Information

ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers ESET researchers uncovered and analyzed a set of malicious tools that were used by the infamous Lazarus APT group in attacks during the autumn of 2021. The campaign started with spearphishing emails containing malicious Amazon-themed documents and targeted an employee of an aerospace company in the Netherlands, and a political journalist in Belgium.…

Read More

by Paul Ducklin The Clearview AI saga continues! If you haven’t heard of this company before, here’s a very clear and concise recap from the French privacy regulator, CNIL (Commission Nationale de l’Informatique et des Libertés), which has very handily been publishing its findings and rulings in this long-running story in both French and English: Clearview AI collects photographs from many websites, including social media. It collects all the photographs that are directly accessible on…

Read More

The attack involved the first recorded abuse of a security vulnerability in a Dell driver that was patched in May 2021 This week, the ESET Research team has published the results of their analysis of recent attacks carried out by the Lazarus APT group. Using spear-phishing emails that contained malicious Amazon-themed documents, the group targeted an employee of an aerospace company in the Netherlands and a political journalist in Belgium. Notably, one of the tools…

Read More

As each new smart home device may pose a privacy and security risk, do you know what to look out for before inviting a security camera into your home? Security cameras were once the preserve of the rich and famous. Now anyone can get their hands on one thanks to technological advances. The advent of the Internet of Things (IoT) has created a  major new market – for manufacturers of devices like connected doorbells and…

Read More

Next time you’re tempted to hold off on installing software updates, remember why these updates are necessary in the first place Technology enables us to do wonderful things. The PCs and mobile devices at the center of our digital world are an indispensable part of our personal and working lives. They offer us a gateway to social media, online banking, media streaming, instant messaging, fitness tracking and much else besides. Depending on your circumstances they…

Read More

by Paul Ducklin Cryptoguru Bruce Schneier (where crypto means cryptography, not the other thing!) just published an intriguing note on his blog entitled On the Randomness of Automatic Card Shufflers. If you’ve ever been to a casino, at least one in Nevada, you’ll know that the blackjack tables don’t take chances with customers known in the trade as card counters. That term is used to refer to players who have trained their memories to the…

Read More

by Paul Ducklin Apple’s latest collection of security updates has arrived, including the just-launched macOS 13 Ventura, which was accompanied by its own security bulletin listing a whopping 112 CVE-numbered security holes. Of those, we counted 27 arbitrary code execution holes, of which 12 allow rogue code to be injected right into the kernel itself, and one allows untrusted code to be run with system privileges. On top of that, there are two elevation-of-privilege (EoP)…

Read More

A view of the T2 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts The past four months were the time of summer vacations for many of us in the northern hemisphere. It appears that some malware operators also took this time as an opportunity to possibly rest, refocus, and reanalyze their current procedures and activities. According to our telemetry, August was a vacation month…

Read More