Researchers have identified a new remote access Trojan that uses a unique stealth technique to help it stay undetected on a victim's infrastructure and conceal Magecart malware. Dubbed CronRAT, it hides in the Linux calendar subsystem as a task that has a nonexistent date.
An Iranian attacker has been targeting users who have failed to patch a remote code execution vulnerability in a Microsoft browser engine to spy on Farsi-speaking victims, paralleling a similar campaign being run by North Korean attackers, researchers warn.
The Israeli government's Ministry of Defense reportedly has cut the list of countries to which Israeli companies’ cyber spyware can be exported from 102 to 37, reducing Israel's surveillance tool export market by two-thirds. The list specifically restricts doing business with those involved in offensive cyber.
Web hosting giant GoDaddy confirms that a data breach which affected about 1.2 million of its active and inactive Managed WordPress customers, has also hit Managed WordPress users tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe.
"Garbage in, garbage out." That's a fundamental problem with traditional application security management, which lacks both context and automation. But Idan Plotnik, co-founder and CEO of Apiiro, proposes a new approach to application risk management.
Hacker group MosesStaff has targeted Israeli organizations with encryption attacks, according to Check Point researchers. Archived records show that at least 16 organizations - including the Israel Post, the Ministry of Defense and Israeli Intelligence Corps Unit 8200 - were targeted.
Google’s Threat Analysis Group has released details of a watering hole campaign targeting a macOS zero-day exploit chain to install a never-before-seen malware on devices of users visiting Hong Kong websites of a media outlet and a prominent pro-democracy labor and political group.
Cloud video conferencing provider Zoom has released patches for multiple vulnerabilities in its product that could have allowed criminals to intercept data from meetings and attack customer infrastructure.
NSO Group CEO-designate Itzik Benbenisti, currently NSO's co-president, has resigned from the Israel-based intelligence company, citing its blacklisting by the U.S. Department of Commerce last week. But the company has other troubles, too.
The top cybercrime threats facing organizations in Europe and beyond include ransomware affiliate programs, more sophisticated mobile malware and cryptocurrency-hawking investment fraud, among other types of crime, according to Europol's latest Internet Organized Crime Threat Assessment.
Vulnerabilities in Apple Pay, Samsung Pay and Google Pay allow attackers to make unlimited purchases using stolen smartphones enabled with express transport schemes, according to a research report from Positive Technologies. These findings were presented at Black Hat Europe this week.
Microsoft's November Patch Tuesday security update covers 55 security fixes, six of which are zero-day vulnerabilities, with two flaws being actively exploited in the wild. Does the relatively low number for November mean there is a patch backlog at Microsoft?
The calculus facing cybercrime practitioners is simple: Can they stay out of jail long enough to enjoy their ill-gotten gains? A push by the U.S. government and allies aims to blunt the ongoing ransomware scourge. But will practitioners quit the cybercrime life?
Threat actors have breached critical systems internationally by exploiting a recently patched vulnerability in Zoho’s ManageEngine product ADSelfService Plus, with a suspected Chinese threat group leveraging leased infrastructure to scan hundreds of vulnerable organizations.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.