CyberSecure Specialist

Business Security The blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of today’s cyberthreats Phil Muncaster 07 Jan 2025  •  , 5 min. read There was a time when the boundary between cybercrime and state-aligned threat activity was rather easy to discern. Cybercriminals were fuelled solely by the profit motive. And their counterparts in the government carried out mainly cyberespionage campaigns, plus the occasional destructive attack, to further…

Read More

Digital Security As detections of cryptostealers surge across Windows, Android and macOS, it’s time for a refresher on how to keep your bitcoin or other crypto safe Phil Muncaster 09 Jan 2025  •  , 5 min. read Bitcoin is on a tear. For the first time in its history, the digital currency surpassed $100,000 in early December, having surged more than 30% since election night in the US. Whether or not the optimism about President-elect…

Read More

Kids Online Some of the state’s new child safety law can be easily circumvented. Should it have gone further? Tony Anscombe 14 Jan 2025  •  , 4 min. read Florida’s state legislators recently passed a new bill aimed at protecting children online. The highlights of the bill, which is known as HB 3, are mandatory age verification for accessing material that is deemed harmful to minors, and prohibiting children younger than 14 from joining social…

Read More

Digital Security In the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other threats Phil Muncaster 15 Jan 2025  •  , 5 min. read AI has supercharged the cybersecurity arms race over the past year. And the coming 12 months will provide no respite. This has major implications for corporate cybersecurity teams and their employers, as well as everyday web users. While AI…

Read More

ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate. Exploitation of this vulnerability leads to the execution of untrusted code during system boot, enabling potential attackers to easily deploy malicious UEFI bootkits (such as Bootkitty or BlackLotus) even on systems with UEFI Secure Boot enabled,…

Read More

ESET researchers provide details on a previously undisclosed China-aligned APT group that we track as PlushDaemon and one of its cyberespionage operations: the supply-chain compromise in 2023 of VPN software developed by a South Korean company, where the attackers replaced the legitimate installer with one that also deployed the group’s signature implant that we have named SlowStepper – a feature-rich backdoor with a toolkit of more than 30 components. Key points of this blogpost: PlushDaemon…

Read More

ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems 16 Jan 2025 ESET researchers have uncovered a vulnerability that, if exploited, would allow bad actors to circumvent UEFI Secure Boot and deploy malicious UEFI bootkits such as Bootkitty or BlackLotus on vulnerable systems. Tracked as CVE-2024-7344, the security flaw affects most UEFI-based systems and its exploitation would lead to the execution of untrusted code…

Read More

Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. After all, what better time to strike than when the potential victim is distracted by the possibility of getting a job? Since early 2024, ESET researchers have observed a series of malicious North Korea-aligned activities, where the operators, posing as headhunters, try to serve their targets with software projects that conceal infostealing malware. We call…

Read More

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims’ crypto wallets and steals their login details from web browsers and password managers 20 Feb 2025 ESET researchers have observed a malicious campaign where North Korea-aligned threat actors, posing as headhunters, target freelance software developers with info-stealing malware. The activities – named DeceptiveDevelopment and going back to at least November 2023 – involve spearphishing messages that are being distributed on job-hunting and freelancing…

Read More