How can you tell fact from fiction and avoid falling for and spreading falsehoods about the war in Ukraine? The Russian invasion of Ukraine has led to a torrent of fake news, misinformation and disinformation being spread on social media. The fabricated, manipulated and otherwise false and misleading content and narratives reach a global audience
Cyber Security
As the conflict in Ukraine heightens the risk of cyberattacks globally, what can organizations do to improve their resiliency? Due to the current attack by Russian forces on Ukraine, do you expect there to be more cyberattacks? This is the most common question I am being asked post Russia unleashing its offensive in Ukraine. The
Looking to help people in Ukraine? Donate wisely – do your research first so you give without getting scammed Times of crisis may bring out the best in you, but they also have a way of bringing out the worst in scammers. They, too, follow the headlines and will go into overdrive in their attempts
What can social movements of the past teach you about the future – and about protecting your digital self? Being African American and working at a cybersecurity company doesn’t seem at first glance to provide fertile ground for pondering about the historical past. So, when asked in August 2021 if I could write something for
No sector or organization is immune to rapidly escalating cyberthreats, but when it comes to healthcare, the stakes couldn’t be higher Even prior to Russia’s invasion of Ukraine, there was considerable fear that military escalation would bleed (further) into cyberspace and be followed by a rash of impactful digital assaults with international implications. Organizations worldwide
Organizations worldwide should remain on high alert for cyberattacks as the risk of major cyber-spillover from the crisis in Ukraine continues to loom large Contests between states in the so-called gray zone between war and peace have been increasing for some time in cyberspace. In Ukraine, cyberattacks have been recorded more frequently over the past
Here are a few tips that will help you get your ‘go bag’ ready if you have to leave at a moment’s notice and need your communications and data to survive If you live in an area where emergencies aren’t rare (like I do; our area has one of the highest rates of fire evacuations
Press play to hear Aryeh Goretsky, Jean-Ian Boutin and Robert Lipovsky discuss how recent malware attacks in Ukraine tie into years of cyberattacks against the country Long before the first Russian soldier set foot on Ukrainian soil, the country had been a target of sophisticated digital operations spying on its officials, and sabotaging its critical
ESET researchers uncover a new wiper that attacks Ukrainian organizations and a worm component that spreads HermeticWiper in local networks As the recent hostilities started between Russia and Ukraine, ESET researchers discovered several malware families targeting Ukrainian organizations. On February 23rd, 2022, a destructive campaign using HermeticWiper targeted multiple Ukrainian organizations. This cyberattack preceded, by
ESET research discovers a previously undocumented UEFI bootkit with roots going back all the way to at least 2012 ESET researchers analyze a previously undocumented, real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which we’ve named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which
Yet another APT group that exploited the ProxyLogon vulnerability in March 2021 ESET researchers have uncovered a new cyberespionage group targeting hotels, governments, and private companies worldwide. We have named this group FamousSparrow and we believe it has been active since at least 2019. Reviewing telemetry data during our investigation, we realized that FamousSparrow leveraged
Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here’s what you can do to prevent cloud configuration conundrums. Forget shadowy attackers deploying bespoke zero-day exploits from afar. A risk that is far more real for organizations as they embark on ambitious digital transformation projects is human error.
The campaign may last for a month, but we should remember that cybersecurity is a year-round affair The month of October is associated with a variety of themes, but it also ushers in the start of autumn and pumpkin-spiced lattes and culminates with one of the scariest days of the year – Halloween. However, beyond
Flaws in Apple Pay and Visa could allow criminals to make arbitrary contactless payments – no authentication needed, research finds Cybercriminals could make fraudulent purchases by circumventing an iPhone’s Apple Pay lock screen where the device’s wallet has a Visa card set up in so-called transit mode. The attackers could also bypass the contactless limit
A view of the T2 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Despite threats seemingly looming around every corner (I’m looking at you, Delta), the past four months were the time of summer vacations for many of us located in the northern hemisphere,
What your organization should consider when it comes to choosing a VPN solution and hardening it against attacks The NSA and CISA have released joint guidance to help organizations select their Virtual Private Network (VPN) solution and hardening it against compromise. Vulnerable VPN servers are attractive targets for threat actors, as they provide great opportunities
The emergency release comes a mere three days after Google’s previous update that plugged another 19 security loopholes Google has released an emergency update for its Chrome web browser to fix a zero-day vulnerability that is known to be actively exploited in the wild by malicious actors. The security loophole affects the Windows, macOS, and
While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented Researchers have uncovered a flaw in Apple’s macOS Finder system that could allow remote threat actors to dupe unsuspecting users into running arbitrary commands on their devices. The security loophole affects all versions of the macOS Big
Analysis of Numando banking trojan, steps to mitigate attack surface, and more! – Week in security with Tony Anscombe In this edition of Week in security, Tony looks at these topics: ESET Research continues its series on Latin American banking trojans, this time dissecting Numando, which targets mainly Brazil and rarely Mexico and Spain. An
The (probably) penultimate post in our occasional series demystifying Latin American banking trojans. Before concluding our series, there is one more LATAM banking trojan that deserves a closer look – Numando. The threat actor behind this malware family has been active since at least 2018. Even though it is not nearly as lively as Mekotio
Discover the best ways to mitigate your organization’s attack surface, in order to maximize cybersecurity. In almost all coverage of modern breaches you’ll hear mention of the “cyberattack surface” or something similar. It’s central to understanding how attacks work and where organizations are most exposed. During the pandemic the attack surface has grown arguably further
The most recent Patch Tuesday includes a fix for the previously disclosed and actively exploited remote code execution flaw in MSHTML. The arrival of the second Tuesday of the month can only mean one thing in cybersecurity terms, Microsoft is rolling out patches for security vulnerabilities in Windows and its other offerings. This time round Microsoft’s
The Facebook-owned messaging service plans to roll out the feature to both iOS and Android users in the coming weeks. While users already had the option to back up their message history using cloud-based services, they will soon be able to store their backups end-to-end encrypted (E2EE), WhatsApp has announced. The introduction of the new feature
From cybercriminal evergreens like phishing to the verification badge scam we look at the most common tactics fraudsters use to trick their victims Instagram is one of the most popular social media platforms. Indeed, with over one billion monthly active users it is among the top four most popular social media networks in the world. That figure,
Elderly men and women were the main targets of the romance scams operated by the fraudsters. A United States Army Reservist has been sentenced to 46 months and ordered to and pay approximately US$1.8 million in restitution after he was found to be involved in a scheme to commit romance and business email compromise (BEC) scams against
The university suffered a ransomware attack, however there is no evidence so far of data being accessed or stolen. Howard University, a private research university based out of Washington D.C. admitted that it suffered a cyberattack on Friday. The university alerted both the Federal Bureau of Investigation and the D.C. city government about the incident
ESET researchers have investigated a targeted mobile espionage campaign against the Kurdish ethnic group, and that has been active since at least March 2020. ESET researchers have investigated a targeted mobile espionage campaign against the Kurdish ethnic group. This campaign has been active since at least March 2020, distributing (via dedicated Facebook profiles) two Android
Following the incident the company has updated its website and privacy policy to clarify its legal obligations to its userbase ProtonMail a Swiss-based secure email provider has been at the center of some controversy after it was forced to share the IP address of one of its clients, a climate activist, with law enforcement agencies
Les chercheurs d’ESET expliquent les détails d’une faille découverte dans VaxiCode Vérif, l’application mobile permettant la vérification des preuves vaccinales québécoise La sortie d’applications mobiles permettant le stockage et la vérification du passeport vaccinal par le gouvernement du Québec (VaxiCode et VaxiCode Vérif) a fait couler beaucoup d’encre la semaine dernière. C’est avec raison; l’application
Vaccination passports may facilitate the return to normalcy, but there are also concerns about what kinds of personal data they collect and how well they protect it. Here’s what you should know. Technology has been front and center throughout the COVID-19 pandemic, but not without presenting a few issues and challenges. Proof of vaccination and