Cyber Security

ESET Research An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes ESET Research 31 Jan 2024  •  , 2 min. read In this episode of the ESET Research Podcast, we dissect the most interesting findings of the ESET Threat Report H2

ESET has collaborated with the Federal Police of Brazil in an attempt to disrupt the Grandoreiro botnet. ESET contributed to the project by providing technical analysis, statistical information, and known command and control (C&C) server domain names and IP addresses. Due to a design flaw in Grandoreiro’s network protocol, ESET researchers were also able to

Digital Security In today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike Andy Garth 29 Jan 2024  •  , 4 min. read For thousands of years, nations have engaged in espionage, spying on their neighbors, allies, and adversaries. Traditionally, this realm of

Business Security Blindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk management Phil Muncaster 25 Jan 2024  •  , 5 min. read The world is built on supply chains. They are the connective tissue that facilitates global trade and prosperity. But

Video The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK 26 Jan 2024 This week, ESET researchers released their findings about an attack where a previously unknown threat actor deployed a sophisticated multistage implant, which ESET named NSPX30, through adversary-in-the-middle

ESET researchers provide an analysis of an attack carried out by a previously undisclosed China-aligned threat actor we have named Blackwood, and that we believe has been operating since at least 2018. The attackers deliver a sophisticated implant, which we named NSPX30, through adversary-in-the-middle (AitM) attacks hijacking update requests from legitimate software. Key points in

Scams As AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detection Cameron Camp 23 Jan 2024  •  , 4 min. read Would you fall for a faked call from your CEO asking

Video The job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failings 19 Jan 2024 The job of a chief information security officer (CISO) is becoming increasingly stressful, to the point that some security leaders are seeking out more peaceful career paths.

Scams Phone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victims Phil Muncaster 18 Jan 2024  •  , 4 min. read It’s every parent’s worst nightmare. You get a call from an unknown number and on the other end of the line hear

Scams, Digital Security Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible deal Phil Muncaster 17 Jan 2024  •  , 5 min. read If you’re on social media or use Google Shopping, the chances are you’ve

Business Security By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk Phil Muncaster 16 Jan 2024  •  , 5 min. read Cloud computing is an essential component of today’s digital landscape. IT infrastructure, platforms and software are more likely to

Video The cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC’s X account right ahead of the much-anticipated decision about Bitcoin ETFs 12 Jan 2024 The US Securities and Exchange Commission’s (SEC) X account was hacked this week to post an unauthorized tweet

Business Security How wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risks Mario Micucci 11 Jan 2024  •  , 4 min. read In the untold expanse of online information and communication, the ability to find the signal in the noise and discern the authenticity of data

Mobile Security WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don’t get taken for a ride. Phil Muncaster 10 Jan 2024  •  , 5 min. read Mobile applications make the world go round. Instant communication services are among the most popular apps on iOS and Android alike  – US

We Live Progress Is AI companionship the future of not-so-human connection – and even the cure for loneliness? Imogen Byers 09 Jan 2024  •  , 7 min. read Modern technology permeates almost every facet of our lives, shaping our day-to-day in ways both subtle and obvious – and indeed in ways we probably never anticipated.

Steeped in AI and the security risks of its use, the 2023 SANS Holiday Hack Challenge was an enrichening experience of navigating a series of 21 objectives that tested and broadened multiple cybersecurity skills. The best challenges for me were hunting down AI hallucinations in a pentest report, escalating privileges on a Linux system, searching

Video What are some of the key cybersecurity trends that people and organizations should have on their radars this year? 05 Jan 2024 As 2024 dawns, it’s time to look ahead to the challenges that are set to face people and organizations across the world this year. In this week’s video, ESET Chief Security Evangelist

How To Losing your keys, your wallet – or anything else, really – can be a pain, but there is a wide world of trackers that can help you locate your missing things – with awesome accuracy Márk Szabó 04 Jan 2024  •  , 6 min. read Ever had that brief moment of worry when

Digital Security Before getting rid of your no-longer-needed device, make sure it doesn’t contain any of your personal documents or information Phil Muncaster 27 Dec 2023  •  , 5 min. read The planet is warming and we’re all becoming more environmentally aware. When it comes to IT, this manifests in a surge in “e-waste” recycling.

Digital Security As we draw the curtain on another eventful year in cybersecurity, let’s review some of the high-profile cyber-incidents that occurred in 2023 Phil Muncaster 28 Dec 2023  •  , 5 min. read It’s been another monumental year in cybersecurity. Threat actors thrived against a backdrop of continued macroeconomic and geopolitical uncertainty, using all

When shopping for a new smartphone, you’re likely to look for the best bang for your buck. If you’re on the hunt for a top-of-the-range device but aren’t keen on paying top dollar for it, offerings from lesser-known manufacturers will probably make your shortlist. Indeed, in the fiercely competitive smartphone market you may be even

Digital Security Unwrapping a new gadget this holiday season will put a big smile on your face but things may quickly turn sour if the device and data on it aren’t secured properly Phil Muncaster 21 Dec 2023  •  , 4 min. read As the festive season approaches, we’re all looking forward to being pampered

Video How cybercriminals take advantage of the popularity of ChatGPT and other tools of its ilk to direct people to sketchy sites, plus other interesting findings from ESET’s latest Threat Report 22 Dec 2023 This week, the ESET research team released the H2 2023 issue of its Threat Report that looked at the key trends

ESET Research, Threat Reports A view of the H2 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Jiří Kropáč 19 Dec 2023  •  , 2 min. read The second half of 2023 witnessed significant cybersecurity incidents. Cl0p, a notorious cybercriminal group known for carrying

ESET Research ESET researchers discuss the dynamics within and between various groups of scammers who use a Telegram bot called Telekopye to scam people on online marketplaces ESET Research 18 Dec 2023  •  , 1 min. read In this episode of our podcast, ESET malware researchers talk about the dynamics within and between various Neanderthal

Video Your iPhone has just received a new feature called iMessage Contact Key Verification that is designed to help protect your messages from prying eyes 15 Dec 2023 Apple has shipped iOS 17.2 to all users and it includes a new feature that is intended to protect users from attackers who could be misusing the

ESET researchers analyzed a growing series of OilRig downloaders that the group has used in several campaigns throughout 2022, to maintain access to target organizations of special interest – all located in Israel. These lightweight downloaders, which we named SampleCheck5000 (SC5k v1-v3), OilCheck, ODAgent, and OilBooster, are notable for using one of several legitimate cloud

Cybercrime continues to grow rapidly; indeed, it is a highly lucrative global industry. Without accurately accounting for profits from cybercrime (1, 2), we are left looking at the staggering estimated cost of US$7.08 trillion in 2022 for reference. Measured in terms of GDP, the illegal proceeds would rank as the third-largest “economy” worldwide. Regardless, this

ESET Research has discovered a cluster of malicious Python projects being distributed in PyPI, the official Python package repository. The threat targets both Windows and Linux systems and usually delivers a custom backdoor. In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency,

Mobile Security A security compromise so stealthy that it doesn’t even require your interaction? Yes, zero-click attacks require no action from you – but this doesn’t mean you’re left vulnerable. Márk Szabó 11 Dec 2023  •  , 3 min. read In a world of instant communication and accelerated by the ever-spreading notion that if you