Morphisec Sheds Light on the Exploitation World

Morphisec started warming its engines with two findings related to two recent in-the-wild exploitations: IN-THE-WILD, NUCLEAR KIT FOUND THAT AUTOMATICALLY GENERATES FLASH EXPLOIT VARIANTS ON-THE-FLY ENCRYPTED FLASH EXPLOIT THAT BYPASSES MITIGATIONS FOUND IN THE WILD  

Congratulations! Morphisec raises $7M

Israeli startup Morphisec, which develops cyber security prevention and detection tools, has closed a $7 million Series A funding round led by Jerusalem Venture Partners (JVP), GE Ventures, Deutsche Telekom, Portage Advisors llc., and OurCrowd. The company has raised $8.5 million to date, including this financing round. http://www.globes.co.il/en/article-israeli-cyber-security-startup-morphisec-raises-7m-1001071492

Is It GAME OVER?

Targeted attacks take many forms, though there is one common tactic most of them share: Exploitation. To achieve their goal, they need to penetrate different systems on-the-go. The way this is done is by exploiting unpatched or unknown vulnerabilities. More common forms of exploitation happen via a malicious document which exploits

Continue Reading

Exploit in the Wild, Caught Red-Handed

Imagine a futuristic security technology that can stop any exploit at the exact moment of exploitation—regardless of the way the exploit was built, its evasion techniques or any mutation it might have or was possibly imagined to have. This technology is truly agnostic for any form of attack. An attack prevented with

Continue Reading

Most cyber attacks start with an exploit – I know how to make them go away

Yet another new Ransomware with a new sophisticated approach http://blog.trendmicro.com/trendlabs-security-intelligence/crypvault-new-crypto-ransomware-encrypts-and-quarantines-files/ Pay attention that the key section in the description on the way it operates is “The malware arrives to affected systems via an email attachment. When users execute the attached malicious JavaScript file, it will download four files from its C&C server:” When users

Continue Reading

Facelift to My Blog

After several years of running my blog on Typepad I moved back to wordpress! The control, modern UI, diversity of plugins and themes and connectivity to the social world made me stop being lazy

Breaching The Air-Gap with Heat

Researcher Mordechai Guri, guided by Prof. Yuval Elovici, has uncovered a new method to breach air-gapped systems. Our last finding on air-gap security was published in August of 2014, using a method called Air-Hopper which utilizes FM waves for data exfiltration. The new research initiative, termed BitWhisper, is part of

Continue Reading

Distributed Cyber Warfare

One of the core problems with cyber criminals and attackers is the lack of a clear target. Cyber attacks are digital in nature and as such, they are not tied to a specific geography, organization and or a person – finding the traces to the source is non-deterministic and ambiguous.

Continue Reading

Taming The Security Weakest Link(s)

Overview The security level of a computerized system is as good as the security level of its weakest links. If one part is secure and tightened properly and other parts are compromised, then your whole system is compromised, and the compromised ones become your weakest links. The weakest link fits

Continue Reading

The Emergence of Polymorphic Cyber Defense

Background Attackers are Stronger Now The cyber world is witnessing a fast-paced digital arms race between attackers and security defense systems, and 2014 showed everyone that attackers have the upper hand in this match.  Attackers are on the rise due to their growing financial interest—motivating a new level of sophisticated

Continue Reading

My Security Crystal Ball

2014 has ended and 2015 is just warming up. We had a year full with big news on security threats and breaches and I collected some industry predictions for 2015 and added my own abbreviated commentary. At the end you can find my own predictions for security in 2015.  

Continue Reading

Site Footer