Flaw in the Quebec vaccine passport: analysis
ESET cybersecurity expert Marc-Étienne Léveillé analyses in-depth the Quebec vaccine proof apps VaxiCode and VaxiCode Verif.
Archives - August 2021
Don’t use single‑factor authentication, warns CISA
The federal agency urges organizations to ditch the bad practice and instead use multi-factor authentication methods
Vaccine passports: Is your personal data in safe hands?
Vaccination passports may facilitate the return to normalcy, but there are also concerns about what kinds of personal data they collect and how well they protect it. Here’s what you should know.
Beyond the pandemic: Why are data breach costs at an all‑time high?
It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges.
Man impersonates Apple support, steals 620,000 photos from iCloud accounts
The man was after sexually explicit photos and videos that he would then share online or store in his own collection
Microsoft Power Apps misconfiguration exposes millions of records
The caches of data that were publicly accessible included names, email addresses and social security numbers
The SideWalk may be as dangerous as the CROSSWALK
Meet SparklingGoblin, a member of the Winnti family
Hackers swipe almost $100 million from major cryptocurrency exchange
Japanese cryptocurrency exchange Liquid suspends cryptocurrency deposits and withdrawals and moves its assets into cold storage
Are you, the customer, the one paying the ransomware demand?
Ransomware payments may have greater implications than you thought – and not just for the companies that paid up
Health authorities in 40 countries targeted by COVID‑19 vaccine scammers
Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns
Nearly 2 million records from terrorist watchlist exposed online
The secret list was exposed online for three weeks, allowing anyone to access it without any kind of authentication
Dumpster diving is a filthy business
One man’s trash is another man’s treasure – here’s why you should think twice about what you toss in the recycling bin
Examining threats to device security in the hybrid workplace
As employees split their time between office and off-site work, there’s a greater potential for company devices and data to fall into the wrong hands
IISerpent: Malware‑driven SEO fraud as a service
The last in our series on IIS threats introduces a malicious IIS extension used to manipulate page rankings for third-party websites
Deepfakes – the bot made me do it
As deepfakes become indistinguishable from reality and the potential for the misuse of synthetic content is virtually endless, what can you do to avoid falling victim to deepfake fraud?
Ransomware runs rampant, so how can you combat this threat?
A new paper explains how ransomware has become one of the top cyberthreats of the day and how your organization can avoid becoming the next victim
DEF CON 29: Satellite hacking 101
How poking at the innards of satellites can make the future of cybersecurity in space more palatable
IISpy: A complex server‑side backdoor with anti‑forensic features
The second in our series on IIS threats dissects a malicious IIS extension that employs nifty tricks in an attempt to secure long-term espionage on the compromised servers
Black Hat 2021: Lessons from a lawyer
Why companies and their security teams need to engage with a lawyer before an incident occurs
Black Hat 2021: Wanted posters for ransomware slingers
Is the net closing in on cyber-extortionists and can bounties on their collective heads ultimately help stem the ransomware scourge?