Cyber Security

0 Comments
ESET research shows that DanaBot operators have been expanding the malware’s scope and possibly cooperating with another criminal group DanaBot appears to have outgrown the banking Trojan category. According to our research, its operators have recently been experimenting with cunning email-address-harvesting and spam-sending features, capable of misusing webmail accounts of existing victims for further malware
0 Comments
ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, “The Dark Side of the ForSSHe”, they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats SSH, short for Secure SHell, is a network protocol to connect computers and devices
0 Comments
A welcome return to the hacker conferences of yesteryear There used to just be hacker conferences, but now the societal impact of increasingly connected systems seems much higher, so specialty conferences are popping up. Seeking to bring policy-makers and influencers together, where could be a more appropriate location for CyberwarCon than Washington D.C.? Notably, it’s
0 Comments
Fitness-tracking apps use dodgy in-app payments to steal money from unaware iPhone and iPad users Multiple apps posing as fitness-tracking tools were caught misusing Apple’s Touch ID feature to steal money from iOS users. The dodgy payment mechanism used by the apps is activated while victims are scanning their fingerprint seemingly for fitness-tracking purposes. There
0 Comments
Defensive steps for Marriott Starwood guests worried their personal information may have been compromised by the massive data breach If you are into cybersecurity, or data privacy, or staying at hotels, you have probably heard that Marriott International – one of the world’s largest hotel chains – announced a huge data breach today involving the Starwood reservations
0 Comments
The hacking and extortion scheme took place over a 34-month period with the SamSam ransomware affecting over 200 organizations in the US and Canada The United States Department of Justice (DOJ) unsealed indictments against two alleged Iranian hackers accused of being the miscreants behind the infamous SamSam ransomware attacks. The six-count indictment named Faramarz Shahi
0 Comments
The country’s first fine under GDPR is lower than might have been expected, however, as the company was acknowledged for its post-incident cooperation and enhanced security measures A German social media platform called Knuddels.de has been fined with €20,000 following a breach that exposed the personal information of 330,000 users, including their passwords and e-mail
0 Comments
International law enforcement swoops on fake ad viewing outfit On Monday, October 22nd, a disruption action involving law enforcement bodies worldwide targeted “3ve”, a major online ad fraud operation. Today, on November 27, 2018, a 13-count indictment against eight defendants was unsealed. Out of these eight defendants, three are in custody and awaiting extradition. Ad fraud
0 Comments
Emotet starts another massive spam campaign just as Black Friday begins to pick up steam ESET has detected another large Emotet campaign, probably connected with the increased online shopping and email correspondence around Black Friday. Compared to the previous attacks, the operators have slightly modified their modus operandi. Emotet is still being distributed via spam
0 Comments
The breach exposed the personal data of 160,000 people and cost the telecom company £77 million Two young Brits have been jailed for their roles in the breach at the telecommunications company TalkTalk in 2015, The Guardian reports. The Old Bailey criminal court in London sentenced Matthew Hanley, 23, and Connor Allsopp, 21, both from Staffordshire,
0 Comments
ESET researchers identified 21 distinct websites that had been compromised including some particularly notable government and media sites ESET researchers have discovered a new watering hole campaign targeting several websites in Southeast Asia, and that is believed to have been active since September 2018. This campaign stands out because of its large scale, as we
0 Comments
In August 2018, Sednit’s operators deployed two new Zebrocy components, and since then we have seen an uptick in Zebrocy deployments, with targets in Central Asia, as well as countries in Central and Eastern Europe, notably embassies, ministries of foreign affairs, and diplomats. The Sednit group has been operating since at least 2004, and has
0 Comments
Almost all young people recycle their passwords, often doing so across work and personal accounts The prevalence of cybersecurity incidents and the concomitant growing concerns about any organization’s cybersecurity posture haven’t done much to discourage many employees from engaging in poor security habits, a survey has found. In some respects, employees’ cyber-hygiene is actually getting
0 Comments
Industry standard specification does not guarantee the safety of the self-encrypting drives despite verification The need to encrypt data on devices has never been greater, especially with legislation such as the European Union’s General Data Protection Regulation (GDPR). Purchasing a self-encrypting drive (SED) that adheres to the industry standard, published as the Trusted Computing Group’s
0 Comments
The campaign’s goals aren’t immediately clear, as the malefactors don’t appear to be leveraging the hijacked websites for further nefarious purposes Attackers have been exploiting a security weakness in a GDPR compliance plugin for WordPress to seize control of vulnerable websites, according to a blog post by Defiant, which makes Wordfence security plugins for the
0 Comments
The recent spike in Emotet activity shows that it remains an active threat A week after adding a new email content harvesting module, and following a period of low activity, the malicious actors behind Emotet have launched a new, large-scale spam campaign. What is Emotet? Emotet is a banking Trojan family notorious for its modular
0 Comments
Prevention is the best option but people continue to search for the easiest way out When you work in IT and you’re at a dinner party and somebody asks, ‘What do you do?’ you can usually see the blood run from their face as they’re like, “Oh my God, why me? My one night out this
0 Comments
Celebrated annually on November 3, Antimalware Day is an opportunity to recognize the work of cybersecurity professionals Since 2017, November 3 has been celebrated as Antimalware Day. Established by ESET, Antimalware Day aims to honor the work done by researchers in the field of information security and in the technology industry as a whole. As