Tag: eset
-
Lessons for life: Why children’s data is a long-term identity risk
Lessons for life: Why children’s data is a long-term identity risk Your child’s first data breach may happen before they’ve even opened a bank account. Here’s how to keep their digital life safe. Go to eset
-
This month in security with Tony Anscombe – May 2026 edition
This month in security with Tony Anscombe – May 2026 edition In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit Go to eset
-
ESET APT Activity Report Q4 2025–Q1 2026
ESET APT Activity Report Q4 2025–Q1 2026 An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026 Go to eset
-
What to consider before asking an AI chatbot for health advice
What to consider before asking an AI chatbot for health advice Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Here’s what’s at stake and how to stay safe. Go to eset
-
BTMOB: A stealthy RAT burrowing deep into Android devices
BTMOB: A stealthy RAT burrowing deep into Android devices The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise Go to eset
-
Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise
Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data Go to eset
-
Webworm: New burrowing techniques
Webworm: New burrowing techniques ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal Go to eset
-
The quest for greater tech independence
The quest for greater tech independence A complete decoupling from US technology is neither realistic nor necessary, but the changing environment does require nations and companies to reassess their relationships and dependencies Go to eset
-
Why geopolitical turmoil is a gift for scammers, and how to stay safe
Why geopolitical turmoil is a gift for scammers, and how to stay safe Conflict is a boon for opportunistic fraudsters. Look out for their ploys. Go to eset
-
FrostyNeighbor: Fresh mischief and digital shenanigans
FrostyNeighbor: Fresh mischief and digital shenanigans ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations Go to eset
-
Eyes wide open: How to mitigate the security and privacy risks of smart glasses
Eyes wide open: How to mitigate the security and privacy risks of smart glasses Smart glasses allow anyone to track and record the world around them. That could put your data and the privacy of those nearby at risk. Go to eset
-
Fixing the password problem is as easy as 123456
Fixing the password problem is as easy as 123456 How come it’s still possible to ‘secure’ an online account with a six-digit string? Go to eset
-
Fake call logs, real payments: How CallPhantom tricks Android users
Fake call logs, real payments: How CallPhantom tricks Android users ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down Go to eset
-
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games Go to eset
-
This month in security with Tony Anscombe – April 2026 edition
This month in security with Tony Anscombe – April 2026 edition Warnings about helpdesk impersonation scams and Iran-linked hackers targeting critical sectors in the US, plus the most damaging scams of 2025 – here’s some of what made the headlines this month Go to eset
-
The calm before the ransom: What you see is not all there is
The calm before the ransom: What you see is not all there is A breach claims the systems as well as the confidence that was, in retrospect, a major vulnerability Go to eset
-
GopherWhisper: A burrow full of malware
GopherWhisper: A burrow full of malware ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions Go to eset
-
New NGate variant hides in a trojanized NFC payment app
New NGate variant hides in a trojanized NFC payment app ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI Go to eset
-
What the ransom note won’t say
What the ransom note won’t say An attack is what you see, but a business operation is what you’re up against Go to eset
-
That data breach alert might be a trap
That data breach alert might be a trap Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse. Stop reacting on autopilot. Go to eset
-
Supply chain dependencies: Have you checked your blind spot?
Supply chain dependencies: Have you checked your blind spot? Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience? Go to eset
-
Recovery scammers hit you when you’re down: Here’s how to avoid a second strike
Recovery scammers hit you when you’re down: Here’s how to avoid a second strike If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse. Go to eset
-
As breakout time accelerates, prevention-first cybersecurity takes center stage
As breakout time accelerates, prevention-first cybersecurity takes center stage Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy. Go to eset
-
Digital assets after death: Managing risks to your loved one’s digital estate
Digital assets after death: Managing risks to your loved one’s digital estate Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay. Go to eset
-
This month in security with Tony Anscombe – March 2026 edition
This month in security with Tony Anscombe – March 2026 edition The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan Go to eset
-
A cunning predator: How Silver Fox preys on Japanese firms this tax season
A cunning predator: How Silver Fox preys on Japanese firms this tax season Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening them Go to eset
-
RSAC 2026 wrap-up – Week in security with Tony Anscombe
RSAC 2026 wrap-up – Week in security with Tony Anscombe This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven’t caught up with Go to eset
-
Virtual machines, virtually everywhere – and with real security gaps
Virtual machines, virtually everywhere – and with real security gaps Cloud VMs offer unmatched speed, scale and flexibility – all of which could eventually count for little if they’re left to fend for themselves Go to eset
-
Cloud workload security: Mind the gaps
Cloud workload security: Mind the gaps As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning Go to eset
-
Move fast and save things: A quick guide to recovering a hacked account
Move fast and save things: A quick guide to recovering a hacked account What you do – and how fast – after an account is compromised often matters more than it may seem Go to eset
-
EDR killers explained: Beyond the drivers
EDR killers explained: Beyond the drivers ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers Go to eset
-
Face value: What it takes to fool facial recognition
Face value: What it takes to fool facial recognition ESET’s Jake Moore used smart glasses, deepfakes and face swaps to ‘hack’ widely-used facial recognition systems – and he’ll demo it all at RSAC 2026 Go to eset
-
Cyber fallout from the Iran war: What to have on your radar
Cyber fallout from the Iran war: What to have on your radar The cybersecurity implications of the war in the Middle East extend far beyond the region. Here’s where to focus your defenses. Go to eset
-
Sednit reloaded: Back in the trenches
Sednit reloaded: Back in the trenches The resurgence of one of Russia’s most notorious APT groups Go to eset
-
What cybersecurity actually does for your business
What cybersecurity actually does for your business The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed Go to eset
-
How SMBs use threat research and MDR to build a defensive edge
How SMBs use threat research and MDR to build a defensive edge We speak to Director of ESET Threat Research Jean-Ian Boutin about where solutions that blend advanced technology with human expertise provide the most practical value for businesses Go to eset
-
Protecting education: How MDR can tip the balance in favor of schools
Protecting education: How MDR can tip the balance in favor of schools The education sector is notoriously short on cash, but rich in assets for threat actors to target. How can managed detection and response (MDR) help learning institutions regain the initiative? Go to eset
-
This month in security with Tony Anscombe – February 2026 edition
This month in security with Tony Anscombe – February 2026 edition In this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI tools Go to eset
-
Mobile app permissions (still) matter more than you may think
Mobile app permissions (still) matter more than you may think Start using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks. Go to eset
-
Faking it on the phone: How to tell if a voice call is AI or not
Faking it on the phone: How to tell if a voice call is AI or not Can you believe your ears? Increasingly, the answer is no. Here’s what’s at stake for your business, and how to beat the deepfakers. Go to eset
-
PromptSpy ushers in the era of Android threats using GenAI
PromptSpy ushers in the era of Android threats using GenAI ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow Go to eset
-
Is Poshmark safe? How to buy and sell without getting scammed
Is Poshmark safe? How to buy and sell without getting scammed Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches. Go to eset
-
Is it OK to let your children post selfies online?
Is it OK to let your children post selfies online? When it comes to our children’s digital lives, prohibition rarely works. It’s our responsibility to help them build a healthy relationship with tech. Go to eset
-
Naming and shaming: How ransomware groups tighten the screws on victims
Naming and shaming: How ransomware groups tighten the screws on victims When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle Go to eset
-
Taxing times: Top IRS scams to look out for in 2026
Taxing times: Top IRS scams to look out for in 2026 It’s time to file your tax return. And cybercriminals are lurking to make an already stressful period even more edgy. Go to eset
-
OfferUp scammers are out in force: Here’s what you should know
OfferUp scammers are out in force: Here’s what you should know The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams. Go to eset
-
A slippery slope: Beware of Winter Olympics scams and other cyberthreats
A slippery slope: Beware of Winter Olympics scams and other cyberthreats It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the losing side by following these best practices. Go to eset
-
DynoWiper update: Technical analysis and attribution
DynoWiper update: Technical analysis and attribution ESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sector Go to eset
-
This month in security with Tony Anscombe – January 2026 edition
This month in security with Tony Anscombe – January 2026 edition The trends that emerged in January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the year Go to eset
-
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation Go to eset
-
Drowning in spam or scam emails? Here’s probably why
Drowning in spam or scam emails? Here’s probably why Has your inbox recently been deluged with unwanted and even outright malicious messages? Here are 10 possible reasons – and how to stem the tide. Go to eset
-
ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025
ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper Go to eset
-
Children and chatbots: What parents should know
Children and chatbots: What parents should know As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development Go to eset
-
Common Apple Pay scams, and how to stay safe
Common Apple Pay scams, and how to stay safe Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead Go to eset
-
Old habits die hard: 2025’s most common passwords were as predictable as ever
Old habits die hard: 2025’s most common passwords were as predictable as ever Once again, data shows an uncomfortable truth: the habit of choosing eminently hackable passwords is alive and well Go to eset
-
Your personal information is on the dark web. What happens next?
Your personal information is on the dark web. What happens next? If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do. Go to eset
-
Credential stuffing: What it is and how to protect yourself
Credential stuffing: What it is and how to protect yourself Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts Go to eset
-
This month in security with Tony Anscombe – December 2025 edition
This month in security with Tony Anscombe – December 2025 edition As 2025 draws to a close, Tony looks back at the cybersecurity stories that stood out both in December and across the whole of this year Go to eset
-
Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component
Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation Go to eset
-
A brush with online fraud: What are brushing scams and how do I stay safe?
A brush with online fraud: What are brushing scams and how do I stay safe? Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow. Go to eset
-
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions Go to eset
-
ESET Threat Report H2 2025
ESET Threat Report H2 2025 A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Go to eset
-
Black Hat Europe 2025: Was that device designed to be on the internet at all?
Black Hat Europe 2025: Was that device designed to be on the internet at all? Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Go to eset
-
Black Hat Europe 2025: Reputation matters – even in the ransomware economy
Black Hat Europe 2025: Reputation matters – even in the ransomware economy Being seen as reliable is good for ‘business’ and ransomware groups care about ‘brand reputation’ just as much as their victims Go to eset
-
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity If you don’t look inside your environment, you can’t know its true state – and attackers count on that Go to eset
-
Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece
Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience. Go to eset
-
The big catch: How whaling attacks target top executives
The big catch: How whaling attacks target top executives Is your organization’s senior leadership vulnerable to a cyber-harpooning? Learn how to keep them safe. Go to eset
-
Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture
Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture Identity is effectively the new network boundary. It must be protected at all costs. Go to eset
-
MuddyWater: Snakes by the riverbank
MuddyWater: Snakes by the riverbank MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook Go to eset
-
This month in security with Tony Anscombe – November 2025 edition
This month in security with Tony Anscombe – November 2025 edition Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month’s cybersecurity news Go to eset
-
What parents should know to protect their children from doxxing
What parents should know to protect their children from doxxing Online disagreements among young people can easily spiral out of control. Parents need to understand what’s at stake. Go to eset
-
MDR is the answer – now, what’s the question?
MDR is the answer – now, what’s the question? Why your business needs the best-of-breed combination of technology and human expertise Go to eset
-
PlushDaemon compromises network devices for adversary-in-the-middle attacks
PlushDaemon compromises network devices for adversary-in-the-middle attacks ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks Go to eset
-
The OSINT playbook: Find your weak spots before attackers do
The OSINT playbook: Find your weak spots before attackers do Here’s how open-source intelligence helps trace your digital footprint and uncover your weak points, plus a few essential tools to connect the dots Go to eset
-
What if your romantic AI chatbot can’t keep a secret?
What if your romantic AI chatbot can’t keep a secret? Does your chatbot know too much? Think twice before you tell your AI companion everything. Go to eset
-
How password managers can be hacked – and how to stay safe
How password managers can be hacked – and how to stay safe Look no further to learn how cybercriminals could try to crack your vault and how you can keep your logins safe Go to eset
-
Why shadow AI could be your biggest security blind spot
Why shadow AI could be your biggest security blind spot From unintentional data leakage to buggy code, here’s why you should care about unsanctioned AI use in your company Go to eset
-
The who, where, and how of APT attacks in Q2 2025–Q3 2025
The who, where, and how of APT attacks in Q2 2025–Q3 2025 ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report Go to eset
-
In memoriam: David Harley
In memoriam: David Harley Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security Go to eset
-
ESET APT Activity Report Q2 2025–Q3 2025
ESET APT Activity Report Q2 2025–Q3 2025 An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025 Go to eset
-
Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming
Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data Go to eset
-
How social engineering works | Unlocked 403 cybersecurity podcast (S2E6)
How social engineering works | Unlocked 403 cybersecurity podcast (S2E6) Think you could never fall for an online scam? Think again. Here’s how scammers could exploit psychology to deceive you – and what you can do to stay one step ahead Go to eset
-
This month in security with Tony Anscombe – October 2025 edition
This month in security with Tony Anscombe – October 2025 edition From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October’s headlines offer a glimpse of what’s shaping cybersecurity right now Go to eset
-
Ground zero: 5 things to do after discovering a cyberattack
Ground zero: 5 things to do after discovering a cyberattack When every minute counts, preparation and precision can mean the difference between disruption and disaster Go to eset
-
Recruitment red flags: Can you spot a spy posing as a job seeker?
Recruitment red flags: Can you spot a spy posing as a job seeker? Here’s what to know about a recent spin on an insider threat – fake North Korean IT workers infiltrating western firms Go to eset
-
Cybersecurity Awareness Month 2025: When seeing isn’t believing
Cybersecurity Awareness Month 2025: When seeing isn’t believing Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams Go to eset
-
Fraud prevention: How to help older family members avoid scams
Fraud prevention: How to help older family members avoid scams Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically Go to eset
-
Small businesses, big targets: Protecting your business against ransomware
Small businesses, big targets: Protecting your business against ransomware Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises Go to eset
-
Gamaredon X Turla collab
Gamaredon X Turla collab Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine Go to eset
-
HybridPetya: The Petya/NotPetya copycat comes with a twist
HybridPetya: The Petya/NotPetya copycat comes with a twist HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality Go to eset
-
Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass
Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal Go to eset
-
Are cybercriminals hacking your systems – or just logging in?
Are cybercriminals hacking your systems – or just logging in? As bad actors often simply waltz through companies’ digital front doors with a key, here’s how to keep your own door firmly locked tight Go to eset
-
Preventing business disruption and building cyber-resilience with MDR
Preventing business disruption and building cyber-resilience with MDR Given the serious financial and reputational risks of incidents that grind business to a halt, organizations need to prioritize a prevention-first cybersecurity strategy Go to eset
-
GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes
GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results Go to eset
-
Under lock and key: Safeguarding business data with encryption
Under lock and key: Safeguarding business data with encryption As the attack surface expands and the threat landscape grows more complex, it’s time to consider whether your data protection strategy is fit for purpose Go to eset
-
This month in security with Tony Anscombe – August 2025 edition
This month in security with Tony Anscombe – August 2025 edition From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity news Go to eset