The police sting spanned three continents and involved crackdowns in nine countries Law enforcement agencies from Europe, the United States and Australia have teamed up to arrest some 150 people who are believed to have sold and bought illegal drugs and other illicit goods on the dark web. “More than €26.7 million (USD 31 million)
Cyber Security
Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom From headline-grabbing stories of ransomware to personal experiences of identity theft, cyber is increasingly finding its way into collective consciousness. During the pandemic, an escalation in threat levels also reminded IT and business leaders what’s
Security professionals advise to never use ‘beef stew’ as a password. It just isn’t stroganoff. Passwords are the bane of everyone’s lives, but let’s face it – we all need them. And they aren’t going away as fast as Microsoft may want them to. For the time being, we will continue to depend on them
Employee use of unsanctioned hardware and software is an increasingly acute problem in the remote and hybrid work era In the pandemic era, many organizations prioritize business continuity at the expense of cybersecurity. Especially in the early days of the pandemic, the focus was on just getting things done – supporting a rapid shift to
Want to help make technology safer for everyone? Love solving puzzles? Looking for a rewarding career? Break into cybersecurity! Insights from ESET researchers Aryeh Goretsky and Cameron Camp will put you on the right track. How do you start a career in cybersecurity? What qualifications, certifications and skills do you need? Should you spend half
Brave Search will become the default search option for new users in the US, UK, Canada, Germany and France, with more countries to follow soon Brave, the company most widely known for its eponymous privacy-focused browser, has announced that it will replace Google and other search engines with its own Brave Search as the default
Threat actors are increasingly using advanced tactics to obfuscate and launder their illicit gains, a report by the US Government finds As much as US$5.2 billion worth of outgoing Bitcoin transactions may be tied to ransomware payouts involving the top 10 most common ransomware variants alone, according to a report by the Financial Crimes Enforcement Network (FinCEN)
Putting a precision payload on top of more generic malware makes perfect sense for malware operators Virus Bulletin this year brought a fresh batch of amped-up, refreshed malware with lots more horsepower and devilish amounts of custom-tailored targeting. From singled-out political activist individual targets to regionalized targets, malware’s aim is getting better. Putting a precision
There are various ways a departing employee could put your organization at risk of a data breach. How do you offboard employees the right way and ensure your data remains safe? The COVID-19 pandemic has created the perfect conditions for insider risk. Financial crises have in the past led to a spike in fraud and
If it looks like a duck, swims like a duck, and quacks like a duck, then it’s probably a duck. Now, how do you apply the duck test to defense against phishing? The fall is an awesome time of year to get away and spend some time in the great outdoors. The criminally-inclined, meanwhile, seem
The attack, which clocked in at 2.4 Tbps, targeted one of Azure customers based in Europe Microsoft has revealed that it thwarted a Distributed Denial-of-Service (DDoS) attack that clocked in at a whopping 2.4 terabytes per second (Tbps). The onslaught, which targeted an Azure customer in Europe, surpasses the previous record holder – a 2.3
The victims lost an average of nine days to downtime and two-and-a-half months to investigations, an analysis of disclosed attacks shows An analysis of 186 successful ransomware attacks against businesses in the United States in 2020 has shown that the companies lost almost US$21 billion due to attack-induced downtime, according to technology website Comparitech. Compared to
Cryptocurrencies rise and fall, but one thing stays the same – cybercriminals attempt to cash in on the craze Cybercriminals are trying to capitalize on “the next big thing” in the turbulent cryptocurrency space in an attempt to take remote control of people’s computers and then steal their passwords and money. A campaign spotted recently
ESET researchers discover a malware family with tools that show signs they’re used in targeted attacks ESET researchers have discovered a previously unknown malware family that utilizes custom and well-designed modules, targeting systems running Linux. Modules used by this malware family, which we dubbed FontOnLake, are constantly under development and provide remote access to the
Two-factor authentication is a simple way to greatly enhance the security of your account Google has announced that by the end of 2021 it plans to automatically enroll 150 million users into two-step verification (2SV), a security measure also commonly known as two-factor authentication (2FA). “For years, Google has been at the forefront of innovation
ESET research discovers a previously undocumented UEFI bootkit with roots going back all the way to at least 2012 ESET researchers analyze a previously undocumented, real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which we’ve named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which
A view of the T2 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Despite threats seemingly looming around every corner (I’m looking at you, Delta), the past four months were the time of summer vacations for many of us located in the northern hemisphere,
The campaign may last for a month, but we should remember that cybersecurity is a year-round affair The month of October is associated with a variety of themes, but it also ushers in the start of autumn and pumpkin-spiced lattes and culminates with one of the scariest days of the year – Halloween. However, beyond
Flaws in Apple Pay and Visa could allow criminals to make arbitrary contactless payments – no authentication needed, research finds Cybercriminals could make fraudulent purchases by circumventing an iPhone’s Apple Pay lock screen where the device’s wallet has a Visa card set up in so-called transit mode. The attackers could also bypass the contactless limit
What your organization should consider when it comes to choosing a VPN solution and hardening it against attacks The NSA and CISA have released joint guidance to help organizations select their Virtual Private Network (VPN) solution and hardening it against compromise. Vulnerable VPN servers are attractive targets for threat actors, as they provide great opportunities
The emergency release comes a mere three days after Google’s previous update that plugged another 19 security loopholes Google has released an emergency update for its Chrome web browser to fix a zero-day vulnerability that is known to be actively exploited in the wild by malicious actors. The security loophole affects the Windows, macOS, and
Yet another APT group that exploited the ProxyLogon vulnerability in March 2021 ESET researchers have uncovered a new cyberespionage group targeting hotels, governments, and private companies worldwide. We have named this group FamousSparrow and we believe it has been active since at least 2019. Reviewing telemetry data during our investigation, we realized that FamousSparrow leveraged
While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented Researchers have uncovered a flaw in Apple’s macOS Finder system that could allow remote threat actors to dupe unsuspecting users into running arbitrary commands on their devices. The security loophole affects all versions of the macOS Big
Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here’s what you can do to prevent cloud configuration conundrums. Forget shadowy attackers deploying bespoke zero-day exploits from afar. A risk that is far more real for organizations as they embark on ambitious digital transformation projects is human error.
The group used phishing, BEC and other types of attacks to swindle victims out of millions Law enforcement agencies from Europe have cracked down on an organized group that is associated with the Italian Mob and has been involved in all manner of cybercrime, including phishing campaigns, SIM swapping and Business Email Compromise (BEC). The criminal
Analysis of Numando banking trojan, steps to mitigate attack surface, and more! – Week in security with Tony Anscombe In this edition of Week in security, Tony looks at these topics: ESET Research continues its series on Latin American banking trojans, this time dissecting Numando, which targets mainly Brazil and rarely Mexico and Spain. An
The (probably) penultimate post in our occasional series demystifying Latin American banking trojans. Before concluding our series, there is one more LATAM banking trojan that deserves a closer look – Numando. The threat actor behind this malware family has been active since at least 2018. Even though it is not nearly as lively as Mekotio
Discover the best ways to mitigate your organization’s attack surface, in order to maximize cybersecurity. In almost all coverage of modern breaches you’ll hear mention of the “cyberattack surface” or something similar. It’s central to understanding how attacks work and where organizations are most exposed. During the pandemic the attack surface has grown arguably further
The most recent Patch Tuesday includes a fix for the previously disclosed and actively exploited remote code execution flaw in MSHTML. The arrival of the second Tuesday of the month can only mean one thing in cybersecurity terms, Microsoft is rolling out patches for security vulnerabilities in Windows and its other offerings. This time round Microsoft’s
The Facebook-owned messaging service plans to roll out the feature to both iOS and Android users in the coming weeks. While users already had the option to back up their message history using cloud-based services, they will soon be able to store their backups end-to-end encrypted (E2EE), WhatsApp has announced. The introduction of the new feature