category
More Technical

CVE-2014-4114: Details on August BlackEnergy PowerPoint Campaigns

In this post we provide additional information on how a specially crafted PowerPoint slideshow file (.PPSX) led to the execution of a BlackEnergy dropper.

Cyber Security Awareness Month: It’s on!

October is National Cyber Security Awareness Month in America and each year this program brings more and more attention to issues that should be of concern to anyone who uses a computer, plus a low of how-to information, security resources, and awareness-raising events.

Support Scammers: Hoping to Reign in Spain?

More about the support scammer trend towards finding victims in Spain who aren’t fluent English speakers.

Bootkits, Windigo, and Virus Bulletin

ESET research on Operation Windigo received an award at Virus Bulletin 2014. Our research on bootkits was also well received, and is now available publicly.

How to fix Shellshock Bash on Mac OS X: Mavericks edition

Apple Mac OS X users concerned about the Bash vulnerability dubbed Shellshock got some relief late yesterday as Apple published fixes for various versions of OS X. But if you use Mavericks you will need to install 10.9.5 before the Bash fix will work.

Support Scams: Expect the Scammish Inquisition*

An update on support scams: but are the scammers looking for fresh fields and posturings new?

How to resolve Shellshock on Mac OS X, web servers and more

The “Bash Bug” or “Shellshock” vulnerability means a wide range of devices, servers and computers, including Mac OS X, will need to be patched to prevent abuse by malicious persons. Here’s advice about what to do and links to more in-depth resources.

4Chan: destructive hoaxes and the Internet of Not Things

The media have associated a number of destructive hoaxes with 4chan: people need some historical perspective on how the site actually works.

What’s behind the rise in cybercrime? Find out from this recorded presentation

Home Depot says it was hacked to the tune of 56 million payment cards. What is behind the current wave of cybercrime? This recorded presentation offers answers and some defensive strategies for organizations at risk.

Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland

State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that’s evolved into a sophisticated threat with a modular architecture.

Virus Bulletin presentations update

Updated information on ESET presentations at Virus Bulletin 2014.

Virus Bulletin, AVAR conferences: a tasty Conference Pair*

Autumn: the season of mists and mellow fruitfulness, not to mention a couple of excellent security conferences. Virus Bulletin and AVAR make a very tasty Conference Pair.

TorrentLocker now targets UK with Royal Mail phishing

Three weeks ago, iSIGHT Partners discovered a new Ransomware encrypting victims’ documents. They dubbed this new threat TorrentLocker. TorrentLocker propagates via spam messages containing a link to a phishing page where the user is asked to download and execute “package tracking information”. In August, only Australians were targeted with fake Australian Post package-tracking page. While

Anyone want to know my Social Security Number?

Your home may be your castle, but on social networks, your friends are your perimeter. Will they enclose and protect your personal data?

The state of healthcare IT security: are Americans concerned enough?

The privacy and security of medical records is a matter of concern to many Americans now that most are now stored electronically, but is there cause for concern? And who is most concerned?

Malware is called malicious for a reason: the risks of weaponizing code

The risks of using government use of malicious code in cyber conflict are examined in this paper by Andrew Lee and Stephen Cobb: Malware is called malicious for a reason: the risks of weaponizing code.

Homeland Security warns of new Point of Sale attacks

New malware targeting point of sale (PoS) systems, detected by ESET as Win32/Spy.Agent.OKG is described in a warning and analysis distributed by US-CERT, a reminder to increase security around PoS access.

Shaggy Dogma: Passwords and Social Over-Engineering

Given the ‘nightmare’ that is password management, is Microsoft right to say that it’s sometimes OK to re-use the same memorable password on several sites?

Win32/Aibatook: Banking Trojan Spreading Through Japanese Adult Websites

Win32/Aibatook targets Japanese bank customers with an unusual Internet Explorer monitoring technique. We believe the malware has been in development for months – and is now ready for take-off.

Could latest NSA revelations further impact online behavior, denting the economy?

Internet surveillance by America’s National Security Agency (NSA) has been further exposed by two new developments: the analysis of leaked NSA surveillance reports and the XKeyscore targeting code. Will these stories increase the number of Internet users who say they are inclined to reduce their online engagement due to the activities of the NSA and GCHQ.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.