Cyber Security

In a rush to file your taxes? Watch out for cybercriminals preying on stressed taxpayers as Tax Day looms large on the horizon. The IRS-approved tax return filing service eFile.com has been caught compromising people’s devices with malware for weeks, serving a strong reminder that cybercriminals are also well aware of the fact that it’s

Give your social media presence a good spring scrubbing, audit your passwords and other easy ways to bring order to your digital chaos Spring has sprung, the sun is out longer, and the birds’ chirping, peeping and tweeting in the trees have put that much-needed pep in your step. With the arrival of spring also

Do you know how many devices are connected to your home network? You don’t? This is precisely why it’s time for a network audit. The rite of spring cleaning is clearly good for your home and your mind and well-being, but trust me, your home network and all the devices connected to it could use

Spring is in the air and as the leaves start growing again, why not breathe some new life into the devices you depend on so badly? It’s spring time in the northern hemisphere, and chances are good that you have a whole new spring in your step (excuse the pun!) thanks to the weather becoming

ESET experts share their insights on the cyber-elements of the first year of the war in Ukraine and how a growing number of destructive malware variants tried to rip through critical Ukrainian systems With the Russian invasion on February 24th, 2022, the age of wipers seems to have arrived as a growing number of destructive

Today is World Backup Day, but maybe we also need a “did you test your backups” day? When did you last attempt to restore your data? Today is World Backup Day, but maybe we also need a “did you test your backups” day? Why is that? Because many people and organizations that do create backups

By failing to prepare you are preparing to fail. Make sure you’re able to bounce back if, or when, a data disaster strikes. “Backup refers to copying physical and virtual files, or databases, to a secondary location for preservation in case of equipment failure or catastrophe. Backing up data is pivotal to any successful disaster

How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers Sometimes you have to say things that go without saying: Social media and instant messaging have made staying in touch with friends easier than ever. These days, you’re never too far away from people

How content creators and subscribers can embrace the social media platform without (overly) exposing themselves to the potentially toxic brew of NSFW content and privacy threats By now you’ve most probably heard of, or possibly even use, OnlyFans. Launched in 2016, this subscription service for content creators gained momentum over the course of the pandemic

As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us TikTok CEO Shou Zi Chew has appeared before the U.S. Congress to give his take on the app’s data security and privacy practices and

Here are some of the key moments from the five hours of Shou Zi Chew’s testimony and other interesting news on the data privacy front As the controversy surrounding TikTok continues, the app’s CEO Shou Zi Chew appeared before the U.S. Congress to explain the app’s data privacy and security practices. Here are some of

Why your organization should consider an MDR solution and five key things to look for in a service offering The threat landscape is evolving at breakneck speed and corporate cyberattack surfaces expand, with many trends and developments kicked into overdrive as a result of the surge in digital transformation investments during and after the COVID-19

Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option. Starting today, Twitter is disabling SMS-based two-factor authentication (2FA) for all but paying users following a decision that, not unlike other recent moves by the social media giant, has been

Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse When mayhem, panic and chaos set in – as has been the case following the meltdowns of Silicon Valley Bank (SVB) and Signature Bank and

How cybercriminals can exploit Silicon Valley Bank’s downfall for their own ends – and at your expense Big news events and major crises usually trigger an avalanche of follow-on phishing attempts. The COVID-19 pandemic and Russia’s invasion of Ukraine are perhaps the most obvious examples, but the most recent one is the collapse of Silicon

ESET researchers analyzed Android and Windows clippers that can tamper with instant messages and use OCR to steal cryptocurrency funds ESET researchers have discovered dozens of copycat Telegram and WhatsApp websites targeting mainly Android and Windows users with trojanized versions of these instant messaging apps. Most of the malicious apps we identified are clippers –

ESET Research uncovered a campaign by APT group Tick against a data-loss prevention company in East Asia and found a previously unreported tool used by the group ESET researchers discovered a campaign that we attribute with high confidence to the APT group Tick. The incident took place in the network of an East Asian company

Here’s how to know you have fallen victim to a scam – and what to do in order to undo or mitigate the damage. Online fraud can be thought of as a price we pay for the ubiquity of digital services. These services make our lives easier, healthier, safer and more entertaining. But there are

Here’s a roundup of some of the most common tricks that fraudsters use to dupe their victims on WhatsApp – and what you can do to protect yourself against them. With more than two billion users, WhatsApp offers a vast pool of potential targets for scammers. To make things more complicated, fraudsters aren’t known for

A request to move an online conversation to a supposedly more secure platform may not be as well-meaning as it sounds Have you ever been asked to move an online conversation to another – and supposedly more secure – platform? This technique, often used by romance scammers, was recently used against a number of Indian

An astrobiologist, analog astronaut, author and speaker, Dr. Michaela Musilova shares her experience as a woman at the forefront of space exploration and from her quest for scientific and personal excellence When we talk about space adventures, our minds are likely to wander to famed astronauts. However, we often forget that there is a lot

ESET researchers analyze a cyberespionage campaign that distributes CapraRAT backdoors through trojanized and supposedly secure Android messaging apps – but also exfiltrates sensitive information ESET researchers have identified an active Transparent Tribe campaign, targeting mostly Indian and Pakistani Android users – presumably with a military or political orientation. Victims were probably targeted through a honey-trap

The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window hasn’t gone unnoticed by threat actors. As a result, the first publicly known

A bootkit that ESET researchers have discovered in the wild is the BlackLotus UEFI bootkit that is being peddled on hacking forums For a mere $5,000, you can buy a UEFI bootkit called BlackLotus that can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled. This week, ESET researchers published their

ESET researchers tease apart MQsTTang, a new backdoor used by Mustang Panda, which communicates via the MQTT protocol ESET researchers have analyzed MQsTTang, a new custom backdoor that we attribute to the Mustang Panda APT group. This backdoor is part of an ongoing campaign that we can trace back to early January 2023. Unlike most

And that’s just the tip of the iceberg when it comes to the trends that defined the cyberthreat landscape in the final four months of 2022. Data from the latest ESET Threat Report, which provides an in-depth look at the threat landscape from September to December 2022, confirmed several previously observed trends. The key of

ESET Research has compiled a timeline of cyberattacks that used wiper malware and have occurred since Russia’s invasion of Ukraine in 2022 This blogpost presents a compiled overview of the disruptive wiper attacks that we have observed in Ukraine since the beginning of 2022, shortly before the Russian military invasion started. We were able to

With the conflict in Ukraine passing the one-year mark, have its cyber-war elements turned out as expected? It’s been twelve months since Russia invaded Ukraine, and it’s a good time to pause and reflect on a few pertinent issues, including: How is the war playing out in cyberspace? Have the cyber-elements turned out as expected?

The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group ESET researchers have discovered one of the payloads of the Wslink downloader that we uncovered back in 2021. We named this payload WinorDLL64 based on its filename WinorDLL64.dll. Wslink, which had the filename WinorLoaderDLL64.dll,

It’s never been easier to write a convincing message that can trick you into handing over your money or personal data ChatGPT has been taking the world by storm, having reached 100 million users only two months after launching. However, media stories about the tool’s uncanny ability to write human-sounding text mask a potentially darker reality.