CyberSecurity Updates

Generative AI (GenAI) is making waves across the world. Its popularity and widespread use has also attracted the attention of cybercriminals, leading to various cyberthreats. Yet much discussion around threats associated with tools like ChatGPT has focused on how the technology can be misused to help fraudsters create convincing phishing messages, produce malicious code or probe for vulnerabilities. Perhaps fewer people are talking about the use of GenAI as a lure and a Trojan horse…

Read More

Video Attackers abusing the “EvilVideo” vulnerability could share malicious Android payloads via Telegram channels, groups, and chats, all while making them appear as legitimate multimedia files 26 Jul 2024 This week, ESET researchers documented their discovery of a zero-day exploit that appeared for sale on underground forums and targets the Telegram app for Android. The underlying vulnerability, which the researchers named “EvilVideo”, was being used to distribute malicious files posing as videos. ESET reported the…

Read More

In the past few months, the Telegram clicker game Hamster Kombat has taken the world of cryptocurrency game enthusiasts by storm. Even though the gameplay, which mostly entails repeatedly tapping the screen of one’s mobile device, might be rather simple, players are after something more: the possibility of earning big once Hamster Kombat’s creators unveil the promised new cryptocoin tied to the game. Due to its success, the game has already attracted countless copycats that…

Read More

Digital Security Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances Tony Anscombe 23 Jul 2024  •  , 3 min. read As the dust settles on the cyber-incident caused by CrowdStrike releasing a corrupted update, many businesses will, or should, conduct a thorough post-mortem on how the incident affected their business and what could be done differently going forward. For most critical…

Read More

ESET Research ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos Lukas Stefanko 22 Jul 2024  •  , 6 min. read ESET researchers discovered a zero-day exploit that targets Telegram for Android, which appeared for sale for an unspecified price in an underground forum post from June 6th, 2024. Using the exploit to abuse a vulnerability that we named EvilVideo, attackers could share malicious Android payloads via…

Read More

Video A purported ad blocker marketed as a security solution leverages a Microsoft-signed driver that inadvertently exposes victims to dangerous threats 21 Jul 2024 This week, ESET researchers have released their findings about HotPage, a browser injector that leverages a driver developed by a Chinese company and signed by Microsoft. The malware masquerades as an “Internet café security solution” with ad-blocking capabilities. In reality, however, it displays game-related ads and can modify or replace the…

Read More