...

Adobe disclosed that a Flash zero-day was being exploited in targeted attacks against Windows users. The critical vulnerability was discovered and independently reported by several security firms. Successful exploitation of the vulnerability...

After more than four years with no weaponized exploits for Adobe Acrobat Reader, researchers at ESET identified a weaponized PDF that allows attackers to execute arbitrary code on the targeted machine and eventually assume full system control....

Before diving into the analysis of CVE-2018-4878, a quick reminder that this is the continuation of our previous post, which provided background on CVE-2018-4878, including a  video of how Morphisec prevents any attacks leveraging this Flash...

How an organization handles the time between the unleashing of a zero-day and the availability of a patch is telling. There are basically two kinds of companies – those that try to mitigate the risk as best they can while they wait for a patch...

The Meltdown and Spectre CPU vulnerabilities disclosed earlier this month generated a lot of noise and a lot of confusion. Our security experts received a deluge of questions from customers and industry personnel alike. Responding to this need,...