Information

01 Apr

Borrower beware: Common loan scams and how to avoid them

Information

Scams Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Here’s how to avoid being scammed when considering a loan. Phil Muncaster 26 Mar 2024  •  , 6 min. read Times have been tough financially for many of us since the pandemic. Climate shocks, food and energy price rises and persistent inflation elsewhere have squeezed household spending and put huge pressure on working families, with…

Read More
01 Apr

RDP remains a security concern – Week in security with Tony Anscombe

Information

Video Much has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a result 29 Mar 2024 Remote Desktop Protocol (RDP) turned out to be a lifeline for organizations around the world during the mass shift to remote and hybrid work arrangements. Its popularity didn’t escape the attention of cybercriminals, and RDP remains a popular attack vector among…

Read More
28 Mar

Thread Hijacking: Phishes That Prey on Your Curiosity

Information, Insights

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here’s the story of a thread hijacking attack in which a journalist was copied on a phishing email from the unwilling…

Read More
26 Mar

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Information, Insights

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers…

Read More
23 Mar

Rescoms rides waves of AceCryptor spam

Information

Last year ESET published a blogpost about AceCryptor – one of the most popular and prevalent cryptors-as-a-service (CaaS) operating since 2016. For H1 2023 we published statistics from our telemetry, according to which trends from previous periods continued without drastic changes. However, in H2 2023 we registered a significant change in how AceCryptor is used. Not only we have seen and blocked over double the attacks in H2 2023 in comparison with H1 2023, but…

Read More
23 Mar

AceCryptor attacks surge in Europe – Week in security with Tony Anscombe

Information

Video The second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RAT 22 Mar 2024 This week, ESET researchers released an analysis showing a surge in the detections of AceCryptor, one of the most popular cryptors-as-a-service (CaaS) used to help malware stay under the radar. All along, ESET has observed that attackers spreading the Rescoms remote access tool (RAT)…

Read More
22 Mar

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Information, Insights

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years. Mozilla Monitor. Image Mozilla Monitor Plus video on Youtube. Mozilla only…

Read More
20 Mar

The Not-so-True People-Search Network from China

Information, Insights

It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities. Responding to a reader inquiry concerning the trustworthiness…

Read More
20 Mar

A prescription for privacy protection: Exercise caution when using a mobile health app

Information

Privacy Given the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive data Phil Muncaster 19 Mar 2024  •  , 5 min. read In today’s digital economy there’s an app for just about everything. One area that’s booming more than most is healthcare. From period and fertility trackers to mental health and mindfulness, there are mobile health (mHealth) applications available…

Read More
17 Mar

Healthcare still a prime target for cybercrime gangs – Week in security with Tony Anscombe

Information

Video Healthcare organizations remain firmly in attackers’ crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in the US in 2023 15 Mar 2024 More than 20 percent of ransomware attacks that hit critical infrastructure organizations in the United States in 2023 were aimed at the healthcare sector, according to the 2023 Internet Crime Report of the FBI’s (Internet Crime Complaint Center (IC3). More specifically, IC3 received 1,193 reports of…

Read More