CyberSecurity Updates

ESET researchers have identified multiple samples of Linux backdoor, which we have named WolfsBane, that we attribute with high confidence to the Gelsemium advanced persistent threat (APT) group. This China-aligned threat actor has a known history dating back to 2014 and until now, there have been no public reports of Gelsemium using Linux malware. Additionally, we discovered another Linux backdoor, which we named FireWood. However, we cannot definitively link FireWood to other Gelsemium tools, and…

Tired of dodging all those ‘Scam Likely’ calls? Here’s what’s behind the label and how to stay one step ahead of phone scammers. Phil Muncaster 18 Nov 2024  •  , 5 min. read Despite all the wonders of modern technology, it is often the old ways that we rely on most. That’s certainly true of communications. We may have email, video conferencing, text, social media and end-to-end encrypted instant messages to choose from, but some…

Back in May 2023, I wrote the blogpost You may not care where you download software from, but malware does as a call to arms, warning about the risks of running software downloaded from so-called “trusted sources” of pirated software. Of course, those files were anything but trustworthy and contained malware, such as ransomware or infostealers, specifically targeted at that demographic. My hope was that by educating the public about the risks involved, people would…

WeLiveScience The veteran of four space missions discusses challenges faced by the Hubble Space Telescope and how human ingenuity and teamwork made Hubble’s success possible 20 Nov 2024 Kathryn Thornton, a renowned astronaut and physicist, recounts the groundbreaking journey of the first servicing mission to the Hubble Space Telescope in 1993. Her talk dives into the critical challenges faced by Hubble after its launch in 1990, particularly its inability to focus due to a flaw…

ESET researchers discovered a previously unknown vulnerability in Mozilla products, exploited in the wild by Russia-aligned group RomCom. This is at least the second time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild, after the abuse of CVE-2023-36884 via Microsoft Word in June 2023. This critical vulnerability, assigned CVE-2024-9680 with a CVSS score of 9.8, allows vulnerable versions of Firefox, Thunderbird, and the Tor Browser to execute code in the…

UPDATE (December 2nd, 2024): The bootkit described in this report seems to be part of a project created by cybersecurity students participating in Korea’s Best of the Best (BoB) training program. As they informed us: “The primary aim of this project is to raise awareness within the security community about potential risks and to encourage proactive measures to prevent similar threats. Unfortunately, few bootkit samples were disclosed prior to the planned conference presentation.” This supports…

As the mercury starts to dip and the Halloween decorations are cleared away, it can mean only one thing: the countdown to Christmas has begun. But the festive season – or Golden Quarter if you’re a retailer – is not just a boon for online stores. It’s also a time of plenty for digital thieves and con artists. To make sure you’re not their next victim, it pays to understand what holiday season scams look…

The backdoor can execute commands and lets attackers download additional modules onto the victim’s machine, ESET research finds 26 Nov 2024 ESET researchers have uncovered two previously unknown vulnerabilities in several Mozilla products and in Windows, with both flaws under active exploitation by RomCom, a Russia-aligned group known for opportunistic campaigns against selected business verticals and targeted espionage operations alike. CVE-2024-9680 is a use-after-free bug that allows vulnerable versions of Firefox, Thunderbird, and the Tor…