The real cost of a free lunch – Week in security with Tony Anscombe

Don't download software from non-reputable websites and sketchy links – you might be in for more than you bargained for

Top 5 search engines for internet-connected devices and services

A roundup of some of the handiest tools that security professionals can use to search for and monitor devices that are accessible from the internet

Meet “AI”, your new colleague: could it expose your company's secrets?

Before rushing to embrace the LLM-powered hire, make sure your organization has safeguards in place to avoid putting its business and customer data at risk

You may not care where you download software from, but malware does

Why do people still download files from sketchy places and get compromised as a result?

Key findings from ESET's new APT Activity Report – Week in security with Tony Anscombe

What have some of the world's most infamous advanced threat actors been up to and what might be the implications of their activities for your business?

Why you need parental control software – and 5 features to look for

Strike a balance between making the internet a safer place for your children and giving them the freedom to explore, learn and socialize

Turning on stealth mode: 5 simple strategies for staying under the radar online

Have your cake and eat it too – enjoy some of what the online world has to offer without always giving out your contact details

ESET APT Activity Report Q4 2022­–Q1 2023

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023

How the war in Ukraine has been a catalyst in private-public collaborations

As the war shows no signs of ending and cyber-activity by states and criminal groups remains high, conversations around the cyber-resilience of critical infrastructure have never been more vital

APTs target MSP access to customer networks – Week in security with Tony Anscombe

The recent compromise of the networks of several companies via the abuse of a remote access tool used by MSPs exemplifies why state-aligned threat actors should be on the radars of IT service providers

Creating strong, yet user-friendly passwords: Tips for your business password policy

Don’t torture people with exceedingly complex password composition rules but do blacklist commonly used passwords, plus other ways to help people help themselves – and your entire organization

Using Discord? Don’t play down its privacy and security risks

It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, threats lurking on the social media juggernaut

APT groups muddying the waters for MSPs

A quick dive into the murky world of cyberespionage and other growing threats facing managed service providers – and their customers

What was hot at RSA Conference 2023? – Week in security with Tony Anscombe

The importance of understanding – and prioritizing – the privacy and security implications of large language models like ChatGPT cannot be overstated

RSA Conference 2023 – How AI will infiltrate the world

As all things (wrongly called) AI take the world’s biggest security event by storm, we round up of some of their most-touted use cases and applications

Evasive Panda APT group delivers malware via updates for popular Chinese software

ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software

Did you mistakenly sell your network access? – Week in security with Tony Anscombe

Many routers that are offered for resale contain sensitive corporate information and allow third-party connections to corporate networks

Linux malware strengthens links between Lazarus and the 3CX supply-chain attack

Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack

The EU's Cyber Solidarity Act: Security Operations Centers to the rescue!

The legislation aims to bolster the Union’s cyber-resilience and enhance its capabilities to prepare for, detect and respond to incidents

PC running slow? 10 ways you can speed it up

Before you rush to buy new hardware, try these simple tricks to get your machine up to speed again – and keep it that way.

Discarded, not destroyed: Old routers reveal corporate secrets

When decommissioning their old hardware, many companies 'throw the baby out with the bathwater'

Hunting down BlackLotus – Week in security with Tony Anscombe

Microsoft releases guidance on how organizations can check their systems for the presence of BlackLotus, a powerful threat first analyzed by ESET researchers

Safety first: 5 cybersecurity tips for freelance bloggers

The much-dreaded writer’s block isn’t the only threat that may derail your progress. Are you doing enough to keep your blog (and your livelihood) safe from online dangers?

What are the cybersecurity concerns of SMBs by sector?

Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured

10 things to look out for when buying a password manager

Here's how to choose the right password vault for you and what exactly to consider when weighing your options

Steer clear of tax scams – Week in security with Tony Anscombe

In a rush to file your taxes? Watch out for cybercriminals preying on stressed taxpayers as Tax Day looms large on the horizon.

Cleaning up your social media and passwords: What to trash and what to treasure

Give your social media presence a good spring scrubbing, audit your passwords and other easy ways to bring order to your digital chaos

Why you should spring clean your home network and audit your backups

Do you know how many devices are connected to your home network? You don’t? This is precisely why it’s time for a network audit.

Spring into action and tidy up your digital life like a pro

Spring is in the air and as the leaves start growing again, why not breathe some new life into the devices you depend on so badly?

Avoiding data backup failures – Week in security with Tony Anscombe

Today is World Backup Day, but maybe we also need a "did you test your backups" day?

World Backup Day: Avoiding a data disaster is a forever topic

By failing to prepare you are preparing to fail. Make sure you're able to bounce back if, or when, a data disaster strikes.

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor

Will you give X your biometric data? – Week in security with Tony Anscombe

The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and secured

Staying ahead of threats: 5 cybercrime trends to watch

New reports from Europol and the UK’s National Crime Agency (NCA) shed a light on how the battle against cybercrime is being fought

Getting off the hook: 10 steps to take after clicking on a phishing link

Phishing emails are a weapon of choice for criminals intent on stealing people’s personal data and planting malware on their devices. The healing process does not end with antivirus scanning.

Fake Signal and Telegram apps – Week in security with Tony Anscombe

ESET research uncovers active campaigns targeting Android users and spreading espionage code through the Google Play store, Samsung Galaxy Store and dedicated websites

What you need to know about iCloud Private Relay

If you want to try to enter the world of VPNs with a small dip, then iCloud Private Relay is your friend — but is it a true VPN service? The devil is in the details.

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs

ESET Research Podcast: Unmasking MoustachedBouncer

Listen as ESET's Director of Threat Research Jean-Ian Boutin unravels the tactics, techniques and procedures of MoustachedBouncer, an APT group taking aim at foreign embassies in Belarus

Recovering from a supply-chain attack: What are the lessons to learn from the 3CX hack?

The campaign started with a trojanized version of unsupported financial software

How a Telegram bot helps scammers target victims – Week in security with Tony Anscombe

ESET researchers uncover a Telegram bot that enables even less tech-savvy scammers to defraud people out of their money

ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine

ESET experts share their insights on the cyber-elements of the first year of the war in Ukraine and how a growing number of destructive malware variants tried to rip through critical Ukrainian systems

Telekopye: Hunting Mammoths using Telegram bot

Analysis of Telegram bot that helps cybercriminals scam people on online marketplaces

Scarabs colon-izing vulnerable servers

Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle

A Bard’s Tale – how fake AI bots try to install malware

The AI race is on! It’s easy to lose track of the latest developments and possibilities, and yet everyone wants to see firsthand what the hype is about. Heydays for cybercriminals!

Evacuation of 30,000 hackers – Week in security with Tony Anscombe

DEF CON, the annual hacker convention in Las Vegas, was interrupted on Saturday evening when authorities evacuated the event's venue due to a bomb threat

Evacuation of 30,000 hackers – Week in security with Tony Anscombe

DEF CON, the annual hacker's convention in Las Vegas, was interrupted on Saturday evening when authorities evacuated the convention due to a bomb threat.

DEF CON 31: US DoD urges hackers to go and hack ‘AI’

The limits of current AI need to be tested before we can rely on their output

Mass-spreading campaign targeting Zimbra users

ESET researchers have observed a new phishing campaign targeting users of the Zimbra Collaboration email server.

DEF CON 31: Robot vacuums may be doing more than they claim

When it comes to privacy, it remains complicated and near impossible for a consumer to make an informed decision.

Black Hat 2023: Hacking the police (at least their radios)

Hiding behind a black box and hoping no one will hack it has been routinely proven to be unwise and less secure.

Black Hat 2023: How AI changes the monetization of search

Search engines, AI, and monetization in the new era

Black Hat 2023: AI gets big defender prize money

Black Hat is big on AI this year, and for a good reason

Black Hat 2023: ‘Teenage’ AI not enough for cyberthreat intelligence

Current LLMs are just not mature enough for high-level tasks

20k security folks in the desert – Week in security with Tony Anscombe

Unsurprisingly, artificial intelligence took the center stage at this year's edition of Black Hat, one of the world's largest gatherings of cybersecurity professionals

Black Hat 2023: Cyberwar fire-and-forget-me-not

What happens to cyberweapons after a cyberwar?

MoustachedBouncer: Espionage against foreign diplomats in Belarus

Long-term espionage against diplomats, leveraging email-based C&C protocols, C++ modular backdoors, and adversary-in-the-middle (AitM) attacks… Sounds like the infamous Turla? Think again!

Time is money, and online game scammers have lots of it

Gamers and cybersecurity professionals have something in common – the ever-terrible presence of hacking, scams, and data theft – but how and why would anyone want to target gamers?

Check cybersecurity pre-invest – Week in security with Tony Anscombe

When you invest in a company, do you check its cybersecurity? The U.S. Securities and Exchange Commission has adopted new cybersecurity rules.

Fingerprints all over: Can browser fingerprinting increase website security?

Browser fingerprinting is supposedly a more privacy-conscious tracking method, replacing personal information with more general data. But is it a valid promise?