ESET’s analysis of a recent backdoor used by TeleBots – the group behind the massive NotPetya ransomware outbreak – uncovers strong code similarities to the Industroyer main backdoor, revealing a rumored connection that was not previously proven Among the most significant malware-induced cybersecurity incidents in recent years were the attacks against the Ukrainian power grid

The law is intended to help curb attacks that rely on weak, non-existent or publicly disclosed passwords that far too often ship with web-connected gadgets California has passed a piece of legislation that bans weak default passwords on internet-connected devices sold in the region. Under the “Information privacy: connected devices” bill – which is the first Internet-of-Things (IoT)

A closer look at the technology that is rapidly growing in popularity Blockchain is generally associated with Bitcoin and other cryptocurrencies, but these are just the tip of the iceberg.  This technology was originally conceived in 1991, when Stuart Haber and W. Scott Stornetta described their first work on a chain of cryptographically secured blocks, but only gained notoriety in

If you own a Wi-Fi router, it may well be riddled with security holes that expose you to a host of threats Five out of every six (83%) Wi-Fi routers in US homes and offices leave their users at risk of cyberattacks, because their firmware is inadequately updated for security vulnerabilities, research by The American Consumer

Some tips for helping to keep your data more secure from the floor of VB 2018 With the proliferation of more advanced and freely available toolsets, commoditization of attack launch platforms, and availability of wholesale large-capacity network bandwidth for rent, cyberattack velocity is ramping up. If there’s a new vulnerability released you’ll get hit harder

What are some essential steps you can take to increase your online safety – now and in the long run? Here’s a question: What makes October special beyond Oktoberfest – which mostly takes place in September, anyway? Correct, October is recognized as European Cyber Security Month in Europe and as National Cyber Security Awareness Month

Striking the balance between supply, demand and safety is a major concern With the pressure to ship as early as possible, especially when it comes to hardware, what assurances do we have that the hardware is really clean, and that future updates won’t be hacked? Here at Virus Bulletin 2018, the conversation of how to

Answers could help raise awareness of situations that people fear Cybersecurity involves protecting the digital technologies upon which we depend against criminals who seek to abuse them for their own ends. Public support for efforts to reduce cybercrime is critical to society’s efforts to preserve the benefits of digital technologies. That is why I am

The social networking behemoth is expected to face a formal investigation by Ireland’s Data Protection Commission in what could be the “acid test” of GDPR since the law became effective in May Facebook has announced that it found no evidence that attackers had used stolen account access tokens on other websites or apps that enable

WeLiveSecurity is happy to support the European Cyber Security Month (ECSM) with its own “two cents”, split into four articles over the course of October that will be dedicated to promoting the campaign’s goals Information and communications technologies permeate our day-to-day lives and are vital for the daily operations of both enterprises and governments. This

It has yet to be determined whether the accounts were misused or what information was accessed. In the meantime, you can improve your account security with a few easy steps Facebook disclosed on Friday, September 28, that attackers had exploited a flaw in its code that allowed them “to steal Facebook access tokens which they

ESET CTO Juraj Malcho outlines some of the ways in which organizations can reduce their cybersecurity risk Given our growing digital dependency, cybersecurity incidents and the exploitation of security soft spots can have serious and cascading ramifications for businesses and their customers. Recent history has seen no shortage of high-profile cyberattacks and data breaches, giving

The timing of the attacks suggests that many attempts to take the networks offline may not necessarily be perpetrated by organized cybercriminal gangs Students and staff are suspected to be behind many distributed denial-of-service (DDoS) attacks at colleges and universities in the United Kingdom, recent research suggests. The non-profit Jisc – which among other things

The flaw affected one of the platform’s APIs between May 2017 and September 10 of this year, when it was patched “within hours” Twitter has fixed a bug that is believed to have shared Direct Messages (DMs) and protected Tweets of some users with developers who were not authorized to access that information. According to

ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe UEFI rootkits are widely viewed as extremely dangerous tools for implementing cyberattacks, as they are hard to detect and able to survive security

Should schools and businesses do more to combat the shortfall of cybersecurity professionals by changing the hiring process for those interested in having a career in the industry? There are few things that cause the computer security industry more concern than the need to avoid “false negatives”. While no product or technology is a silver

Public speaking and presenting at conferences can be daunting for the majority of people but by including some subtle tricks, the speaker can deliver a stronger message Even though the first part of this series has not yet been published at the time of writing, it will not surprise me if some of the feedback

Conversely, only a little over one-third of IT executives believe that their systems have never been hijacked to surreptitiously mine digital currencies A total of 30% of organizations in the United Kingdom fell victim to a cryptojacking attack in the previous month, a recent survey among 750 IT executives across the UK has found. The

ESET researchers have discovered new DanaBot campaigns targeting a number of European countries Recently, we have spotted a surge in activity of DanaBot, a stealthy banking Trojan discovered earlier this year. The malware, first observed in campaigns targeting Australia and later Poland, has apparently expanded further, with campaigns popping up in Italy, Germany, Austria, and

The skimmer, injected into the store’s payment page, harvested credit-card details from the store’s online customers for more than a month The major electronics and computer hardware retailer Newegg has announced that attackers have compromised its online payments system, potentially scooping up buyers’ credit-card data over a period of more than a month. “Yesterday we

Instead, the three men will cooperate with law enforcement and the broader research community – an area in which, it turns out, they already have quite some experience A US court has slapped an unusually lenient sentence on three men who’ve pleaded guilty to developing and operating a powerful botnet known as Mirai that in

Cybercrooks use bogus apps to phish six online banks and cryptocurrency exchange Another set of fake finance apps has found its way into the official Google Play store. This time, the apps have impersonated six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda. Using bogus forms,

Speaking at conferences can be daunting for presenters but often it is about striking the right balance between content and delivery As the (security) conference season draws nearer, my thoughts return to the many presentations I’ve suffered and inflicted over the past three decades. (Don’t get me wrong: there have also been many I’ve enjoyed.)

The screens in “key locations” are back up and running again, while the airport paid no ransom to return its systems to working order Bristol Airport in South West England has been hit by an apparent ransomware attack that prompted the airport to take flight information screens offline in an effort to keep the attack

ESET researchers have discovered several third-party add-ons for the popular open-source media player Kodi being used to distribute Linux and Windows cryptocurrency-mining malware If you use Kodi, you may have noticed that a popular, Dutch repository for third-party add-ons, XvBMC, was recently shut down upon copyright-infringement warnings. Following the shutdown, we discovered that the repository

In its heyday, Kelihos comprised up to 100,000 compromised devices that were capable of blasting out billions of malware-laden emails every day A Russian national has pleaded guilty in a US court to operating Kelihos, one of the longest-running and most pernicious botnets that was used, for almost seven years, to send untold numbers of spam

Taking advantage of the celebration of the Day of the Programmer, we share some audit tools to evaluate the security of your code September 13 is the 256th day of the year. These three digits may not mean anything to many people, but for those of us who work in different areas of computing it

Microsoft and Adobe have each shipped out their scheduled batches of patches to address security flaws in their respective software Microsoft’s Patch Tuesday this month is addressing 61 security flaws in Windows and other software, notably in web browsers Internet Explorer and Edge, as well as in Office, Sharepoint, Hyper-V, and the .NET Framework. Seventeen

A domain name once left behind can catch up with you – by giving fraudsters access to a treasure trove of sensitive information Cybercriminals can use an abandoned domain name to obtain all manner of private information belonging to the company that formerly owned the domain, as well as to its clients and employees, a

The several thousand glowing reviews that Adware Doctor had garnered prior to its removal were “likely fake”, researchers say Apple has pulled a highly popular app from the Mac App Store after security researchers found that the app secretly logged and sent the browsing histories of its users and other sensitive data to remote servers.