In our final report from CES we take a look at smart city initiatives This year at CES there was an entire section devoted to smart city initiatives municipalities are rolling out in many cities around the world, or planning to. As we noted in our look at automotive security and IoT security previously, the
What’s in store for automotive security once cars morph into mobile living rooms and working spaces? And how about transportation at large? There is a certain singularity to CES (Consumer Electronics Show), where vehicles, security, and a host of other technologic doodads unite around a given platform, in this case the car. As these converge,
No 3D-printed heads or realistic masks were needed to trick even a handful of high-end handset models into unlocking their screens A Dutch non-profit has tested facial recognition on 110 smartphones to see just how well their implementations of this method of biometric authentication secure the devices – and found that the picture isn’t pretty.
There’s a digital treasure trove to be had in your home so you should take steps to protect it There isn’t a square meter of the show floor here at CES that doesn’t have some gadget connected to the internet. Whether tiny robots, your next house lighting controller, or new-fangled drink machine, it’s all connected.
In case there are some blank entries in your laundry list of New Year’s resolutions, we have a few tips for a bit of cybersecurity ‘soul searching’. Here’s the first batch, looking at how you can fix your good ol’ passwords. Many of us entered 2019 with a boatload of New Year’s resolutions. Doing more
The program with a prize pool of almost US$1 million aims to leverage the ‘power of the crowd’ in order to prevent another Heartbleed The European Union (EU) is rolling out a bug bounty scheme on some of the most popular free and open source software around in a bid to ultimately make the internet
The vast trove of data was released online and disseminated via Twitter over the span of four weeks – without anybody really noticing German authorities are investigating a major cybersecurity incident that saw the personal information of hundreds of German politicians, as well as a number of TV personalities and journalists, dumped online in serial
A reflection on how acknowledging the cumulative nature of cyber-threats and understanding its implications can benefit our digital security Threat cumulativity is a term I began to use in 2018 to refer to the tendency of new technologies to spawn new threats that add to old threats without displacing them. In this article I give
The message starts off with the kind of information that is apt to send shivers down the spines of many binge-watchers The United States’ Federal Trade Commission (FTC) issued a warning late last year about an email-borne scam campaign in which fraudsters impersonate the streaming giant Netflix and phish for people’s personal information. This variation
As the curtain slowly falls on yet another eventful year in cybersecurity, let’s look back on some of the finest malware analysis by ESET researchers in 2018 If you never got the chance to read this year’s investigations by ESET researchers into some of the most dangerous hacker shenanigans in recent years, or if you
Did malware disrupt newspaper deliveries in major US cities? Here’s what’s known about the incident so far and the leading suspect: Ryuk ransomware. Plus, advice on defending your organization against such attacks. On the morning of Saturday, December 29, 2018, hundreds of thousands of American households were surprised to find that their daily newspaper was
An analysis of the workings of this new Emotet campaign, which has affected various countries in Latin America by taking advantage of Microsoft Office files to hide its malicious activity In November, we issued warnings about a huge new spam campaign which was being used to propagate Emotet. Considering the scale of the attack in some
Disposal of old tech requires thought and effort and the need to cleanse the device of any personal data is just one of the concerns Black Friday, Cyber Monday, holiday gifts or the New Year sales mean that you may be lucky enough to be in possession of a shiny new phone, laptop, tablet or
With just days left in 2018, ESET experts offer their reflections in ‘Cybersecurity Trends 2019’ on themes that are set to figure prominently in the upcoming year So, it’s almost a wrap for 2018. Before we rush to welcome in the New Year, however, let’s consider what may await the cybersecurity community and, indeed, the
Some useful advice for staying safe while hunting for bargains in this holiday season The holiday sales are here and shoppers will be out hunting for bargains, both online and offline. Retailers will create tempting email campaigns – some are already starting to hit my inbox – and cybercriminals will see the heightened online shopping
The unfortunate implications of a well-intentioned change to Google Play Developer policies – and the negative impact it has on ESET’s Android app customers When downloading an app from the Google Play store it’s likely that you are oblivious, unless you’re an app developer, to the Google Developer Policy that needs to be adhered to
There is still some time left to pick up some last-minute shopping before it’s too late but in the rush to do so don’t forget to do it safely Ever hear the phrase “If it’s too good to be true, it probably is”? By definition this phrase is used to describe situations which are so
Details are sparse about a security hole that Microsoft said is being exploited in targeted attacks Microsoft rolled out an emergency security update on Wednesday to patch a zero-day vulnerability in its Internet Explorer (IE) web browser that malicious actors are exploiting in the wild to hack into Windows computers. The security hole – classified
A probe launched immediately after the discovery of the suspected incident has yet to establish the scale of the potential damage The United States’ National Aeronautics and Space Administration (NASA) has notified all of its employees that their personal data may have been exfiltrated in a suspected security incident discovered two months ago. “On Oct.
In December 2013 news broke that Target suffered a breach that forced consumers and the cybersecurity community to question the security practices of retailers In the twenty years since the start of my career in InfoSec, there have been a handful of security incidents that really stick out in my mind; seismic events after which
Besides the usual suspects among the worst of passwords, a handful of notable – but similarly poor – choices make their debuts Password security company SplashData has released its annual list of the most commonly used passwords on the web, and the picture isn’t pretty. The number one spot belongs to ‘123456’, which is followed
As the threat of bogus apps continues, what can we do to protect ourselves against these fraudulent practices? There’s nothing new about advertisers and app developers using deceptive practices, but the Touch ID scam that Lukáš Štefanko wrote about recently is a significant twist in this ongoing story. Of course, iOS users are not alone
An interview with ESET researchers Tomáš Gardoň and Filip Kafka on their research of a malware toolkit used in espionage against the Malaysian government In a presentation at AVAR 2018, ESET’s Tomáš Gardoň and Filip Kafka uncovered their research of a previously undocumented espionage toolkit, used in targeted attacks against the Malaysian government in mid-2018.
ESET researchers discovered a new Android Trojan using a novel Accessibility-abusing technique that targets the official PayPal app, and is capable of bypassing PayPal’s two-factor authentication There is a new Trojan preying on Android users, and it has some nasty tricks up its sleeve. First detected by ESET in November 2018, the malware combines the
There is no evidence that the flaw was misused during the six days it was alive, said the tech giant Google is closing down its social network Google+ for consumers sooner than planned following the discovery of a new security issue that exposed the data of 52.5 million users. Only two months ago, Google announced
The “evolution” of these markets is making cybercrime easier than ever before Are you in the market for stolen data? How about some tools to help you steal data or make money by hijacking other people’s computers? Well you’re in luck. It is now easier than ever to engage in cybercrime thanks to “next generation”
ESET research shows that DanaBot operators have been expanding the malware’s scope and possibly cooperating with another criminal group DanaBot appears to have outgrown the banking Trojan category. According to our research, its operators have recently been experimenting with cunning email-address-harvesting and spam-sending features, capable of misusing webmail accounts of existing victims for further malware
ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, “The Dark Side of the ForSSHe”, they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats SSH, short for Secure SHell, is a network protocol to connect computers and devices
A welcome return to the hacker conferences of yesteryear There used to just be hacker conferences, but now the societal impact of increasingly connected systems seems much higher, so specialty conferences are popping up. Seeking to bring policy-makers and influencers together, where could be a more appropriate location for CyberwarCon than Washington D.C.? Notably, it’s
Fitness-tracking apps use dodgy in-app payments to steal money from unaware iPhone and iPad users Multiple apps posing as fitness-tracking tools were caught misusing Apple’s Touch ID feature to steal money from iOS users. The dodgy payment mechanism used by the apps is activated while victims are scanning their fingerprint seemingly for fitness-tracking purposes. There