category
Research

Security awareness, security breaches, and the abuse of "stupid"

Computer security is not created, nor is it improved, by calling people stupid. That's the conclusion I have arrived at after more than two decades in computer security and auditing. To put it another way, we should stop dropping the "S" bomb, especially when it comes to people who don't know any better. Consider the

Iranian TOR arms race a shadow of things to come?

Recently, the anonymizing network system TOR (The Onion Router) found its traffic was ratcheted to a standstill in Iran, prompting a comparison by one of the TOR project developers to an emerging “arms race”. Users of the service, hoping to evade state censorship/snooping, encrypt the traffic that then gets routed anonymously around the globe. But

Cybercrime, Cyberpolicing, and the Public

Security can’t be purely the responsibility of the government, the police, the security industry, the ISPs, the public sector, private industry, or any permutation thereof.

Cookie-stuffing click-jackers rip off Victoria's Secret Valentine's giftcard seekers

Thinking of going online to get a Victoria's Secret giftcard for your Valentine? Be careful where you look! Some Google search results are rigged, especially image results. And some innocent-looking links are part of fraudulent activities such as cookie-stuffing and click-jacking. Below is a short video that shows what happens when you click on one

Cybercrime and Punishment

Like everyone else, law enforcement is expected to perform miracles of efficiency. But it’s not all about financial analysis: there is no such thing as victimless crime.

ACTA and TPP: The wrong approach to intellectual property protection

This weekend there will be street protests in Europe against ACTA, the Anti-Counterfeiting Trade Agreement. I want to put on record ESET North America’s opposition to ratification of this agreement while applauding the actions of countries such as Poland, Slovakia, Latvia, the Czech Republic and Germany in withholding or delaying ratification. I would encourage anyone

Facebook/app data privacy – sharing gone wild

So you browse your favorite restaurant review site and settle on a great Mediterranean restaurant, and “magically” a variety of preferences get fed back to your Facebook profile, to be shared, re-shared and re-shared, ricocheting around the internet to form purportedly value-added experiences elsewhere you visit. That’s great news if you want your preferences bounced

Endpoint Security Webinar: Protecting your network at the sharp end

I have a theory that says improving information system security–the security of our operating systems, network connections, and applications–just means the bad guys will focus more attention on our endpoints, the digital devices we use to access the information and systems we need to do our work. Furthermore, as we improve endpoint security technology, the

ESET Research podcast round up

Here are some recently released podcasts by ESET Rearchers, addressing current topics such as the recent VeriSign hacks, the takedown of MegaUpload, and the problems with using good malware to catch the bad guys: 1. VeriSign, Credit Card Processor, Hacked Multiple Times 2. Mega Upload Website Shutdown by U.S. Department of Justice 3. Is The

Valentine's Day Scams: For the love of money

Scam artists and cybercriminals are looking to turn romance into profit now that Valentine's Day approaches, possibly taking over your computer in the process. According to ESET researchers in Latin America, we can expect the quest for love to be leveraged as an effective social engineering ploy to enable the bad guys to infect unsuspecting

Your Children and Online Safety

Do you know what your children are doing online, and do they know the risks out there?

Google responds to Android app Market security with stronger scanning measures

In response to recent reports that malicious apps may have made their way into the official Android Market, Google has responded by announcing a new program to more proactively scan the Market and developer accounts for seemingly malicious apps and highlights and/or remove them before users experience trouble. Traditionally, the barriers of entry for developers

TDL4 reloaded: Purple Haze all in my brain

A new TDL4 sample includes novel privilege escalation mechanisms in the dropper and changes to the hidden storage system.

CarrierIQ-style data gathering law to require mandatory notification/opt-in?

As legislators grapple with increasingly vocal smartphone owners concerned with privacy, a new Bill before the U.S. House of Representatives aims to require mandatory consumer consent prior to allowing the collection or transfer of data on such devices. You may recall that a company called CarrierIQ recently became the center of attention after a user

How to improve Facebook account protection with Login Approvals

Privacy and security issues have generated a lot of criticism of Facebook in the past, some of which has been published here on the ESET Threat Blog. So it is only fair that we give Facebook credit for positive steps it has taken on the security front. One security measure that has impressed me recently

Facebook Fakebook: New Trends in Carberp Activity

Facebook fraud, Carberp, statistics and a DDoS plugin.

Now you can be forced to decrypt your hard drive?

Awhile back we noted a case where Ramona Fricosu, a woman accused of involvement in a mortgage scam, was asked, following a law enforcement raid in which her laptop was seized, to decrypt data on the device for use as evidence, potentially incriminating her. She pleaded the 5th Amendment protection against self-incrimination and refused to

Tricky Twitter DM hack seeks your credentials, malware infection, and more

When a direct message pops up on Twitter stating that other people are saying bad things about you, please think twice before clicking on any links in that message. Why? Because the links are likely to take you to malicious websites that are out to steal your Twitter password. They may also try to infect

Facebook scam: the hours I spend…

Facecrooks has flagged a scam that has apparently already tricked 300,000 people into Liking a scam page.

EU – data breaches to be reported within 24 hours

In an escalation of the tendency to require companies to be forthright with their users following a breach, a European Union proposed bill intended to overhaul a 17-year old law is making progress. This week EU will outline the overhaul to the existing rules, hoping to encourage more expedient communication efforts following a breach, in

Follow us

Copyright © 2018 ESET, All Rights Reserved.