FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

BladedFeline: Whispering in the dark

ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig

Danabot: Analyzing a fallen empire

ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation

ESET takes part in global operation to disrupt Lumma Stealer

Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation

ESET APT Activity Report Q4 2024–Q1 2025

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025

Operation RoundPress

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks

Shifting the sands of RansomHub’s EDRKillShifter

ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play

You will always remember this as the day you finally caught FamousSparrow

ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor

Operation FishMedley

ESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON

Operation AkaiRyΕ«: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor

ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor

Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani

Big shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media

Will Windows 10 leave enterprises vulnerable to zero-days?

One thing Microsoft has been very public about is Windows 10's new strategy of releasing patches to update the operating system at different times for consumer and enterprise versions.

CryptoFortress mimics TorrentLocker but is a different ransomware

ESET assess the differences between CryptoFortress and TorrentLocker: two very different strains of ransomware.

MSIL/Agent.PYO: Have botnet, will travel

ESET's researchers recently encountered a piece of malware targeting the filling of the forms belonging to the Consulate of Poland. To understand why it is first necessary to have a brief look at the application process for visas.

Windows exploitation in 2014

Today, we published our research about Windows exploitation in 2014. This report contains interesting information about vulnerabilities in Microsoft Windows and Office patched over the course of the year, drive-by download attacks and mitigation techniques.

Virlock: First Self-Reproducing Ransomware is also a Shape Shifter

Win32/VirLock is ransomware that locks victims’ screens but also acts as parasitic virus, infecting existing files on their computers. The virus is also polymorphic, which makes it an interesting piece of malware to analyze. This is the first time such combination of malware features has been observed.

Cybercrime Trends & Predictions for 2015

As regular readers will know, every year we publish our predictions on cybercrime attacks for the year ahead. Well, our South American research team has spent the last few weeks putting together our predictions for 2015.

TorrentLocker — Ransomware in a country near you

Today, we are publishing research on ransomware that emerged in 2014. We have posted blog articles about this threat before, to raise awareness when we realized the criminals were targeting the United Kingdom and Spain.

First exploitation of Internet Explorer 'Unicorn bug' in-the-wild

Microsoft released a patch last week for a critical vulnerability allowing remote code execution in Internet Explorer. This vulnerability is significant because it exploits an old bug present in Internet Explorer versions 3 through 11.

G20 2014 Summit Lure used to target Tibetan activists

APT actors trying to use big events as a lure to compromise their targets is nothing new. Tibetan NGOs being targeted by APT actors is also nothing new. Thus, surrounding the upcoming G20 2014 summit that is held in Brisbane, Australia, we were expecting to see G20 themed threats targeted at Tibetan NGOs. A Win32/Farfli (alias Gh0st RAT) sample ultimately confirmed our suspicions.

Korplug military targeted attacks: Afghanistan & Tajikistan

After taking a look at recent Korplug (PlugX) detections, we identified two larger scale campaigns employing this well-known Remote Access Trojan. This blog gives an overview of the first one

The Evolution of Webinject

Last month, we presented β€œThe Evolution of Webinject” in Seattle at the 24th Virus Bulletin conference. This blog post will go over its key findings and provide links to the various material that has been released in the last few weeks.

CVE-2014-4114: Details on August BlackEnergy PowerPoint Campaigns

In this post we provide additional information on how a specially crafted PowerPoint slideshow file (.PPSX) led to the execution of a BlackEnergy dropper.

Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland

State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that's evolved into a sophisticated threat with a modular architecture.

DeceptiveDevelopment targets freelance developers

ESET researchers analyzed a campaign delivering malware bundled with job interview challenges

PlushDaemon compromises supply chain of Korean VPN service

ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

The story of a signed UEFI application allowing a UEFI Secure Boot bypass

ESET Research Podcast: Telekopye, again

Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'

ESET Threat Report H2 2024

A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Bootkitty: Analyzing the first UEFI bootkit for Linux

ESET researchers analyze the first UEFI bootkit designed for Linux systems

RomCom exploits Firefox and Windows zero days in the wild

ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit

Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine

ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood

ESET Research Podcast: Finding the mythical BlackLotus bootkit

Here's a story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

Stop Cyberbullying Day: Prevention is everyone's responsibility

Strategies for stopping and responding to cyberbullying require a concerted, community-wide effort involving parents, educators and children themselves

Android GravityRAT goes after WhatsApp backups

ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files

7 tips for spotting a fake mobile app

Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future

Shedding light on AceCryptor and its operation

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families

ESET Research Podcast: Finding the mythical BlackLotus bootkit

By: ESET Research

A story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

The post ESET Research Podcast: Finding the mythical BlackLotus bootkit appeared first on WeLiveSecurity

ESET Threat Report H1 2023

By: Roman KovÑč

A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

The post ESET Threat Report H1 2023 appeared first on WeLiveSecurity

What’s up with Emotet?

By: Jakub Kaloč

A brief summary of what happened with Emotet since its comeback in November 2021

The post What’s up with Emotet? appeared first on WeLiveSecurity

❌