Cyber Security

Business Security Many smaller organizations are turning to cyber risk insurance, both to protect against the cost of a cyber incident and to use the extensive post-incident services that insurers provide Tony Anscombe 31 Jul 2024  •  , 4 min. read If we were to stop people on the street and ask for words to

ESET Research ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families Jakub Kaloč 30 Jul 2024  •  , 8 min. read Just a few months back, ESET Research published a blogpost about massive phishing campaigns across Central and Eastern Europe carried out during the second half

Generative AI (GenAI) is making waves across the world. Its popularity and widespread use has also attracted the attention of cybercriminals, leading to various cyberthreats. Yet much discussion around threats associated with tools like ChatGPT has focused on how the technology can be misused to help fraudsters create convincing phishing messages, produce malicious code or

Video Attackers abusing the “EvilVideo” vulnerability could share malicious Android payloads via Telegram channels, groups, and chats, all while making them appear as legitimate multimedia files 26 Jul 2024 This week, ESET researchers documented their discovery of a zero-day exploit that appeared for sale on underground forums and targets the Telegram app for Android. The

In the past few months, the Telegram clicker game Hamster Kombat has taken the world of cryptocurrency game enthusiasts by storm. Even though the gameplay, which mostly entails repeatedly tapping the screen of one’s mobile device, might be rather simple, players are after something more: the possibility of earning big once Hamster Kombat’s creators unveil

Digital Security Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances Tony Anscombe 23 Jul 2024  •  , 3 min. read As the dust settles on the cyber-incident caused by CrowdStrike releasing a corrupted update, many businesses will, or should, conduct a

ESET Research ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos Lukas Stefanko 22 Jul 2024  •  , 6 min. read ESET researchers discovered a zero-day exploit that targets Telegram for Android, which appeared for sale for an unspecified price in an underground forum post from June

Digital Security If a software update process fails, it can lead to catastrophic consequences, as seen today with widespread blue screens of death blamed on a bad update by CrowdStrike Tony Anscombe 19 Jul 2024  •  , 2 min. read Cybersecurity is often about speed; a threat actor creates a malicious attack technique or code,

Video A purported ad blocker marketed as a security solution hides kernel-level malware that inadvertently exposes victims to even more dangerous threats 21 Jul 2024 This week, ESET researchers have released their findings about HotPage, a browser injector that leverages a driver developed by a Chinese company and signed by Microsoft. The malware masquerades as

Digital Security The widespread IT outages triggered by a faulty CrowdStrike update have put software updates in the spotlight. Here’s why you shouldn’t dread them. 19 Jul 2024  •  , 3 min. read In the realm of computing, few things are as unsettling as encountering a blue screen of death (BSOD) on your Windows system.

Malware research involves studying threat actor TTPs, mapping infrastructure, analyzing novel techniques… And while most of these investigations build on existing research, sometimes they start from a hunch, something that looks too simple. At the end of 2023, we stumbled upon an installer named HotPage.exe that deploys a driver capable of injecting code into remote

While blue teams defend, red teams attack. They share a common goal, however – help identify and address gaps in organizations’ defenses before these weaknesses can be exploited by malicious actors. The blue/red team exercises provide invaluable insights across the technical, procedural and human sides of security and can ultimately help organizations fend off actual

Scams Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters. Márk Szabó 15 Jul 2024  •  , 7 min. read What might be one of the easiest ways to scam

Video The issue of whether to ban ransomware payments is a hotly debated topic in cybersecurity and policy circles. What are the implications of outlawing these payments, and would the ban be effective? 12 Jul 2024 Back in May, we weighed in on the UK’s apparent plan to make it illegal for critical infrastructure entities

Video, Internet of Things As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds? 10 Jul 2024 Imagine all traffic lights in a city turning green simultaneously, much like in Die Hard 4. Could a movie plot become a reality? Does it

Scams Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account Phil Muncaster 09 Jul 2024  •  , 5 min. read Thanks to advances in technology, buying tickets to your favorite

Video Social media sites are designed to make their users come back for more. Do laws restricting children’s exposure to addictive social media feeds have teeth or are they a political gimmick? 04 Jul 2024 Social media platforms have become a near-constant presence in our daily lives. They are a great tool to stay connected

Scams, Social Media Here’s how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platform Christian Ali Bravo 01 Jul 2024  •  , 4 min. read As one of today’s most popular social media platforms, YouTube is often in

Scams From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation Christian Ali Bravo 03 Jul 2024  •  , 5 min. read Booking.com has become one of the main go-to platforms for travelers looking for holiday accommodation deals, but also for services like car rentals

Artificial Intelligence (AI) is a hot topic at the moment. It’s everywhere. You probably already use it every day. That chatbot you’re talking to about your lost parcel? Powered by conversational AI. The ‘recommended’ items lined up under your most frequently brought Amazon purchases? Driven by AI/ML (machine learning) algorithms. You might even use generative

ESET Research, Threat Reports A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Jiří Kropáč 27 Jun 2024  •  , 2 min. read These past six months painted a dynamic landscape of Android Financial threats – malware going after victims’

Video Learn about the categories of threats that ‘topped the charts’ and the kinds of techniques that bad actors leveraged most commonly in the first half of this year. 28 Jun 2024 This week, the ESET research team released the H1 2024 issue of ESET Threat Report that examines the key trends and developments that

Business Security Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies Tony Anscombe 26 Jun 2024  •  , 5 min. read Offsetting business risk with insurance is not new. Early mariners transporting their goods around the world hundreds of years ago faced

Privacy VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes Phil Muncaster 25 Jun 2024  •  , 6 min. read In a world of remote working and heightened privacy and security concerns, virtual private networks (VPNs) have become an indispensable

Video Understanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidents 21 Jun 2024 A successful cyberattack can affect an organization in many ways, but the way the organization handles the incident extends far beyond the immediate aftermath. Indeed, the long-term

Digital Security As health data continues to be a prized target for hackers, here’s how to minimize the fallout from a breach impacting your own health records Phil Muncaster 20 Jun 2024  •  , 5 min. read Digital transformation is helping healthcare providers across the globe to become more cost-efficient, while improving standards of patient

Business Security, Critical Infrastructure Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat Phil Muncaster 19 Jun 2024  •  , 5 min. read Hacktivism surged back into mainstream consciousness with Russia’s invasion of Ukraine in February 2022. Less than two years later, politically-motivated

Business Security Don’t get hacked in the first place – it costs far less than dealing with the aftermath of a successful attack Cameron Camp 17 Jun 2024  •  , 3 min. read We watch real life attacks in horror, where companies simply try to defend against attackers stomping on their networks in real time,

ESET Research The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023 ESET Research 14 Jun 2024  •  , 2 min. read In this episode of the ESET Research Podcast, we dissect the most interesting findings

Video The spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry app 14 Jun 2024 This week, ESET researchers released their findings about five campaigns that used trojanized apps to target Android users in Egypt and Palestine. Initiated in 2022,