Bootkits, Windigo, and Virus Bulletin
ESET research on Operation Windigo received an award at Virus Bulletin 2014. Our research on bootkits was also well received, and is now available publicly.
Archives - September 2014
How to fix Shellshock Bash on Mac OS X: Mavericks edition
Apple Mac OS X users concerned about the Bash vulnerability dubbed Shellshock got some relief late yesterday as Apple published fixes for various versions of OS X. But if you use Mavericks you will need to install 10.9.5 before the Bash fix will work.
StealthGenie CEO arrested for marketing ‘illegal stalking app’
The creator of an app that secretly allows you to monitor another person’s smartphone usage without their knowledge has been arrested in Los Angeles, according to Slashgear.
FBI Director “very concerned” with smartphone encryption
With Apple, Google and other tech companies responding to users’ demands for privacy with further smartphone encryption options, not everyone is happy. FBI Director James Comey is “very concerned” about increased mobile OS encryption, according to TechSpot.
Support Scams: Expect the Scammish Inquisition*
An update on support scams: but are the scammers looking for fresh fields and posturings new?
How George Clooney made sure phone hackers didn’t ruin his wedding
Newly weds George Clooney and Amal Alamuddin supplied guests with "burner phones" to prevent photographs from falling into the hands of hackers and the tabloid press.
Week in security: Bash Bug, BlackEnergy and hoax attacks
This week, a serious software vulnerability, which rapidly became known as the ‘Bash Bug’ or ‘Shellshock’ dominated the headlines, as two other faked news stories showed that hoaxes can fool the world very easily these days.
How to resolve Shellshock on Mac OS X, web servers and more
The "Bash Bug" or "Shellshock" vulnerability means a wide range of devices, servers and computers, including Mac OS X, will need to be patched to prevent abuse by malicious persons. Here's advice about what to do and links to more in-depth resources.
4Chan: destructive hoaxes and the Internet of Not Things
The media have associated a number of destructive hoaxes with 4chan: people need some historical perspective on how the site actually works.
Healthcare data worth ten times price of credit card data
Medical information is now worth up to 10 times the price of credit card details on online black markets, due to weak healthcare security and a thriving black market in data to be used for medical fraud.
eBay scams – site says ‘no plans’ to ban ‘active’ listings
Auction site eBay has remained defiant about ‘active’ listings ,containing computer code, despite multiple reports indicating that these are being used for phishing attacks.
Destiny game servers under attack
The hit shoot ‘em up Destiny has been targeted by a cybercriminal gang thought to be behind recent attacks on game companies including Sony and Blizzard, creators of World of Warcraft.
Emma Watson images – ‘countdown’ to leak after UN speech
In what appears to be a misogynist attack directed at Harry Potter actress Emma Watson, a site has appeared supposedly offering a countdown until images of her are released online.
Facial recognition – boom in sites such as dating services
Facial recognition is booming, with the market expected to grow from $1.92 billion to $6.5 billion in 2018 - and invading markets such as dating, with Match.com integrating a service which finds users dates based on their exes.
What’s behind the rise in cybercrime? Find out from this recorded presentation
Home Depot says it was hacked to the tune of 56 million payment cards. What is behind the current wave of cybercrime? This recorded presentation offers answers and some defensive strategies for organizations at risk.
Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland
State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that's evolved into a sophisticated threat with a modular architecture.
Home Depot data breach – ‘warnings ignored since 2008’
Home Depot staff repeatedly ignored the concerns of employees about the security of its systems, prior to the Home Depot data breach, now thought to be the largest in history.
Facebook to start charging $2.99/month? It’s nonsense!
Thousands of Facebook addicts are feverishly sharing a "news report" claiming that from November 1st you'll be paying $2.99 every month to access the site.
Virus Bulletin presentations update
Updated information on ESET presentations at Virus Bulletin 2014.
How to protect yourself after the Home Depot breach
Home Depot has issued a statement today that provides more details about their recent breach, as well as indicating that the malware used by the attackers has now been removed from their systems. This breach appears to be even larger than Target’s, as it exposed payment information for 56 million customers in their US and Canada locations.