Researcher Discovers Zero Day Vulnerability Using Homoglyph Characters

One of the most common sneaky tricks on the web is typo squatting. Attackers know that someone trying to type “disney.com” can very easily type “dinsey.com” or “disnet.com” on accident, and they ...
Zyxel 0day Affects its Firewall Products, Too

Zyxel 0day Affects its Firewall Products, Too

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in ...
Zyxel Fixes 0day in Network Storage Devices

Zyxel Fixes 0day in Network Storage Devices

Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch ...
Hacked Website Threat Report – 2019

Hacked Website Threat Report – 2019

The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities to massively ...
MSoft IE Vulnerability 2020-01-21

Morphisec Protects Customers Against Internet Explorer Scripting Zero Day

Recently, news came out about a vulnerability (CVE-2020-0674) in Microsoft’s Internet Explorer scripting engine based on how the browser handles memory. More specifically, within the JScript component of the scripting engine is ...

Cybersecurity New Year’s Resolutions from the Information Security Forum

It’s that time of year again. Time for every one of us to reminisce on the past year and make resolutions for how we can do better in the year ahead–particularly in ...
Life Cycle of a Security Bug

Life Cycle of a Security Bug

| | attacks, flaws, security, zero-day
Unlike members of the insect family, computer software bugs live forever. Software security bugs (well, flaws) are especially troubling since they demand respect from every software developer now and forever. We want ...
Apple Zero-Day Exploited in New BitPaymer Campaign

Apple Zero-Day Exploited in New BitPaymer Campaign

In August of 2019, just a month after our publication on a targeted BitPaymer/IEncrypt campaign, Morphisec identified a new and alarming evasion technique that the same adversaries adopted while targeting yet another ...
4 Ways to Protect Your Business from Zero-Day Attacks

4 Ways to Protect Your Business from Zero-Day Attacks

Zero-day attacks cost businesses millions of dollars in lost revenue and recovery costs and can cripple a company that is not prepared to respond decisively and effectively ...

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This vulnerability is extremely severe. It allows any ...