DinodasRAT used against governmental entity in Guayana – Week in security with Tony Anscombe

The backdoor can exfiltrate files, manipulate Windows registry keys, and execute commands that are capable of performing various actions on a victim’s machine

Fake friends and followers on social media – and how to spot them

One of the biggest threats to watch out for on social media is fraud perpetrated by people who aren’t who they claim to be. Here’s how to recognize them.

Operation Jacana: Foundling hobbits in Guyana

ESET researchers discovered a cyberespionage campaign against a governmental entity in Guyana

Playing your part in building a safer digital world: Why cybersecurity matters

In an increasingly complex and interconnected digital landscape, personal cybersecurity empowers you to protect your data, privacy and digital well-being

How Lazarus impersonated Meta to attack a target in Spain – Week in security with Tony Anscombe

During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan

Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company

While analyzing a Lazarus attack luring employees of an aerospace company, ESET researchers discovered a publicly undocumented backdoor

5 of the top programming languages for cybersecurity

While far from all roles in security explicitly demand coding skills, it’s challenging to envision a career in this field that wouldn’t derive substantial advantages from at least a basic understanding of fundamental coding principles

Can open-source software be secure?

Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security?

ESET's cutting-edge threat research at LABScon – Week in security with Tony Anscombe

Two ESET malware researchers took to the LABScon stage this year to deconstruct sophisticated attacks conducted by two well-known APT groups

Stealth Falcon preying over Middle Eastern skies with Deadglyph

ESET researchers have discovered Deadglyph, a sophisticated backdoor used by the infamous Stealth Falcon group for espionage in the Middle East

OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes

ESET researchers document OilRig’s Outer Space and Juicy Mix campaigns, targeting Israeli organizations in 2021 and 2022

10 tips to ace your cybersecurity job interview

Once you’ve made it past the initial screening process and secured that all-important interview, it’s time to seal the deal. These 10 tips will put you on the right track.

Ballistic Bobcat's Sponsor backdoor – Week in security with Tony Anscombe

Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States

Read it right! How to spot scams on Reddit

Do you know what types of scams and other fakery you should look out for when using a platform that once billed itself as “the front page of the Internet”?

ESET Research Podcast: Sextortion, digital usury and SQL brute-force

Closing intrusion vectors force cybercriminals to revisit old attack avenues, but also to look for new ways to attack their victims

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor

Will you give X your biometric data? – Week in security with Tony Anscombe

The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and secured

Staying ahead of threats: 5 cybercrime trends to watch

New reports from Europol and the UK’s National Crime Agency (NCA) shed a light on how the battle against cybercrime is being fought

Getting off the hook: 10 steps to take after clicking on a phishing link

Phishing emails are a weapon of choice for criminals intent on stealing people’s personal data and planting malware on their devices. The healing process does not end with antivirus scanning.

Fake Signal and Telegram apps – Week in security with Tony Anscombe

ESET research uncovers active campaigns targeting Android users and spreading espionage code through the Google Play store, Samsung Galaxy Store and dedicated websites

What you need to know about iCloud Private Relay

If you want to try to enter the world of VPNs with a small dip, then iCloud Private Relay is your friend — but is it a true VPN service? The devil is in the details.

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs

Recovering from a supply-chain attack: What are the lessons to learn from the 3CX hack?

The campaign started with a trojanized version of unsupported financial software

How a Telegram bot helps scammers target victims – Week in security with Tony Anscombe

ESET researchers uncover a Telegram bot that enables even less tech-savvy scammers to defraud people out of their money

Telekopye: Hunting Mammoths using Telegram bot

Analysis of Telegram bot that helps cybercriminals scam people on online marketplaces

Scarabs colon-izing vulnerable servers

Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle

A Bard’s Tale – how fake AI bots try to install malware

The AI race is on! It’s easy to lose track of the latest developments and possibilities, and yet everyone wants to see firsthand what the hype is about. Heydays for cybercriminals!

Evacuation of 30,000 hackers – Week in security with Tony Anscombe

DEF CON, the annual hacker convention in Las Vegas, was interrupted on Saturday evening when authorities evacuated the event's venue due to a bomb threat

DEF CON 31: US DoD urges hackers to go and hack ‘AI’

The limits of current AI need to be tested before we can rely on their output

Mass-spreading campaign targeting Zimbra users

ESET researchers have observed a new phishing campaign targeting users of the Zimbra Collaboration email server.

DEF CON 31: Robot vacuums may be doing more than they claim

When it comes to privacy, it remains complicated and near impossible for a consumer to make an informed decision.

Black Hat 2023: Hacking the police (at least their radios)

Hiding behind a black box and hoping no one will hack it has been routinely proven to be unwise and less secure.

Black Hat 2023: How AI changes the monetization of search

Search engines, AI, and monetization in the new era

Black Hat 2023: AI gets big defender prize money

Black Hat is big on AI this year, and for a good reason

Black Hat 2023: ‘Teenage’ AI not enough for cyberthreat intelligence

Current LLMs are just not mature enough for high-level tasks

20k security folks in the desert – Week in security with Tony Anscombe

Unsurprisingly, artificial intelligence took the center stage at this year's edition of Black Hat, one of the world's largest gatherings of cybersecurity professionals

Black Hat 2023: Cyberwar fire-and-forget-me-not

What happens to cyberweapons after a cyberwar?

ESET Research Podcast: Unmasking MoustachedBouncer

Listen as ESET's Director of Threat Research Jean-Ian Boutin unravels the tactics, techniques and procedures of MoustachedBouncer, an APT group taking aim at foreign embassies in Belarus

MoustachedBouncer: Espionage against foreign diplomats in Belarus

Long-term espionage against diplomats, leveraging email-based C&C protocols, C++ modular backdoors, and adversary-in-the-middle (AitM) attacks… Sounds like the infamous Turla? Think again!

Time is money, and online game scammers have lots of it

Gamers and cybersecurity professionals have something in common – the ever-terrible presence of hacking, scams, and data theft – but how and why would anyone want to target gamers?

Check cybersecurity pre-invest – Week in security with Tony Anscombe

When you invest in a company, do you check its cybersecurity? The U.S. Securities and Exchange Commission has adopted new cybersecurity rules.

Fingerprints all over: Can browser fingerprinting increase website security?

Browser fingerprinting is supposedly a more privacy-conscious tracking method, replacing personal information with more general data. But is it a valid promise?

The grand theft of Jake Moore’s voice: The concept of a virtual kidnap

With powerful AI, it doesn’t take much to fake a person virtually, and while there are some limitations, voice-cloning can have some dangerous consequences.

Quantum computing: Will it break crypto security within a few years?

Current cryptographic security methods watch out - quantum computing is coming for your lunch.

Is backdoor access oppressive? – Week in security with Tony Anscombe

Bills granting access to end-to-end encrypted systems, opportunity for cybercriminals, abuse by authority, human rights, and tech companies leaving the UK?

Gathering dust and data: How robotic vacuums can spy on you

Mitigate the risk of data leaks with a careful review of the product and the proper settings.

Dear all, What are some common subject lines in phishing emails?

Scammers exploit current ongoing events, account notifications, corporate communication, and a sense of urgency.

What happens if AI is wrong? – Week in security with Tony Anscombe

Responses generated by ChatGPT about individual people could be misleading or harmful or spill their personal information. What are the takeaways for you as a ChatGPT user?

8 common work-from-home scams to avoid

That ‘employer’ you’re speaking to may in reality be after your personal information, your money or your help with their illegal activities

Child identity theft: how do I keep my kids’ personal data safe?

Why is kids’ personal information in high demand, how do criminals steal it, and what can parents do to help prevent child identity theft?

Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour

There is a significant secondary marketplace where tickets can sell for several times their original value, opening the opportunity for scammers and fraud

Key findings from ESET Threat Report H1 2023 – Week in security with Tony Anscombe

Here's how cybercriminals have adjusted their tactics in response to Microsoft's stricter security policies, plus other interesting findings from ESET's new Threat Report

The danger within: 5 steps you can take to combat insider threats

Some threats may be closer than you think. Are security risks that originate from your own trusted employees on your radar?

ESET Research Podcast: Finding the mythical BlackLotus bootkit

Here's a story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

ESET Threat Report H1 2023

A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Emotet: sold or on vacation? – Week in security with Tony Anscombe

Originally a banking trojan, Emotet later evolved into a full-blown botnet and went on to become one of the most dangerous cyberthreats worldwide

What’s up with Emotet?

A brief summary of what happened with Emotet since its comeback in November 2021

Deepfaking it: What to know about deepfake-driven sextortion schemes

Criminals increasingly create deepfake nudes from people’s benign public photos in order to extort money from them, the FBI warns

Verizon 2023 DBIR: What’s new this year and top takeaways for SMBs

Here are some of the key insights on the evolving data breach landscape as revealed by Verizon’s analysis of more than 16,000 incidents

The good, the bad and the ugly of AI – Week in security with Tony Anscombe

The growing use of synthetic media and the difficulties in distinguishing between real and fake content raise a slew of legal and ethical questions