A pernicious potpourri of Python packages in PyPI

The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository

Black Hat Europe 2023: Should we regulate AI?

ChatGPT would probably say "Definitely not!", but will we learn any lessons from the rush to regulate IoT in the past?

Silent but deadly: The rise of zero-click attacks

A security compromise so stealthy that it doesn’t even require your interaction? Yes, zero-click attacks require no action from you – but this doesn’t mean you’re left vulnerable.

Surge in deceptive loan apps – Week in security with Tony Anscombe

ESET Research reveals details about a growth in the number of deceptive loan apps on Android, their origins and modus operandi.

Black Hat Europe 2023: The past could return to haunt you

Legacy protocols in the healthcare industry present dangers that can make hospitals extremely vulnerable to cyberattacks.

To tap or not to tap: Are NFC payments safer?

Contactless payments are quickly becoming ubiquitous – but are they more secure than traditional payment methods?

Navigating privacy: Should we put the brakes on car tracking?

Your car probably knows a lot more about you than it lets on – but is the trade-off of privacy for convenience truly justifiable?

Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths

ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play

Teaching appropriate use of AI tech – Week in security with Tony Anscombe

Several cases of children creating indecent images of other children using AI software add to the worries about harmful uses of AI technology

Executives behaving badly: 5 ways to manage the executive cyberthreat

Failing to practice what you preach, especially when you are a juicy target for bad actors, creates a situation fraught with considerable risk

Very precisely lost – GPS jamming

The technology is both widely available and well developed, hence it's also poised to proliferate – especially in the hands of those wishing ill

Retail at risk: Top threats facing retailers this holiday season

While it may be too late to introduce wholesale changes to your security policies, it doesn’t hurt to take a fresh look at where the biggest threats are and which best practices can help neutralize them

‘Tis the season to be wary: 12 steps to ruin a cybercriminal's day

The holiday shopping season may be the time to splurge, but it’s a also favorite time of year for cybercriminals to target shoppers with phony deals, phishing scams and other threats

Telekopye's tricks of the trade – Week in security with Tony Anscombe

ESET's research team reveals details about the onboarding process of the Telekopye scam operation and the various methods that the fraudsters use to defraud people online

Telekopye: Chamber of Neanderthals’ secrets

Insight into groups operating Telekopye bots that scam people in online marketplaces

Your voice is my password

AI-driven voice cloning can make things far too easy for scammers – I know because I’ve tested it so that you don’t have to learn about the risks the hard way.

Fuel for thought: Can a driverless car get arrested?

What happens when problems caused by autonomous vehicles are not the result of errors, but the result of purposeful attacks?

Is your LinkedIn profile revealing too much?

How much contact and personal information do you give away in your LinkedIn profile and who can see it? Here’s why less may be more.

Safeguarding ports from the rising tide of cyberthreats – Week in security with Tony Anscombe

An attack against a port operator that ultimately hobbled some 40 percent of Australia’s import and export capacity highlights the kinds of supply chain shocks that a successful cyberattack can cause

Is your LinkedIn profile revealing too much?

How much contact and personal information do you give away in your LinkedIn profile and who can see it? Here’s why less may be more.

Level up! These games will make learning about cybersecurity fun

Discover six games that will provide valuable knowledge while turning learning about digital security into an enjoyable and rewarding adventure

Capture the flag: 5 websites to sharpen your hacking skills

Through engaging hacking challenges and competitions, CTFs offer an excellent opportunity to test and enhance your security and problem-solving skills

Spyware disguised as a news app – Week in security with Tony Anscombe

The Urdu version of the Hunza News website offers readers the option to download an Android app – little do they know that the app is actually spyware

Cyber threat intelligence: Getting on the front foot against adversaries

By collecting, analyzing and contextualizing information about possible cyberthreats, including the most advanced ones, threat intelligence offers a critical method to identify, assess and mitigate cyber risk

Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan

ESET researchers discovered Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News

Navigating the security and privacy challenges of large language models

Organizations that intend to tap into the potential of LLMs must also be able to manage the risks that could otherwise erode the technology’s business value

The mysterious demise of the Mozi botnet – Week in security with Tony Anscombe

Various questions linger following the botnet's sudden and deliberate demise, including: who actually initiated it?

Who killed Mozi? Finally putting the IoT zombie botnet in its grave

How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there

Closing the gender gap: 7 ways to attract more women into cybersecurity

Global Diversity Awareness Month is a timely occasion to reflect on the steps required to remove obstacles to women's participation in the security industry and to consider the value of diversity in the security workforce

20 scary cybersecurity facts and figures for a haunting Halloween

Cybersecurity Awareness Month draws to a close and Halloween is just around the corner, so here is a bunch of spine-tingling figures about some very real tricks and threats lurking online

Roundcube Webmail servers under attack – Week in security with Tony Anscombe

The zero-day exploit deployed by the Winter Vivern APT group only requires that the target views a specially crafted message in a web browser

ESET APT Activity Report Q2–Q3 2023

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 and Q3 2023

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible

One login to rule them all: Should you sign in with Google or Facebook on other websites?

Why use and keep track of a zillion discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What’s the trade-off?

Spearphishing targets in Latin America – Week in security with Tony Anscombe

ESET's analysis of cybercrime campaigns in Latin America reveals a notable shift from opportunistic crimeware to more complex threats, including those targeting enterprises and governments

Strengthening the weakest link: top 3 security awareness topics for your employees

Knowledge is a powerful weapon that can empower your employees to become the first line of defense against threats

Better safe than sorry: 10 tips to build an effective business backup strategy

How robust backup practices can help drive resilience and improve cyber-hygiene in your company

Operation King TUT: The universe of threats in LATAM

ESET researchers reveal a growing sophistication in threats affecting the LATAM region by employing evasion techniques and high-value targeting

Staying on top of security updates – Week in security with Tony Anscombe

Why keeping software up to date is a crucial security practice that should be followed by everyone from individual users to SMBs and large enterprises

Virus Bulletin – building digital armies

Security researchers, global organizations, law enforcement and other government agencies need to have the right conversations and test potential scenarios without the pressure of an actual attack

6 steps to getting the board on board with your cybersecurity program

How CISOs and their peers can better engage with boards to get long-term buy-in for strategic initiatives

Virus Bulletin PUA – a love letter

Late nights at VB2023 featured intriguing interactions between security experts and the somewhat enigmatic world of grayware purveyors

Your family, home and small business need a cyber-resilience strategy, too!

Your preparedness to deal with cyberattacks is key for lessening the impact of a successful incident – even in home and small business environments

DinodasRAT used against governmental entity in Guayana – Week in security with Tony Anscombe

The backdoor can exfiltrate files, manipulate Windows registry keys, and execute commands that are capable of performing various actions on a victim’s machine

Fake friends and followers on social media – and how to spot them

One of the biggest threats to watch out for on social media is fraud perpetrated by people who aren’t who they claim to be. Here’s how to recognize them.

Operation Jacana: Foundling hobbits in Guyana

ESET researchers discovered a cyberespionage campaign against a governmental entity in Guyana

Playing your part in building a safer digital world: Why cybersecurity matters

In an increasingly complex and interconnected digital landscape, personal cybersecurity empowers you to protect your data, privacy and digital well-being

How Lazarus impersonated Meta to attack a target in Spain – Week in security with Tony Anscombe

During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan

Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company

While analyzing a Lazarus attack luring employees of an aerospace company, ESET researchers discovered a publicly undocumented backdoor

5 of the top programming languages for cybersecurity

While far from all roles in security explicitly demand coding skills, it’s challenging to envision a career in this field that wouldn’t derive substantial advantages from at least a basic understanding of fundamental coding principles

Can open-source software be secure?

Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security?

ESET's cutting-edge threat research at LABScon – Week in security with Tony Anscombe

Two ESET malware researchers took to the LABScon stage this year to deconstruct sophisticated attacks conducted by two well-known APT groups

Stealth Falcon preying over Middle Eastern skies with Deadglyph

ESET researchers have discovered Deadglyph, a sophisticated backdoor used by the infamous Stealth Falcon group for espionage in the Middle East

OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes

ESET researchers document OilRig’s Outer Space and Juicy Mix campaigns, targeting Israeli organizations in 2021 and 2022

10 tips to ace your cybersecurity job interview

Once you’ve made it past the initial screening process and secured that all-important interview, it’s time to seal the deal. These 10 tips will put you on the right track.

Ballistic Bobcat's Sponsor backdoor – Week in security with Tony Anscombe

Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States

Read it right! How to spot scams on Reddit

Do you know what types of scams and other fakery you should look out for when using a platform that once billed itself as “the front page of the Internet”?

ESET Research Podcast: Sextortion, digital usury and SQL brute-force

Closing intrusion vectors force cybercriminals to revisit old attack avenues, but also to look for new ways to attack their victims

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor

Will you give X your biometric data? – Week in security with Tony Anscombe

The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and secured