ESET Research Podcast: Finding the mythical BlackLotus bootkit

Here's a story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

ESET Threat Report H1 2023

A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

What’s up with Emotet?

A brief summary of what happened with Emotet since its comeback in November 2021

Deepfaking it: What to know about deepfake-driven sextortion schemes

Criminals increasingly create deepfake nudes from people’s benign public photos in order to extort money from them, the FBI warns

The good, the bad and the ugly of AI – Week in security with Tony Anscombe

The growing use of synthetic media and the difficulties in distinguishing between real and fake content raise a slew of legal and ethical questions

What to know about the MOVEit hack – Week in security with Tony Anscombe

The US government has now announced a bounty of $10 million for intel linking the Cl0p ransomware gang to a foreign government

Maltego: Check how exposed you are online

A primer on how to use this powerful tool for uncovering and connecting information from publicly available sources

Going on vacation soon? Stay one step ahead of travel scams

From bogus free trips to fake rental homes, here are some of the most common online threats you should look out for both before and during your travels

Is a RAT stealing your files? – Week in security with Tony Anscombe

Could your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups or performs other shenanigans?

Stop Cyberbullying Day: Prevention is everyone's responsibility

Strategies for stopping and responding to cyberbullying require a concerted, community-wide effort involving parents, educators and children themselves

Android GravityRAT goes after WhatsApp backups

ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files

Hear no evil: Ultrasound attacks on voice assistants

How your voice assistant could do the bidding of a hacker – without you ever hearing a thing

7 tips for spotting a fake mobile app

Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future

API security in the spotlight – Week in security with Tony Anscombe

Given the reliance of today's digital world on APIs and the fact that attacks targeting them continue to rise sharply, API security cannot be an afterthought.

All eyes on APIs: Top 3 API security risks and how to mitigate them

As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency

How an innocuous app morphed into a trojan – Week in security with Tony Anscombe

ESET research uncovers an Android app that initially had no harmful features but months later turned into a spying tool

Shedding light on AceCryptor and its operation

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families

Digital security for the self-employed: Staying safe without an IT team to help

Nobody wants to spend their time dealing with the fallout of a security incident instead of building up their business

Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour

There is a significant secondary marketplace where tickets can sell for several times their original value, opening the opportunity for scammers and fraud

The post Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour appeared first on WeLiveSecurity

The danger within: 5 steps you can take to combat insider threats

Some threats may be closer than you think. Are security risks that originate from your own trusted employees on your radar?

The post The danger within: 5 steps you can take to combat insider threats appeared first on WeLiveSecurity

ESET Research Podcast: Finding the mythical BlackLotus bootkit

A story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

The post ESET Research Podcast: Finding the mythical BlackLotus bootkit appeared first on WeLiveSecurity

ESET Threat Report H1 2023

A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

The post ESET Threat Report H1 2023 appeared first on WeLiveSecurity

What’s up with Emotet?

A brief summary of what happened with Emotet since its comeback in November 2021

The post What’s up with Emotet? appeared first on WeLiveSecurity

Verizon 2023 DBIR: What’s new this year and top takeaways for SMBs

Here are some of the key insights on the evolving data breach landscape as revealed by Verizon’s analysis of more than 16,000 incidents

The post Verizon 2023 DBIR: What’s new this year and top takeaways for SMBs appeared first on WeLiveSecurity

Employee monitoring: Is ‘bossware’ right for your company?

While employee monitoring software may boost productivity, it may also be a potential privacy minefield and it can affect your relationship with your employees

The post Employee monitoring: Is ‘bossware’ right for your company? appeared first on WeLiveSecurity

Avoid juice jacking and recharge your batteries safely this summer

Cybercriminals can use USB charging stations in airports, hotels, malls or other public spaces as conduits for malware

The post Avoid juice jacking and recharge your batteries safely this summer appeared first on WeLiveSecurity

Maltego: Check how exposed you are online

A primer on how to use this powerful tool for uncovering and connecting information from publicly available sources

The post Maltego: Check how exposed you are online appeared first on WeLiveSecurity

Passwords out, passkeys in: are you ready to make the switch?

With passkeys poised for prime time, passwords seem passé. What are the main benefits of ditching one in favor of the other?

The post Passwords out, passkeys in: are you ready to make the switch? appeared first on WeLiveSecurity

Android GravityRAT goes after WhatsApp backups

ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files

The post Android GravityRAT goes after WhatsApp backups appeared first on WeLiveSecurity

Cyber insurance: What is it and does my company need it?

While not a 'get out of jail free card' for your business, cyber insurance can help insulate it from the financial impact of a cyber-incident

The post Cyber insurance: What is it and does my company need it? appeared first on WeLiveSecurity

Asylum Ambuscade: crimeware or cyberespionage?

A curious case of a threat actor at the border between crimeware and cyberespionage

The post Asylum Ambuscade: crimeware or cyberespionage? appeared first on WeLiveSecurity

5 free OSINT tools for social media

A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms

The post 5 free OSINT tools for social media appeared first on WeLiveSecurity

Tricks of the trade: How a cybercrime ring operated a multi‑level fraud scheme

A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target for similar ploys

The post Tricks of the trade: How a cybercrime ring operated a multi‑level fraud scheme appeared first on WeLiveSecurity

Shedding light on AceCryptor and its operation

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families

The post Shedding light on AceCryptor and its operation appeared first on WeLiveSecurity

Digital security for the self‑employed: Staying safe without an IT team to help

Nobody wants to spend their time dealing with the fallout of a security incident instead of building up their business

The post Digital security for the self‑employed: Staying safe without an IT team to help appeared first on WeLiveSecurity

Android app breaking bad: From legitimate screen recording to file exfiltration within a year

ESET researchers discover AhRat – a new Android RAT based on AhMyth – that exfiltrates files and records audio

The post Android app breaking bad: From legitimate screen recording to file exfiltration within a year appeared first on WeLiveSecurity

Top 5 search engines for internet‑connected devices and services

A roundup of some of the handiest tools that security professionals can use to search for and monitor devices that are accessible from the internet

The post Top 5 search engines for internet‑connected devices and services appeared first on WeLiveSecurity

Meet “AI”, your new colleague: could it expose your company’s secrets?

Before rushing to embrace the LLM-powered hire, make sure your organization has safeguards in place to avoid putting its business and customer data at risk

The post Meet “AI”, your new colleague: could it expose your company’s secrets? appeared first on WeLiveSecurity

You may not care where you download software from, but malware does

Why do people still download files from sketchy places and get compromised as a result?

The post You may not care where you download software from, but malware does appeared first on WeLiveSecurity

Turning on stealth mode: 5 simple strategies for staying under the radar online

Have your cake and eat it too – enjoy some of what the online world has to offer without always giving out your contact details

The post Turning on stealth mode: 5 simple strategies for staying under the radar online appeared first on WeLiveSecurity

ESET APT Activity Report Q4 2022­–Q1 2023

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023

The post ESET APT Activity Report Q4 2022­–Q1 2023 appeared first on WeLiveSecurity

How the war in Ukraine has been a catalyst in private‑public collaborations

As the war shows no signs of ending and cyber-activity by states and criminal groups remains high, conversations around the cyber-resilience of critical infrastructure have never been more vital

The post How the war in Ukraine has been a catalyst in private‑public collaborations appeared first on WeLiveSecurity

Creating strong, yet user‑friendly passwords: Tips for your business password policy

Don’t torture people with exceedingly complex password composition rules but do blacklist commonly used passwords, plus other ways to help people help themselves – and your entire organization

The post Creating strong, yet user‑friendly passwords: Tips for your business password policy appeared first on WeLiveSecurity

Using Discord? Don’t play down its privacy and security risks

It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, threats lurking on the social media juggernaut

The post Using Discord? Don’t play down its privacy and security risks appeared first on WeLiveSecurity

APT groups muddying the waters for MSPs

A quick dive into the murky world of cyberespionage and other growing threats facing managed service providers – and their customers

The post APT groups muddying the waters for MSPs appeared first on WeLiveSecurity

RSA Conference 2023 – How AI will infiltrate the world

As all things (wrongly called) AI take the world’s biggest security event by storm, we round up of some of their most-touted use cases and applications

The post RSA Conference 2023 – How AI will infiltrate the world appeared first on WeLiveSecurity

Evasive Panda APT group delivers malware via updates for popular Chinese software

ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software

The post Evasive Panda APT group delivers malware via updates for popular Chinese software appeared first on WeLiveSecurity

Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack

Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack

The post Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack appeared first on WeLiveSecurity

The EU’s Cyber Solidarity Act: Security Operations Centers to the rescue!

The legislation aims to bolster the Union’s cyber-resilience and enhance its capabilities to prepare for, detect and respond to incidents

The post The EU’s Cyber Solidarity Act: Security Operations Centers to the rescue! appeared first on WeLiveSecurity

Discarded, not destroyed: Old routers reveal corporate secrets

When decommissioning their old hardware, many companies 'throw the baby out with the bathwater'

The post Discarded, not destroyed: Old routers reveal corporate secrets appeared first on WeLiveSecurity

Safety first: 5 cybersecurity tips for freelance bloggers

The much-dreaded writer’s block isn’t the only threat that may derail your progress. Are you doing enough to keep your blog (and your livelihood) safe from online dangers?

The post Safety first: 5 cybersecurity tips for freelance bloggers appeared first on WeLiveSecurity

What are the cybersecurity concerns of SMBs by sector?

Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured

The post What are the cybersecurity concerns of SMBs by sector? appeared first on WeLiveSecurity

Cleaning up your social media and passwords: What to trash and what to treasure

Give your social media presence a good spring scrubbing, audit your passwords and other easy ways to bring order to your digital chaos

The post Cleaning up your social media and passwords: What to trash and what to treasure appeared first on WeLiveSecurity

Why you should spring clean your home network and audit your backups

Do you know how many devices are connected to your home network? You don’t? This is precisely why it’s time for a network audit.

The post Why you should spring clean your home network and audit your backups appeared first on WeLiveSecurity

Spring into action and tidy up your digital life like a pro

Spring is in the air and as the leaves start growing again, why not breathe some new life into the devices you depend on so badly?

The post Spring into action and tidy up your digital life like a pro appeared first on WeLiveSecurity

World Backup Day: Avoiding a data disaster is a forever topic 

By failing to prepare you are preparing to fail. Make sure you're able to bounce back if, or when, a data disaster strikes.

The post World Backup Day: Avoiding a data disaster is a forever topic  appeared first on WeLiveSecurity

ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine

ESET experts share their insights on the cyber-elements of the first year of the war in Ukraine and how a growing number of destructive malware variants tried to rip through critical Ukrainian systems

The post ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine appeared first on WeLiveSecurity

Pig butchering scams: The anatomy of a fast‑growing threat

How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers

The post Pig butchering scams: The anatomy of a fast‑growing threat appeared first on WeLiveSecurity

Staying safe on OnlyFans: The naked truth

How content creators and subscribers can embrace the social media platform without (overly) exposing themselves to the potentially toxic brew of NSFW content and privacy threats

The post Staying safe on OnlyFans: The naked truth appeared first on WeLiveSecurity

What TikTok knows about you – and what you should know about TikTok

As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us

The post What TikTok knows about you – and what you should know about TikTok appeared first on WeLiveSecurity