Many K-12 schools already were grappling with a lack of dedicated funding and resources to help vet and improve cybersecurity defenses before the surge of online classes in the spring, according to one analysis from the Morphisec cybersecurity firm.
Fifty-two percent of K-12 educators in the U.S. say their school has not warned them about the dangers of ransomware as they scale remote learning this year, according to the Education Cybersecurity Threat Index released by Morphisec.
Thirty-six percent of organizations have dealt with a security incident due to an unsecured remote worker.
Covid-19 has accelerated a work-from-home trend that began before the current health crisis and will persist in the years to come.
We look at the six cybersecurity start-ups named as Technology Pioneers by the World Economic Forum.
Anyone who recently bought clothes, accessories, toys or other things at the online store called Claire’s should be watching for suspicious activity on their credit card statements.
I know how to secure my PCs. I've never fallen victim to a phishing attack; gotten infected by a worm; been maligned by malware. But then I have 30-plus years of experience. You? Probably not.
Malware distributors are abusing a DLL hijacking vulnerability in Apple’s Push Notification service Windows executable to install coin miners on users attempting to download copyrighted software.
Thanks to the shift to work from home in many organizations due to COVID-19, a number of different cybersecurity challenges are beginning to emerge. That’s according to the Morphisec Work-from-Home Employee Cybersecurity Threat Index.
Fifty-six (56) percent of employees are using their personal computers as their company’s go remote in response to COVID-19 according to the Work-from-Home (WFH) Employee Cybersecurity Threat Index released by Morphisec.
Using nonwork authorized tech at home places company data at risk, especially since 23% of employees are unsure what security protocols exist on their devices, Morphisec found.
Security researchers discovered a new Ursnif malware delivery campaign leveraging Excel 4.0 macro functionality.
Two recently released studies lend businesses of all sizes new insights into the endpoint security market. These studies should guide enterprise IT decision-makers in navigating the endpoint security market.
The phishing message pretends to be a zoom conference invitation from employer's HR to discuss the immediate suspension or termination of jobs.
Here's a timeline of every security issue uncovered in the video chat app.
Zoom Video Communications Inc. continues to surge in popularity during the COVID-19 pandemic even as yet another security vulnerability has been revealed.
How organizations address the new reality during the short-haul may have long term consequences
Nathan Burke, CMO at cybersecurity asset management startup Axonius, wrote a blog post at about 4 a.m. a couple weekends ago, and its title captures the current mood: Things will be weird in cybersecurity for a while.
Remote work by support staff makes it harder for IT teams to police computer systems and prevent cyberattacks.
Shown as a proof-of-concept in 2014, this is the first known use of the BadUSB exploit in the wild.
Some security vendors are stepping up to help organizations better protect their networks as employees must suddenly work from home.
Hackers are exploiting a Windows 10 ActiveX control to download a malware downloader called Ostap, which has been used by TRickBot for delivery of malicious macros as part of phishing campaigns.
The TrickBot banking trojan has gotten trickier, with the addition of a Windows 10 ActiveX control to execute malicious macros in boobytrapped documents.
Morphisec is using the Windows 10 transition to help companies boost security
Like most everyone connected with the cybersecurity industry, I always advise people to apply updates to their operating systems as soon as possible to reduce the time that attackers have to jump through the threat windows opened by unpatched vulnerabilities.
A group of hackers is using the remote desktop ActiveX control in Word documents to automatically execute on Windows 10 a malware downloader called Ostap that was seen recently adopted by TrickBot for delivery.
Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10.
All journeys have a beginning, middle and an end, and it’s the job of the ForgeRock Identity Platform to ensure that every authentication journey, from start to finish, remains safe for the client and easy for the user.
New Cisco Talos research shows an increase in ransomware attacks that double the pressure on victims by threatening them with the exposure of their sensitive data.
The hackers behind Trickbot have added a new Windows 10 UAC bypass to the malware to in order to execute code without the victim knowing.
The tricky trojan evolves yet again, remaining one of the most advanced vehicles for delivering malware.
A recent endpoint security survey of 671 IT pros suggested that most organizations have been attacked and their confidence in the effectiveness of anti-virus protections continues to be low.
All those who are using Apple iTunes on Windows systems are hereby alerted that their computer systems are vulnerable to zero-day iTunes flaw which allows hackers to bypass the anti-virus protection and encrypt their files with malware.
Researchers have discovered a blunder in Bonjour’s coding, which introduces a well-documented flaw.
Apple has patched a zero-day flaw in iTunes app for Windows that allowed hackers to escape detection and install BitPaymer ransomware.
BitPaymer ransomware spotted abusing iTunes for Windows bug to bypass antivirus detection.
Attackers exploit an “unquoted path” flaw in the Bonjour updater in iTunes for Windows to deliver ransomware attacks.
The BitPaymer ransomware operators were observed abusing a zero-day vulnerability in Apple’s iTunes for Windows to run code and evade detection, Morphisec’s security researchers have discovered.
Flaw in iTunes for Windows Abused for Ransomware Attacks
Apple has patched a vulnerability in iCloud for Windows and iTunes for Windows that malicious actors had been exploiting to evade antivirus and endpoint detection and response systems as they attempted to infect machines with ransomware.
Just as Mac users wave goodbye to iTunes with macOS Catalina, Windows users are being warned of a horrible bug that has been found in their version of the software and which has enabled malicious attacks on targeted systems.
Several companies from the automotive industry were targeted by BitPaymer ransomware operators during August, in attacks that used an Apple zero-day vulnerability impacting the Apple Software Update service bundled with iTunes and iCloud for Windows.
The gang behind BitPaymer and ransomware attacks has been found exploiting Windows zero-day for Apple iTunes and iCloud.
The operators of the BitPaymer ransomware have been spotted using a zero-day in iTunes for Windows as a mechanism to bypass antivirus detection on infected hosts.
Apple patches actively exploited flaw that let ransomware crooks evade AV protection.
The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
Columbus State University student Huirui Washington was selected as the first place scholarship winner with the Morphisec Award.
SCHOLARSHIPS AWARDED TO THREE FEMALE STUDENTS TO ENCOURAGE YOUNG WOMEN POISED TO ENTER THE CYBERSECURITY FIELD GLOBALLY
If there was a common theme at the 2019 Black Hat USA conference in Las Vegas, it may well have been security culture.
Last week, hackers and security experts from around the world descended on Las Vegas for a number of security conferences, the most prominent of which were Black Hat and Defcon.
MORPHISEC VP OF PRODUCT MANAGEMENT NETTA SCHMEIDLER ANNOUNCES THE 2019 WINNERS OF THE MORPHISEC WOMEN IN CYBERSECURITY SCHOLARSHIP
RESEARCHERS DISCOVERED A NEW REVERSE SHELL MALWARE PROGRAM USED BY CYBER-CRIMINAL FIN8 GROUP TO ESTABLISH COMMAND-AND-CONTROL COMMUNICATIONS WITH INFECTED MACHINES
AN ONGOING CAMPAIGN USING THE BITPAYMER RANSOMWARE HAS TARGETED AT LEAST 15 U.S. ORGANIZATIONS IN THE LAST THREE MONTHS ACROSS THE FINANCIAL, AGRICULTURAL, TECHNOLOGY AND GOVERNMENT SECTORS, RESEARCHERS SAID THURSDAY.
A NEW FRAMEWORK IS ALLOWING THE THREAT GROUP TO COMPILE VARIANTS OF THE MALWARE FOR EACH VICTIM, MORPHISEC SAYS.
BitPaymer ransomware learns some new tricks
NEARLY HALF OF CONSUMERS BELIEVE THEIR PERSONAL HEALTH INFORMATION IS MORE SECURE ON THEIR PERSONAL ELECTRONIC DEVICES THAN IT IS ON THEIR HEALTH CARE PROVIDERS’ COMPUTER SYSTEMS.
THE MORPHISEC 2019 CONSUMER FINANCIAL CYBERSECURITY THREAT INDEX SURVEYED 1 000 CONSUMERS TO EXAMINE HOW THE INCREASING NUMBER OF FINANCIAL CYBER ATTACKS IS IMPACTING THEIR MINDSET.
PEOPLE ARE JUSTIFIED IN WORRYING ABOUT "HOW MUCH THEIR FINANCIAL SERVICE PROVIDERS ARE INVESTING IN PROTECTING THEIR FINANCIAL DATA AND ACCOUNTS."
AFTER A TWO-YEAR ABSENCE, THE HACKING GROUP KNOWN AS FIN8 HAS RETURNED WITH A NEW CAMPAIGN MAINLY TARGETING POINT-OF-SALE MACHINES IN THE HOTEL INDUSTRY
FIN8 RETURNS WITH IMPROVED MALWARE AND NEW ATTACKS AIMED AT POS SYSTEMS IN THE HOTEL INDUSTRY.
RESEARCHERS HAVE DETECTED A NEW CAMPAIGN AGAINST THE HOTEL-ENTERTAINMENT INDUSTRY EMPLOYING THE FIRST DOCUMENTED USE OF THE SHELLTEA/PUNCHBUGGY BACKDOOR SINCE 2017.
A CRIMINAL HACKING GROUP TRIED TO BREACH THE COMPUTER NETWORK OF A U.S. HOTEL ACCORDING TO RESEARCH FROM ENDPOINT SECURITY FIRM MORPHISEC.
RESEARCHERS HAVE SPOTTED THE MUDDYWATER, FIN8 AND PLATINUM CYBERGANGS ALL MAKING AN UNWANTED COMEBACK FOLLOWING AN OBSERVED INCREASE IN MALICIOUS ACTIVITY OVER THE LAST FEW WEEKS.
A NEW ASSESSMENT OF CYBERSECURITY THREATS HIGHLIGHTS CONSUMERS’ GROWING ROLE AND PREDICTS THINGS WILL GET WORSE BEFORE THEY GET BETTER.
SECURITY RESEARCHERS HAVE DISCOVERED A NEW VERSION OF THE INFAMOUS HWORM A.K.A NJRAT. THIS REMOTE ACCESS TOOL (RAT) IS WIDELY KNOWN FOR TARGETING ORGANIZATIONS IN THE MIDDLE EAST.
AMERICANS FEAR OF AN IMMINENT OR ELEVATED CYBER THREAT AGAINST THE NATION DROPS TO 51%; BUT 27% OF CITIZENS BELIEVE THERE ARE LINGERING EFFECTS ON CYBER DEFENSES FROM THE GOVERNMENT SHUTDOWN
ALMOST HALF OF CONSUMERS (45 PERCENT) BELIEVE THEIR PROTECTED HEALTH INFORMATION IS MORE SECURELY STORED ON THEIR PERSONAL ELECTRONIC DEVICES THAN THEIR HEALTHCARE PROVIDERS', ACCORDING TO A MORPHISEC SURVEY.
BILLIONS ARE BEING LOST TO CYBER-CRIME EACH YEAR, AND THE PROBLEM SEEMS TO BE GETTING WORSE. SO COULD WE EVER CREATE UNHACKABLE COMPUTERS BEYOND THE REACH OF CRIMINALS AND SPIES? ISRAELI RESEARCHERS ARE COMING UP WITH SOME INTERESTING SOLUTIONS.
AS THE HEALTHCARE INDUSTRY CONTINUES TO STRUGGLE WITH TIGHTENING UP ITS CYBER-DEFENSES, CONSUMERS INCREASINGLY BELIEVE THEY PLAY A ROLE IN SECURING THEIR HEALTH INFORMATION, ACCORDING TO A NEW REPORT PUBLISHED BY MORPHISEC.
THE 2019 MORPHISEC CONSUMER HEALTHCARE: CYBERSECURITY THREAT INDEX FOUND THAT WHILE HEALTHCARE PORTAL USE BY CONSUMERS HAS INCREASED, CONSUMERS BELIEVE THEIR HEALTH DATA IS MORE SECURE ON THEIR OWN PHONE THAN ON PROVIDERS’ DEVICES.
INFOSEC IS COMPLICATED ENOUGH. ADD AI/ML INTO YOUR SECURITY SOFTWARE MIX, AND YOU MAY BE ASKING FOR TROUBLE.
EN 2017, 4,9 MILLIARDS DE DOLLARS ONT ÉTÉ INVESTIS DANS DES START-UPS EN CYBERSÉCURITÉ.
RESEARCHERS FROM MORPHISEC HAVE DETECTED A SPIKE IN ATTACKS AGAINST POINT-OF-SALE (POS) SYSTEMS SINCE THE BEGINNING OF THE YEAR, MANY OF WHICH USED THE COBALT STRIKE PENETRATION TESTING FRAMEWORK TO DELIVER MEMORY-SCRAPING MALWARE.
RESEARCHERS FROM MORPHISEC HAVE UNCOVERED AN ONGOING CAMPAIGN AGAINST RETAIL VMWARE HORIZON POINT-OF-SALE (POS) THIN CLIENTS.
RECENT ATTACKS AGAINST POINT-OF-SALE (POS) THIN CLIENTS AROUND THE WORLD HAVE BEEN USING CARD DATA SCRAPING MALWARE AND THE COBALT STRIKE BEACON, SECURITY FIRM MORPHISEC REVEALS.
The security firm Morphisec has connected the threat group Fin6 to a string of point-of-sale attacks against VMWare Horizon thin clients.
CISOs can best evaluate and measure the prevention efficacy of their cyber defenses with the T.E.S.T. performance indicators: Time, Efficacy, Simplicity and Total Cost of Ownership.
Nouveau venu dans l’hexagone, avec un bureau ouvert en octobre 2018, l’éditeur a vu le jour en 2014, avec une commercialisation effective de sa solution en 2016.
A new, sophisticated campaign that delivers the Orcus Remote Access Trojan (RAT) is claiming victims in ongoing and targeted attacks.
Cybersecurity vendor Morphisec has released the details of a malware campaign distributing the Orcus Remote Access Trojan (RAT).
Morphisec, éditeur de solutions de cyber sécurité qui offrent une protection en temps réel contre les cyber attaques les plus avancées, reconnu par Gartner, PWC, DHS...
Today, endpoint security and threat prevention solution provider Morphisec released their Morphisec Labs Threat Report for December 2018.
Keystroke logging software is one of the oldest forms of malware, dating back to typewriters. It's still popular and often used as part of larger cyber attacks.
Researchers from Morphisec, a moving target defence company, have uncovered a widespread, ongoing cyber campaign hitting multiple targets.
The cybercriminal threat group TA505 is a key suspect in an ongoing phishing campaign that’s been attempting to infect victims with the FlawedAmmyy and Remote Manipulator (RMS) remote access trojans.
Another area often overlooked during the Black Friday/Cyber Monday period is the danger it presents to non-retail companies.
Cybersecurity firm Morphisec said that 63 percent of 1,000 Americans that it surveyed in
Morphisec to develop and test an enhanced moving target defense for virtual systems as part of the DHS’ Silicon Valley Innovation Program
Morphisec will become the first international business to receive a grant from the S&T’s Financial Services Cyber Security Active Defense Technologies category.
With the kickoff of National Cybersecurity Awareness Month, the Department of Homeland Security (DHS) has been actively focused on cybersecurity this week.
Israel-based Morphisec won a DHS grant to develop technology to protect financial institutions from cyberattacks.
Essar Group has signed up Morphisec to to secure the organization from advanced attacks.
While ransomware attack volume may have declined, attacks have evolved to be more sophisticated, targeted and effective against unsuspecting users and unprepared organizations.
A move to a pure cloud strategy at the London Stock Exchange Group forced a new security mindset. Here's how the LSEG's CISO faced the challenge.
The sprawling and complex set of subjects we call cyber security can all be tied to one fundamental concept -- time.
CRN has identified 10 security startups launched in the past half-decade that stood out from the crowd this year thanks to new funding, the launch of a channel program, or key product enhancements or updates.
With the first half of the year come and gone, it's time to start executing plans for the second half.
Three women chosen from a large pool of highly qualified candidates are the new recipients of Morphisec's Women in Cybersecurity Scholarship.
A new report analyzes threat data collected from approximately 750,000 Morphisec protected endpoints globally, between January 1 and March 31, 2018, as well as from in-depth investigations conducted by the Morphisec Labs threat research team.
Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses.
One hundred percent of attacks prevented By Morphisec in Q1 used at least one fileless technique. These attacks include adware, says the company, which specialises in moving target defence technology.
Endpoint security solution provider Morphisec today released the inaugural edition of the Morphisec Labs’ Threat Report for Q1 of 2018.
CCleaner owner Avast is sharing more details on the malware attackers used to infect legitimate software updates with malware.
Adobe’s Flash Player might be on the way out and exploit kits have taken a backseat to cryptominers, but cybercriminals are still finding ways to harness the potent pairing.
Traditional signature-based detection, i.e., antivirus, has proven wholly ineffective in today’s threat landscape where thousands of new variants are created daily, each with a new signature.
Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor department stores—all owned by The Hudson’s Bay Company—acknowledged a data breach impacting more than five million credit and debit card numbers. The culprits? The same group that's spent the last few years pulling off data heists from Omni Hotels & Resorts, Trump Hotels, Jason’s Deli, Whole Foods, Chipotle: A mysterious group known as Fin7.
A hacking technique - watering hole attacks - has resurfaced for the first time since 2015/16. Morphisec's CTO and malware prevention expert, Michael Gorelik, says it's back and more sophisticated than before, and will be the big thing in 2018.
An attack leveraging the compromised website of a Hong Kong telecommunications company is using a recently patched Flash vulnerability that has been exploited by North Korea since mid-November 2017, Morphisec warns.
A new attack method lets attackers bypass Microsoft's Code Integrity Guard (CIG) and inject malicious code into protected processes, including Microsoft Edge. Researchers at Morphisec this week disclosed the details of the technique and proof-of-concept code.
Malware authors can exploit a flaw in the Windows Code Integrity Guard (CIG) security mechanism to inject malicious, unsigned code into CIG-protected applications, considered to be immune to such attacks.
Every month, Start-Up Nation Central’s channel on Forbes will highlight a handful of startups that have recently raised funding, and that we think are important to keep an eye on.
A vulnerability that was recently patched in Flash Player after being used in targeted attacks is now seeing widespread exploitation in a malicious spam campaign.
According to cybersecurity firm Morphisec, cybercriminals are blasting spam messages that urge recipients to click a link to download a Word document. And when a victim opens the document and enables editing, malware attempts to exploit an Adobe Flash Player bug (CVE-2018-4878) patched by Adobe earlier this month.
Endpoint security firm Morphisec has spotted a massive campaign that exploits a recently patched Adobe Flash Player vulnerability to deliver malware.
Morphisec, an Israel-based developer of cybersecurity software, raised $12 million in Series B funding. Investors include Orange Digital Ventures, Jerusalem Venture Partners, GE, and Deutsche Telekom.
Orange Digital Ventures annonce sa participation au financement de Morphisec, leader de la technologie Moving Target Defense.
The movement toward next-generation endpoint security has accelerated because cybersecurity professionals aren’t happy with the efficacy of existing antivirus tools. This has led to a wave of investment and innovation from vendors including Morphisec.
Cybersecurity provider Morphisec continues to grow its partner community and has a technological advantage over its main competitors, including Cylance, CrowdStrike and Carbon Black.
Israel's top luxury hotel brand protects itself from advanced threats so it doesn't become another entry in the long list of hotel breaches.
Morphisec makes the list of Solutions Review's top next generation endpoint security vendors to watch.
Aging IT infrastructure and unpatched software vulnerabilities coupled with vast amounts of personal data make retailers make a prime cybercrime target.
Report in French by TF1/LCI about cybersecurity in Israel, including sound bytes by Morphisec CEO Ronen Yehoshua touring our offices located at the cybercity Beer Sheva.
Young women in Europe, the US and Israel have decided before they are even 16 years old that they don’t want a career in cybersecurity. Netta Schmeidler shares her view.
Digitalization in the hospitality industry has brought enormous gains in efficiency but also enormous increases in cyber risk.
In this podcast, Paul Roberts speaks with VP R&D Michael Gorelik CCleaner hack – a hack that Morphisec discovered.
Gorelik is convinced that supply-chain attacks will increase in frequency but believes that there are already other products out there with malicious code added to them...
Michael Gorelik, VP R&D at Morphisec, explained that [...] the TLS initialization of callback functions was probably altered by a modification of the visual studio runtime file.
On Sept. 12, Morphisec warned Avast of the infection, and the latter was able to resolve the issue within 72 hours.
The compromised version of CCleaner [...] was undetected for four weeks, "underscoring the sophistication of the attack," Morphisec VP R&D Michael Gorelik wrote in a blog post.
We thank Morphisec and we owe a special debt to their clever people who identified the threat and allowed us to go about the business of mitigating it.
Women make up just 11% of the world’s information security workforce, according to the 2017 Global Information Security Workforce Study. This is way behind other industries.
Morphisec Lab attributes the malware to FIN7, a group associated with other damaging attacks on large restaurant chains and hospitality organizations.
Morphisec Lab identified a new, highly sophisticated fileless attack targeting restaurants across the US.
Two years ago, IoT attacks were considered exotic, an aberration of interest mainly to those in the industry and conspiracy theorists. No longer.
Report about Morphisec security researchers discovering a new fileless attack framework.
Researchers at Israeli security company Morphisec said today that they discovered a new fileless malware attack framework.
Rob Enderle sees Morphisec as "a universal immunization remedy" for endpoints.
Rob Enderle sees Morphisec as "a universal immunization remedy" for endpoints.
The Leader in Moving Target Defense Now Offers ‘Morphisec Guard’ as a Replacement for Antivirus to Simplify End-to-End ...
56% of Employees Are Using Personal Computers, and Nearly One-Quarter are Unaware of What Security Protocols Are in Place on ...
Moving Target Defense Adds Linux to Protect Cloud Workloads and Servers from Advanced Threats SAN FRANCISCO – FEBRUARY 25, ...