Phishing for Tesco Shoppers
A phishing scam targeting Tesco bank customers puts on a festive party hat and pretends to offer something for nothing. Is this a topical trend?
Archives - December 2013
The ‘Digital Guardian’: IBM’s security expert explains why ‘Steve’ might watch your eating habits to keep you secure
Here, J.R. Rao, IBM Director for Security Research, explains why the idea of a digital guardian who watches for unusual behavior is not science fiction - but very close to reality.
Clubbed to death? Bitcoin‑only poker site Seals With Clubs leaks 42,000 passwords in attack
An online poker site which did all its cash-ins and cash-outs in Bitcoin has admitted to a data breach in which 42,000 user passwords were stolen - and is instituting emergency measures to prevent the attackers gaining access to the cryptocurrency.
A look back at 2013 from some folks who live security
A look back at security research highlights from 2013. ESET researchers examined everything from Java exploits to rootkits, bootkits, worms, viruses, Trojans, targeted attacks, and security initiatives. Read about malware from Hesperbot to Cryptolocker and headline security breaches like Target, all in one report.
Cryptolocker 2.0 – new version, or copycat?
Last month we discovered filecoder malware which called itself “Cryptolocker 2.0”. Naturally, we wondered if this is a newer version of the widespread ransomware from the creators of the first. We look at the details that hint that it might have been created by some other, unknown, cybercrime gang.
Target breached: 5 defensive steps shoppers should take now
Tips for shoppers worried that their credit or debit cards may have been compromised by the massive security breach at Target stores.
Target down? “Biggest data breach ever” leaks 40 million credit and debit cards from retailer at height of shopping season
Details of 40 million customer debit and credit cards may have leaked in a data breach at American retailer Target - which began on November 27 and ended on December 15, affecting stores at the height of shopping season.
Holiday shoppers turning to mobile to bag bargains – but ignoring security risk, survey finds
This holiday season, shoppers are turning to mobile as a new way to hunt bargains, with purchases via mobile platforms nearly doubling year-on-year - but nearly one third of shoppers polled admitted to serious security errors, such as storing card details in smartphones.
The Death of Anti‑Virus: conference paper
Death of a Sales Force: Whatever Happened to Anti-Virus? is a paper written by Larry Bridwell and myself for the 16th AVAR conference in Chennai, which was kindly presented by ESET’s Chief Research Officer Juraj Malcho, as neither Larry nor myself were able to attend the conference in the end. The paper is also available
Qadars – a banking Trojan with the Netherlands in its sights
The first sign we saw of this malware was in mid-May 2013, but it is still very active, and uses Android to bypass two-factor authentication systems. It clearly seeks to infect Dutch computers - 75% of detections come from this region.
Companies have “heads in sand” about security threat as employees sneak mobile devices to work, report warns
Employers are failing to face up to the threats posed by employees who use their own mobile devices at work - 40% of companies do not consider the 'bring your own device' (BYOD) trend even to be on their agenda, according to a survey of IT workers.
Will 2014 be the year passwords die? Five out‑there ideas that aim to take their place
The two million people who had chosen “123456” as their Adobe password were widely mocked online after the company's security breach - but most users (and companies) hate passwords, and some have big (and surreal) ideas about what's coming next....
Phear of Phishing
(All four blog articles in this series, of which this article is the last, are available as a single paper here: The_Thoughtful_Phisher_Revisited.) From the sort of ‘visit this link and update or we’ll cancel your account’ message that we saw in the previous blog in this series (The Less Thoughtful Phisher), it’s a short step
ESET’s Threat Trends Predictions 2014: The next battle for internet privacy, a new assault on Androids, and a new wave of hi‑tech malware
The 2014 threat trends report from ESET's global network of cybersecurity experts centers on three key trends, the first and foremost being digital privacy, the others being threats to mobile devices, and new, hi-tech malware targeting PCs and other devices in the home.
Malicious Firefox add‑on turns thousands of PCs into botnet which “hunts” weak websites
A Firefox add-on has turned 12,500 users of the browser into a botnet which scours every page visited by infected users for vulnerabilities. The ‘Advanced Power’ add-on ensnared 12,500 PCs - and found 1,800 vulnerable websites for its unknown creators.
Biometric ‘Smart ID’ card could offer the ultimate in portable security
A new ‘Smart ID’ card, BluStor, aims to “eliminate hacking and identity theft” - using a combination of voiceprints, fingerprints and iris readings and connecting to mobile devices via Bluetooth, so an app can confirm a user’s ID instantly.
Small businesses are new target for criminals as attacks double, report warns
The assault by cybercriminals against big businesses continued this year -78% were attacked by outsiders, according to a report by Price Waterhouse Cooper. But small businesses - those with less than 50 employees - are rapidly becoming a target.
NSA saves world from plot to “remotely destroy” PCs, claims NSA director
An international plot which would have turned huge numbers of PCs into “bricks” by using deeply buried malware was foiled by the NSA, according to an interview given to CBS by NSA director Keith Alexander. The attack could have "taken down the U.S. economy", an NSA official claimed.
Exploit Protection for Microsoft Windows
we provide more detail on the most exploited applications and advise a few steps users can (and should) take to further strengthen their defenses.
Pictures of fish‑kissing President might be key to secure, easy‑to‑remember passwords
Your next PC password could be President Bill Clinton kissing a fish - and that disturbing mental image, and similar surreal “story images” could be the key to creating strong passwords across multiple accounts, according to Carnegie Mellon researchers.