サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
2024年ランキング
www.welivesecurity.com
Award-winning news, views, and insight from the ESET security community ESET Research MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT ESET researchers tease apart MQsTTang, a new backdoor used by Mustang Panda, which communicates via the MQTT protocol ESET researchers have analyzed MQsTTang, a new custom backdoor that we attribute to the Mustang Panda APT group. This b
Award-winning news, views, and insight from the ESET security community ESET Research BlackLotus UEFI bootkit: Myth confirmed The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window hasn’
Award-winning news, views, and insight from the ESET security community ESET Research Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer ES
Award-winning news, views, and insight from the ESET security community ESET Research When "secure" isn't secure at all: High-impact UEFI vulnerabilities discovered in Lenovo consumer laptops ESET researchers discover multiple vulnerabilities in various Lenovo laptop models that allow an attacker with admin privileges to expose the user to firmware-level malware ESET researchers have discovered an
ESET researchers have analyzed malware that has been targeting high performance computing (HPC) clusters, among other high-profile targets. We reverse engineered this small, yet complex, malware that is portable to many operating systems including Linux, BSD, Solaris, and possibly AIX and Windows. We have named this malware Kobalos for its tiny code size and many tricks; in Greek mythology, a Koba
Award-winning news, views, and insight from the ESET security community Ramsay: A cyber-espionage toolkit tailored for air-gapped networks ESET researchers uncover several instances of malware that uses various attack vectors to target systems isolated by an air gap ESET researchers have discovered a previously unreported cyber-espionage framework that we named Ramsay and that is tailored for coll
Award-winning news, views, and insight from the ESET security community ESET Research KrØØk: Serious vulnerability affected encryption of billion+ Wi-Fi devices ESET researchers uncover a previously unknown security flaw allowing an adversary to decrypt some wireless network packets transmitted by vulnerable devices ESET Research has published its latest white paper, KrØØk - CVE-2019-15126: Seriou
ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows In June 2019, ESET researchers identified a zero-day exploit being used in a highly targeted attack in Eastern Europe. The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component. Once th
Award-winning news, views, and insight from the ESET security community ESET Research OceanLotus: macOS malware update Latest ESET research describes the inner workings of a recently found addition to OceanLotus’s toolset for targeting Mac users Early in March 2019, a new macOS malware sample from the OceanLotus group was uploaded to VirusTotal, a popular online multi-scanner service. This backdoo
ESET researchers discovered a new Android Trojan using a novel Accessibility-abusing technique that targets the official PayPal app, and is capable of bypassing PayPal’s two-factor authentication There is a new Trojan preying on Android users, and it has some nasty tricks up its sleeve. First detected by ESET in November 2018, the malware combines the capabilities of a remotely controlled banking
Award-winning news, views, and insight from the ESET security community ESET Research LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe Update, 9 October 2018: The remediation se
Update (11 September 2018): Microsoft has provided a patch for this in today’s Windows Update. On August 27, 2018, a so-called zero-day vulnerability affecting Microsoft Windows was published on GitHub and publicized via a rather acerbic tweet. It seems obvious that this was not part of a coordinated vulnerability disclosure and there was no patch at the time this tweet (since deleted) was publish
Award-winning news, views, and insight from the ESET security community An acoustic attack can bluescreen your Windows computer Security researchers have demonstrated how attackers could cause physical damage to hard drives, and cause PCs to crash, just by playing sounds through a computer's speaker. A denial-of-service (DoS) attack against your organisation's website is bad enough, preventing cus
Award-winning news, views, and insight from the ESET security community ESET Research A tale of two zero-days Double zero-day vulnerabilities fused into one. A mysterious sample enables attackers to execute arbitrary code with the highest privileges on intended targets Late in March 2018, ESET researchers identified an interesting malicious PDF sample. A closer look revealed that the sample exploi
Award-winning news, views, and insight from the ESET security community One year later: EternalBlue exploit more popular now than during WannaCryptor outbreak The infamous outbreak may no longer be causing mayhem worldwide but the threat that enabled it is still very much alive and posing a major threat to unpatched and unprotected systems It’s been a year since the WannaCryptor.D ransomware (aka
Award-winning news, views, and insight from the ESET security community ESET Research Lazarus KillDisks Central American casino The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets.
Award-winning news, views, and insight from the ESET security community Critical Infrastructure, Ransomware, Ukraine Crisis – Digital Security Resource Center Kiev metro hit with a new variant of the infamous Diskcoder ransomware Public sources have confirmed that computer systems in the Kiev Metro, Odessa naval port, Odessa airport, Ukrainian ministries of infrastructure and finance, and also a n
Award-winning news, views, and insight from the ESET security community Cybercrime UK National Lottery knocked offline by DDoS attack The UK National Lottery website and smartphone app are taken offline as a DDoS attack strikes. Saturday evening is a big night for the UK National Lottery, as draws are made and jackpot winners discover that they are newly-made millionaires. It's no wonder that many
Award-winning news, views, and insight from the ESET security community Ukraine Crisis – Digital Security Resource Center Analysis of TeleBots’ cunning backdoor This article reveals details about the initial infection vector that was used during the DiskCoder.C outbreak. On the 27th of June 2017, a new cyberattack hit many computer systems in Ukraine, as well as in other countries. That attack was
Award-winning news, views, and insight from the ESET security community Critical Infrastructure, Ukraine Crisis – Digital Security Resource Center TeleBots are back: Supply-chain attacks against Ukraine This blogpost reveals many details about the Diskcoder.C (aka ExPetr or NotPetya) outbreak and related information about previously unpublished attacks.
Award-winning news, views, and insight from the ESET security community ESET Research, Critical Infrastructure, Ukraine Crisis – Digital Security Resource Center Industroyer: Biggest threat to industrial control systems since Stuxnet ESET has analyzed a sophisticated and extremely dangerous malware, known as Industroyer, which is designed to disrupt critical industrial processes. Update (July 17th
Award-winning news, views, and insight from the ESET security community ESET Research Turla’s watering hole campaign: An updated Firefox extension abusing Instagram The Turla espionage group is still using watering hole techniques to redirect potentially interesting victims to their C&C infrastructure. Update, 21 June 2017: Due to our misunderstanding of communications with Google, the Firefox ext
Among all the Linux samples that we receive every day, we noticed one sample detected only by Dr.Web - their detection name was Linux.LuaBot. We deemed this to be suspicious as our detection rates for the Luabot family have generally been high. Upon analysis, it turned out that this was, indeed, a bot written in Lua, but it represents a new family, and is not related to previously seen Luabot malw
Award-winning news, views, and insight from the ESET security community Ransomware KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt ESET has discovered a Linux variant of the KillDisk component that renders Linux machines unbootable, while encrypting files and requesting a large ransom at the same time. ESET researchers have discovered a Linux variant of the KillDisk malware t
In 2016, companies have had their security solutions tested by increasingly sophisticated cybercriminals. We look at the year’s biggest security incidents. 2016 has been a challenging year for politics, public sanity and celebrity longevity, but also, for individuals and companies, a testing time in terms of online security. Pitted against increasingly sophisticated and targeted cybercriminals, it
Award-winning news, views, and insight from the ESET security community Ukraine Crisis – Digital Security Resource Center The rise of TeleBots: Analyzing disruptive KillDisk attacks ESET's Anton Cherepanov analyzes the work of TeleBots, a malicious toolset that was used in focused cyberattacks against targets in Ukraine's financial sector. In the second half of 2016, ESET researchers identified a
Award-winning news, views, and insight from the ESET security community ESET Research Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads Millions of readers who visit popular news websites have been targeted by a series of malicious ads redirecting them to the Stegano exploit kit. Update (December 15th): Further research and comparison of our fin
Award-winning news, views, and insight from the ESET security community Cybercrime ESET releases new decryptor for TeslaCrypt ransomware If your encrypted files had the extensions .xxx, .ttt, .micro, .mp3 or left unchanged, then ESET has good news for you. Have you been infected by one of the new variants (v3 or v4) of the notorious ransomware TeslaCrypt? If your encrypted files had the extensions
In recent months, there has been a significant increase in the number of networks and users affected by ransomware known as Locky, discusses ESET’s Diego Perez. In recent months, there has been a significant increase in the number of networks and users affected by ransomware known as Locky, which is used to encrypt a victim’s files and then demand a ransom to be paid in bitcoins. But, how does thi
次のページ
このページを最初にブックマークしてみませんか?
『Award-winning news, views, and insight from the ESET security community』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く