Cyber Security

ESET Research ESET researchers discuss the dynamics within and between various groups of scammers who use a Telegram bot called Telekopye to scam people on online marketplaces ESET Research 18 Dec 2023  •  , 1 min. read In this episode of our podcast, ESET malware researchers talk about the dynamics within and between various Neanderthal

Video Your iPhone has just received a new feature called iMessage Contact Key Verification that is designed to help protect your messages from prying eyes 15 Dec 2023 Apple has shipped iOS 17.2 to all users and it includes a new feature that is intended to protect users from attackers who could be misusing the

ESET researchers analyzed a growing series of OilRig downloaders that the group has used in several campaigns throughout 2022, to maintain access to target organizations of special interest – all located in Israel. These lightweight downloaders, which we named SampleCheck5000 (SC5k v1-v3), OilCheck, ODAgent, and OilBooster, are notable for using one of several legitimate cloud

Cybercrime continues to grow rapidly; indeed, it is a highly lucrative global industry. Without accurately accounting for profits from cybercrime (1, 2), we are left looking at the staggering estimated cost of US$7.08 trillion in 2022 for reference. Measured in terms of GDP, the illegal proceeds would rank as the third-largest “economy” worldwide. Regardless, this

ESET Research has discovered a cluster of malicious Python projects being distributed in PyPI, the official Python package repository. The threat targets both Windows and Linux systems and usually delivers a custom backdoor. In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency,

Mobile Security A security compromise so stealthy that it doesn’t even require your interaction? Yes, zero-click attacks require no action from you – but this doesn’t mean you’re left vulnerable. Márk Szabó 11 Dec 2023  •  , 3 min. read In a world of instant communication and accelerated by the ever-spreading notion that if you

We Live Progress ChatGPT would probably say “Definitely not!”, but will we learn any lessons from the rush to regulate IoT in the past? Tony Anscombe 11 Dec 2023  •  , 3 min. read The accelerated pace in the advancement of technology is challenging for any of us to keep up with, especially for public

Critical Infrastructure Legacy protocols in the healthcare industry present dangers that can make hospitals extremely vulnerable to cyberattacks. Tony Anscombe 08 Dec 2023  •  , 3 min. read The healthcare industry will, I am sure, remain a significant target for cybercriminals due to the huge potential it provides them to monetize their efforts through ransomware

Video ESET Research reveals details about a growth in the number of deceptive loan apps on Android, their origins and modus operandi 08 Dec 2023 This week, ESET researchers have taken a look at a steep increase in deceptive loan apps for Android. According to ESET Research, there has been a large growth of these

Magnetic stripe cards were all the rage 20 or so years ago, but their security was fragile, and the requirement for signatures often added to the hassle of transactions – not to mention, they lacked data encryption, making them vulnerable to skimming and cloning by criminals.  Chip-based cards emerged as a successor, offering enhanced security

Tracking has recently become a big bogeyman. The sheer amount of data that an app or an operating system (OS) can use to identify you and collect your data is enormous, depending on the method of tracking it uses. While it’s clear why manufacturers and sellers desire more data – to tailor their products, enhance

Since the beginning of 2023, ESET researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds. Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all

Video Several cases of children creating indecent images of other children using AI software add to the worries about harmful uses of AI technology 01 Dec 2023 It has been reported recently that children are using artificial intelligence (AI) image generators to create indecent images of other children. The reports came amid a few publicized

Business Security While it may be too late to introduce wholesale changes to your security policies, it doesn’t hurt to take a fresh look at where the biggest threats are and which best practices can help neutralize them Phil Muncaster 28 Nov 2023  •  , 6 min. read The holiday shopping season has begun in

Business Security Failing to practice what you preach, especially when you are a juicy target for bad actors, creates a situation fraught with considerable risk Phil Muncaster 30 Nov 2023  •  , 5 min. read When it comes to corporate cybersecurity, leading by example matters. Yes, it’s important for every employee to play their part

Digital Security The technology is both widely available and well developed, hence it’s also poised to proliferate – especially in the hands of those wishing ill Cameron Camp 29 Nov 2023  •  , 2 min. read Who would be to blame if your plane got tricked into flying into a war zone? If GPS gets

Scams, Cybercrime The holiday shopping season may be the time to splurge, but it’s a also favorite time of year for cybercriminals to target shoppers with phony deals, phishing scams and other threats Phil Muncaster 27 Nov 2023  •  , 5 min. read The holiday shopping season is in full swing. It involves a seemingly

Video ESET’s research team reveals details about the onboarding process of the Telekopye scam operation and the various methods that the fraudsters use to defraud people online 24 Nov 2023 How do aspiring fraudsters become members of a scam operation that helps them defraud people on online marketplaces? ESET researchers recently discovered and analyzed Telekopye,

We recently published a blogpost about Telekopye, a Telegram bot that helps cybercriminals scam people in online marketplaces. Telekopye can craft phishing websites, emails, SMS messages, and more. In the first part, we wrote about technical details of Telekopye and hinted at hierarchical structure of its operational groups. In this second part, we focus on

Digital Security AI-driven voice cloning can make things far too easy for scammers – I know because I’ve tested it so that you don’t have to learn about the risks the hard way. Jake Moore 22 Nov 2023  •  , 6 min. read The recent theft of my voice brought me to a new fork in the

Digital Security What happens when problems caused by autonomous vehicles are not the result of errors, but the result of purposeful attacks? 21 Nov 2023  •  , 7 min. read Fleets of robotaxis hit the brakes, citing the need to “rebuild public trust”. This story had been brewing for a while. It seemed fairly inconsequential

Social Media How much contact and personal information do you give away in your LinkedIn profile and who can see it? Here’s why less may be more. Daniel Cunha Barbosa 16 Nov 2023  •  , 4 min. read Several friends recently asked me how cybercriminals could gain access to their contact data, especially their mobile

Video An attack against a port operator that ultimately hobbled some 40 percent of Australia’s import and export capacity highlights the kinds of supply chain shocks that a successful cyberattack can cause 17 Nov 2023 This week, one of Australia’s major port operators, DP World, had to pull the plug on its internet connection and

We Live Progress Discover six games that will provide valuable knowledge while turning learning about digital security into an enjoyable and rewarding adventure Luiza Pires 14 Nov 2023  •  , 4 min. read In this day and age, knowing your way around the digital world is not merely a valuable asset – it is a

Secure Coding Through engaging hacking challenges and competitions, CTFs offer an excellent opportunity to test and enhance your security and problem-solving skills Christian Ali Bravo 13 Nov 2023  •  , 3 min. read Cybersecurity is not only an ever-evolving and increasingly important concern in our digital age, but it can also be a lot of

Business Security By collecting, analyzing and contextualizing information about possible cyberthreats, including the most advanced ones, threat intelligence offers a critical method to identify, assess and mitigate cyber risk Phil Muncaster 10 Nov 2023  •  , 4 min. read When it comes to mitigating an organization’s cyber risk, knowledge and expertise are power. That alone

The Urdu version of the Hunza News website offers readers the option to download an Android app – little do they know that the app is actually spyware 10 Nov 2023 This week, ESET researchers have described the ins and outs of a so-called watering-hole attack against a news website that delivers news about Gilgit-Baltistan,

ESET researchers have identified what appears to be a watering-hole attack on a regional news website that delivers news about Gilgit-Baltistan, a disputed region administered by Pakistan. When opened on a mobile device, the Urdu version of the Hunza News website offers readers the possibility to download the Hunza News Android app directly from the

Business Security Organizations that intend to tap the potential of LLMs must also be able to manage the risks that could otherwise erode the technology’s business value Phil Muncaster 06 Nov 2023  •  , 5 min. read Everyone’s talking about ChatGPT, Bard and generative AI as such. But after the hype inevitably comes the reality

ESET Research How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there 01 Nov 2023  •  , 3 min. read In August 2023, the notorious Mozi botnet, infamous for exploiting vulnerabilities in hundreds of thousands of IoT devices each year, experienced a sudden