Matthew Delman

Logs are everywhere. Which is good because they’re a critical piece of operations work in computing, whether you work in DevOps, security operations, or IT operations. Analyzing logs helps with many different aspects of the technical support of devices, users, applications, and more. They can determine where authentication is happening, how applications work, whether a system crashed because of malicious actions or some other malfunction.
To understand the value in an event log, first let’s t...

Ransomware has long been among the most significant threats to the modern enterprise. First with encrypting data and extorting a fee for the key – where the term “ransomware” comes from – to now double and triple extortions becoming increasingly common. These changes have driven the rise in ransom demands to an average of over $800,000 according to Sophos data and contributed to the more than 1,100 attacks that LookingGlass tracked in the first half of 2022.
Most concerning in this current en...

The demand for threat intelligence and knowledge about active threats facing your systems continues to grow. In fact, the threat intelligence software and services market is expected to be valued at $26.15 billion by 2028. After all, if you know who’s targeting your organization and with what sort of attack, you can better defend critical business systems.
Despite these market signals, it can be challenging to gain alignment from senior executives on the value of threat intelligence or – in s...

Having a clear view of which assets are exposed and the risk they pose has long been recognized as foundational to an effective security program (CIS 1, 2, and 7). However, investigations into recent data breaches have shown that despite increased investment, enterprises continue to struggle with effective attack surface management. Without proper visibility, security teams cannot accurately measure their security risk, making it difficult to reduce risk on their attack surface.
The fact is, ...

Morphisec Labs has tracked a new Golang-based (1.17) ransomware variant that appeared starting in late September and continued development through October
Morphisec recommends organizations update their breach prevention strategies to include the risk of Golang-based ransomware
Introduction
Ransomware written in the Go language is quickly becoming more popular among threat actors. These include Babuk, Hive, and HelloKitty, as well as many other threats written in Golang. “Go” is a statically ...

Morphisec Labs tracked a new MirrorBlast campaign targeting financial services organizations
MirrorBlast is delivered via a phishing email that contains malicious links which download a weaponized Excel document
MirrorBlast has low detections on VirusTotal due to the extremely lightweight macro embedded in its Excel files, making it particularly dangerous for organizations that depend on detection-based security and sandboxing
Introduction
Financial organizations are historically among the mo...

In 2020, Morphisec introduced the Jupyter infostealer, a .NET attack that primarily targets Chromium, Firefox, and Chrome browser data while also maintaining the additional capabilities of a backdoor.
Since that time, Jupyter has remained active and highly evasive. It has continued to receive very low to zero detections in the VirusTotal database, maintaining the ability to bypass detection solutions.
Then, on 8 September 2021, we identified a new delivery chain within Jupyter that passes und...

In our latest report, The State of Offensive Security 2022, we provide insight into what we discovered about how well organizations have adopted the offensive approach to security. We surveyed 400 decision makers in IT and security last year, and found:

Security hygiene is harder than it should be

Attack surfaces are growing, leading to more frustrations

Asset inventories are incomplete, creating breach risk

Vulnerability management processes can’t scale

Security testing needs to be continuou...