Will Windows 10 leave enterprises vulnerable to zero-days?

One thing Microsoft has been very public about is Windows 10's new strategy of releasing patches to update the operating system at different times for consumer and enterprise versions.

Hackers phish for data with fake Apple Watch giveaway

Apple fans keen to get their hands on the Apple Watch are advised to think before they click, after hackers exploited a wave of enthusiasm around the launch with a phishing scam linked to a fake giveaway.

Operating System Vulnerabilities, Exploits and Insecurity

iOS and OS X the most vulnerable operating systems? Don't confuse vulnerabilities with exploits, or patch frequency with insecurity.

CryptoFortress mimics TorrentLocker but is a different ransomware

ESET assess the differences between CryptoFortress and TorrentLocker: two very different strains of ransomware.

FBI investigating apparent ISIS attacks on Western websites

A number of seemingly unconnected Western websites were hacked over the weekend, with messages claiming Islamic State as the perpetrator.

DDoS attack on feminist blog backfires on International Women's Day

An attempt to silence feminism blog Femsplain backfires on DDoS attackers, as they only help to raise its profile.

Europol shuts down Ramnit botnet used to steal bank details

The Ramnit botnet that is said to have affected 3.2 million computers has been shut down by European police.

Lenovo and Superfish? Don't panic, you may not be affected

Lenovo's installation of a security-breaking app called Superfish on some computers has customers justifiably angry, but some folks are now unnecessarily confused by false positive detection.

Facebook exploit allowed attackers to remotely delete photos

A Facebook hack that allowed attackers to remotely delete any photo they wanted to from the social network has been patched by the company.

Electronic health records and data abuse: it's about more than medical info

After the Anthem mega-breach, questions abound about possible abuses of medical data. Here is a breakdown that offers some context.

Is your valentine for real? Six signs you might be falling for an online dating scam

With Valentine’s Day nearly upon us, millions will be looking for love online. Here's six online dating scams to look out for.

Facebook launches ThreatExchange for companies to share security threats

Facebook has officially launched ThreatExchange - a collaborative social network where companies can share information on cybersecurity threats, in an effort to neuter potential damage.

Security terms explained: What does Zero Day mean?

One of the terms I’m most often asked to explain is what a “zero day” vulnerability or exploit is; let’s look at what that phrase entails.

WhatsApp privacy is 'broken,' reveals proof-of-concept hack

WhatsApp's privacy settings are "broken" and can be bypassed by downloading a simple bit of software, claims the Dutch developer behind proof-of-concept tool WhatsSpy Public.

Facebook turns 11 - what you need to know, and what do your likes say about you?

Facebook updated its privacy settings at the end of January. As Facebook turns 11 today, here’s what you need to know about the new settings and how they could affect you.

White House seeks 10% increase in cybersecurity spend

President Obama's budget proposal for the 2016 fiscal year includes a projected 10 percent increase in cybersecurity spend, reports Reuters.

The New Hacker's List and an Old Debate: Would you Hire a Hacker?

The recent opening of the Hacker List portal brings to mind the age-old question: Would you hire a hacker?

Facebook porn scam infects 110k users in 48 hours

A new porn scam is spreading startlingly quickly through Facebook - one that has managed to spread malware to over 110,000 users in 48 hours, reports The Guardian.

MSIL/Agent.PYO: Have botnet, will travel

ESET's researchers recently encountered a piece of malware targeting the filling of the forms belonging to the Consulate of Poland. To understand why it is first necessary to have a brief look at the application process for visas.

Taylor Swift hacked, but denies naked pictures will be leaked

Singer Taylor Swift has had her Twitter and Instagram accounts hacked, but laughed off claims that the hackers will release nude photographs of her.

Android Wi-Fi Direct bug means hackers can reboot your device

A vulnerability in Android's Wi-Fi Direct functionality has been uncovered by security researchers.

Edward Snowden doesn't use an iPhone for privacy reasons

NSA whistleblower Edward Snowden has claimed he doesn't use an iPhone for fear of surveillance technology in the smartphone, reports The Independent.

Blackhat: Lessons from the Michael Mann, Chris Hemsworth movie?

Blackhat, the hacker movie directed by Michael Mann and starring Chris Hemsworth, could spread awareness of digital threats. If it is a learning opportunity, what are the lessons?

Facebook will highlight hoaxes in users' newsfeeds

Facebook has announced plans to crack down on spam and hoaxes in the newsfeed, with a note highlighting 'false information' when enough people flag the link as a hoax.

Cybercrime deterrence: 6 important steps

Cybercrime: there's too much of it, and we need to do more to deter it. With the President of the United States now making frequent references to "doing more about cybercrime" now is a good time to look at what steps must be taken.

Lizard Squad DDoS-for-hire service hacked - users' details revealed

Lizard Squad failed to encrypt its database of LizardStresser's registered users - storing details of their usernames and passwords in plaintext. A schoolboy error if ever I heard one.

Swiss bank data released by hackers

The Swiss state owned Banque Cantonale de Geneve has confirmed that hackers have released confidential customer correspondences after the bank refused to pay the ransom demanded by the attackers

Hacked routers used for paid DDoS attacks

The rent-a-DDoS service that knocked out Xbox Live and Playstation Network is powered by thousands of hacked residential internet routers.

British Prime Minister wants access to messaging apps

British Prime Minister David Cameron has stated his belief that encrypted messaging services must have backdoor access to government agencies

'Critical Security Updates' cancelled for 939 million Android users

Google has revealed that Android smartphones and tablets running versions of the software released before 4.3 (Jellybean) will no longer be given official updates to an important part of the software

Digital Invasion: 3 things we learned from CES 2015

Ever lost a kid somewhere? Not anymore if the gadget vendors have anything to say about it. Now you can digitally strap your kid to your tablet and keep track of them. Kids not running enough to stay trim? There’s an app for that that works the same way. Got high blood sugar? You can keep track of that too using the sensor-du-jour highlighted at CES 2015 in Las Vegas.

Facebook privacy - why statements about copyright don't do anything

Facebook users around the world have reported the return of the network’s longer-lasting hoaxes - a legal disclaimer which allows users to regain copyright over their images and other content. Here's why it doesn't work.

Windows exploitation in 2014

Today, we published our research about Windows exploitation in 2014. This report contains interesting information about vulnerabilities in Microsoft Windows and Office patched over the course of the year, drive-by download attacks and mitigation techniques.

Phish Allergy – Recognizing Phishing Messages

While phishing-related malware is still mostly Windows targeting, attacks that rely purely on social engineering and fake web sites might be delivered by any platform, including smartphones and tablets. The more cautious you are, the better informed you are, and the more you think before you click, the more chance you have of leaving phishing craft stranded.

5 reasons not to "hack back"

Are hacking victims "hacking back"? That question was recently posed in headlines like this one from Bloomberg: FBI Investigating Whether Companies Are Engaged in Revenge Hacking. The Marketplace reporter, Ben Johnson, speculated that 2015 might be the year of "hacking back" when he asked me about revenge hacking.

CES 2015 in Las Vegas: first impressions, 5 hot topics

With nearly 160,000 lust-ridden techies, corporate denizens and a few of us security types descending on a slightly crisp wintery Las Vegas to see what all the fuss is about at CES 2015, here are a few things to keep an eye out for this year at the show.

Bitstamp hacked for $5 million in Bitcoin

19,000 Bitcoin - valued at around $275 each, so $5 million together - have been stolen from a majour European Bitcoin exchange, reports RT.

Unpatched security hole has left millions of Moonpig customers at risk for 17 months

Moonpig, the online personalised card company, has been accused of a shockingly sloppy attitude to security, after apparently leaving a serious hole in its security unpatched.

Hobbit-inspired sword can help you find unsecured WiFi hotspots

Like many others, I was enchanted by The Hobbit (and later Lord of the Rings) at a young age - long before Peter Jackson turned J R R Tolkien's middle-earth fantasy books into a series of blockbuster movies.

Biometrics - can your fingerprint be ‘copied’ from a normal photo?

Fingerprint biometrics are entering the mainstream as a security measure, with both Apple and Samsung relying on readers to secure their flagship phones - but biometrics may not be as secure as many believe.

North Korea falls off the internet - is the United States to blame?

Barack Obama promises that the United States will respond to the Sony hack, and North Korea drops off the internet. Is there a connection?

Virlock: First Self-Reproducing Ransomware is also a Shape Shifter

Win32/VirLock is ransomware that locks victims’ screens but also acts as parasitic virus, infecting existing files on their computers. The virus is also polymorphic, which makes it an interesting piece of malware to analyze. This is the first time such combination of malware features has been observed.

Madonna thinks her computer was hacked

Turns out that the Material Girl has had her material stolen, and she's blaming hackers!

Mobile security: flaw allows hackers to read texts and listen to calls

Hackers can eavesdrop on your phone calls and text messages even with cell networks using "the most advanced encryption available" according to The Washington Post.

ICANN computers compromised by hackers

The nonprofit organization that looks after name and internet domains has been hit by a spear phishing hack that has compromised company data, reports The Register.

Cybercrime Trends & Predictions for 2015

As regular readers will know, every year we publish our predictions on cybercrime attacks for the year ahead. Well, our South American research team has spent the last few weeks putting together our predictions for 2015.

TorrentLocker — Ransomware in a country near you

Today, we are publishing research on ransomware that emerged in 2014. We have posted blog articles about this threat before, to raise awareness when we realized the criminals were targeting the United Kingdom and Spain.

TorrentLocker: Racketeering ransomware disassembled by ESET experts

Security experts at ESET have released their latest research into the notorious TorrentLocker malware, which has infected thousands of computer systems around the world, taking data hostage and demanding a ransom be paid to ensure its safe return.

Android scam: Firms fined over $500,000 for malicious apps' hidden subscriptions

Three UK firms have been fined over $500,000 for a scam that involved Android apps signing up to a subscription service, and suppressing notifications informing the victim they were being charged, according to The Guardian.

Identity theft - six tips to help keep yours safe

Private data such as addresses and social security numbers can be just as valuable to cybercriminals as valid credit card details can be to thieves - if not more so. Lock yours down with our tips.

Cyber Monday - 12 tips to help you shop safely online

Technology might evolve, but cyber gangs rely on tried-and-tested tactics. With a bit of care and attention, it’s easy to sort the genuine bargains from the too-good-to-be-true fakes.

Can e-cigarettes give you malware?

The long-term health effects of electronic cigarettes - or E-cigarettes - are still open for discussion - but the devices could harm your computer, at least if one report is to be believed.

First exploitation of Internet Explorer 'Unicorn bug' in-the-wild

Microsoft released a patch last week for a critical vulnerability allowing remote code execution in Internet Explorer. This vulnerability is significant because it exploits an old bug present in Internet Explorer versions 3 through 11.

Privacy and security post-Snowden: Pew Research parallels ESET findings

Privacy and security online are hot button topics in America today, as a new survey by the Pew Research Center confirms, mirroring similar results from two different privacy and security surveys conducted by ESET.

G20 2014 Summit Lure used to target Tibetan activists

APT actors trying to use big events as a lure to compromise their targets is nothing new. Tibetan NGOs being targeted by APT actors is also nothing new. Thus, surrounding the upcoming G20 2014 summit that is held in Brisbane, Australia, we were expecting to see G20 themed threats targeted at Tibetan NGOs. A Win32/Farfli (alias Gh0st RAT) sample ultimately confirmed our suspicions.

IT Pros also guilty of risqué selfies on mobiles

ESET study reveals many IT professionals are guilty of storing indecent material on their mobile phones, which would leave them embarrassed if lost.

Korplug military targeted attacks: Afghanistan & Tajikistan

After taking a look at recent Korplug (PlugX) detections, we identified two larger scale campaigns employing this well-known Remote Access Trojan. This blog gives an overview of the first one

Apple Pay and security - what you need to know

Mobile payments look set to be one of the defining technologies of 2015, as the launch of Apple Pay catalyses a boom in cardless payments - both from Apple’s own system, and rivals playing catch-up.

Facebook welcomes private browsers with dedicated Tor link

Facebook has opened its doors to privacy concerned users, but opening up a dedicated Tor link, guaranteeing that people who visit the social networking site through anonymous browsers aren't mistaken for botnets, Gizmodo reports.

How to make sure Adobe Flash is up-to-date and enabling it on-demand

Learn how to update Adobe Flash Player, to help protect against malware attacks.