Cyber Security

Digital Security Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances Tony Anscombe 23 Jul 2024  •  , 3 min. read As the dust settles on the cyber-incident caused by CrowdStrike releasing a corrupted update, many businesses will, or should, conduct a

ESET Research ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos Lukas Stefanko 22 Jul 2024  •  , 6 min. read ESET researchers discovered a zero-day exploit that targets Telegram for Android, which appeared for sale for an unspecified price in an underground forum post from June

Digital Security If a software update process fails, it can lead to catastrophic consequences, as seen today with widespread blue screens of death blamed on a bad update by CrowdStrike Tony Anscombe 19 Jul 2024  •  , 2 min. read Cybersecurity is often about speed; a threat actor creates a malicious attack technique or code,

Video A purported ad blocker marketed as a security solution hides kernel-level malware that inadvertently exposes victims to even more dangerous threats 21 Jul 2024 This week, ESET researchers have released their findings about HotPage, a browser injector that leverages a driver developed by a Chinese company and signed by Microsoft. The malware masquerades as

Digital Security The widespread IT outages triggered by a faulty CrowdStrike update have put software updates in the spotlight. Here’s why you shouldn’t dread them. 19 Jul 2024  •  , 3 min. read In the realm of computing, few things are as unsettling as encountering a blue screen of death (BSOD) on your Windows system.

Malware research involves studying threat actor TTPs, mapping infrastructure, analyzing novel techniques… And while most of these investigations build on existing research, sometimes they start from a hunch, something that looks too simple. At the end of 2023, we stumbled upon an installer named HotPage.exe that deploys a driver capable of injecting code into remote

While blue teams defend, red teams attack. They share a common goal, however – help identify and address gaps in organizations’ defenses before these weaknesses can be exploited by malicious actors. The blue/red team exercises provide invaluable insights across the technical, procedural and human sides of security and can ultimately help organizations fend off actual

Scams Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters. Márk Szabó 15 Jul 2024  •  , 7 min. read What might be one of the easiest ways to scam

Video The issue of whether to ban ransomware payments is a hotly debated topic in cybersecurity and policy circles. What are the implications of outlawing these payments, and would the ban be effective? 12 Jul 2024 Back in May, we weighed in on the UK’s apparent plan to make it illegal for critical infrastructure entities

Video, Internet of Things As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds? 10 Jul 2024 Imagine all traffic lights in a city turning green simultaneously, much like in Die Hard 4. Could a movie plot become a reality? Does it

Scams Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account Phil Muncaster 09 Jul 2024  •  , 5 min. read Thanks to advances in technology, buying tickets to your favorite

Video Social media sites are designed to make their users come back for more. Do laws restricting children’s exposure to addictive social media feeds have teeth or are they a political gimmick? 04 Jul 2024 Social media platforms have become a near-constant presence in our daily lives. They are a great tool to stay connected

Scams, Social Media Here’s how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platform Christian Ali Bravo 01 Jul 2024  •  , 4 min. read As one of today’s most popular social media platforms, YouTube is often in

Scams From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation Christian Ali Bravo 03 Jul 2024  •  , 5 min. read Booking.com has become one of the main go-to platforms for travelers looking for holiday accommodation deals, but also for services like car rentals

Artificial Intelligence (AI) is a hot topic at the moment. It’s everywhere. You probably already use it every day. That chatbot you’re talking to about your lost parcel? Powered by conversational AI. The ‘recommended’ items lined up under your most frequently brought Amazon purchases? Driven by AI/ML (machine learning) algorithms. You might even use generative

ESET Research, Threat Reports A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Jiří Kropáč 27 Jun 2024  •  , 2 min. read These past six months painted a dynamic landscape of Android Financial threats – malware going after victims’

Video Learn about the categories of threats that ‘topped the charts’ and the kinds of techniques that bad actors leveraged most commonly in the first half of this year. 28 Jun 2024 This week, the ESET research team released the H1 2024 issue of ESET Threat Report that examines the key trends and developments that

Business Security Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies Tony Anscombe 26 Jun 2024  •  , 5 min. read Offsetting business risk with insurance is not new. Early mariners transporting their goods around the world hundreds of years ago faced

Privacy VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes Phil Muncaster 25 Jun 2024  •  , 6 min. read In a world of remote working and heightened privacy and security concerns, virtual private networks (VPNs) have become an indispensable

Video Understanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidents 21 Jun 2024 A successful cyberattack can affect an organization in many ways, but the way the organization handles the incident extends far beyond the immediate aftermath. Indeed, the long-term

Digital Security As health data continues to be a prized target for hackers, here’s how to minimize the fallout from a breach impacting your own health records Phil Muncaster 20 Jun 2024  •  , 5 min. read Digital transformation is helping healthcare providers across the globe to become more cost-efficient, while improving standards of patient

Business Security, Critical Infrastructure Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat Phil Muncaster 19 Jun 2024  •  , 5 min. read Hacktivism surged back into mainstream consciousness with Russia’s invasion of Ukraine in February 2022. Less than two years later, politically-motivated

Business Security Don’t get hacked in the first place – it costs far less than dealing with the aftermath of a successful attack Cameron Camp 17 Jun 2024  •  , 3 min. read We watch real life attacks in horror, where companies simply try to defend against attackers stomping on their networks in real time,

ESET Research The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023 ESET Research 14 Jun 2024  •  , 2 min. read In this episode of the ESET Research Podcast, we dissect the most interesting findings

Video The spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry app 14 Jun 2024 This week, ESET researchers released their findings about five campaigns that used trojanized apps to target Android users in Egypt and Palestine. Initiated in 2022,

ESET researchers have identified five campaigns targeting Android users with trojanized apps. Most probably carried out by the Arid Viper APT group, these campaigns started in 2022 and three of them are still ongoing at the time of the publication of this blogpost. They deploy multistage Android spyware, which we named AridSpy, that downloads first-

Digital Security Drumroll, please! The winners of the 2024 European Cybersecurity Blogger Awards have been chosen, and we couldn’t be prouder – WeLiveSecurity has been named the Best Cybersecurity Vendor Blog! 10 Jun 2024  •  , 2 min. read We’re delighted to announce that WeLiveSecurity has been named the Best Cybersecurity Vendor Blog at this

Video Ticketmaster seems to have experienced a data breach, with the ShinyHunters hacker group claiming to have exfiltrated 560 million customer data. Watch as Tony discusses the story and provides useful tips on how to protect people’s data. 07 Jun 2024 Ticketmaster has reportedly been breached by a hacker group known as ShinyHunters, who claim

Scams $90,000/year, full home office, and 30 days of paid leave, and all for a job as a junior data analyst – unbelievable, right? This and many other job offers are fake though – made just to ensnare unsuspecting victims into giving up their data. Márk Szabó 06 Jun 2024  •  , 5 min. read

How To Password leaks are increasingly common and figuring out whether the keys to your own kingdom have been exposed might be tricky – unless you know where to look Márk Szabó 03 Jun 2024  •  , 6 min. read Recently, I came across a report detailing “the mother of all breaches” – or to