Millions of readers who visit popular news websites have been targeted by a series of malicious ads redirecting them to the Stegano exploit kit.
Criminals are hunting for routers with default credentials and with vulnerabilities in their firmware, with Brazilians the main target.
During the last hours, OSX/Keydnap was distributed on a trusted website, which turned out to be “something else”. It spread via a recompiled version of the otherwise legitimate open source BitTorrent client application Transmission and distributed on their official website.
It’s that time of the year when the information security industry takes part in its annual tradition: coming up with cybercrime predictions and trends for the next 12 months.
Today, we published our research about Windows exploitation in 2014. This report contains interesting information about vulnerabilities in Microsoft Windows and Office patched over the course of the year, drive-by download attacks and mitigation techniques.
As regular readers will know, every year we publish our predictions on cybercrime attacks for the year ahead. Well, our South American research team has spent the last few weeks putting together our predictions for 2015.
Microsoft released a patch last week for a critical vulnerability allowing remote code execution in Internet Explorer. This vulnerability is significant because it exploits an old bug present in Internet Explorer versions 3 through 11.
APT actors trying to use big events as a lure to compromise their targets is nothing new. Tibetan NGOs being targeted by APT actors is also nothing new. Thus, surrounding the upcoming G20 2014 summit that is held in Brisbane, Australia, we were expecting to see G20 themed threats targeted at Tibetan NGOs. A Win32/Farfli (alias Gh0st RAT) sample ultimately confirmed our suspicions.
For at least five years the Sednit group has been relentlessly attacking various institutions, most notably in Eastern Europe. The group used several advanced pieces of malware for these targeted attacks, in particular the one we named Win32/Sednit, also known as Sofacy.
The gaming industry keeps growing, and the crowds at Cologne’s Gamescom 2014, show why big game titles are rapidly becoming a target for cybercrime. Our tips will help you enjoy the latest games – without hackers declaring ‘Game Over’.
Win32/Aibatook targets Japanese bank customers with an unusual Internet Explorer monitoring technique. We believe the malware has been in development for months – and is now ready for take-off.
The year 2013 was notable for the appearance of 0-day vulnerabilities that were primarily used in targeted attacks. In this case, criminal hackers worked on developing exploits, only not for random propagation of malicious code, but rather for use in attacks on specific users.
Recently, our anti-virus laboratory discovered an interesting new modification of a file virus known as Expiro which targets 64-bit files for infection. File-infecting viruses are well known and have been studied comprehensively over the years, but malicious code of this type almost invariably aimed to modify 32-bit files. One such family of file viruses, called
Yesterday’s announcement by the US Department of Justice that the operators of file-sharing site Megaupload had been indicted for operating a criminal enterprise that generated over $175 million by trafficking in over half a billion dollars of pirated copyrighted material has sent shockwaves across the Internet. The accuracy of those figures may be questionable, but
ESET’s Threat Reports for September and October include some quality articles on Facebook, safety online, and backup strategy.
A new attack against Apple Mac OS X Lion (10.7) has been detected by Intego. The threat is a Trojan, dubbed Flashback, installed via a fake Adobe Flash installer downloaded from a third party site. As with the MacDefender and Revir malware, the Flashback attack uses social engineering to entice the user to download then
A new trojan has been released targeting the Macintosh Chinese-language user community. The trojan appears to the user to be a PDF containing a Chinese language article on the long-running dispute over whether Japan or China owns the Diaoyu Islands. When the user opens the “PDF” file, it attempts to mask the installation
Since its release in 2007, ESET Smart Security has received many accolades for its antimalware, antispam and firewall functions. However, we have recently been the recipient of a very dubious honor; a rogue antivirus program which masquerades as our own software. The Rogues Gallery Rogue antivirus is a loose family of programs that claim to
Insider Threat – your ATM may now be hacked from the inside. According to Wired’s Threat Level Blog… A Bank of America worker installed malicious software on his employer’s ATMs that allowed him to make thousands of dollars in fraudulent withdrawals, all without leaving a transaction record, according to federal prosecutors. According to the
Today is inauguration day in the USA. As I traveled to many countries late last year I was amazed at how joyous people of many cultures were that Obama is to be President of the USA. Working in the security field, we see a lot of disappointment. Sometimes it seems that there is no hope
CNN reported that there a new sleeper virus out there. http://www.cnn.com/2009/TECH/ptech/01/16/virus.downadup/index.html There is nothing sleepy about the Conficker worm, it is wide awake and looking for people who are asleep at the security wheel. CNN reports that Conficker could allow hackers to steal personal and financial data, and they also report that it “it is
One of the security best practices is to back up your data regularly. This is sound advice as it helps mitigate the damages from many different threats. Lots of people think of data loss when they think of viruses, but very few viruses actually tried to cause data loss. There have been a few that
Many people in the US associate HIPAA with the rules required to protect medical data. It actually is a lot more than that, but the HIPAA laws do require some minimal standards for medical providers. I recently came across an example of where HIPAA is ineffective. The medical providers are required to protect your data,
I know, the Twitter hack is old news, but poor passwords are still common. It is a pity because it really is so easy to make a password much better and still be easy to remember. According to the press, an admin used the password “happiness” and that is how a hacker gained access to
I recently received an email stating “It is a privilege to inform you that you are being considered for inclusion into the 2009/2010 Princeton Premier Honors Edition Registry. This recognition is an honor shared by only the most accomplished professionals who have demonstrated excellence within their careers and communities.” I had always assumed these were
Over the past few months I received a lot of spam about a site called Fanbox.com. I finally set up a disposable email account and joined. I was not at all surprised to find that I suddenly had many fans. Even a skinny geek is a â€œhunkâ€ to a chatbot!!! Yes, all, but one of
Welcome to prime-time scam season. This is when the advertisements for taxes in the USA really start to pick up. Granted, they go on all year long, but now is when we traditionally see an increase in volume. There are a variety of such scams. The worst of the scams are the phishing attacks. If
Perhaps the most impersonated person in the world is Santa Claus. For Santa, Identity theft isn’t a problem, but for millions of consumers it is a real problem. There are some steps you can take to help prevent identity theft. That said, identity theft is not always preventable by the consumer. http://www.ftc.gov/bcp/edu/microsites/idtheft/ is a good
An article on internetnews.com today caught my eye. “In Search of Smarter Phones” http://www.internetnews.com/bus-news/article.php/3788456 tells of capabilities being added to smart phones and new applications for these devices. With the release of ESET Mobile Antivirus this was of interest to me as currently there are few threats in the wild that attack the devices we currently
There was terrible news in Mumbai, India. Terrorists attacked several site and at least 80 people were reported dead. Knowing that I plan to go to India, it didn’t take long before I received a phone call asking if I was aware of the situation and if I would still be going. Both of my
[Some text removed as it no longer made sense because of references to content on other sites which is no longer available – DH, 2017] A couple of years ago I blogged about the Julie Amero case http://www.eset.com/threat-center/blog/?p=42. There is finally closure in this case. In the state of Connecticut and innocent person proclaiming their
We’ve added some features to ESET Smart Security. The beta for version 4.0 is now open to the public. Visit http://beta.eset.com to try out the new version. As always with beta software, it is not recommended to be used on production systems. New features include: support for Microsoft Windows Live Mail and Mozilla Thunderbird mail
Sign up to our newsletter
The latest security news direct to your inbox
Add this code to your site