Information

Business Security As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning Tomáš Foltýn 24 Mar 2026  •  , 4 min. read Complexity is said to be the enemy of many things, but when it comes to organizations and their IT systems and processes, complexity is arguably the worst enemy of cybersecurity. For many IT and security practitioners, this plays out daily as they scramble to manage what IBM…

Read More

Cybercriminals go after people’s personal information across every kind of online platform, including WhatsApp, Instagram, LinkedIn, Roblox, YouTube and Spotify, not to mention finance apps. No online account is off the table. If one of your own accounts falls victim, the first priority is to avoid losing your cool and act immediately – the faster you move, the more of the attacker’s work you can interrupt. The attacker’s first move after gaining access could be…

Read More

In recent years, EDR killers have become one of the most commonly seen tools in modern ransomware intrusions: an attacker acquires high privileges, deploys such a tool to disrupt protection, and only then launches the encryptor. Besides the dominating Bring Your Own Vulnerable Driver (BYOVD) technique, we also see attackers frequently abusing legitimate anti-rootkit utilities or using driverless approaches to block the communication of endpoint detection and response (EDR) software or suspend it in place.…

Read More

ESET’s Jake Moore used smart glasses, deepfakes and face swaps to ‘hack’ widely-used facial recognition systems – and he’ll demo it all at RSAC 2026 Tomáš Foltýn 13 Mar 2026  •  , 2 min. read Facial recognition is increasingly embedded in everything from airport boarding gates to bank onboarding flows. The widely-held assumption is that a face is hard to fake and that matching a live face to a trusted source is a reliable identity…

Read More

The war in Iran was less than 24 hours old when it produced a historic first: the deliberate targeting of commercial data centers. On March 1st, Iranian drones hit three Amazon Web Services (AWS) facilities in the United Arab Emirates and Bahrain, disrupting core cloud infrastructure and knocking out finance apps and enterprise tools not only across the Gulf, but also far away from the region. The attacks showed that physical distance from a conflict…

Read More

Since April 2024, Sednit’s advanced development team has reemerged with a modern toolkit centered on two paired implants, BeardShell and Covenant, each using a different cloud provider for resilience. This dual‑implant approach enabled long‑term surveillance of Ukrainian military personnel. Interestingly, these current toolsets show a direct code lineage to the group’s 2010‑era implants. Key points of this blogpost: ESET researchers traced the reactivation of Sednit’s advanced implant team to a 2024 case in Ukraine, where…

Read More