New and exacerbated cyber-risks following Russia’s invasion of Ukraine are fueling a new urgency towards enhancing resilience Governments around the world are concerned about growing risks of cyberattacks against their critical infrastructure. Recently, the cybersecurity agencies of the countries comprising the ‘Five Eyes’ alliance warned of a possible rise in such attacks “as a response
Cyber Security
As with everything digital, there’s someone, somewhere devising a method to steal the assets away from their rightful owners Are you an NFT investor? If so, watch out, there’s a scammer about! As with everything digital, there’s someone, somewhere devising a method to steal these assets away from their rightful owner. Watch the video to
Listen to Aryeh Goretsky, Martin Smolár, and Jean-Ian Boutin discuss what UEFI threats are capable of and what the ESPecter bootkit tells us about their evolution As Unified Extensible Firmware Interface (UEFI) replaced legacy BIOS as the leading technology embedded into chips of modern computers and devices, it became vital to the security of the
The landmark regulation changed everyone’s mindset on how companies worldwide collect and use the personal data of EU citizens It was May 25th, 2018, and the sun was certainly shining in many of the (then) 28 European Union member states. In the offices of many companies in (and often also outside) the EU, this was
As NFTs exploded in popularity, scammers also jumped on the hype. Watch out for counterfeit NFTs, rug pulls, pump-and-dumps and other common scams plaguing the industry. Looking back at 2012, colored coins were the first hint of what we now call non-fungible tokens (NFTs), or nifties for some. Ten years later, these blockhain-based assets that
ESET researchers spot an updated version of the malware loader used in the Industroyer2 and CaddyWiper attacks Sandworm, the APT group behind some of the world’s most disruptive cyberattacks, continues to update its arsenal for campaigns targeting Ukraine. The ESET research team has now spotted an updated version of the ArguePatch malware loader that was
When you hear the term ‘cryptocurrency’, does ‘secure’ also spring to mind? Here are some implications of the lack of sound security practices in the world of crypto. When you hear the term ‘cryptocurrency’, does ‘secure’ also immediately spring to mind? In this edition of Week in security, Tony examines several implications of the lack
Cybercriminals continue to mine for opportunities in the crypto space – here’s what you should know about coin-mining hacks and crypto theft Wherever you look these days, cryptocurrencies are in the news. And it’s not just because of the recent slump in their prices. Everybody seems to have grabbed a slice of the crypto pie
In the age of the perpetual news cycle and digital media, the risks that stem from the fake news problem are all too real Every day brings a deluge of news content that competes for our attention and spans everything from politics, health, sports, climate change to the war in Ukraine. The endless amount and
The decision to release a ransomware decryptor involves a delicate balancing act between helping victims recover their data and alerting criminals to errors in their code Ransomware – the security scourge of the modern, digital world – just keeps getting more dangerous. We’re educating users about what to do, but it’s hard to stay ahead
Can you spot the tell-tale signs of a phishing attempt and check if an email that has landed in your inbox is legit? Did you know that some 90 percent of successful cyberattacks start with a phishing email? This helps show why learning to recognize and avoid phishing attacks is such an important skill to
The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud Sometimes you need to say things that go without saying: The internet has revolutionized our lives, changing the way we work, learn, entertain ourselves and interact with each other.
What can organizations do to capitalize on the current fluidity in the job market and bring fresh cybersecurity talent into the fold? We all know there’s a cybersecurity skills shortage. Across the globe, the shortfall of talent is now measured in the millions. We’ve also all heard about the Great Resignation: a once-in-a-generation period of
LinkedIn scammers attack when we may be at our most vulnerable – here’s what to look out for and how to avoid falling victim to fraud when using the platform Job hunting is hard work, a kind of full-time job in itself. It requires focus and patience to go from one job posting to another
The conflict in Ukraine has highlighted the risks of cyberespionage attacks that typically involve Advanced Persistent Threat groups and often target organizations’ most valuable data The conflict in Ukraine has highlighted the risks of cyberespionage and sabotage, which typically involve Advanced Persistent Threat (APT) groups. In this special edition of Week in security, Tony looks
Here’s what you should know about some of the nastiest mobile malware – from malicious software that takes phones and data hostage to RATs that allow hackers to control devices remotely These days, the device in your pocket can do far more than call or send text messages. Your smartphone stores almost every aspect of
The bitter truth about how fraudsters dupe online daters in this new twist on romance fraud The world is a confusing and lonely place sometimes. Police and security experts have been out in force for years warning lonely hearts not to fall for the romance fraudsters whose schemes cost victims more than US$950 million in
Organizations need to get better at mitigating threats from unknown vulnerabilities, especially as both state-backed operatives and financially-motivated cybercriminals are increasing their activity Zero-day vulnerabilities have always had something of a special reputation in the cybersecurity space. These software bugs are exploited for attacks before the flaw is known to the software vendor and so
Here’s what you should know about FlowingFrog, LookingFrog and JollyFrog – the three teams making up the TA410 espionage umbrella group In this edition of Week in security, Tony looks at the latest ESET research that: provided a detailed overview of TA410, a cyberespionage umbrella group that targets entities in the government and education sectors
ESET researchers reveal a detailed profile of TA410: we believe this cyberespionage umbrella group consists of three different teams using different toolsets, including a new version of the FlowCloud espionage backdoor discovered by ESET. ESET researchers have documented and analyzed TA410 activity going back to 2019. TA410 is a cyberespionage umbrella group loosely linked to
BEC fraud generated more losses for victims than any other type of cybercrime in 2021. It’s long past time that organizations got a handle on these scams. The old adage of people being the weakest link in security is especially true when it comes to email threats. Here, cybercriminals can arguable generate their biggest “bang-for-buck”
Camfecting doesn’t ‘just’ invade your privacy – it could seriously impact your mental health and wellbeing. Here’s how to keep an eye on your laptop camera. Our 24/7 digital lives mean we’re increasingly sitting in front of a screen, whether that’s a laptop, a smartphone or another device. That usually means we’re also sitting in
ESET researchers discover multiple vulnerabilities in various Lenovo laptop models that allow an attacker with admin privileges to expose the user to firmware-level malware ESET researchers have discovered and analyzed three vulnerabilities affecting various Lenovo consumer laptop models. The first two of these vulnerabilities – CVE-2021-3971, CVE-2021-3972 – affect UEFI firmware drivers originally meant to
Here’s what to know about vulnerabilities in more than 100 Lenovo consumer laptop models and what you can do right away to stay safe – all in under three minutes ESET researchers have released their findings about a trio of vulnerabilities that impact more than 100 Lenovo consumer laptop models with millions of users across the
Lessons from history and recent attacks on critical infrastructure throw into sharp relief the need to better safeguard our essential systems and services Just days ago, Ukraine’s power grid came under attack as the Sandworm group attempted to deploy a piece of malware called Industroyer2 against the operations of an energy supplier in the country.
Young people are not passive victims of technology or helpless addicts. They are technology creators and agents with diverse backgrounds and interests. When people hear that I study digital youth culture, I often get asked, “Is technology good or bad for kids?” My first struggle is to reframe the question. The question assumes technology is
If you look back at the long arc of history, it’s clear that one of the most crucial drivers of real progress in society is innovation If you look back at the long arc of history, it’s clear that one of the most crucial drivers of real progress in society is innovation: people coming up
ESET researchers provided technical analysis, statistical information, and known command and control server domain names and IP addresses ESET has collaborated with partners Microsoft’s Digital Crimes Unit, Lumen’s Black Lotus Labs, Palo Alto Networks Unit 42, and others in an attempt to disrupt known Zloader botnets. ESET contributed to the project by providing technical analysis,
This ICS-capable malware targets a Ukrainian energy company This is a developing story and the blogpost will be updated as new information becomes available. Executive summary The blogpost presents the analysis of a cyberattack against a Ukrainian energy provider. Key points: ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company
As cloud systems are increasingly the bedrock on which digital transformation is built, keeping a close eye on how they are secured is an essential cybersecurity best practice For weeks, cybersecurity experts and government agencies have been urging organizations to enhance their cyber-defenses due to the increased threat of cyberattacks amid Russia’s invasion of Ukraine.