category
General

Password handling: challenges, costs, and current behavior (now with infographic)

Online passwords are a pain, and not just when you have to type them to access your online bank account or shop at your favorite digital emporium. Password pain extends to the people who have to manage them. A few weeks ago we shared some initial findings from a recent poll of 2,129 U.S. adults

Brutalized! South Carolina breach exposes data security woes at State level

Brutalize? Yes, that’s what the Governor of South Carolina wants to do to the person who breached security at the South Carolina Department of Revenue (SCDOR) and exposed Social Security Numbers and other information pertaining to 3.6 million people, as well as 387,000 credit and debit card records. Speaking to the press on Friday, Gov.

Avoid Election Season Scams: Donations and cruises to avoid

As the Better Business Bureau recently warned, scam artists are gearing up for the Presidential election season. So what pitfalls do consumers face during the final stretch of campaigning, on computers and on the phone? Recently, we’ve seen examples of phony phone calls, phony websites seeking donations, and there may be more to come. Regular

Study finds 90 percent have no recent cybersecurity training

A new study finds that only 1 in 10 consumers have had any classes or training about protecting their computer and/or their personal information during the last 12 months. Indeed, a shocking 68 percent say they have never had any such training, ever. These and other findings, first revealed by ESET at the Virus Bulletin

Huawei? The how, what, and why of telecom supply chain threats

You spell it Huawei and say it wah-way and it’s all over the news. But what does it mean for the security of your data when, as the Wall Street Journal put it, “A U.S. Congressional report has labeled Chinese telecommunications company Huawei Technologies a national security threat”? As we will see, the implications for

FTC cracks down on tech support scams and feds nail fake AV perps

The federal government took much needed action today against sleazy PC tech support scammers and fake AV peddlers. Actions include lawsuits, a judgment of $163 million, and freezing of multiple assets. PC tech support scammers will be familiar to regular readers of this blog because David Harley and others have charted the progress of this

PC Support Scams – Virus Bulletin paper

Another year, another fine Virus Bulletin conference come and gone. And some of us even got long-service badges. (My first VB was in 1996, and my first VB presentation in 1997, but there are people like our own Righard Zwienenberg whose attendance record goes back way further.) (Yes, it did rain the last day or

Facebook timeline privacy/security: protect your account and identity (2/2)

In our last post (part 1 of 2), we dove into Facebook timeline privacy and security, prompted by the universal imposition of the timeline view that is currently under way on the world’s largest social network. In this second part, we continue reviewing our Facebook timeline from other people’s perspective, using a tool called View

Flashback Wrap Up

Six months ago, Flashback was attracting a lot of attention from researchers and media due to its wide spread and interesting features. Since then, we have witnessed its operator abandoning control of the botnet by shutting down its latest command and control server. This happened in May this year. The number of infected systems has

Nitol Botnet: You Will Never Break The Chain

Nitol versus Michelangelo: the supply chain is much more than the production line.

Facebook timeline security & privacy: steps to keep your account & identity safe

Now that Facebook’s timeline feature is in the final stages of being rolled out to all users (including, finally, to my account), it is important that everyone understands how to use the feature and, most importantly, how to secure your identity and privacy in its new context. Timeline is quite a simple feature, introduced by

Threat Reports and other Information

Information about the August Global Threat Report and where to find other ESET resources

FinSpy and FinFisher spy on you via your cellphone and PC, for good or evil?

We read that “FinFisher spyware made by U.K.-based Gamma Group can take control of a range of mobile devices, including Apple Inc.’s iPhone and Research in Motion Ltd.’s BlackBerry…”, at the opening of a Bloomberg article that several readers of the ESET blog sent us yesterday, along with a number of questions that boil down

Java zero day = time to disable Java, in your browser at least

Now is the time to disable Java in your web browser, or even remove it from your system if that is practical. Why? The bad guys are hard at work trying to exploit a zero day vulnerability in the latest version of Java (version 1.7, Update 6.). This vulnerability is the subject of a US-CERT

The Cloud for SMBs: 7 tips for safer cloud computing

Ahead of next week’s VMWorld in San Francisco, here are some thoughts on the safe use of cloud computing for smaller businesses, along with a podcast (see the link at end of the post). The Cloud concept, a flexible Virtual Machine (VM) based system that allows rapid expansion and dedicated functionality without hiring new staff,

Quervar Induc.C reincarnate?

Win32/Quervar (a.k.a Dorifel, XDocCrypt) is a virus family that has been in the news recently, especially in the Netherlands. It has been reported to be causing havoc on computers of several notable Dutch institutions. In our analysis, we provide additional technical details about the workings of the virus and compare it to another virus, the

FBI Ransomware: Reveton seeks MoneyPak payment in the name of the law

A crime wave of malware that demands money from victims to avoid prosecution by the FBI has been alarming web surfers across America. Victims suddenly find their computer frozen, and an official-looking  page, like the one shown below, is displayed in their web browser. The FBI and the Internet Crime Complaint Center (IC3) have received

Interconnection of Gauss with Stuxnet, Duqu & Flame

Last week, reports of a new malware named Gauss emerged, a complex threat that has attracted a lot of media attention due to its links to Stuxnet and Flame and its geographical distribution.  Since ESET has added detection for this threat, we are seeing geographical distribution of detection reports similar to those detailed by Kaspersky.

Win32/Gataka banking Trojan – Detailed analysis

Win32/Gataka is an information-stealing banking Trojan that can read all of your web traffic and alter the balance displayed on your online banking page to hide fraudulent transfers. It exhibits a modular architecture similar to that of SpyEye, where plugins are required to achieve most of the malware functionality. In our previous blog post, we

Authentication attacks: Apple, Amazon, iCloud, Google, anything with a password

Sharing details of the hack that “wiped his life” has earned Mat Honan a place in the annals of information system security; the specific inter-dependence of flawed authentication systems that cost him so dearly–encompassing Apple, iCloud, Amazon.com, Gmail and more–would probably still exist if Mat had not gone public. Wired has the full story here

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2015 ESET, All Rights Reserved.