Morphisec – Page 2 – WindowsTechs.com

Fin7 weaponization of DDE is just their latest slick move, say researchers

Posted on October 16, 2017 by Shaun Waterman

When cybercrime gang FIN7 weaponized a new attack vector against Microsoft applications within a day of it being published last week, it was just the latest slick move from a threat group who’ve been consistently one step ahead of cyber defenders. A timeline of different attack vectors used by the group compiled by Morphisec researchers shows that FIN7 typically adopts a new technique within “a couple of days” of an attack being discovered, once the number of security solutions that detect it gets into double figures. The Morphisec researchers analyzed scoring of FIN7 attachment lures by VirusTotal — a service that scans files and tests them against 56 kinds of security software. “A look at Virus Total scoring reveals that when a FIN7 campaign is first active, is goes mostly undetected by security solutions. The malicious documents do not score more than 1-3 detections. Within a couple of days, security solutions update their patterns and […]

The post Fin7 weaponization of DDE is just their latest slick move, say researchers appeared first on Cyberscoop.

Continue reading Fin7 weaponization of DDE is just their latest slick move, say researchers→

A clearer picture of the CCleaner backdoor incident

Posted on September 19, 2017 by Zeljka Zorz

On Monday, Cisco and Piriform – the Avast-owned company behind the popular CCleaner utility – announced that certain versions of the software have been backdoored by hackers. A blog post by security outfit Morphisec later revealed they were the ones who first notified Avast of the problem. The timeline of the incident and Avast’s response to it is as follows: August 15: Malicious CCleaner (v5.33.6162) made available for download from Piriform’s servers August 24: Malicious … More → Continue reading A clearer picture of the CCleaner backdoor incident→

New infosec products of the week: August 4, 2017

Posted on August 4, 2017 by Mirko Zorz

New Forcepoint CASB behavior analytics help security teams reduce time to action Forcepoint fortified its cloud security portfolio to empower security teams with new behavior-driven controls that simplify protection of employees, critical business data and intellectual property. New capabilities now available across Forcepoint CASB, Forcepoint Web Security and Forcepoint Email Security ensure customers around the world can safely embrace, and continue to grow, their business in the cloud. AppViewX introduces new automation tools: Visual Workflow … More → Continue reading New infosec products of the week: August 4, 2017→

Iran-linked hackers used Microsoft Word flaw against Israeli targets, security firm says

Posted on April 27, 2017 by Patrick Howell O'Neill

Hackers allegedly linked to the Iranian government launched a digital espionage operation this month against more than 250 different Israel-based targets by using a recently disclosed and widely exploited Microsoft Word vulnerability, cybersecurity experts tell CyberScoop. The hacking group, dubbed OilRig by security researchers and believed to be tied to Iranian intelligence services, utilized a software flaw in Word officially known as CVE-2017-0199 that allows attackers to execute a remote computer intrusion to take full control of a target device while leaving little or no trace, said Michael Gorelik, vice president of Israeli security firm Morphisec. Over the last month, Morphisec has investigated the incident on behalf of multiple victims. Clients showed forensic evidence on their respective networks that could be linked back to OilRig. After its disclosure in March, CVE-2017-0199 was quickly exploited by nation-states and cybercriminals alike. OilRig has been around since at least 2015, according to numerous security industry experts who have […]

The post Iran-linked hackers used Microsoft Word flaw against Israeli targets, security firm says appeared first on Cyberscoop.

Continue reading Iran-linked hackers used Microsoft Word flaw against Israeli targets, security firm says→

Fileless Malware Campaigns Tied to Same Attacker

Posted on March 16, 2017 by Michael Mimoso

Two recent fileless malware campaigns targeting financial institutions, government agencies and other enterprises have been linked to the same attack group. Continue reading Fileless Malware Campaigns Tied to Same Attacker→