Matthew Delman

Understanding the different types of software licensing can be complex. Proprietary softwatre licenses and open source software licenses are relatively easy. But there’s a third category: source available licenses. These are possibly the most confusing license category. Source available software falls in between commercial and open source licenses. They’re not exactly proprietary and not exactly fully open.
Where it becomes most confusing is that source available licenses look a lot like open...

As the use of the cloud has expanded, an organization’s attack surface, the sum of all potential digital doorways into the organization, has seen a corresponding increase. The average enterprise now uses over 1,400 distinct cloud services – a number that has tripled over the past five years. Cloud-first strategies have invaluable benefits to an organization, but they also increase the complexity of their digital environment and lead to more exposures in more places than ever before.
According...

Corporate data outside the network has always posed a security risk, but with more people working from anywhere, the issue has taken on increased urgency.
Enter remote employee monitoring. The practice of monitoring remote employees has made extensive news in recent years, especially since the first COVID-19 pandemic lockdowns. There is an overall negative perception of the idea, with critics claiming invasion of privacy as the main issue around monitoring remote workers.
Despite the bad rap ...

Open source software is a major component of modern development. Using open source code empowers dev teams to accelerate their…
Open source software is a major component of modern development. Using open source code empowers dev teams to accelerate their delivery timelines and ship finished products more efficiently. In a highly competitive business world, companies need all the advantages they can get. Using open source code allows product-focused organizations to achieve their goals around ...

Logs are everywhere. Which is good because they’re a critical piece of operations work in computing, whether you work in DevOps, security operations, or IT operations. Analyzing logs helps with many different aspects of the technical support of devices, users, applications, and more. They can determine where authentication is happening, how applications work, whether a system crashed because of malicious actions or some other malfunction.
To understand the value in an event log, first let’s t...

Ransomware has long been among the most significant threats to the modern enterprise. First with encrypting data and extorting a fee for the key – where the term “ransomware” comes from – to now double and triple extortions becoming increasingly common. These changes have driven the rise in ransom demands to an average of over $800,000 according to Sophos data and contributed to the more than 1,100 attacks that LookingGlass tracked in the first half of 2022.
Most concerning in this current en...

The demand for threat intelligence and knowledge about active threats facing your systems continues to grow. In fact, the threat intelligence software and services market is expected to be valued at $26.15 billion by 2028. After all, if you know who’s targeting your organization and with what sort of attack, you can better defend critical business systems.
Despite these market signals, it can be challenging to gain alignment from senior executives on the value of threat intelligence or – in s...

Having a clear view of which assets are exposed and the risk they pose has long been recognized as foundational to an effective security program (CIS 1, 2, and 7). However, investigations into recent data breaches have shown that despite increased investment, enterprises continue to struggle with effective attack surface management. Without proper visibility, security teams cannot accurately measure their security risk, making it difficult to reduce risk on their attack surface.
The fact is, ...

Morphisec Labs has tracked a new Golang-based (1.17) ransomware variant that appeared starting in late September and continued development through October
Morphisec recommends organizations update their breach prevention strategies to include the risk of Golang-based ransomware
Introduction
Ransomware written in the Go language is quickly becoming more popular among threat actors. These include Babuk, Hive, and HelloKitty, as well as many other threats written in Golang. “Go” is a statically ...

Morphisec Labs tracked a new MirrorBlast campaign targeting financial services organizations
MirrorBlast is delivered via a phishing email that contains malicious links which download a weaponized Excel document
MirrorBlast has low detections on VirusTotal due to the extremely lightweight macro embedded in its Excel files, making it particularly dangerous for organizations that depend on detection-based security and sandboxing
Introduction
Financial organizations are historically among the mo...

In 2020, Morphisec introduced the Jupyter infostealer, a .NET attack that primarily targets Chromium, Firefox, and Chrome browser data while also maintaining the additional capabilities of a backdoor.
Since that time, Jupyter has remained active and highly evasive. It has continued to receive very low to zero detections in the VirusTotal database, maintaining the ability to bypass detection solutions.
Then, on 8 September 2021, we identified a new delivery chain within Jupyter that passes und...