ESET uncovers CloudMensis, a macOS backdoor that spies on users of Mac devices and communicates with its operators via public cloud storage services. | Continue reading
ESET researchers have uncovered yet another data wiper, CaddyWiper, that was used in attacks against organizations in Ukraine. | Continue reading
ESET research releases a comparison of the most important TTPs used by all known malicious frameworks that have been used to attack air-gapped networks. | Continue reading
ESET researchers uncover strategic web compromise (aka watering hole) attacks against high-profile websites in the Middle East. | Continue reading
ESET researchers uncover FontOnLake, a malware family that uses custom and well-designed modules to target operating systems running Linux. | Continue reading
While the right to repair seems like a classic black-and-white situation pitting consumers against manufacturers, it is actually a more nuanced discussion, especially when security comes into play. | Continue reading
Apple has rolled out an update for the iOS and iPadOS operating systems to fix three zero-day security flaws that are being actively exploited in the wild. | Continue reading
ESET dissects Vadokrist, a banking trojan that targets financial institutions in Brazil and is distributed via malicious spam emails. | Continue reading
Researchers uncover a security flaw in Visa’s EMV contactless protocol that could allow attackers to perform PIN bypass attacks and commit credit card fraud. | Continue reading
Following their discovery of the KrØØk vulnerability, ESET researchers reveal that variants of the same flaw affect even more Wi-Fi chips than initially thought. | Continue reading
ESET researchers have discovered a new, modular backdoor that they named PipeMon and that was used by the Winnti Group against several South Korea- and Taiwan-based companies that develop MMO (Massively Multiplayer Online) games. | Continue reading
More than 99.9 percent of Microsoft enterprise accounts that get invaded by attackers didn’t use multi-factor authentication (MFA). Generally, only 11 percent of all Microsoft enterprise accounts have MFA enabled | Continue reading
ESET researchers uncovered a security flaw affecting Wi-Fi chips that are commonly used in devices such as smartphones, tablets, laptops, and IoT gadgets. | Continue reading
ESET researchers have discovered a new campaign of the Winnti Group that deploys ShadowPad and Winnti malware to target universities in Hong Kong. | Continue reading
ESET researchers have discovered DePriMon, a new downloader with a novel, not previously seen in the wild installation technique | Continue reading
ESET researchers describe how they discovered a year-long adware campaign on Google Play that ultimately affected millions of users. | Continue reading
ESET research shows how The Dukes, the APT group suspected of breaching the DNC, has been busy compromising government targets while staying under the radar for years. | Continue reading
ESET researchers dissect a previously undocumented backdoor that the Winnti Group has used to target Microsoft SQL (MSSQL) servers. | Continue reading
An introduction to the MITRE ATT&CK framework and how it can help organize and classify various types of threats and adversarial behaviors | Continue reading
ESET researchers discover a new Android ransomware family that attempts to spread to victims’ contacts and deploys some unusual tricks. | Continue reading
ESET research uncovers a zero-day exploit that leverages a vulnerability in Windows and that has been deployed for a surgically targeted attack. | Continue reading
ESET researchers have analyzed fake cryptocurrency wallets cropping up on Google Play at the time of bitcoin’s renewed growth. | Continue reading
An open invite to white-hat hackers has been issued by Tesla with huge incentives that include a car and almost $1m on offer for Tesla Model 3 hacks. | Continue reading
The country’s first fine under GDPR is lower than might have been expected with the German chat site receiving praise for its “very good cooperation” and “exemplary transparency”. | Continue reading
ESET researchers discovered a new Android Trojan using a novel Accessibility-abusing technique that targets the official PayPal app. | Continue reading
Latest ESET research details how attackers compromised a leading web analytics service with the ultimate aim of stealing bitcoin from customers of one specific virtual currency exchange. | Continue reading
ESET research has revealed that GreyEnergy is the successor to the infamous BlackEnergy APT group despite the threat actors behind it trying to stay under the radar by focusing on espionage and reconnaissance. | Continue reading
ESET researchers have discovered the first in-the-wild UEFI rootkit. Dubbed LoJax, the research team has shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe … | Continue reading
Malware from a newly uncovered group PowerPool has been exploiting zero-day vulnerability in the wild, only two days after its disclosure. The vulnerability affects Microsoft Windows OSes from Windows 7 to Windows 10 and in particular, the ALPC function, and allows a LPE. | Continue reading
Claiming to increase the credit card limit for users of three Indian banks, the malicious apps phish for credit card details and internet banking credentials using bogus forms. These details are then leaked online. | Continue reading
ESET researchers identified a malicious PDF sample that revealed that the sample exploited two unknown vulnerabilities, a remote-code execution vulnerability in Adobe Reader and a privilege escalation vulnerability in Microsoft Windows, that when combined became extremely powerfu … | Continue reading
It has been one year since the WannaCryptor ransomware outbreak caused huge cyber-disruptions around the world and while that direct incident is no longer causing chaos, the EternalBlue exploit that enabled the outbreak continues to pose a serious threat to unpatched and unprotec … | Continue reading