archives

December 2017

Cybersecurity review of 2017: The year of wake-up calls – part 2

Courtesy of its highly customizable nature – along with its ability to persist in the system and to provide valuable information for fine-tuning the highly configurable payloads – the malware can be adapted for attacks against any environment, making it extremely dangerous.

The worst passwords of the year revealed

Need a New Year’s resolution? How about this one?

Start taking password security more seriously.

Cybersecurity review of 2017: The year of wake-up calls – part 1

Ransomware and data breaches remain major thorns in the sides of users and organizations across the world, often piercing their defenses without too much effort.

Sednit update: How Fancy Bear Spent the Year

Over the past few years the Sednit group has used various techniques to deploy their various components on targets computers. The attack usually starts with an email containing either a malicious link or malicious attachment.

What does revoking Net Neutrality mean for security?

Imagine the scenario where an Internet Service Provider (ISP) allows a security company providing malware protection the option to pay for their traffic to be prioritized and a lower the priority level imposed on all other providers.

Adventures in cybersecurity research: risk, cultural theory, and the white male effect – part 2

Armed with the cultural theory described in part one as a possible explanation for why some people do not heed expert advice, we fielded a survey that queried US adults about their attitudes to 15 different technology hazards, including six that were cyber-related.

Why we should fight for Net Neutrality

Granting ISPs the right to shape traffic, allowing for some traffic to be prioritized due to a commercial agreement, may have a negative effect on the outcome of using the service for both the consumer and the company providing the service.

Adventures in cybersecurity research: risk, cultural theory, and the white male effect – part 1

Again and again we have seen security breaches occur because people did not heed advice that we and other people with expertise in security have been disseminating for years, advice about secure system design, secure system operation, and appropriate security strategy.

Business Email Compromise scammer sentenced to 41 months in prison

A US judge has sentenced a Nigerian man to three years and five months in a federal prison after he pleaded guilty to taking part in a business email compromise scam that targeted organisations around the world.

UK banks urged to do more to tackle rampant online fraud

Banks are being urged to step up to the plate and to “work together to tackle this problem head on”, as their response has been found to be disproportionate to the scale of the problem.

Cybersecurity Trends 2018: The costs of connection

To help the reader navigate through the maze of such threats, ESET’s thought leaders have zeroed in on several areas that top the priority list in our exercise in looking forward.

Memes: the explanation of nearly everything – including computer viruses

We still don’t have a solid scientific theory of memes; nonetheless, they already allow us to understand why certain things happen the way they do. Memes are “alive”; they reproduce, mutate, and evolve according to Darwinian laws.

It’s time to patch your Microsoft and Adobe software again against vulnerabilities

It’s the second Tuesday of the month, and you know what that means… Yep, it’s time for another bundle of essential security updates from Microsoft.

Cryptocurrency in kilowatt hours: Counting the costs of anonymous transactions

The energy costs are not the only charges in a transaction: the bitcoin network itself levies a charge which, according to a blog from Valve, the gaming provider behind the Steam network, has skyrocketed from $0.20 in 2016 to $20 per transaction today

Enterprise security spend to continue to trend higher

A breakdown of the ‘spending pie’ shows that the ‘security services’ segment is projected to make up nearly 60% of the total IT security budgets, followed by the ‘infrastructure protection’ segment on a little over 18%.

Banking malware on Google Play targets Polish banks

Besides delivering the promised functionalities, the malicious apps can display fake notifications and login forms seemingly coming from legitimate banking applications, harvest credentials entered into the fake forms, as well as intercept text messages to bypass SMS-based 2-factor authentication.

Happy holidays, scam spotters!

Businesses are often sent fake invoices and waybills which install ransomware. Teach staff to avoid these. If questionable, ask your IT dept to look at it. E-cards have been a target in the past and may be used again in holiday-themed attacked.

StrongPity2 spyware replaces FinFisher in MitM campaign – ISP involved?

As we reported in September, in campaigns we detected in two different countries, man-in-the-middle attacks had been used to spread FinFisher, with the “man” in both cases most likely operating at the ISP level.

Virtual keyboard app exposes personal data of 31 million users

The developer’s keyboard apps boast 40 million users across Android and iOS, but “only” Android users were affected by the security lapse.

Cryptocurrency exchange Bitfinex plagued by DDoS attacks

The cast of characters behind the attacks, or their motives, are unclear. However, the onslaughts come at a time when the bitcoin price hits new highs, possibly triggering efforts on the part of cybercriminals to manipulate and cash in on the price.

Follow us

Copyright © 2018 ESET, All Rights Reserved.