Information

ESET Research ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver ESET Research 05 Sep 2024  •  , 1 min. read Usually when someone mentions adware, people think of low-quality half-baked malicious code used to spam victims with sketchy ads. But as we explain in this episode of our podcast, not all adware is created equal. HotPage is a recently discovered trojan using a vulnerable, Microsoft-signed, kernel driver…

Read More

Business Security Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options Tony Anscombe 04 Sep 2024  •  , 3 min. read There must be a consideration of the ethical question of contributing to the payment of extortion demands of cybercriminals. Any company that is paying a cyber insurance premium, regardless of whether they suffer…

Read More

Malware Sometimes there’s more than just an enticing product offer hiding behind an ad Márk Szabó 03 Sep 2024  •  , 3 min. read One thing is true: Malware developers are deeply invested in improving their malware and exploring different ways to compromise end users. Malware spreading through ads is nothing new; for a long time, cybercriminals have had their sights fixed on online advertising networks as a distribution vector.  With just a click, a…

Read More

ESET researchers discovered a code execution vulnerability in WPS Office for Windows (CVE⁠-⁠2024⁠-⁠7262), as it was being exploited by APT-C-60, a South Korea-aligned cyberespionage group. Upon analyzing the root cause, we subsequently discovered another way to exploit the faulty code (CVE-2924-7263). Following a coordinated disclosure process, both vulnerabilities are now patched – in this blogpost, we provide technical details.  Key points of the blogpost: APT-C-60 weaponized a code execution vulnerability in WPS Office for Windows…

Read More

Video The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become 28 Aug 2024 Recently, ESET Researchers have discovered a crimeware campaign that targeted the clients of prominent Czech banks. The malware, named NGate by ESET, can relay data from victims’ stored payment cards via a malicious app installed on their Android phones to the attackers’ rooted Android devices. Watch as Tony discusses the story and…

Read More

Internet of Things In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors Márk Szabó 27 Aug 2024  •  , 4 min. read Outdated devices are often easy targets for attackers, especially if they have vulnerabilities that can be exploited and no patches are available due to their end-of-life status. Hacks of outdated or vulnerable devices are an issue, but why would anyone attempt to hack discontinued devices or those…

Read More