Will Windows 10 leave enterprises vulnerable to zero-days?

— March 13^th 2015 at 11:24

One thing Microsoft has been very public about is Windows 10's new strategy of releasing patches to update the operating system at different times for consumer and enterprise versions.

WeLiveSecurity

CryptoFortress mimics TorrentLocker but is a different ransomware

— March 9^th 2015 at 17:25

ESET assess the differences between CryptoFortress and TorrentLocker: two very different strains of ransomware.

WeLiveSecurity

MSIL/Agent.PYO: Have botnet, will travel

— January 29^th 2015 at 13:50

ESET's researchers recently encountered a piece of malware targeting the filling of the forms belonging to the Consulate of Poland. To understand why it is first necessary to have a brief look at the application process for visas.

WeLiveSecurity

Windows exploitation in 2014

— January 8^th 2015 at 13:44

Today, we published our research about Windows exploitation in 2014. This report contains interesting information about vulnerabilities in Microsoft Windows and Office patched over the course of the year, drive-by download attacks and mitigation techniques.

WeLiveSecurity

Virlock: First Self-Reproducing Ransomware is also a Shape Shifter

— December 22^nd 2014 at 13:55

Win32/VirLock is ransomware that locks victims’ screens but also acts as parasitic virus, infecting existing files on their computers. The virus is also polymorphic, which makes it an interesting piece of malware to analyze. This is the first time such combination of malware features has been observed.

WeLiveSecurity

Cybercrime Trends & Predictions for 2015

— December 18^th 2014 at 13:19

As regular readers will know, every year we publish our predictions on cybercrime attacks for the year ahead. Well, our South American research team has spent the last few weeks putting together our predictions for 2015.

WeLiveSecurity

TorrentLocker — Ransomware in a country near you

— December 16^th 2014 at 14:30

Today, we are publishing research on ransomware that emerged in 2014. We have posted blog articles about this threat before, to raise awareness when we realized the criminals were targeting the United Kingdom and Spain.

WeLiveSecurity

First exploitation of Internet Explorer 'Unicorn bug' in-the-wild

— November 20^th 2014 at 11:28

Microsoft released a patch last week for a critical vulnerability allowing remote code execution in Internet Explorer. This vulnerability is significant because it exploits an old bug present in Internet Explorer versions 3 through 11.

WeLiveSecurity

G20 2014 Summit Lure used to target Tibetan activists

— November 14^th 2014 at 15:29

APT actors trying to use big events as a lure to compromise their targets is nothing new. Tibetan NGOs being targeted by APT actors is also nothing new. Thus, surrounding the upcoming G20 2014 summit that is held in Brisbane, Australia, we were expecting to see G20 themed threats targeted at Tibetan NGOs. A Win32/Farfli (alias Gh0st RAT) sample ultimately confirmed our suspicions.

WeLiveSecurity

Korplug military targeted attacks: Afghanistan & Tajikistan

— November 12^th 2014 at 15:17

After taking a look at recent Korplug (PlugX) detections, we identified two larger scale campaigns employing this well-known Remote Access Trojan. This blog gives an overview of the first one

WeLiveSecurity

The Evolution of Webinject

— October 23^rd 2014 at 11:33

Last month, we presented “The Evolution of Webinject” in Seattle at the 24th Virus Bulletin conference. This blog post will go over its key findings and provide links to the various material that has been released in the last few weeks.

WeLiveSecurity

CVE-2014-4114: Details on August BlackEnergy PowerPoint Campaigns

— October 14^th 2014 at 15:29

In this post we provide additional information on how a specially crafted PowerPoint slideshow file (.PPSX) led to the execution of a BlackEnergy dropper.

WeLiveSecurity

Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland

— September 22^nd 2014 at 22:19

State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that's evolved into a sophisticated threat with a modular architecture.

WeLiveSecurity

ESET Research Podcast: Finding the mythical BlackLotus bootkit

— July 12^th 2023 at 11:30

Here's a story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

WeLiveSecurity

Stop Cyberbullying Day: Prevention is everyone's responsibility

— June 16^th 2023 at 11:30

Strategies for stopping and responding to cyberbullying require a concerted, community-wide effort involving parents, educators and children themselves

WeLiveSecurity

Android GravityRAT goes after WhatsApp backups

— June 15^th 2023 at 11:30

ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files

WeLiveSecurity

7 tips for spotting a fake mobile app

— June 6^th 2023 at 11:30

Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future

WeLiveSecurity

Shedding light on AceCryptor and its operation

— May 25^th 2023 at 11:30

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families

WeLiveSecurity

ESET Research Podcast: Finding the mythical BlackLotus bootkit

By: ESET Research — July 12^th 2023 at 09:30

A story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

The post ESET Research Podcast: Finding the mythical BlackLotus bootkit appeared first on WeLiveSecurity

WeLiveSecurity

ESET Threat Report H1 2023

By: Roman Kováč — July 11^th 2023 at 09:30

A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

The post ESET Threat Report H1 2023 appeared first on WeLiveSecurity

WeLiveSecurity

What’s up with Emotet?

By: Jakub Kaloč — July 6^th 2023 at 09:30

A brief summary of what happened with Emotet since its comeback in November 2021

The post What’s up with Emotet? appeared first on WeLiveSecurity

WeLiveSecurity

Android GravityRAT goes after WhatsApp backups

By: Lukas Stefanko — June 15^th 2023 at 09:30

ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files

The post Android GravityRAT goes after WhatsApp backups appeared first on WeLiveSecurity

WeLiveSecurity

Asylum Ambuscade: crimeware or cyberespionage?

By: Matthieu Faou — June 8^th 2023 at 09:30

A curious case of a threat actor at the border between crimeware and cyberespionage

The post Asylum Ambuscade: crimeware or cyberespionage? appeared first on WeLiveSecurity

WeLiveSecurity

Shedding light on AceCryptor and its operation

By: Jakub Kaloč — May 25^th 2023 at 09:30

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families

The post Shedding light on AceCryptor and its operation appeared first on WeLiveSecurity

WeLiveSecurity

Android app breaking bad: From legitimate screen recording to file exfiltration within a year

By: Lukas Stefanko — May 23^rd 2023 at 09:30

ESET researchers discover AhRat – a new Android RAT based on AhMyth – that exfiltrates files and records audio

The post Android app breaking bad: From legitimate screen recording to file exfiltration within a year appeared first on WeLiveSecurity