Meltdown and Spectre Q&A

Posted by Morphisec Team on Jan 15, 2018 10:11:01 PM

The Meltdown and Spectre CPU vulnerabilities disclosed earlier this month generated a lot of noise and a lot of confusion. Our security experts received a deluge of questions from customers and industry personnel alike. Responding to this need, Morphisec CTO and VP R&D Michael Gorelik went on air to provide some answers. If you missed the webinar, you can watch it here.

Read More

Topics: Exploits, Zero-day, Cyber Security, Webinars

Threat Alert: Memory Corruption Vulnerability CVE-2017-11826

Posted by Morphisec Team on Dec 13, 2017 9:45:10 PM

Two days ago, researchers at TarLogic published a proof-of-concept APT that leverages CVE-2017-11826, a Microsoft Office 0-day vulnerability existing in all Office versions.  Microsoft issued a patch for the vulnerability in October, however many systems still remain at risk.

Read More

Topics: Cyber Attacks, 0-day exploits, Zero-day, Endpoint Security, APT

Iranian Fileless Attack Infiltrates Israeli Organizations

Posted by Michael Gorelik on Apr 27, 2017 7:11:43 PM

INTRODUCTION

From April 19-24, 2017, a politically-motivated, targeted campaign was carried out against numerous Israeli organizations. Morphisec researchers began investigating the attacks on April 24 and continue to uncover more details. Initial reports of the attacks, published April 26 (in Hebrew) by the Israel National Cyber Event Readiness Team (CERT-IL) and The Marker, confirm that the attack was delivered through compromised email accounts at Ben-Gurion University and sent to multiple targets across Israel. Ironically, Ben-Gurion University is home to Israel’s Cyber Security Research Center. Investigators put the origin of the attack as Iranian; Morphisec’s research supports this conclusion and attributes the attacks to the same infamous hacker group responsible for the OilRig malware campaigns.

Read More

Topics: 0-day exploits, Zero-day, Attack Analysis, Fileless Attacks

Cybersecurity Predictions for  2017 - Round 2

Posted by Morphisec Team on Dec 22, 2016 9:10:30 PM

As an eventful 2016 draws to a close, what should we expect in cybersecurity for 2017? In this blog series, Morphisec’s security experts predict trends and technologies in 2017.

Today’s post is from Michael Gorelik, Morphisec VP R&D. He takes a look at the future in endpoint technology developments, both from a security and attack point of view.

Read More

Topics: Cyber Attacks, Zero-day, Cyber Security, VDI, Cyber Security Predictions 2017

Tor/FireFox Zero-Day prevented by Morphisec

Posted by Ursula Ron on Dec 7, 2016 1:37:14 PM

The FireFox zero-day recently used in the wild made headlines when TOR users that fell victim to the attack lost the one thing they were looking for: anonymous browsing. Speculation ran rife that the exploit may have been created by the FBI or another governmental agency, especially as the attack resembled past investigations used to identify Tor users.

Read More

Topics: Exploits, Cyber Attacks, Zero-day, Patching

Outsmarting Smart Malware

Posted by Ursula Ron on Jun 1, 2016 8:40:08 AM

In an article published by Tech Crunch last week, tech reporter Ben Dickson investigates the new generation of smart malware. He manages to sum up the crux of the problem in two sentences: “Virus definition databases don’t seem to account for the growing number of new malware species and variants, especially when they’re smart enough to evade discovery. More devious genus of malware are succeeding at even duping advanced security tools that discover threats based on behavior analysis.”

Read More

Topics: Moving Target Defense, Zero-day, Cyber Security

Patch Me if You Can

Posted by Mordechai Guri, Ph.D. on Dec 7, 2015 8:50:47 AM

Earlier this year, Microsoft announced its Windows updates for business, which was proclaimed as a way to "empower IT Professionals to keep the Windows devices in their organization always up to date with the latest security defenses and Windows features." If there is one thing most IT Pros agree on, it is that patching is a pain – it is something that must be done for the long-term security of the organization, but it is disruptive so it gets delayed (and the new Microsoft service will attempt to shorten these delays). And even worse than the business interruption patching causes, on its own, patching is never sufficient.

Read More

Topics: 0-day exploits, Zero-day, Patching

Flash Zero-day Quickly Propagates to Unaware Sites

Posted by Michael Gorelik on Nov 9, 2015 7:15:04 PM

Have you ever wondered what happens to zero-day exploits after their big splash on day zero? Often 0-days are developed to target a specific organization, as in this Pawn Storm-related instance reported by Trend Micro, which targeted specific people within the Foreign Affairs Ministry.

Read More

Topics: Exploits, Cyber Attacks, 0-day exploits, Moving Target Defense, Zero-day, Attack Analysis

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts