In this post we want to share with you a question that arose from the first post in this series: whether exploits are the same as malware. What are we talking about? The best way to debunk any myth is to start by understanding what it is we are talking about.
A strain of malware which previously targeted banks has turned its attention to users of the popular Customer Relationship Management (CRM) software Salesforce, used by 100,000 organizations worldwide.
Anyone who has visited popular domains such as YouTube.com, Amazon.com or Ads.Yahoo.com could be a victim of a new, mutating malware attack distributed through the adverts displayed on the sites.
Three weeks ago, iSIGHT Partners discovered a new Ransomware encrypting victims’ documents. They dubbed this new threat TorrentLocker. TorrentLocker propagates via spam messages containing a link to a phishing page where the user is asked to download and execute “package tracking information”. In August, only Australians were targeted with fake Australian Post package-tracking page. While
There are plenty of scams effective enough to rate a warning or three, in the hope of alerting potential victims to the kind of gambit they use. And so, even though much of ESET’s business is focused on the bits and bytes of malicious software, I’ve spent a lot of time writing on WeLiveSecurity and
A phishing scam targeting Tesco bank customers puts on a festive party hat and pretends to offer something for nothing. Is this a topical trend?
Less innovative than the scam mails described in my previous articles (Phish to phry and The Thoughtful Phisher II), there are those phish messages that suggest a problem with your account that they need you to log in to fix. (Of course, you aren’t really logging in to a legitimate site.) Mostly their appeal is
In the previous Thoughtful Phisher blog, we looked at some visual clues that should tip you off that a email from a ‘bank’ is not to be trusted. Just as interesting here, though, is the variety of social engineering gambits used by this wave of phish campaigns. It’s worth taking a closer look at some
[A much shorter version of this article appeared in the October 2013 Threat Radar Report as ‘The Thoughtful Phisher’. As these particular scam/spam campaigns don’t seem to be diminishing, however – indeed, some of the phishing techniques seem to be getting more sophisticated – I thought perhaps it was worth updating and expanding for a
It so happens that I live over 5,000 miles from the ESET North America office in San Diego, and so tend not to have water cooler conversations with the people located there. Of course, researchers working for and with ESET around the world maintain contact through the wonders of electronic messaging, but there are lots
Major companies such as Disney, Boeing and General Electric are still handing out information to “hackers” using the most basic tool of all – the human voice, according to a report on a competition at DefCon.
ESET researchers explain the difficulties in attribution of targeted attacks; evidence is often circumstantial and the source never positively identified.
Google claims to have spotted and disrupted several phishing campaigns in Iran – attempts to compromise tens of thousands of email accounts in the run-up to the country’s presidential elections this Friday.
Twitter has warned media companies that attacks on their official Twitter accounts are liable to continue, after Britain’s Guardian newspaper became the latest high-profile news site to fall victim.
Most cyber attacks are simple and predictable, relying on basic tactics and preventable employee errors, according to Verizon’s annual Data Breach Investigations Report. The problem is made worse by the fact that companies often take months or even years to detect such breaches.
Twitter accounts used by CBS News were compromised on Saturday – and began serving up bogus news stories with links to malware.
A three-day “cyber war” ended in victory for a team from the U.S. Air Force Academy, who beat off attacks from hackers from the National Security AGency in the 13th annual Cyber Defense Exercise (CDX).
Utility companies have been warned not to share information such as email addresses on company websites, after a spear-phishing attack on an American electricity company.
Malicious spam may still be spreading across Yahoo! Mail accounts. We show you how to turn on the added verification process that Yahoo! offers.