Employee monitoring: Is ‘bossware’ right for your company?

While employee monitoring software may boost productivity, it may also be a potential privacy minefield and it can affect your relationship with your employees

School’s out for summer, but it’s not time to let your cyber guard down

The beginning of the summer break is the perfect time for parents to remind their children about the importance of safe online habits

What to know about the MOVEit hack – Week in security with Tony Anscombe

The US government has now announced a bounty of $10 million for intel linking the Cl0p ransomware gang to a foreign government

Maltego: Check how exposed you are online

A primer on how to use this powerful tool for uncovering and connecting information from publicly available sources

Going on vacation soon? Stay one step ahead of travel scams

From bogus free trips to fake rental homes, here are some of the most common online threats you should look out for both before and during your travels

Passwords out, passkeys in: are you ready to make the switch?

With passkeys poised for prime time, passwords seem passé. What are the main benefits of ditching one in favor of the other?

Is a RAT stealing your files? – Week in security with Tony Anscombe

Could your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups or performs other shenanigans?

Stop Cyberbullying Day: Prevention is everyone's responsibility

Strategies for stopping and responding to cyberbullying require a concerted, community-wide effort involving parents, educators and children themselves

Android GravityRAT goes after WhatsApp backups

ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files

Cyber insurance: What is it and does my company need it?

While not a 'get out of jail free card' for your business, cyber insurance can help insulate it from the financial impact of a cyber-incident

Mixing cybercrime and cyberespionage – Week in security with Tony Anscombe

A crimeware group that usually targets individuals and SMBs in North America and Europe adds cyberespionage to its activities

Asylum Ambuscade: crimeware or cyberespionage?

A curious case of a threat actor at the border between crimeware and cyberespionage

Hear no evil: Ultrasound attacks on voice assistants

How your voice assistant could do the bidding of a hacker – without you ever hearing a thing

7 tips for spotting a fake mobile app

Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future

API security in the spotlight – Week in security with Tony Anscombe

Given the reliance of today's digital world on APIs and the fact that attacks targeting them continue to rise sharply, API security cannot be an afterthought.

All eyes on APIs: Top 3 API security risks and how to mitigate them

As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency

5 free OSINT tools for social media

A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms

Tricks of the trade: How a cybercrime ring operated a multi-level fraud scheme

A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target for similar ploys

How an innocuous app morphed into a trojan – Week in security with Tony Anscombe

ESET research uncovers an Android app that initially had no harmful features but months later turned into a spying tool

Shedding light on AceCryptor and its operation

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families

Digital security for the self-employed: Staying safe without an IT team to help

Nobody wants to spend their time dealing with the fallout of a security incident instead of building up their business

Android app breaking bad: From legitimate screen recording to file exfiltration within a year

ESET researchers discover AhRat – a new Android RAT based on AhMyth – that exfiltrates files and records audio

The real cost of a free lunch – Week in security with Tony Anscombe

Don't download software from non-reputable websites and sketchy links – you might be in for more than you bargained for

Top 5 search engines for internet-connected devices and services

A roundup of some of the handiest tools that security professionals can use to search for and monitor devices that are accessible from the internet

Meet “AI”, your new colleague: could it expose your company's secrets?

Before rushing to embrace the LLM-powered hire, make sure your organization has safeguards in place to avoid putting its business and customer data at risk

You may not care where you download software from, but malware does

Why do people still download files from sketchy places and get compromised as a result?

Key findings from ESET's new APT Activity Report – Week in security with Tony Anscombe

What have some of the world's most infamous advanced threat actors been up to and what might be the implications of their activities for your business?

Why you need parental control software – and 5 features to look for

Strike a balance between making the internet a safer place for your children and giving them the freedom to explore, learn and socialize

Turning on stealth mode: 5 simple strategies for staying under the radar online

Have your cake and eat it too – enjoy some of what the online world has to offer without always giving out your contact details

ESET APT Activity Report Q4 2022­–Q1 2023

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023

How the war in Ukraine has been a catalyst in private-public collaborations

As the war shows no signs of ending and cyber-activity by states and criminal groups remains high, conversations around the cyber-resilience of critical infrastructure have never been more vital

APTs target MSP access to customer networks – Week in security with Tony Anscombe

The recent compromise of the networks of several companies via the abuse of a remote access tool used by MSPs exemplifies why state-aligned threat actors should be on the radars of IT service providers

Creating strong, yet user-friendly passwords: Tips for your business password policy

Don’t torture people with exceedingly complex password composition rules but do blacklist commonly used passwords, plus other ways to help people help themselves – and your entire organization

Using Discord? Don’t play down its privacy and security risks

It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, threats lurking on the social media juggernaut

APT groups muddying the waters for MSPs

A quick dive into the murky world of cyberespionage and other growing threats facing managed service providers – and their customers

What was hot at RSA Conference 2023? – Week in security with Tony Anscombe

The importance of understanding – and prioritizing – the privacy and security implications of large language models like ChatGPT cannot be overstated

RSA Conference 2023 – How AI will infiltrate the world

As all things (wrongly called) AI take the world’s biggest security event by storm, we round up of some of their most-touted use cases and applications

Evasive Panda APT group delivers malware via updates for popular Chinese software

ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software

Did you mistakenly sell your network access? – Week in security with Tony Anscombe

Many routers that are offered for resale contain sensitive corporate information and allow third-party connections to corporate networks

Linux malware strengthens links between Lazarus and the 3CX supply-chain attack

Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack

The EU's Cyber Solidarity Act: Security Operations Centers to the rescue!

The legislation aims to bolster the Union’s cyber-resilience and enhance its capabilities to prepare for, detect and respond to incidents

PC running slow? 10 ways you can speed it up

Before you rush to buy new hardware, try these simple tricks to get your machine up to speed again – and keep it that way.

Discarded, not destroyed: Old routers reveal corporate secrets

When decommissioning their old hardware, many companies 'throw the baby out with the bathwater'

Hunting down BlackLotus – Week in security with Tony Anscombe

Microsoft releases guidance on how organizations can check their systems for the presence of BlackLotus, a powerful threat first analyzed by ESET researchers

Safety first: 5 cybersecurity tips for freelance bloggers

The much-dreaded writer’s block isn’t the only threat that may derail your progress. Are you doing enough to keep your blog (and your livelihood) safe from online dangers?

What are the cybersecurity concerns of SMBs by sector?

Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured

10 things to look out for when buying a password manager

Here's how to choose the right password vault for you and what exactly to consider when weighing your options

Steer clear of tax scams – Week in security with Tony Anscombe

In a rush to file your taxes? Watch out for cybercriminals preying on stressed taxpayers as Tax Day looms large on the horizon.

Cleaning up your social media and passwords: What to trash and what to treasure

Give your social media presence a good spring scrubbing, audit your passwords and other easy ways to bring order to your digital chaos

Why you should spring clean your home network and audit your backups

Do you know how many devices are connected to your home network? You don’t? This is precisely why it’s time for a network audit.

Ballistic Bobcat's Sponsor backdoor – Week in security with Tony Anscombe

Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States

Read it right! How to spot scams on Reddit

Do you know what types of scams and other fakery you should look out for when using a platform that once billed itself as “the front page of the Internet”?

ESET Research Podcast: Sextortion, digital usury and SQL brute-force

Closing intrusion vectors force cybercriminals to revisit old attack avenues, but also to look for new ways to attack their victims

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor

Will you give X your biometric data? – Week in security with Tony Anscombe

The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and secured

Staying ahead of threats: 5 cybercrime trends to watch

New reports from Europol and the UK’s National Crime Agency (NCA) shed a light on how the battle against cybercrime is being fought

Getting off the hook: 10 steps to take after clicking on a phishing link

Phishing emails are a weapon of choice for criminals intent on stealing people’s personal data and planting malware on their devices. The healing process does not end with antivirus scanning.

Fake Signal and Telegram apps – Week in security with Tony Anscombe

ESET research uncovers active campaigns targeting Android users and spreading espionage code through the Google Play store, Samsung Galaxy Store and dedicated websites

What you need to know about iCloud Private Relay

If you want to try to enter the world of VPNs with a small dip, then iCloud Private Relay is your friend — but is it a true VPN service? The devil is in the details.

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs