Cyber Security

On October 28th, 2024, the Dutch National police, alongside the FBI, Eurojust, and several other law enforcement organizations, performed a takedown of the infamous RedLine Stealer malware-as-a-service (MaaS) operation, and its clone called META Stealer. This global effort, named Operation Magnus, resulted in the takedown of three servers in the Netherlands, the seizure of two

ESET Research, Threat Reports An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2024 and Q3 2024 Jean-Ian Boutin 07 Nov 2024  •  , 3 min. read ESET APT Activity Report Q2 2024–Q3 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented

We Live Science The trailblazing scientist shares her reasons for hope in the fight against climate change and how we can tackle seemingly impossible problems and keep going in the face of adversity 06 Nov 2024 Renowned ethologist and conservationist Jane Goodall offers a sobering, but hopeful reflection on the precarious state of our planet.

Video Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories 31 Oct 2024 With so much happening in the world of cybersecurity, staying on top of threats, breaches, scams, and industry insights can feel like a full-time job. So, let

Cybercrime You may not always stop your personal information from ending up in the internet’s dark recesses, but you can take steps to protect yourself from criminals looking to exploit it Phil Muncaster 29 Oct 2024  •  , 6 min. read How did 44% members of the European Parliament (MEPs) and 68% of British MPs

How To Have you ever googled yourself? Were you happy with what came up? If not, consider requesting the removal of your personal information from search results. Márk Szabó 30 Oct 2024  •  , 4 min. read In today’s digital age, maintaining control over your personal information is more crucial than ever. Whether you’re concerned

In this blogpost, we provide a technical analysis of CloudScout, a post-compromise toolset used by Evasive Panda to target a government entity and a religious organization in Taiwan from 2022 to 2023. The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies. Through a plugin, CloudScout works

We Live Science As methane emissions come under heightened global scrutiny, learn how a state-of-the-art satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts 28 Oct 2024 While carbon dioxide typically takes center stage in discussions about climate change, methane emissions have historically flown somewhat under the radar. So what’s

ESET Research Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world ESET Research 24 Oct 2024  •  , 1 min. read Some cybercriminal groups are sophisticated, create advanced schemes, cooperate with other attackers and do everything to stay under the

ESET researchers have discovered new Rust-based tooling leading to the deployment of Embargo ransomware. Embargo is a relatively new player in the ransomware scene, first observed by ESET in June 2024. The new toolkit consists of a loader and an EDR killer, named MDeployer and MS4Killer respectively by ESET. MS4Killer is particularly noteworthy as it

Scams Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers Phil Muncaster 21 Oct 2024  •  , 5 min. read In our hyper-connected world, technology has transformed the way we communicate, enabling us to connect with anyone, anywhere, at the touch of a

Video The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year 18 Oct 2024 As many as 97 out of the 138 vulnerabilities disclosed as actively exploited in the wild in 2023 were zero-days, according

Video, Kids Online “Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online – and even be the start of a predatory relationship 16 Oct 2024 “Hey, wanna chat?” What sounds like a casual and innocent phrase between adults can take a sinister

Scams Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details Phil Muncaster 15 Oct 2024  •  , 5 min. read Many countries and regions across the world have been moving quickly on electric cars in recent years. Around 14 million new cars were registered in 2023

Video ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities 11 Oct 2024 This week, ESET researchers published the results of their probe into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic

The growing popularity of online marketplaces has attracted fraudsters preying on unsuspecting buyers and sellers, looking to score payment card information rather than to strike a bargain. ESET researchers have found that one such organized scammer network – which uses Telekopye, a toolkit discovered by ESET Research in 2023 – has expanded its operations to

Business Security Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility? Tony Anscombe 08 Oct 2024  •  , 5 min. read It’s undeniable that cyber insurance and cybersecurity are intrinsically linked. One requires the other, and they are a perfect pairing, even if they may

ESET researchers discovered a series of attacks on a governmental organization in Europe using tools capable of targeting air-gapped systems. The campaign, which we attribute to GoldenJackal, a cyberespionage APT group that targets government and diplomatic entities, took place from May 2022 to March 2024. By analyzing the toolset deployed by the group, we were

Video As highlighted by new ESET research this week, attributing a cyberattack to a specific threat actor is a complex affair 04 Oct 2024 Attributing a cyberattack to a specific threat actor is no easy task, as highlighted by new ESET research published this week. ESET experts recently uncovered a new China-aligned APT group that

Digital Security Despite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practices Tony Anscombe 01 Oct 2024  •  , 3 min. read As we enter October, governments, non-profit organizations, cybersecurity vendors and many companies with corporate social responsibility teams are all likely gearing up to push out some

ESET researchers observed several campaigns targeting governmental institutions in Thailand, starting in 2023. These attacks leveraged revamped versions of components previously attributed by other researchers to the China-aligned advanced persistent threat (APT) group Mustang Panda, and later, a new set of tools that abuse service providers such as Pastebin, Dropbox, OneDrive, and GitHub to execute

Business Security Building efficient recovery options will drive ecosystem resilience Tony Anscombe 01 Oct 2024  •  , 4 min. read Last week, a US congressional hearing regarding the CrowdStrike incident in July saw one of the company’s executives answer questions from policy makers. One point that caught my interest during the ensuing debate was the

Video ESET research examines the group’s malicious wares as used to spy on targets in Ukraine in the past two years 27 Sep 2024 This week, ESET researchers published an extensive analysis of the tools and techniques of Gamaredon, a Russia-aligned threat actor that is currently the most active APT group in Ukraine. Their research

ESET Research ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine Zoltán Rusnák 26 Sep 2024  •  , 5 min. read The war in Ukraine, which started in February 2014 and intensified with Russia’s invasion of the country on February 24th, 2022, exemplifies a

Digital Security Keep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tactics Phil Muncaster 25 Sep 2024  •  , 5 min. read We live in fast-paced and often worrying times, and fraudsters are primed to take advantage. Fear can be a powerful weapon and scammers know

Kids Online Here’s what parents should know about Snapchat and why you should take some time to ensure your children can stay safe when using the app Phil Muncaster 24 Sep 2024  •  , 5 min. read Snapchat may only be the 10th most popular social media platform in the world, but it estimates monthly

Video How do analyst relations professionals ‘sort through the noise’ and help deliver the not-so-secret sauce for a company’s success? We spoke with ESET’s expert to find out. 19 Sep 2024 The sixth episode of ESET’s Unlocked 403 cybersecurity podcast has host Alžbeta Kovaľová picking the brains of Zuzana Legáthová, ESET’s Senior Manager of Analyst

Video With just weeks to go before the US presidential election, the FBI and the CISA are warning about attempts to sow distrust in the electoral process 20 Sep 2024 With just weeks to go before the US presidential election, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are

ESET Research ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos ESET Research 17 Sep 2024  •  , 1 min. read Telegram, with nearly a billion monthly users, is a juicy target for cybercriminals, especially if they can exploit a zero-day vulnerability

Business Security Proper disclosure of a cyber-incident can help shield your business from further financial and reputational damage, and cyber-insurers can step in to help Tony Anscombe 18 Sep 2024  •  , 4 min. read ‘Seek legal advice’, this has to be my top recommendation if you have suffered a cyber-incident that could be deemed