Malwarebytes
- Report: Organizations remain vulnerable to increasing insider threats 5 décembre 2019
The latest data breach at Capital One is a noteworthy incident not because it affected over 100 million customer records, 140,000 Social Security numbers (SSNs), and 80,000 linked bank accounts. Nor was it special because the hack was the result of a vulnerable firewall misconfiguration. Many still talk about this breach because a leak of this magnitude, which we’ve historically seen conduct … - Explained: What is containerization? 4 décembre 2019
Containerization. Another one of those tech buzzwords folks love to say but often have no idea what it means. A better way to organize children’s toys? The act of bringing tupperware out to dinner to safely transport home leftovers? Another name for Russian dolls? Containerization is, of course, none of those things. But its definition might be best captured in a quick example rather than a … - There’s an app for that: web skimmers found on PaaS Heroku 4 décembre 2019
Criminals love to abuse legitimate services—especially platform-as-a-service (Paas) cloud providers—as they are a popular and reliable hosting commodity used to support both business and consumer ventures. Case in point, in April 2019 we documented a web skimmer served on code repository GitHub. Later on in June, we observed a vast campaign where skimming code was injected into Amazon S3 buckets. … - New version of IcedID Trojan uses steganographic payloads 3 décembre 2019
This blog post was authored by @hasherezade, with contributions from @siri_urz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strike and Maze ransomware, the later wave of malicious emails were aimed at the US and pushing the IcedID … - A week in security (November 25 – December 1) 2 décembre 2019
Last week on Malwarebytes Labs, we discussed why the notion of “data as property” may potentially hurt more than help, homed in on sextortion scammers getting more creative, and explored the possible security risks Americans might face if the US changed to universal healthcare coverage. Other cybersecurity news The country of Venezuela turns to cybercrime as their economy continues to … - Would ‘Medicare for All’ help secure health data? 26 novembre 2019
DISCLAIMER: This post is not partisan, but rather focuses on risk assessment based on history and what threats we are facing in the future. We do not endorse any healthcare plan style in any way, outside of examining its data security risk. For many folks, the term ‘Healthcare for All’ brings up an array of emotions ranging from concern to happiness, and with the changes that come with this policy … - Sextortion scammers getting creative 26 novembre 2019
We’ve covered sextortion before, focusing in on how the core of the threat is an exercise in trust. The threat actor behind the campaign will use whatever information available on the target that causes them to trust that the threat actor does indeed have incriminating information on them. (They don’t.) But as public awareness of the scam grows, threat actors have to pivot to less expe … - ‘Data as property’ promises fix for privacy problems, but could deepen inequality 25 novembre 2019
In mid-November, Democratic presidential hopeful Andrew Yang unveiled a four-prong policy approach to solving some of today’s thornier tech issues, such as widespread misinformation, technology dependence, and data privacy. Americans, Yang proposed, should receive certain, guaranteed protections for how their data is collected, shared, and sold—and if they choose to waive those rights, they should … - A week in security (November 18 – 24) 25 novembre 2019
Last week on Malwarebytes Labs, we looked at stalkerware’s legal enforcement problem, announced our cooperation with other security vendors and advocacy groups to launch Coalition Against Stalkerware, published our fall 2019 review of exploit kits, looked at how Deepfake on LinkedIn makes for malign interference campaigns, rounded up our knowledge about the Disney+ security and service issues, exp … - IoT bills and guidelines: a global response 22 novembre 2019
You may not have noticed, but Internet of Things (IoT) rules and regulations are coming whether manufacturers want them or not. From experience, drafting up laws which are (hopefully) sensible and have some relevance to problems raised by current technology is a time-consuming, frustrating process. However, it’s not that long since we saw IoT devices go mainstream—right into people’s homes, contro … - Web skimmer phishes credit card data via rogue payment service platform 21 novembre 2019
Heading into the holiday shopping season, we have been tracking increased activity from a threat group registering domains for skimming and phishing campaigns. While most of the campaigns implemented a web skimmer in the typical fashion—grabbing and exfiltrating data from a merchant’s checkout page to an attacker-controlled server—a new attack scheme has emerged that tricks users into believ … - Explained: juice jacking 21 novembre 2019
When your battery is dying and you’re nowhere near a power outlet, would you connect your phone to any old USB port? Joyce did, and her mobile phone got infected. How? Through a type of cyberattack called “juice jacking.” Don’t be like Joyce. Although Joyce and her infected phone are hypothetical, juice jacking is technically possible. The attack uses a charging port or infected … - Disney+ security and service issues: Here’s what we know so far 20 novembre 2019
The long wait is over. Disney+, the new video-streaming service to rival Netflix and Amazon Prime, debuted last week to much fanfare, racking up 10 million subscribers within a single day of launch. Unfortunately, it wasn’t the kind of splash the majority of users predicted, as they were met with connection and performance issues out the gate—soon to be followed by reports of hacked accounts being … - Deepfakes and LinkedIn: malign interference campaigns 20 novembre 2019
Deepfakes haven’t quite lost the power to surprise, but given their wholesale media saturation in the last year or so, there’s a sneaking suspicion in some quarters that they may have missed the bus. When people throw a fake Boris Johnson or Jeremy Corbyn online these days, the response seems to be fairly split between “Wow, that’s funny” and barely even amused. You may well be more likely t … - Exploit kits: fall 2019 review 19 novembre 2019
Despite a slim browser market share, Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns. Perhaps even more surprising, we’re seeing new exploit kits emerge. Based on our telemetry, these drive-bys are happening worldwide (with the exception of a few that are geo-targeted) and are fueled by malvertising most often found on adult websites. Even t … - Malwarebytes teams up with security vendors and advocacy groups to launch Coalition Against Stalkerware 19 novembre 2019
Today, Malwarebytes is announcing its participation in a joint effort to stop invasive digital surveillance: the Coalition Against Stalkerware. For years, Malwarebytes has detected and warned users about the potentially dangerous capabilities of stalkerware, an invasive threat that can rob individuals of their expectation of, and right to, privacy. Just like the domestic abuse it can enable, stalk … - A week in security (November 11 – 17) 18 novembre 2019
Last week on Malwarebytes Labs, we offered statistics and information on a sneaky new Trojan malware for Android, inspected a bevy of current Facebook scams, and explained the importance of securing food and agriculture infrastructure. We also released our latest report on cybercrime tactics and techniques, offering new telemetry about the many cybersecurity threats facing the healthcare industry. … - Stalkerware’s legal enforcement problem 18 novembre 2019
Content warning: This piece contains brief descriptions of domestic violence and assault against women and children. In the past five years, only two stalkerware developers, both of whom designed, marketed, and sold tools favored by domestic abusers to pry into victims’ private lives, have faced federal consequences for their actions. Following a guilty plea in court, one was ordered to pay $500,0 … - Stealthy new Android malware poses as ad blocker, serves up ads instead 14 novembre 2019
Since its discovery less than a month ago, a new Trojan malware for Android we detect as Android/Trojan.FakeAdsBlock has already been seen on over 500 devices, and it’s on the rise. This nasty piece of mobile malware cleverly hides itself on Android devices while serving up a host of advertisements: full-page ads, ads delivered when opening the default browser, ads in the notifications, and even a … - Labs report finds cyberthreats against healthcare increasing while security circles the drain 13 novembre 2019
The team at Malwarebytes Labs is at it again, this time with a special edition of our quarterly CTNT report—Cybercrime tactics and techniques: the 2019 state of healthcare. Over the last year, we gathered global data from our product telemetry, honeypots, threat intelligence, and research efforts, focusing on the top threat categories and families that plagued the medical industry, as well as the …
ESET
- 80% of all Android apps encrypt traffic by default 5 décembre 2019
Google keeps pushing in its mission for broader encryption adoption The post 80% of all Android apps encrypt traffic by default appeared first on WeLiveSecurity … - Face scanning – privacy concern or identity protection? 5 décembre 2019
What issues would face scanning attached to a mobile device resolve and, if used correctly, would it make the incursion into my privacy acceptable? The post Face scanning – privacy concern or identity protection? appeared first on WeLiveSecurity … - Notorious spy tool taken down in global operation 3 décembre 2019
IM-RAT, which could be had for as little as US$25, was bought by nearly 15,000 people The post Notorious spy tool taken down in global operation appeared first on WeLiveSecurity … - 5 personal (and cheap) data privacy tools that scale for business 2 décembre 2019
Smart selections when starting small can ease the pain as you scale up your company’s privacy infrastructure The post 5 personal (and cheap) data privacy tools that scale for business appeared first on WeLiveSecurity … - Week in security with Tony Anscombe 29 novembre 2019
ESET researchers detail how the operators of the Stantinko botnet have expanded their toolset with a new means of profiting from computers under their control The post Week in security with Tony Anscombe appeared first on WeLiveSecurity … - Smartwatch exposes locations and other data on thousands of children 29 novembre 2019
A device that is supposed to help parents keep track of their children and give them a peace of mind can be turned into a surveillance device The post Smartwatch exposes locations and other data on thousands of children appeared first on WeLiveSecurity … - 5 scams to watch out for this shopping season 28 novembre 2019
Black Friday and Cyber Monday are just around the corner and scammers are gearing up to flood you with bogus offers The post 5 scams to watch out for this shopping season appeared first on WeLiveSecurity … - Cryptocurrency exchange loses US$50 million in apparent hack 27 novembre 2019
UPbit has announced that, as a precaution, all transactions will remain suspended for at least two weeks The post Cryptocurrency exchange loses US$50 million in apparent hack appeared first on WeLiveSecurity … - Stantinko botnet adds cryptomining to its pool of criminal activities 26 novembre 2019
ESET researchers have discovered that the criminals behind the Stantinko botnet are distributing a cryptomining module to the computers they control The post Stantinko botnet adds cryptomining to its pool of criminal activities appeared first on WeLiveSecurity … - CyberwarCon – the future of nation‑state nastiness 25 novembre 2019
How the field of play has changed and why endpoint protection still often comes down to doing the basics, even in the face of increasingly complex threats The post CyberwarCon – the future of nation‑state nastiness appeared first on WeLiveSecurity … - Week in security with Tony Anscombe 22 novembre 2019
ESET researchers publish their findings on Mispadu, a banking trojan targeting Brazil and Mexico, and on DePriMon, a downloader with a unique installation technique The post Week in security with Tony Anscombe appeared first on WeLiveSecurity … - Should cybersecurity be taught in schools? 22 novembre 2019
Experts weigh in on whether schools should teach kids the skills they need to safely reap the benefits of the online world The post Should cybersecurity be taught in schools? appeared first on WeLiveSecurity … - Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon 21 novembre 2019
ESET researchers have discovered a new downloader with a novel, not previously seen in the wild installation technique The post Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon appeared first on WeLiveSecurity … - What does it take to attract top cybersecurity talent? 20 novembre 2019
From professional backgrounds to competitive salaries – a study delves into what it takes to build strong cybersecurity teams The post What does it take to attract top cybersecurity talent? appeared first on WeLiveSecurity … - Mispadu: Advertisement for a discounted Unhappy Meal 19 novembre 2019
Another in our occasional series demystifying Latin American banking trojans The post Mispadu: Advertisement for a discounted Unhappy Meal appeared first on WeLiveSecurity … - Disney+ accounts hacked – How to protect yourself 18 novembre 2019
As users are losing access to their accounts by the dozens, we offer a few tips to help keep your streaming subscriptions safe The post Disney+ accounts hacked – How to protect yourself appeared first on WeLiveSecurity … - Week in security with Tony Anscombe 15 novembre 2019
ESET experts share how they got started in cybersecurity and whether or not a degree is needed for a career in the industry The post Week in security with Tony Anscombe appeared first on WeLiveSecurity … - Microsoft issues patch for Internet Explorer zero‑day 14 novembre 2019
The critical vulnerability could also be exploited via a malicious Microsoft Office document The post Microsoft issues patch for Internet Explorer zero‑day appeared first on WeLiveSecurity … - Getting into cybersecurity: Self‑taught vs. university‑educated? 14 novembre 2019
Are you considering a career in cybersecurity? What learning path(s) should you take? Does formal education matter? ESET experts share their insights. The post Getting into cybersecurity: Self‑taught vs. university‑educated? appeared first on WeLiveSecurity … - Facebook bug turns on iPhone camera in the background 13 novembre 2019
A recent update to Facebook’s iOS app introduced a bug that had some users worried The post Facebook bug turns on iPhone camera in the background appeared first on WeLiveSecurity …
ESET Support
- ESET Security Management Center version 7.1.27 has been released 12 novembre 2019
ESET Security Management Center version 7.1.27 has been released and is available to download.
- iOS 13 devices need a custom certificate to work with ESMC 7.0 MDM 4 octobre 2019
The certificates created by ESMC MDM version 7.0, does not comply with Apple iOS 13 requirements.
- ESET business products support for macOS 10.15 Catalina 7 août 2019
11th of October 2019 – To ensure your ESET products are working correctly after upgrading your computer to macOS 10.15 Catalina, perform these steps before upgrading to macOS Catalina.
- ESET Mail Security for Microsoft Exchange Server version 7.1.10008.0 has been released 20 juin 2019
On June 20th, 2019, ESET Mail Security for Microsoft Exchange Server version 7.1.10008.0 has been released and is available to download.
- Upgrade necessary due to code signing certificate replacement 18 juin 2019
On May 31st, 2019, Upgrade necessary due to code signing certificate replacement.
- Boot issues on full disk encrypted Windows 10 after upgrade to build 1903 11 juin 2019
On June 11th, 2019, ESET identified a problem with ESET Endpoint Encryption when upgrading a full disk encrypted Windows 10 system to the 1903 build. Installing the update can cause the system to crash when booting.
- ESET Dynamic Threat Defense is adding a new data center in the United States 21 mai 2019
Release Date: May 17, 2019 ESET Dynamic Threat Defense is adding a new data center in the United States.
- ESET Mail Security for Microsoft Exchange Server version 7.0.10026.0 hotfix has been released 7 mai 2019
Release Date: May 2, 2019 ESET Mail Security for Microsoft Exchange Server version 7.0.10026.0 hotfix has been released and is available to download. Changelog, Known Issues
- ESET NOD32 Antivirus Business Edition for Linux Desktop version 4.0.93.0 has been released 2 mai 2019
Release Date: May 2, 2019 ESET NOD32 Antivirus Business Edition for Linux Desktop version 4.0.93.0 has been released and is available to download. Changelog
- ESET NOD32 Antivirus for Linux Desktop version 4.0.93.0 has been released 2 mai 2019
Release Date: May 2, 2019 ESET NOD32 for Linux Desktop version 4.0.93.0 has been released and is available to download. Changelog
- ESET File/Mail/Gateway Security for Linux/FreeBSD version 4.5.15.0 have been released 2 mai 2019
Release Date: May 2, 2019 ESET File/Mail/Gateway Security for Linux/FreeBSD version 4.5.15.0 have been released and are available to download. Changelog
- ESET Endpoint Security and ESET Endpoint Antivirus for macOS version 6.7.876.0 have been released 2 mai 2019
Release Date: May 2, 2019 ESET Endpoint Security and ESET Endpoint Antivirus for macOS version 6.7.876.0 have been released and are available for download. Changelog, Upgrade, Support Resources
- ESET Cyber Security Pro and ESET Cyber Security hotfix version 6.7.876.0 have been released 2 mai 2019
Release Date: May 2, 2019 ESET Cyber Security Pro and ESET Cyber Security hotfix version 6.7.876.0 have been released and are available to download. Changelog, Upgrade
- ESET Secure Authentication version 2.8.22.0 has been released 25 avril 2019
Release Date: April 25, 2019 ESET Secure Authentication version 2.8.22.0 hotfix has been released and is available to download. Changelog, Support Resources
- ESET Endpoint Security and ESET Endpoint Antivirus version 7.1.2045.5 have been released 12 avril 2019
Release Date: April 11, 2019 ESET Endpoint Antivirus and ESET Endpoint Security version 7.1.2045.5 have been released and are available for download.
- ESET Windows home products version 12.1.34.0 have been released 12 avril 2019
Release Date: April 11, 2019 ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium version 12.1.34.0 have been released and are available to download.
- ESET Secure Authentication version 2.8.20.0 has been released 28 mars 2019
Release Date: March 28, 2019 ESET Secure Authentication service release version 2.8.20.0 has been released and is available to download. Changelog, Support Resources
- ESET Enterprise Inspector version 1.2.894.0 has been released 26 mars 2019
Release Date: March 26, 2019 ESET Enterprise Inspector version 1.2.894.0 has been released. Changelog, Known Issues, Support Resources
- ESET Mail Security for IBM Domino version 7.0.14013.0 has been released 19 mars 2019
Release Date: March 19, 2019 ESET Mail Security for IBM Domino version 7.0.14013.0 has been released and is available to download.
- ESET Windows home products version 12.1.31.0 have been released 7 mars 2019
Release Date: March 7, 2019 ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium version 12.1.31.0 have been released and are available to download.