Blog Posts
Morphisec started warming its engines with two findings related to two recent in-the-wild exploitations: IN-THE-WILD, NUCLEAR KIT FOUND THAT AUTOMATICALLY GENERATES FLASH EXPLOIT VARIANTS ON-THE-FLY ENCRYPTED FLASH EXPLOIT THAT BYPASSES MITIGATIONS FOUND IN THE WILD
Israeli startup Morphisec, which develops cyber security prevention and detection tools, has closed a $7 million Series A funding round led by Jerusalem Venture Partners (JVP), GE Ventures, Deutsche Telekom, Portage Advisors llc., and OurCrowd. The company has raised $8.5 million to date, including this financing round. http://www.globes.co.il/en/article-israeli-cyber-security-startup-morphisec-raises-7m-1001071492
Morphisec sheds some light on their anti zero-day product with their new website – check it out here.
Another excellent research from the Cyber Security Research Center @ Ben-Gurion University where your humble servant is serving as a CTO. The third one in the series of air-gap hacking breakthroughs where this time Mordechai Guri the lead researcher achieved data leakage via GSM radio frequencies to a dumb feature …
Targeted attacks take many forms, though there is one common tactic most of them share: Exploitation. To achieve their goal, they need to penetrate different systems on-the-go. The way this is done is by exploiting unpatched or unknown vulnerabilities. More common forms of exploitation happen via a malicious document which exploits …
Imagine a futuristic security technology that can stop any exploit at the exact moment of exploitation—regardless of the way the exploit was built, its evasion techniques or any mutation it might have or was possibly imagined to have. This technology is truly agnostic for any form of attack. An attack prevented with …
Public disclosure of vulnerabilities has always bothered me and I wasn’t able to put a finger on the reason until now. As a person who has been involved personally in vulnerabilities disclosure, I am highly appreciative for the contribution security researchers on awareness and it is very hard to imagine …
Excellent post by Kira Makagon on Israel’s cyber revolution http://kiramakagon.com/israels-exciting-innovations-in-cyber-security/
Yet another new Ransomware with a new sophisticated approach http://blog.trendmicro.com/trendlabs-security-intelligence/crypvault-new-crypto-ransomware-encrypts-and-quarantines-files/ Pay attention that the key section in the description on the way it operates is “The malware arrives to affected systems via an email attachment. When users execute the attached malicious JavaScript file, it will download four files from its C&C server:” When users …
The main victims of any data breach are actually the people, the customers, whom their personal information has been stolen and oddly they don’t get the deserved attention. Questions like what was the impact of the theft on me as a customer, what can I do about it and whether I deserve …
After several years of running my blog on Typepad I moved back to wordpress! The control, modern UI, diversity of plugins and themes and connectivity to the social world made me stop being lazy
It has been a crazy two days at Israel’s Cyber Tech 2015…in a good way! The exhibition hall was split into three sections: the booths of the established companies, the startups pavilion and the Cyber Spark arena. It was like examining an x-ray of the emerging cyber industry in Israel, …
Researcher Mordechai Guri, guided by Prof. Yuval Elovici, has uncovered a new method to breach air-gapped systems. Our last finding on air-gap security was published in August of 2014, using a method called Air-Hopper which utilizes FM waves for data exfiltration. The new research initiative, termed BitWhisper, is part of …
The beginning of the cyber park There are very few occasions in life where you personally experience a convergence of unrelated events that lead to something…something BIG! I am talking about Beer-Sheva, Israel’s desert capital. When I started to work with Deutsche Telekom Innovation Laboratories at Ben-Gurion University 9 years ago …
One of the core problems with cyber criminals and attackers is the lack of a clear target. Cyber attacks are digital in nature and as such, they are not tied to a specific geography, organization and or a person – finding the traces to the source is non-deterministic and ambiguous. …
Overview The security level of a computerized system is as good as the security level of its weakest links. If one part is secure and tightened properly and other parts are compromised, then your whole system is compromised, and the compromised ones become your weakest links. The weakest link fits …
Background Attackers are Stronger Now The cyber world is witnessing a fast-paced digital arms race between attackers and security defense systems, and 2014 showed everyone that attackers have the upper hand in this match. Attackers are on the rise due to their growing financial interest—motivating a new level of sophisticated …
Microsoft and Google are bashing each other on the zero-day exploit in Windows 8.1 that was disclosed by Google last week following a 90 days grace period. Disclosing is a broad term when speaking about vulnerabilities and exploits – you can disclose to the public the fact that there is a …
We had a very productive year at 2014 in Ben-Gurion’s cyber security labs. We published several research papers which got wide media coverage. The first finding was a vulnerability uncovered on Samsung’s KNOX phones. The vulnerability enables an attacker to intercept data coming out from the secure KNOX container. Later on the …
2014 has ended and 2015 is just warming up. We had a year full with big news on security threats and breaches and I collected some industry predictions for 2015 and added my own abbreviated commentary. At the end you can find my own predictions for security in 2015. …
Google Project Zero has debuted with the aim of solving the vulnerabilities problem by identifying zero day vulnerabilities, notifying the company which owns the software and giving them 90 days to solve the problem. After 90 days they publish the exploit. And they just did it to Microsoft. I remember …
The surging amount of cyber attacks against companies and their dear consequences pushes companies to the edge. Defensive measures can go only so far in terms of effectiveness, assuming they are fully deployed which is also far from being the common case. Companies are too slow to react to this …
Could be interesting to understand whether cutting down North Korea from the internet was a defensive measure due to a huge amount of ongoing attacks or was it just a preventive measure. Definitely cutting down the internet has become another weapon in the war chest of the US. The question …
Sony hack has flooded my news feed in recent weeks, everyone talking about how it was done, why, whom to blame, the trails which lead to North Korea and the politics around it. I’ve been following the story from the first report with an unexplained curiosity and was not sure …