Category: eset

Don’t let dormant accounts become a doorway for cybercriminals Do you have online accounts you haven’t used in years? If so, a bit of digital spring cleaning might be in order. Go to eset

This month in security with Tony Anscombe – May 2025 edition From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it’s a wrap on another month filled with impactful cybersecurity news Go to eset

Word to the wise: Beware of fake Docusign emails Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data Go to eset

Danabot under the microscope ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure Go to eset

Danabot: Analyzing a fallen empire ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation Go to eset

Lumma Stealer: Down for the count The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies Go to eset

ESET takes part in global operation to disrupt Lumma Stealer Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation Go to eset

The who, where, and how of APT attacks in Q4 2024–Q1 2025 ESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report Go to eset

ESET APT Activity Report Q4 2024–Q1 2025 An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025 Go to eset

Sednit abuses XSS flaws to hit gov’t entities, defense companies Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU Go to eset

Operation RoundPress ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities Go to eset

How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2) Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world. Go to eset

Catching a phish with many faces Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly Go to eset

Beware of phone scams demanding money for ‘missed jury duty’ When we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer. Go to eset

Toll road scams are in overdrive: Here’s how to protect yourself Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam. Go to eset

RSAC 2025 wrap-up – Week in security with Tony Anscombe From the power of collaborative defense to identity security and AI, catch up on the event’s key themes and discussions Go to eset

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks Go to eset

How safe and secure is your iPhone really? Your iPhone isn’t necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors. Go to eset

This month in security with Tony Anscombe – April 2025 edition From the near-demise of MITRE’s CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity Go to eset

Deepfake ‘doctors’ take to TikTok to peddle bogus cures Look out for AI-generated ‘TikDocs’ who exploit the public’s trust in the medical profession to drive sales of sketchy supplements Go to eset

How fraudsters abuse Google Forms to spread scams The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe. Go to eset

Will super-smart AI be attacking us anytime soon? What practical AI attacks exist today? “More than zero” is the answer – and they’re getting better. Go to eset

CapCut copycats are on the prowl Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead Go to eset

They’re coming for your data: What are infostealers and how do I stay safe? Here’s what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data Go to eset

Attacks on the education sector are surging: How can cyber-defenders respond? Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What’s the right antidote to cyber-risk? Go to eset

Watch out for these traps lurking in search results Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results Go to eset

RansomHub affiliates linked to rival RaaS gangs ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions Go to eset

This month in security with Tony Anscombe – March 2025 edition From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it’s a wrap on another month filled with impactful cybersecurity news Go to eset

The good, the bad and the unknown of AI: A Q&A with Mária Bieliková The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us Go to eset

So your friend has been hacked: Could you be next? When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe. Go to eset

1 billion reasons to protect your identity online Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t. Go to eset

Fake job offers target software developers with infostealers A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims’ crypto wallets and steals their login details from web browsers and password managers Go to eset

No, you’re not fired – but beware of job termination scams Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff Go to eset

Katharine Hayhoe: The most important climate equation | Starmus highlights The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action Go to eset

Patch or perish: How organizations can master vulnerability management Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching Go to eset

How AI-driven identify fraud is causing havoc Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here’s how to fight back Go to eset

Neil Lawrence: What makes us unique in the age of AI | Starmus highlights As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human? Go to eset

What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10) Ever wondered what it’s like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security. Go to eset

Gaming or gambling? Lifting the lid on in-game loot boxes The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down Go to eset

Life on a crooked RedLine: Analyzing the infamous infostealer’s backend Following the takedown of RedLine Stealer by international authorities, ESET researchers are publicly releasing their research into the infostealer’s backend modules Go to eset

Jane Goodall: Reasons for hope | Starmus highlights The trailblazing scientist shares her reasons for hope in the fight against climate change and how we can tackle seemingly impossible problems and keep going in the face of adversity Go to eset

How to remove your personal information from Google Search results Have you ever googled yourself? Were you happy with what came up? If not, consider requesting the removal of your personal information from search results. Go to eset

Month in security with Tony Anscombe – October 2024 edition Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories Go to eset

ESET APT Activity Report Q2 2024–Q3 2024 An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2024 and Q3 2024 Go to eset