Internet Security
They’re coming for your data: What are infostealers and how do I stay safe?
Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data...
Attacks on the education sector are surging: How can cyber-defenders respond?
Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?...
Watch out for these traps lurking in search results
Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results...
So your friend has been hacked: Could you be next?
When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe....
1 billion reasons to protect your identity online
Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t....
The good, the bad and the unknown of AI: A Q&A with Mária Bieliková
The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us...
This month in security with Tony Anscombe – March 2025 edition
From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news...
Resilience in the face of ransomware: A key to business survival
Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage...
Making it stick: How to get the most out of cybersecurity training
Security awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near...
RansomHub affiliates linked to rival RaaS gangs
ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions...
FamousSparrow resurfaces to spy on targets in the US, Latin America
Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time...
Shifting the sands of RansomHub’s EDRKillShifter
ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play...
You will always remember this as the day you finally caught FamousSparrow
ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor...
Operation FishMedley
ESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON...
MirrorFace updates toolset, expands targeting to Europe
The group's Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure...
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor
ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor...
AI's biggest surprises of 2024 | Unlocked 403 cybersecurity podcast (S2E1)
Here's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams...
When IT meets OT: Cybersecurity for the physical world
While relatively rare, real-world incidents impacting operational technology highlight that organizations in critical infrastructure can’t afford to dismiss the OT threat...
Don’t let cybercriminals steal your Spotify account
Listen up, this is sure to be music to your ears – a few minutes spent securing your account today can save you a ton of trouble tomorrow...
AI-driven deception: A new face of corporate fraud
Malicious use of AI is reshaping the fraud landscape, creating major new risks for businesses...
Kids behaving badly online? Here's what parents can do
By taking time to understand and communicate the impact of undesirable online behavior, you can teach your kids an invaluable set of life lessons for a new digital age...
Martin Rees: Post-human intelligence – a cosmic perspective | Starmus highlights
Take a moment to think beyond our current capabilities and consider what might come next in the grand story of evolution...
Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani
Big shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media...
Bernhard Schölkopf: Is AI intelligent? | Starmus highlights
With AI's pattern recognition capabilities well-established, Mr. Schölkopf's talk shifts the focus to a pressing question: what will be the next great leap for AI?...
This month in security with Tony Anscombe – February 2025 edition
Ransomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news...
Laurie Anderson: Building an ARK | Starmus highlights
The pioneering multi-media artist reveals the creative process behind her stage show called ARK, which challenges audiences to reflect on some of the most pressing issues of our times...
Fake job offers target software developers with infostealers
A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers...
DeceptiveDevelopment targets freelance developers
ESET researchers analyzed a campaign delivering malware bundled with job interview challenges...
No, you’re not fired – but beware of job termination scams
Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff...
Katharine Hayhoe: The most important climate equation | Starmus highlights
The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action...
Gaming or gambling? Lifting the lid on in-game loot boxes
The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down...
What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)
Ever wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security....
How AI-driven identify fraud is causing havoc
Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back...
Neil Lawrence: What makes us unique in the age of AI | Starmus highlights
As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?...
Patch or perish: How organizations can master vulnerability management
Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching...
Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights
Left unchecked, AI's energy and carbon footprint could become a significant concern. Can our AI systems be far less energy-hungry without sacrificing performance?...
How scammers are exploiting DeepSeek's rise
As is their wont, cybercriminals waste no time launching attacks that aim to cash in on the frenzy around the latest big thing – plus, what else to know before using DeepSeek...
This month in security with Tony Anscombe – January 2025 edition
DeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacy...
Untrustworthy AI: How to deal with data poisoning
You should think twice before trusting your AI assistant, as database poisoning can markedly alter its output – even dangerously so...
Brian Greene: Until the end of time | Starmus highlights
The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanity...
Going (for) broke: 6 common online betting scams and how to avoid them
Don’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammers...
The evolving landscape of data privacy: Key trends to shape 2025
Incoming laws, combined with broader developments on the threat landscape, will create further complexity and urgency for security and compliance teams...
PlushDaemon compromises supply chain of Korean VPN service
ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon...
Under lock and key: Protecting corporate data from cyberthreats in 2025
Data breaches can cause a loss of revenue and market value as a result of diminished customer trust and reputational damage...
UEFI Secure Boot: Not so secure
ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems...
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
The story of a signed UEFI application allowing a UEFI Secure Boot bypass...
Cybersecurity and AI: What does 2025 have in store?
In the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other threats...
Protecting children online: Where Florida’s new law falls short
Some of the state’s new child safety law can be easily circumvented. Should it have gone further?...
Crypto is soaring, but so are threats: Here’s how to keep your wallet safe
As detections of cryptostealers surge across Windows, Android and macOS, it's time for a refresher on how to keep your bitcoin or other crypto safe...
State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone
The blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of today’s cyberthreats...
AI moves to your PC with its own special hardware
Seeking to keep sensitive data private and accelerate AI workloads? Look no further than AI PCs powered by Intel Core Ultra processors with a built-in NPU....
Gary Marcus: Taming Silicon Valley | Starmus highlights
The prominent AI researcher explores the societal impact of artificial intelligence and outlines his vision for a future in which AI upholds human rights, dignity, and fairness...
This month in security with Tony Anscombe – December 2024 edition
From attacks leveraging new new zero-day exploits to a major law enforcement crackdown, December 2024 was packed with impactful cybersecurity news...
Chris Hadfield: The sky is falling – what to do about space junk? | Starmus highlights
The first Canadian to walk in space dives deep into the origins of space debris, how it’s become a growing problem, and how we can clean up the orbital mess...
ESET Research Podcast: Telekopye, again
Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'...
Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (special edition)
ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud...
Cybersecurity is never out-of-office: Protecting your business anytime, anywhere
While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year...
ESET Threat Report H2 2024: Key findings
ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025...
ESET Threat Report H2 2024
A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts...
Black Hat Europe 2024: Hacking a car – or rather, its infotainment system
Our ‘computers on wheels’ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow...
Black Hat Europe 2024: Why a CVSS score of 7.5 may be a 'perfect' 10 in your organization
Aggregate vulnerability scores don’t tell the whole story – the relationship between a flaw’s public severity rating and the specific risks it poses for your company is more complex than it seems...
Black Hat Europe 2024: Can AI systems be socially engineered?
Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally?...
How cyber-secure is your business? | Unlocked 403 cybersecurity podcast (ep. 8)
As cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats?...
Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks
Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost...
Philip Torr: AI to the people | Starmus highlights
We’re on the cusp of a technological revolution that is poised to transform our lives – and we hold the power to shape its impact...
Achieving cybersecurity compliance in 5 steps
Cybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements...
Richard Marko: Rethinking cybersecurity in the age of global challenges | Starmus highlights
ESET's CEO unpacks the complexities of cybersecurity in today’s hyper-connected world and highlights the power of innovation in stopping digital threats in their tracks...
Month in security with Tony Anscombe – November 2024 edition
Zero days under attack, a new advisory from 'Five Eyes', thousands of ICS units left exposed, and mandatory MFA for all – it's a wrap on another month filled with impactful cybersecurity news...
Scams to look out for this holiday season
‘Tis the season to be wary – be on your guard and don’t let fraud ruin your shopping spree...
Bootkitty marks a new chapter in the evolution of UEFI threats
ESET researchers make a discovery that signals a shift on the UEFI threat landscape and underscores the need for vigilance against future threats...
Bootkitty: Analyzing the first UEFI bootkit for Linux
ESET researchers analyze the first UEFI bootkit designed for Linux systems...
Firefox and Windows zero days chained to deliver the RomCom backdoor
The backdoor can execute commands and lets attackers download additional modules onto the victim’s machine, ESET research finds...
RomCom exploits Firefox and Windows zero days in the wild
ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit...
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine
ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood...
Kathryn Thornton: Correcting Hubble's vision | Starmus highlights
The veteran of four space missions discusses challenges faced by the Hubble Space Telescope and how human ingenuity and teamwork made Hubble’s success possible...
My information was stolen. Now what?
The slow and painful recovery process...
“Scam Likely” calls: What are they and how do I block them?
Tired of dodging all those 'Scam Likely' calls? Here's what’s behind the label and how to stay one step ahead of phone scammers....
ESET APT Activity Report Q2 2024–Q3 2024: Key findings
ESET Chief Security Evangelist Tony Anscombe highlights some of the most intriguing insights revealed in the latest ESET APT Activity Report...
ESET Research Podcast: Gamaredon
ESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocation...
Beats by bot: The AI remix revolution
Artificial intelligence is reshaping the music landscape, turning listeners into creators and sparking new debates over creativity, copyright, and the future of music...
Beyond the checkbox: Demystifying cybersecurity compliance
In an era of escalating digital threats, cybersecurity compliance goes beyond ticking a legal box – it’s a crucial shield safeguarding assets, reputation, and the very survival of your business...
Life on a crooked RedLine: Analyzing the infamous infostealer’s backend
Following the takedown of RedLine Stealer by international authorities, ESET researchers are publicly releasing their research into the infostealer’s backend modules...
ESET APT Activity Report Q2 2024–Q3 2024
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2024 and Q3 2024...
Jane Goodall: Reasons for hope | Starmus highlights
The trailblazing scientist shares her reasons for hope in the fight against climate change and how we can tackle seemingly impossible problems and keep going in the face of adversity...
Month in security with Tony Anscombe – October 2024 edition
Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories...
How to remove your personal information from Google Search results
Have you ever googled yourself? Were you happy with what came up? If not, consider requesting the removal of your personal information from search results....
Don't become a statistic: Tips to help keep your personal data off the dark web
You may not always stop your personal information from ending up in the internet’s dark recesses, but you can take steps to protect yourself from criminals looking to exploit it...
Tony Fadell: Innovating to save our planet | Starmus highlights
As methane emissions come under heightened global scrutiny, learn how a state-of-the-art satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts...
CloudScout: Evasive Panda scouting cloud services
ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services...
ESET Research Podcast: CosmicBeetle
Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world...
Embargo ransomware: Rock’n’Rust
Novice ransomware group Embargo is testing and deploying a new Rust-based toolkit...
Google Voice scams: What are they and how do I avoid them?
Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers...
Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe
The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year...
Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)
“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online – and even be the start of a predatory relationship...
Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes
Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details...
Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships
The world needs more cybersecurity professionals – here are three great ways to give you an ‘in’ to the ever-growing and rewarding security industry...
GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe
ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities...
Telekopye transitions to targeting tourists via hotel booking scam
ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms...
Cyber insurance, human risk, and the potential for cyber-ratings
Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility?...
Mind the (air) gap: GoldenJackal gooses government guardrails
ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal...