The grand finale of our series dedicated to demystifying Latin American banking trojans ESET started this blogpost series dedicated to demystifying Latin American banking trojans in August 2019. Since then, we have covered the most active ones, namely Amavaldo, Casbaneiro, Mispadu, Guildma, Grandoreiro, Mekotio, Vadokrist, Ousaban and Numando. Latin American banking trojans share a lot
Cyber Security
Hundreds of thousands of attempts to exploit the vulnerability are under way In many cases, updating IT systems and patching security vulnerabilities is a quiet matter that business leaders may be little concerned with other than knowing that they have approved a budget for the IT team to get it done. That quiet approach is
By spotting these early warning signs of identity theft, you can minimize the impact on you and your family We’re all spending more of our time online. Last year, US adults spent one hour more per day on digital activities across all of their devices than they did in 2019. By the end of 2022,
The critical flaw in the ubiquitous Log4j utility has sent shockwaves far beyond the security industry – here’s what we know so far Just as the holiday season is approaching our doorstep, a critical vulnerability in an Apache code library called Log4j 2 has come knocking at the door. Log4j is an open-source Java-based logging
Oh snap! This is how easy it may be for somebody to hijack your Snapchat account – all they need to do is peer over your shoulder. After demonstrating the ease with which anybody can hijack your WhatsApp in 2020, I took a hiatus in ethically hacking people’s accounts. It’s just not the same hacking
It often pays to look a gift horse in the mouth – recognizing these types of gift card fraud will go a long way toward helping you stay safe from this growing threat not just this holiday season It’s that time of the year again, when we’re all online looking for presents to give and
Ever since the Morris worm, buffer overflows have become notorious fare in the world of vulnerabilities The Morris worm of 1988 was one of those industry-shaking experiences that revealed how quickly a worm could spread using a vulnerability known as a buffer overflow or buffer overrun. Around 6,000 of the 60,000 computers connected to ARPANET,
Fraudsters take advantage of the emergence of the new variant to dupe unsuspecting victims out of their sensitive data Sensing another opportunity to take advantage of fears surrounding the COVID-19 pandemic, scammers are deploying a phishing campaign where they attempt to exploit the emergence of the Omicron coronavirus variant in order to line their pockets,
Press play for the first episode as host Aryeh Goretsky is joined by Zuzana Hromcová to discuss native IIS malware Did you ever wonder why researchers behind a cybersecurity discovery chose to go down that particular rabbit hole? What made them curious about that specific malware family, variant, or campaign? Did they come up with
ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs Air-gapping is used to protect the most sensitive of networks. In the first half of 2020 alone, four previously unknown malicious frameworks designed to breach air-gapped
The INTERPOL-led operation involved law enforcement from 20 countries and led to the seizure of millions of dollars in illicit gains Law enforcement agencies from around the globe have swooped down on hundreds of people suspected of committing various types of online crime, including romance scams, investment fraud and money laundering operations. The international effort
‘Tis the season to avoid getting played by scammers hijacking Twitter accounts and promoting fake offers for PlayStation 5 consoles and other red-hot products As the holiday season beckons, so begins the frantic shopping season to find and acquire the much-wanted gift. This year, depending on what you’re looking to buy, could present some very
With the holiday shopping bonanza right around the corner, here’s how to make sure your online spending spree is hacker-free Black Friday is almost upon us and Cyber Monday is just around the corner, which means that most of us will be on the hunt for the perfect bargain. Which, to be honest, we will
Threat actors have previously timed ransomware and other attacks to coincide with holidays and weekends In the run-up to Thanksgiving and the holiday season, the United States’ Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are urging organizations, especially those operating in critical infrastructure, to remain vigilant against ransomware and other
Receiving a breach notification doesn’t mean you’re doomed – here’s what you should consider doing in the hours and days after learning that your personal data has been exposed Data breaches occur when an unauthorized third-party accesses an organization’s private information. Often, they involve theft of customers’ and/or employees’ personal data. There are strict rules
A victim of identity theft tells us how criminals used his identity to commit fraud and what it took to put his life back in order When a former neighbor contacted Martin Kaul (not his real name) in August 2020 to tell him that he’d received a letter at his old address, Martin thought nothing
Not long ago, disinformation campaigns were rather unsophisticated. These days, however, threat actors put serious time and effort into crafting their attacks. From the Chris Krebs keynote to highlighting third-string, nation-state entrants into the cyber-arms race, the art of targeted disinformation is heating up here at CYBERWARCON. Two years ago (the last time the conference
US Government declassifies cybersecurity subjects they want you to learn about, and is hoping to pay you to learn them Recent initiatives, in response to a scathing study highlighting the lack of workforce pools capable of helping the country’s digital defenses, see the government releasing information about the areas on its wish list to prime
ESET researchers have discovered strategic web compromise (aka watering hole) attacks against high‑profile websites in the Middle East Back in 2018, ESET researchers developed a custom in-house system to uncover watering hole attacks (aka strategic web compromises) on high-profile websites. On July 11th, 2020 it notified us that the website of the Iranian embassy in
Hackers break into the Bureau’s email systems to send out at least 100,000 emails warning recipients of imminent cyberattacks The Federal Bureau of Investigation (FBI) has had its email servers compromised, with the hackers then sending out tens of thousands of bogus spam emails impersonating the agency and the Department of Homeland Security and claiming
It’s often said that data breaches are no longer a matter of ‘if’, but ‘when’ – here’s what your organization should do, and avoid doing, in the case of a breach Globally, data breaches are estimated to cost in excess of $4.2m per incident today. And they’re happening on an unprecedented scale as organizations build
The tech giant wins an appeal against a claim that it unlawfully collected personal data of millions of iPhone users Google has just scored a major court win after the United Kingdom’s Supreme Court has thrown out a mass action lawsuit where the company could have ended up paying billions in compensation to millions of
An attacker gained access to some of Robinhood’s customer support systems and stole the personal data of around a third of the app’s userbase Robinhood, the highly popular trading platform, has revealed that it suffered a cybersecurity breach on November 3rd that affected some 7 million of its users. “An unauthorized third party obtained access
Are the days numbered for ‘123456’? As Microsoft further nudges the world away from passwords, here’s what your organization should consider before going password-free. For such a clumsy sounding word, “passwordless” actually promises to make life a lot easier – for both users and security teams. It offers the tantalizing prospect of cutting admin costs,
Three ESET malware researchers describe what their job involves and what it takes to embark on a successful career in this field Just days ago, we looked at how you can jump-start your career in the broader field of cybersecurity, leveraging insights from ESET security researchers with decades of experience under their belts. Since today
Beyond the vulnerability in the Android kernel, the monthly round of security patches plugs another 38 security loopholes Google has released its monthly round of security patches for Android that plugs a bevy of vulnerabilities, including a zero-day flaw that is believed to be actively exploited in the wild by threat actors. “There are indications
Security and privacy get a leg up in Proton’s legal challenge against data retention and disclosure obligations Privacy and security fans have long flocked to Swiss security enclaves, hoping for maximum protection against prying government eyes, much to the ire of those seeking to poke legal holes to get access to information on bad actors.
On top of illegally streaming sports games for profit, the man is also believed to have attempted to extort MLB for $150,000 A 30-year-old Minnesota man has been charged with breaching the computer systems of top sports leagues in the United States and illegally streaming their content on his website for monetary gain, according to
There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor ESET researchers have discovered a unique and previously undescribed loader for Windows binaries that, unlike other such loaders, runs as a server and executes received modules in memory. We have named this new malware Wslink
What are some of the key dangers faced by children online and how can you help protect them from the ghosts, ghouls and goblins creeping on the internet? Halloween, the scariest day of the year, is upon us. That can mean only one thing: children donning costumes of either their heroes or the scariest thing