A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.
Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff
A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts. "This vulnerability allows
NYC area cybersecurity and ransomware expert explains when and how to involve law enforcement in a ransomware attack response—in a new article from eMazzanti Technologies
The acquisition positions Vectra to help customers securely configure and detect active threats in cloud identity and SaaS applications, including Microsoft Azure AD and Microsoft 365.
A new family of ransomware — called “White Rabbit” — could be targeting banks. A U.S. bank was attacked in December, according to security firm Trend Micro. Although Trend Micro didn't provide attack specifics, ransomware attacks typically steal customer account data and threaten to release it – typically on the dark web -- unless the […]
The Iranian threat group known as Moses Staff was first spotted in October 2021. It claims its purpose is to harm Israeli companies by leaking sensitive stolen data, but it has also been seen targeting a variety of industries in countries such as Italy, India, Germany, Chile, Turkey, UAE and the U.S.
In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems.
Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected