Cyber Security

Digital Security Artificial intelligence is just a spoke in the wheel of security – an important spoke but, alas, only one Cameron Camp 16 Sep 2024  •  , 3 min. read That was fast. While the RSA Conference was oozing AI (with or without merit) from every orifice, the luster faded quickly. With a recent

Video, Ransomware ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends 13 Sep 2024 This week, ESET researchers published a deep dive into the recent activities of the CosmicBeetle cybercrime group. Among other notable things, CosmicBeetle was found to abuse the infamy of

Scams Learn about the main tactics used by scammers impersonating Best Buy’s tech support arm and how to avoid falling for their tricks Phil Muncaster 11 Sep 2024  •  , 5 min. read For three decades, Geek Squad has been a trusted name in tech for anyone needing IT support. The Best Buy subsidiary dispenses

ESET researchers have mapped the recent activities of the CosmicBeetle threat actor, documenting its new ScRansom ransomware and highlighting connections to other well-established ransomware gangs. CosmicBeetle actively deploys ScRansom to SMBs in various parts of the world. While not being top notch, the threat actor is able to compromise interesting targets. CosmicBeetle replaced its previously

Video The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams 06 Sep 2024 Consumers in the United States lost more than $114 million to scams involving Bitcoin ATMs (BTMs) last year, with the figure soaring ten-fold

Business Security Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options Tony Anscombe 04 Sep 2024  •  , 3 min. read There must be a consideration of the ethical question of contributing to the

ESET Research ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver ESET Research 05 Sep 2024  •  , 1 min. read Usually when someone mentions adware, people think of low-quality half-baked malicious code used to spam victims with sketchy ads. But as we explain in this episode of

Malware Sometimes there’s more than just an enticing product offer hiding behind an ad Márk Szabó 03 Sep 2024  •  , 3 min. read One thing is true: Malware developers are deeply invested in improving their malware and exploring different ways to compromise end users. Malware spreading through ads is nothing new; for a long

ESET researchers discovered a code execution vulnerability in WPS Office for Windows (CVE⁠-⁠2024⁠-⁠7262), as it was being exploited by APT-C-60, a South Korea-aligned cyberespionage group. Upon analyzing the root cause, we subsequently discovered another way to exploit the faulty code (CVE-2924-7263). Following a coordinated disclosure process, both vulnerabilities are now patched – in this blogpost,

Video The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become 28 Aug 2024 Recently, ESET Researchers have discovered a crimeware campaign that targeted the clients of prominent Czech banks. The malware, named NGate by ESET, can relay data from victims’ stored payment cards via a

Internet of Things In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors Márk Szabó 27 Aug 2024  •  , 4 min. read Outdated devices are often easy targets for attackers, especially if they have vulnerabilities that can be exploited and no patches are available due to their end-of-life status.

Video, Mobile Security The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure 26 Aug 2024 Android threats are a serious business. Among them is the Blue Ducky script, which

Video Phishing using PWAs? ESET Research’s latest discovery might just ruin some users’ assumptions about their preferred platform’s security 23 Aug 2024 ESET researchers have recently revealed an uncommon type of phishing campaign using Progressive Web Apps (PWAs) that targeted the clients of a prominent Czech bank.  The technique used installed a phishing application from

ESET researchers uncovered a crimeware campaign that targeted clients of three Czech banks. The malware used, which we have named NGate, has the unique ability to relay data from victims’ payment cards, via a malicious app installed on their Android devices, to the attacker’s rooted Android phone. Key points of this blogpost: Attackers combined standard

Business Security Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with Tony Anscombe 21 Aug 2024  •  , 3 min. read Governments create legislation and regulations primarily to protect public interests and keep

In this blogpost we discuss an uncommon type of phishing campaign targeting mobile users and analyze a case that we observed in the wild that targeted clients of a prominent Czech bank. This technique is noteworthy because it installs a phishing application from a third-party website without the user having to allow third-party app installation.

Video Business email compromise (BEC) has once again proven to be a costly issue, with a company losing $60 million in a wire transfer fraud scheme 16 Aug 2024 A Luxembourg-based chemicals and manufacturing company has recently suffered one of the largest-ever business email compromise (BEC) attacks. According to a filing to the U.S. Securities

Scams Here’s how to spot and dodge scams when searching for stuff on the classified ads website that offers almost everything under the sun Phil Muncaster 12 Aug 2024  •  , 5 min. read People have been buying and selling items on Craigslist for nearly three decades. As a platform for digital classified ads, its

Scams Your phone number is more than just a way to contact you – scammers can use it to target you with malicious messages and even exploit it to gain access to your bank account or steal corporate data Márk Szabó 13 Aug 2024  •  , 5 min. read Last month, we looked at how

Privacy What if your favorite dating, social media or gaming app revealed your exact coordinates to someone you’d rather keep at a distance? Tony Anscombe 12 Aug 2024  •  , 3 min. read In today’s digital age, geolocation features in many apps offer undeniable convenience. Just before writing this blog, I needed to locate some

Critical Infrastructure In this high-stakes year for democracy, the importance of robust election safeguards and national cybersecurity strategies cannot be understated Tony Anscombe 09 Aug 2024  •  , 3 min. read The mention of election security, especially in a year where the majority of the world is destined to vote, brings to mind images of

Video Unsurprisingly, many discussions focused on the implications of the recent CrowdStrike outage, including the lessons it may have offered for bad actors 09 Aug 2024 This week was that time of the year when thousands of cybersecurity experts descended on Las Vegas to attend Black Hat USA, one of the world’s top cybersecurity conferences.

Business Security Cyber insurance is not only a safety net, but it can also be a catalyst for advancing security practices and standards Tony Anscombe 08 Aug 2024  •  , 3 min. read If there was ever any doubt about the relationship between cybersecurity and the cyber insurance industry, then Black Hat USA 2024 dispelled

Business Security Having knowledgeable leaders at the helm is crucial for protecting the organization and securing the best possible cyber insurance coverage Tony Anscombe 07 Aug 2024  •  , 4 min. read The board does not understand cybersecurity – that’s not so anymore. Prior to the pandemic, the CISO and cybersecurity team were seen as

Video Organizations that leveraged AI and automation in security prevention cut the cost of a data breach by US$2.22 million compared to those that didn’t deploy these technologies, according to IBM 02 Aug 2024 Organizations that leveraged the power of artificial intelligence (AI) and automation in security prevention cut the cost of a data breach

Business Security Many smaller organizations are turning to cyber risk insurance, both to protect against the cost of a cyber incident and to use the extensive post-incident services that insurers provide Tony Anscombe 31 Jul 2024  •  , 4 min. read If we were to stop people on the street and ask for words to

ESET Research ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families Jakub Kaloč 30 Jul 2024  •  , 8 min. read Just a few months back, ESET Research published a blogpost about massive phishing campaigns across Central and Eastern Europe carried out during the second half

Generative AI (GenAI) is making waves across the world. Its popularity and widespread use has also attracted the attention of cybercriminals, leading to various cyberthreats. Yet much discussion around threats associated with tools like ChatGPT has focused on how the technology can be misused to help fraudsters create convincing phishing messages, produce malicious code or

Video Attackers abusing the “EvilVideo” vulnerability could share malicious Android payloads via Telegram channels, groups, and chats, all while making them appear as legitimate multimedia files 26 Jul 2024 This week, ESET researchers documented their discovery of a zero-day exploit that appeared for sale on underground forums and targets the Telegram app for Android. The

In the past few months, the Telegram clicker game Hamster Kombat has taken the world of cryptocurrency game enthusiasts by storm. Even though the gameplay, which mostly entails repeatedly tapping the screen of one’s mobile device, might be rather simple, players are after something more: the possibility of earning big once Hamster Kombat’s creators unveil