ESET researchers have discovered Hodur, a previously undocumented Korplug variant spread by Mustang Panda, that uses phishing lures referencing current events in Europe, including the invasion of Ukraine ESET researchers discovered a still-ongoing campaign using a previously undocumented Korplug variant, which they named Hodur due to its resemblance to the THOR variant previously documented by
Cyber Security
As the war rages, the APT group with a long résumé of disruptive cyberattacks enters the spotlight again For cybersecurity pundits, it has become a doctrine that cyberdisruption, whether perpetrated directly or via proxy groups, can be expected to accompany military, political, and economic action as a way of softening up targets or of strategically
Cyberattacks against data centers may ultimately be everyone’s problem – how prepared are their operators for the heightened risk of cyber-assaults? As the war in Ukraine continues, so does the potential for further escalation in kinetic hostilities. At the same time, the odds that the conflict may lead to major cyberattacks against targets beyond Ukraine’s
The US military knows it needs to speed up technology adoption through optimization, something at the heart of Silicon Valley culture The U.S. military won’t soon be adopting open-plan work environments, flexible PTO, free ubiquitous food, and lean manufacturing processes, although Silicon Valley wants it to. At the recent Rocky Mountain Cyberspace Symposium, both were
An overview of some of the most popular open-source tools for threat intelligence and threat hunting As the term threat intelligence can be easily confounded with threat hunting, we will first endeavor to outline some of the differences between them. Threat intelligence refers to the aggregation and enrichment of data to create a recognizable profile
This is the third time in as many weeks that ESET researchers have spotted previously unknown data wiping malware taking aim at Ukrainian organizations ESET researchers have uncovered yet another destructive data wiper that was used in attacks against organizations in Ukraine. Dubbed CaddyWiper by ESET analysts, the malware was first detected at 11.38 a.m.
Ukraine has been under cyber-fire for years now – here’s what you should know about various disruptive cyberattacks that have hit the country since 2014 On February 24th, Russia invaded Ukraine. Just a few hours earlier, ESET discovered a destructive piece of malware that wrought havoc on the computer networks of a number of important
How can you tell fact from fiction and avoid falling for and spreading falsehoods about the war in Ukraine? The Russian invasion of Ukraine has led to a torrent of fake news, misinformation and disinformation being spread on social media. The fabricated, manipulated and otherwise false and misleading content and narratives reach a global audience
As the conflict in Ukraine heightens the risk of cyberattacks globally, what can organizations do to improve their resiliency? Due to the current attack by Russian forces on Ukraine, do you expect there to be more cyberattacks? This is the most common question I am being asked post Russia unleashing its offensive in Ukraine. The
Looking to help people in Ukraine? Donate wisely – do your research first so you give without getting scammed Times of crisis may bring out the best in you, but they also have a way of bringing out the worst in scammers. They, too, follow the headlines and will go into overdrive in their attempts
What can social movements of the past teach you about the future – and about protecting your digital self? Being African American and working at a cybersecurity company doesn’t seem at first glance to provide fertile ground for pondering about the historical past. So, when asked in August 2021 if I could write something for
No sector or organization is immune to rapidly escalating cyberthreats, but when it comes to healthcare, the stakes couldn’t be higher Even prior to Russia’s invasion of Ukraine, there was considerable fear that military escalation would bleed (further) into cyberspace and be followed by a rash of impactful digital assaults with international implications. Organizations worldwide
Organizations worldwide should remain on high alert for cyberattacks as the risk of major cyber-spillover from the crisis in Ukraine continues to loom large Contests between states in the so-called gray zone between war and peace have been increasing for some time in cyberspace. In Ukraine, cyberattacks have been recorded more frequently over the past
Here are a few tips that will help you get your ‘go bag’ ready if you have to leave at a moment’s notice and need your communications and data to survive If you live in an area where emergencies aren’t rare (like I do; our area has one of the highest rates of fire evacuations
Press play to hear Aryeh Goretsky, Jean-Ian Boutin and Robert Lipovsky discuss how recent malware attacks in Ukraine tie into years of cyberattacks against the country Long before the first Russian soldier set foot on Ukrainian soil, the country had been a target of sophisticated digital operations spying on its officials, and sabotaging its critical
ESET researchers uncover a new wiper that attacks Ukrainian organizations and a worm component that spreads HermeticWiper in local networks As the recent hostilities started between Russia and Ukraine, ESET researchers discovered several malware families targeting Ukrainian organizations. On February 23rd, 2022, a destructive campaign using HermeticWiper targeted multiple Ukrainian organizations. This cyberattack preceded, by
ESET research discovers a previously undocumented UEFI bootkit with roots going back all the way to at least 2012 ESET researchers analyze a previously undocumented, real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which we’ve named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which
Yet another APT group that exploited the ProxyLogon vulnerability in March 2021 ESET researchers have uncovered a new cyberespionage group targeting hotels, governments, and private companies worldwide. We have named this group FamousSparrow and we believe it has been active since at least 2019. Reviewing telemetry data during our investigation, we realized that FamousSparrow leveraged
Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here’s what you can do to prevent cloud configuration conundrums. Forget shadowy attackers deploying bespoke zero-day exploits from afar. A risk that is far more real for organizations as they embark on ambitious digital transformation projects is human error.
The campaign may last for a month, but we should remember that cybersecurity is a year-round affair The month of October is associated with a variety of themes, but it also ushers in the start of autumn and pumpkin-spiced lattes and culminates with one of the scariest days of the year – Halloween. However, beyond
Flaws in Apple Pay and Visa could allow criminals to make arbitrary contactless payments – no authentication needed, research finds Cybercriminals could make fraudulent purchases by circumventing an iPhone’s Apple Pay lock screen where the device’s wallet has a Visa card set up in so-called transit mode. The attackers could also bypass the contactless limit
A view of the T2 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Despite threats seemingly looming around every corner (I’m looking at you, Delta), the past four months were the time of summer vacations for many of us located in the northern hemisphere,
What your organization should consider when it comes to choosing a VPN solution and hardening it against attacks The NSA and CISA have released joint guidance to help organizations select their Virtual Private Network (VPN) solution and hardening it against compromise. Vulnerable VPN servers are attractive targets for threat actors, as they provide great opportunities
The emergency release comes a mere three days after Google’s previous update that plugged another 19 security loopholes Google has released an emergency update for its Chrome web browser to fix a zero-day vulnerability that is known to be actively exploited in the wild by malicious actors. The security loophole affects the Windows, macOS, and
While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented Researchers have uncovered a flaw in Apple’s macOS Finder system that could allow remote threat actors to dupe unsuspecting users into running arbitrary commands on their devices. The security loophole affects all versions of the macOS Big
Analysis of Numando banking trojan, steps to mitigate attack surface, and more! – Week in security with Tony Anscombe In this edition of Week in security, Tony looks at these topics: ESET Research continues its series on Latin American banking trojans, this time dissecting Numando, which targets mainly Brazil and rarely Mexico and Spain. An
The (probably) penultimate post in our occasional series demystifying Latin American banking trojans. Before concluding our series, there is one more LATAM banking trojan that deserves a closer look – Numando. The threat actor behind this malware family has been active since at least 2018. Even though it is not nearly as lively as Mekotio
Discover the best ways to mitigate your organization’s attack surface, in order to maximize cybersecurity. In almost all coverage of modern breaches you’ll hear mention of the “cyberattack surface” or something similar. It’s central to understanding how attacks work and where organizations are most exposed. During the pandemic the attack surface has grown arguably further
The most recent Patch Tuesday includes a fix for the previously disclosed and actively exploited remote code execution flaw in MSHTML. The arrival of the second Tuesday of the month can only mean one thing in cybersecurity terms, Microsoft is rolling out patches for security vulnerabilities in Windows and its other offerings. This time round Microsoft’s
The Facebook-owned messaging service plans to roll out the feature to both iOS and Android users in the coming weeks. While users already had the option to back up their message history using cloud-based services, they will soon be able to store their backups end-to-end encrypted (E2EE), WhatsApp has announced. The introduction of the new feature