Phish Phood for Thought

In 2007, David Harley and Andrew Lee suggested at Virus Bulletin that poorly-designed phish quizzes did more harm than good. Has the picture changed much?

RSA Conference 2015: too much technology and not enough people?

Major themes of the 2015 RSA Conference: the degree to which the deployment of digital devices is outpacing our ability to deploy humans with the necessary skills and knowledge needed to secure data and systems.

RSA 2015, the year security goes mainstream

What were the major themes from the RSA 2015 conference? Cameron Camp is on hand to give his verdict…

Slides from the RSA conference: where the world talks security

Slides of ESET presentations at RSA are now available including the SMB Cyber Security Survival Guide and “What THEY want with your digital devices.”

Information Security Disconnect: RSA, USB, AV, and reality

The world's largest information security event, the annual RSA Conference, is over for another year. Most of the more than 18,000 people who attended the 2012 gathering are probably back home now, getting ready to go into the office. What will be top of mind for them, apart from "How did I manage to survive

Infosecurity Conference APTitude Adjustment

If you're interested in the "APT: Real Threat or Just Hype" keynote session I took part in during the recent Infosecurity Virtual Conference, you can now hear and see the presentations and Q&A  (and the other panel sessions from the conference). Register here. Here are the details for that keynote session, chaired by Steve Gold,

TDL Tracking: Peer Pressure

Recently … our TDL tracker picked up a brand new plugin for TDL4 kad.dll (Win32/Olmarik.AVA) which we haven’t seen earlier … we discovered that it implements a particularly interesting network communication protocol …

Why the IMF breach?

In the absence of any detailed information from the IMF itself, it’s not surprising that most of the surmise around the attack is based on internal IMF memos quoted by Bloomberg, and much of it is rather tenuous.

Lockheed Martin breached by unknown digital assailants

In an unfortunate series of events related to the RSA SecurID technology, reports are coming in that Lockheed Martin's networks have been broken into by unknown perpetrators.  Jim Finkle and Andrea Shalal-Esa broke an exclusive story and reached out to folks in the industry to get to the truth. "They breached security systems designed to

Phishphloods: Not all Phishing is Spear-Phishing

You don't need more advice from me on avoiding phishing following the Epsilon fiasco: Randy, among others has posted plenty of sound advice, and I put some links to relevant articles here, though I don't know of anyone who's published a list of the whole 2,500 or so companies that are apparently Epsilon's customers, though comment threads

Spearphishing APT-itude Test

My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack.  Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself

February ThreatSense Report

The February ThreatSense Report is now available…

RSA 2011 Security Conference and Trade Show

Today kicks off the RSA conference in San Francisco. This is the 20 anniversary for the RSA conference. RSA stands for Rivest, Shamir and Adleman, who invented RSA encryption. The RSA conference and trade show has grown from an encryption focused conference to one which includes virtually every aspect of digital security. As has been

Patchwork for the Home and the Enterprise

SC Magazine's Dan Raywood reports that "To be completely patched requires an average of between 51 and 86 actions per year", quoting findings by Secunia that " in order for the typical home user to stay fully patched, an average of 75 patches from 22 different vendors need to be installed, requiring the user to


Greetings, friends and fiends. I've been uncharacteristically quiet for the past couple of weeks, due to the AMTSO workshop last week in Santa Clara. There was, as usual, some lively discussion: though no papers were approved at the meeting, some are close enough to finished to be voted on shortly. (See also the AMTSO blog

Come See Us at RSA

If you’re going to be attending RSA in San Francisco next week, stop by our booth (#1751) and say hi! ESET bloggers Jeff Debrosse, David Harley, and I will be there.  Jeff and I will take turns presenting “Security’s Rosetta Stone: Translating security to human behavior”. You can also enter a drawing to win some

Fake Anti-Malware: Blurring the Boundaries

It won’t come as a surprise to regular readers of this blog that there’s a lot of fake/rogue anti-malware about. (see http://www.eset.com/threat-center/blog/category/fake-anti-malware-fake-software). However, a report released at RSA Europe goes some way towards quantifying that threat, and has created something of a stir in the media. That’s to be expected: journalists tend to love facts and figures. Anti-malware

Follow us

Copyright © 2015 ESET, All Rights Reserved.