Who’s behind DDoS attacks at UK universities?
The timing of the attacks suggests that many attempts to take the networks offline may not necessarily be perpetrated by organized cybercriminal gangs
Archives - September 2018
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe
Twitter patches bug that may have spilled users’ private messages
The flaw affected one of the platform’s APIs between May 2017 and September 10 of this year, when it was patched “within hours”
Defending your company from cyberattack
ESET CTO Juraj Malcho outlines some of the ways in which organizations can reduce their cybersecurity risk
How to improve hiring practices in cybersecurity
Should schools and businesses do more to combat the shortfall of cybersecurity professionals by changing the hiring process for those interested in having a career in the industry?
The Occasional Orator Part 2
Public speaking and presenting at conferences can be daunting for the majority of people but by including some subtle tricks, the speaker can deliver a stronger message
Attackers crack Newegg’s defenses, slurp customers’ credit card data
The skimmer, injected into the store’s payment page, harvested credit-card details from the store’s online customers for more than a month
DanaBot shifts its targeting to Europe, adds new features
ESET researchers have discovered new DanaBot campaigns targeting a number of European countries
Mirai’s architects avoid prison thanks to work for FBI
Instead, the three men will cooperate with law enforcement and – an area in which, it turns out, they already have quite some experience – the broader research community
Fake finance apps on Google Play target users from around the world
Cybercrooks use bogus apps to phish six online banks and a cryptocurrency exchange
The Occasional Orator Part 1
Speaking at conferences can be daunting for presenters but often it is about striking the right balance between content and delivery
Bristol airport takes flight screens offline after apparent ransomware attack
The screens in “key locations” are back up and running again, while the airport paid no ransom to return its systems to working order
One in three UK orgs hit by cryptojacking in previous month, survey finds
Conversely, only a little over one-third of IT executives believe that their systems have never been hijacked to surreptitiously mine digital currencies
Russian man accused of running Kelihos botnet pleads guilty
In its heyday, Kelihos comprised up to 100,000 compromised devices that were capable of blasting out billions of malware-laden emails every day
Programmer’s Day: Resources to audit your code
Taking advantage of the celebration of the Day of the Programmer, we share some audit tools to evaluate the security of your code
Kodi add‑ons launch cryptomining campaign
ESET researchers have discovered several third-party add-ons for the popular open-source media player Kodi being used to distribute Linux and Windows cryptocurrency-mining malware
Patch Tuesday: Microsoft plugs zero‑day hole exploited by PowerPool
Microsoft and Adobe have each shipped out their scheduled batches of patches to address security flaws in their respective software
Abandoning a domain name can come back to bite you, research shows
A domain name once left behind can catch up with you – by giving fraudsters access to a treasure trove of sensitive information
Apple yanks top grossing app from Mac App Store for grabbing private user data
The several thousand glowing reviews that Adware Doctor had garnered prior to its removal were “likely fake”, researchers say
100 days of GDPR
What impact has the new data protection directive had on businesses so far?