Blog Posts

Cyber-Evil Getting Ever More Personal

Smartphones will soon become the target of choice for cyber attackers—making cyber warfare a personal matter. The emergence of mobile threats is nothing new, though until now, it has mainly been a phase of testing the waters and building an arms arsenal. Evil-doers are always on the lookout for weaknesses—the easiest to exploit and the most profitable. Now, it is mobile’s turn. We are witnessing a historic shift in focus from personal computers, the long-time classic target, to mobile devices.

Continue Reading

Morphisec Sheds Light on the Exploitation World

Morphisec started warming its engines with two findings related to two recent in-the-wild exploitations: IN-THE-WILD, NUCLEAR KIT FOUND THAT AUTOMATICALLY GENERATES FLASH EXPLOIT VARIANTS ON-THE-FLY ENCRYPTED FLASH EXPLOIT THAT BYPASSES MITIGATIONS FOUND IN THE WILD  

Congratulations! Morphisec raises $7M

Israeli startup Morphisec, which develops cyber security prevention and detection tools, has closed a $7 million Series A funding round led by Jerusalem Venture Partners (JVP), GE Ventures, Deutsche Telekom, Portage Advisors llc., and OurCrowd. The company has raised $8.5 million to date, including this financing round. http://www.globes.co.il/en/article-israeli-cyber-security-startup-morphisec-raises-7m-1001071492

Breaching the Air Gap with GSM Frequencies

Another excellent research from the Cyber Security Research Center @ Ben-Gurion University where your humble servant is serving as a CTO. The third one in the series of air-gap hacking breakthroughs where this time Mordechai Guri the lead researcher achieved data leakage via GSM radio frequencies to a dumb feature phone. What is so earth-shaking about it? The fact feature phones are allowed in secure places since they are considered harmless as they don’t have networking capabilities. Well…, no more.

Continue Reading

Is It GAME OVER?

Targeted attacks take many forms, though there is one common tactic most of them share: Exploitation. To achieve their goal, they need to penetrate different systems on-the-go. The way this is done is by exploiting unpatched or unknown vulnerabilities. More common forms of exploitation happen via a malicious document which exploits vulnerabilities in Adobe Reader or a malicious URL which exploits the browser in order to set a foothold inside the end-point computer. Zero Day is the buzzword today in the security industry, and

Continue Reading

Exploit in the Wild, Caught Red-Handed

Imagine a futuristic security technology that can stop any exploit at the exact moment of exploitation—regardless of the way the exploit was built, its evasion techniques or any mutation it might have or was possibly imagined to have. This technology is truly agnostic for any form of attack. An attack prevented with its attacker captured and caught red-handed at the exact point in time of the exploit…Sounds dreamy, no? For the guys at the stealth startup Morphisec it’s a daily reality. So, I decided

Continue Reading

Time to Re-think Vulnerabilities Disclosure

Public disclosure of vulnerabilities has always bothered me and I wasn’t able to put a finger on the reason until now. As a person who has been involved personally in vulnerabilities disclosure, I am highly appreciative for the contribution security researchers on awareness and it is very hard to imagine what would the world be like without disclosures. Still, the way attacks are being crafted today and their links to such disclosures got me into thinking whether we are doing it in

Continue Reading

Site Footer