ESET research shows that DanaBot operators have been expanding the malware’s scope and possibly cooperating with another criminal group DanaBot appears to have outgrown the banking Trojan category. According to our research, its operators have recently been experimenting with cunning email-address-harvesting and spam-sending features, capable of misusing webmail accounts of existing victims for further malware

ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, “The Dark Side of the ForSSHe”, they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats SSH, short for Secure SHell, is a network protocol to connect computers and devices

A welcome return to the hacker conferences of yesteryear There used to just be hacker conferences, but now the societal impact of increasingly connected systems seems much higher, so specialty conferences are popping up. Seeking to bring policy-makers and influencers together, where could be a more appropriate location for CyberwarCon than Washington D.C.? Notably, it’s

Fitness-tracking apps use dodgy in-app payments to steal money from unaware iPhone and iPad users Multiple apps posing as fitness-tracking tools were caught misusing Apple’s Touch ID feature to steal money from iOS users. The dodgy payment mechanism used by the apps is activated while victims are scanning their fingerprint seemingly for fitness-tracking purposes. There

A recent survey carried out by ESET has revealed that Americans are worried most about cyberattacks on the financial sector, listing it above attacks against hospitals, voting systems, or energy supply companies A lot has changed over the last decade when it comes to cyberattacks and the threat landscape. We have seen an evolution of

Defensive steps for Marriott Starwood guests worried their personal information may have been compromised by the massive data breach If you are into cybersecurity, or data privacy, or staying at hotels, you have probably heard that Marriott International – one of the world’s largest hotel chains – announced a huge data breach today involving the Starwood reservations

The hacking and extortion scheme took place over a 34-month period with the SamSam ransomware affecting over 200 organizations in the US and Canada The United States Department of Justice (DOJ) unsealed indictments against two alleged Iranian hackers accused of being the miscreants behind the infamous SamSam ransomware attacks. The six-count indictment named Faramarz Shahi

The country’s first fine under GDPR is lower than might have been expected, however, as the company was acknowledged for its post-incident cooperation and enhanced security measures A German social media platform called Knuddels.de has been fined with €20,000 following a breach that exposed the personal information of 330,000 users, including their passwords and e-mail

International law enforcement swoops on fake ad viewing outfit On Monday, October 22nd, a disruption action involving law enforcement bodies worldwide targeted “3ve”, a major online ad fraud operation. Today, on November 27, 2018, a 13-count indictment against eight defendants was unsealed. Out of these eight defendants, three are in custody and awaiting extradition. Ad fraud

As we increasingly make use of our smartphones to satisfy our shopping needs, let’s shine a light on how these hubs of our digital lives can be used to shop securely, on and around a day dedicated to online deals Let’s get a bit statistical first. On Cyber Monday in 2017, smartphones and tablets accounted

As the unofficial beginning of the holiday shopping season catches us up in the frenetic hunt for all those fantastic bargains, the shopping bonanza presents a host of risks to your online safety. Here are a few tips for going on a shopping spree and staying safe You may escape the incessant festive tunes and

Emotet starts another massive spam campaign just as Black Friday begins to pick up steam ESET has detected another large Emotet campaign, probably connected with the increased online shopping and email correspondence around Black Friday. Compared to the previous attacks, the operators have slightly modified their modus operandi. Emotet is still being distributed via spam

The suspect is believed to have carried out the scam on no fewer than six executives in the Bay Area, albeit ultimately with varying success A 21-year-old man from New York is facing charges over the alleged theft of $1 million from a Silicon Valley executive after taking control of his phone number in a

The software giant takes passwords one step closer to obsolescence as it now enables users to log into their Microsoft accounts with more modern forms of authentication Microsoft has announced that it is enabling users to log into their Microsoft accounts without usernames and passwords. Instead of passwords – which the tech behemoth has previously

The breach exposed the personal data of 160,000 people and cost the telecom company £77 million Two young Brits have been jailed for their roles in the breach at the telecommunications company TalkTalk in 2015, The Guardian reports. The Old Bailey criminal court in London sentenced Matthew Hanley, 23, and Connor Allsopp, 21, both from Staffordshire,

ESET researchers identified 21 distinct websites that had been compromised including some particularly notable government and media sites ESET researchers have discovered a new watering hole campaign targeting several websites in Southeast Asia, and that is believed to have been active since September 2018. This campaign stands out because of its large scale, as we

In August 2018, Sednit’s operators deployed two new Zebrocy components, and since then we have seen an uptick in Zebrocy deployments, with targets in Central Asia, as well as countries in Central and Eastern Europe, notably embassies, ministries of foreign affairs, and diplomats. The Sednit group has been operating since at least 2004, and has

90% of Canadians surveyed agreed that cybercrime was an important “challenge to the internal security of Canada” According to new research being published today, most Canadians now see cybercrime as a threat to their country, while many also believe that their chances of being victimized by cybercrime are increasing. These are some of the key

Almost all young people recycle their passwords, often doing so across work and personal accounts The prevalence of cybersecurity incidents and the concomitant growing concerns about any organization’s cybersecurity posture haven’t done much to discourage many employees from engaging in poor security habits, a survey has found. In some respects, employees’ cyber-hygiene is actually getting

Industry standard specification does not guarantee the safety of the self-encrypting drives despite verification The need to encrypt data on devices has never been greater, especially with legislation such as the European Union’s General Data Protection Regulation (GDPR). Purchasing a self-encrypting drive (SED) that adheres to the industry standard, published as the Trusted Computing Group’s

How much higher are the odds that your device will be exposed to malware if you download apps from outside Google Play or if you use one of Android’s older versions? Google has the numbers You need to stick to Google Play for apps and run as recent a version of Android as possible if

The campaign’s goals aren’t immediately clear, as the malefactors don’t appear to be leveraging the hijacked websites for further nefarious purposes Attackers have been exploiting a security weakness in a GDPR compliance plugin for WordPress to seize control of vulnerable websites, according to a blog post by Defiant, which makes Wordfence security plugins for the

A look back at two of the most damaging malicious codes of the 1990s Every Monday in November we will be dipping into the history books and remembering some of the most infamous computer threats of each decade, starting with the 1980s and continuing on until 2010 as we continue to mark Antimalware Day and

This is the third time that the Air Force asks ethical hackers to uncover chinks in its digital armor The United States Air Force has announced the launch of a fresh round of its bug bounty program in which ethical hackers are invited to identify vulnerabilities in the security of its digital assets. This is

The recent spike in Emotet activity shows that it remains an active threat A week after adding a new email content harvesting module, and following a period of low activity, the malicious actors behind Emotet have launched a new, large-scale spam campaign. What is Emotet? Emotet is a banking Trojan family notorious for its modular

Prevention is the best option but people continue to search for the easiest way out When you work in IT and you’re at a dinner party and somebody asks, ‘What do you do?’ you can usually see the blood run from their face as they’re like, “Oh my God, why me? My one night out this

The move is part of Google’s continued clampdown on adverts that are intended to hoodwink users Chrome 71, due out in December, will come with enhanced in-built protections aimed at safeguarding users from harmful advertising, according to a note by Google Product Manager Vivek Sekhar this past Monday. Using a feature called abusive sites filtering,

Latest ESET research shows just how far attackers will go in order to steal bitcoin from customers of one specific virtual currency exchange On November 3, attackers successfully breached StatCounter, a leading web analytics platform. This service is used by many webmasters to gather statistics on their visitors – a service very similar to Google

This instalment in our series of articles to mark Antimalware Day tells the stories behind two creations that are representative of the 1980s: a virus viewed as the first-ever PC virus and a worm that caused the greatest damage ever wrought by a piece of malware up to that point As promised on Friday when

Celebrated annually on November 3, Antimalware Day is an opportunity to recognize the work of cybersecurity professionals Since 2017, November 3 has been celebrated as Antimalware Day. Established by ESET, Antimalware Day aims to honor the work done by researchers in the field of information security and in the technology industry as a whole. As