Scarabs colon-izing vulnerable servers

Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle

A Bard’s Tale – how fake AI bots try to install malware

The AI race is on! It’s easy to lose track of the latest developments and possibilities, and yet everyone wants to see firsthand what the hype is about. Heydays for cybercriminals!

Evacuation of 30,000 hackers – Week in security with Tony Anscombe

DEF CON, the annual hacker convention in Las Vegas, was interrupted on Saturday evening when authorities evacuated the event's venue due to a bomb threat

Evacuation of 30,000 hackers – Week in security with Tony Anscombe

DEF CON, the annual hacker's convention in Las Vegas, was interrupted on Saturday evening when authorities evacuated the convention due to a bomb threat.

DEF CON 31: US DoD urges hackers to go and hack ‘AI’

The limits of current AI need to be tested before we can rely on their output

Mass-spreading campaign targeting Zimbra users

ESET researchers have observed a new phishing campaign targeting users of the Zimbra Collaboration email server.

DEF CON 31: Robot vacuums may be doing more than they claim

When it comes to privacy, it remains complicated and near impossible for a consumer to make an informed decision.

Black Hat 2023: Hacking the police (at least their radios)

Hiding behind a black box and hoping no one will hack it has been routinely proven to be unwise and less secure.

Black Hat 2023: How AI changes the monetization of search

Search engines, AI, and monetization in the new era

Black Hat 2023: AI gets big defender prize money

Black Hat is big on AI this year, and for a good reason

Black Hat 2023: ‘Teenage’ AI not enough for cyberthreat intelligence

Current LLMs are just not mature enough for high-level tasks

20k security folks in the desert – Week in security with Tony Anscombe

Unsurprisingly, artificial intelligence took the center stage at this year's edition of Black Hat, one of the world's largest gatherings of cybersecurity professionals

Black Hat 2023: Cyberwar fire-and-forget-me-not

What happens to cyberweapons after a cyberwar?

MoustachedBouncer: Espionage against foreign diplomats in Belarus

Long-term espionage against diplomats, leveraging email-based C&C protocols, C++ modular backdoors, and adversary-in-the-middle (AitM) attacks… Sounds like the infamous Turla? Think again!

Time is money, and online game scammers have lots of it

Gamers and cybersecurity professionals have something in common – the ever-terrible presence of hacking, scams, and data theft – but how and why would anyone want to target gamers?

Check cybersecurity pre-invest – Week in security with Tony Anscombe

When you invest in a company, do you check its cybersecurity? The U.S. Securities and Exchange Commission has adopted new cybersecurity rules.

Fingerprints all over: Can browser fingerprinting increase website security?

Browser fingerprinting is supposedly a more privacy-conscious tracking method, replacing personal information with more general data. But is it a valid promise?

The grand theft of Jake Moore’s voice: The concept of a virtual kidnap

With powerful AI, it doesn’t take much to fake a person virtually, and while there are some limitations, voice-cloning can have some dangerous consequences.

Quantum computing: Will it break crypto security within a few years?

Current cryptographic security methods watch out - quantum computing is coming for your lunch.

Gathering dust and data: How robotic vacuums can spy on you

Mitigate the risk of data leaks with a careful review of the product and the proper settings.

Is backdoor access oppressive? – Week in security with Tony Anscombe

Bills granting access to end-to-end encrypted systems, opportunity for cybercriminals, abuse by authority, human rights, and tech companies leaving the UK?

Gathering dust and data: How robotic vacuums can spy on you.

Mitigate the risk of data leaks with a careful review of the product and the proper settings.

Dear all, What are some common subject lines in phishing emails?

Scammers exploit current ongoing events, account notifications, corporate communication, and a sense of urgency.

Dear all! What are some common subject lines in phishing emails?

Scammers exploit current ongoing events, account notifications, corporate communication, and a sense of urgency.

What happens if AI is wrong? – Week in security with Tony Anscombe

Responses generated by ChatGPT about individual people could be misleading or harmful or spill their personal information. What are the takeaways for you as a ChatGPT user?

8 common work-from-home scams to avoid

That ‘employer’ you’re speaking to may in reality be after your personal information, your money or your help with their illegal activities

The good, the bad and the ugly of AI – Week in security with Tony Anscombe

The growing use of synthetic media and the difficulties in distinguishing between real and fake content raise a slew of legal and ethical questions

Android GravityRAT goes after WhatsApp backups

ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files

ESET APT Activity Report Q4 2022­–Q1 2023

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023

Passwords out, passkeys in: are you ready to make the switch?

With passkeys poised for prime time, passwords seem passé. What are the main benefits of ditching one in favor of the other?

The danger within: 5 steps you can take to combat insider threats

Some threats may be closer than you think. Are security risks that originate from your own trusted employees on your radar?

Hunting down BlackLotus – Week in security with Tony Anscombe

Microsoft releases guidance on how organizations can check their systems for the presence of BlackLotus, a powerful threat first analyzed by ESET researchers

What TikTok knows about you – and what you should know about TikTok

As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us

How the war in Ukraine has been a catalyst in private-public collaborations

As the war shows no signs of ending and cyber-activity by states and criminal groups remains high, conversations around the cyber-resilience of critical infrastructure have never been more vital

10 signs that scammers have you in their sights

Don’t be their next victim – here’s a handy round-up of some the most common signs that should set your alarm bells ringing

The good, the bad and the ugly of AI – Week in security with Tony Anscombe

The growing use of synthetic media and difficulties in distinguishing between real and fake content raises a slew of legal and ethical questions

School’s out for summer, but it’s not time to let your cyber guard down

The beginning of the summer break is the perfect time for parents to remind their children about the importance of safe online habits

Why you need parental control software – and 5 features to look for

Strike a balance between making the internet a safer place for your children and giving them the freedom to explore, learn and socialize

SVB's collapse is a scammer’s dream: Don’t get caught out

How cybercriminals can exploit Silicon Valley Bank's downfall for their own ends – and at your expense

APT hackers set a honeytrap to ensnare victims – Week in security with Tony Anscombe

A request to move an online conversation to a supposedly more secure platform may not be as well-meaning as it sounds

Staying safe on OnlyFans: The naked truth

How content creators and subscribers can embrace the social media platform without (overly) exposing themselves to the potentially toxic brew of NSFW content and privacy threats

Tricks of the trade: How a cybercrime ring operated a multi-level fraud scheme

A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target for similar ploys

Is a RAT stealing your files? – Week in security with Tony Anscombe

Could your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups or performs other shenanigans?

Common WhatsApp scams and how to avoid them

Here's a roundup of some of the most common tricks that fraudsters use to dupe their victims on WhatsApp – and what you can do to protect yourself against them.

Linux malware strengthens links between Lazarus and the 3CX supply-chain attack

Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack

ESET Threat Report T3 2022

A view of the T3 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

You may not care where you download software from, but malware does

Why do people still download files from sketchy places and get compromised as a result?

One year on, how is the war playing out in cyberspace? – Week in security with Tony Anscombe

With the conflict in Ukraine passing the one-year mark, have its cyber-war elements turned out as expected?

How an innocuous app morphed into a trojan – Week in security with Tony Anscombe

ESET research uncovers an Android app that initially had no harmful features but months later turned into a spying tool

Confident cybersecurity means fewer headaches for SMBs

Small and medium-sized businesses have good reason to be concerned about the loss of data and financial impacts

The real cost of a free lunch – Week in security with Tony Anscombe

Don't download software from non-reputable websites and sketchy links – you might be in for more than you bargained for

What are the cybersecurity concerns of SMBs by sector?

Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured

RSA Conference 2023 – How AI will infiltrate the world

As all things (wrongly called) AI take the world’s biggest security event by storm, we round up of some of their most-touted use cases and applications

Hear no evil: Ultrasound attacks on voice assistants

How your voice assistant could do the bidding of a hacker – without you ever hearing a thing

Discarded, not destroyed: Old routers reveal corporate secrets

When decommissioning their old hardware, many companies 'throw the baby out with the bathwater'

Will ChatGPT start writing killer malware?

AI-pocalypse soon? As stunning as ChatGPT’s output can be, should we also expect the chatbot to spit out sophisticated malware?

'A woman from Mars': Life in the pursuit of space exploration

An astrobiologist, analog astronaut, author and speaker, Dr. Michaela Musilova shares her experience as a woman at the forefront of space exploration and from her quest for scientific and personal excellence

7 tips for spotting a fake mobile app

Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future

The slow Tick-ing time bomb: Tick APT group compromise of a DLP software developer in East Asia

ESET Research uncovered a campaign by APT group Tick against a data-loss prevention company in East Asia and found a previously unreported tool used by the group

Mixing cybercrime and cyberespionage – Week in security with Tony Anscombe

A crimeware group that usually targets individuals and SMBs in North America and Europe adds cyberespionage to its activities