ESET Threat Blog

According to a tweet from World Privacy Forum, California state governor just signed an update to a data breach notification law that would require organizations to submit a sample of the breach notification sent to customers also to the Attorney General, to ensure what’s being sent out, and that it’s sent out in a timely … Read More…

Facebook recently rolled out a program we thought was a good step, bounties paid to hackers to find and report bugs, rather than exploit them. So far that payout has totaled around $40,000, no small sum for the aspiring hackers, and probably a boon for Facebook’s efforts to proactively fix security issues before a potential … Read More…

Some of my favourite blog comments of the week:
I’m surprised just how so many fish pedicure spas have sprung up in the uk without looking fully at the possible health risks to clients, or insuring against them.
Yes, I've often thought the same thing, especially in the context of disclosure ethics and the issue of hacking … Read More…

Awhile back we mused that the rapid rise in Android malware would hit its stride near the intersection of widespread mobile financial transaction use, and the continuing steep rise in adoption of the platform. Now we see AT&T, T-Mobile and Verizon entering a joint venture to back a payment service for, guess what: Mobile financial … Read More…

At the beginning of this month, my colleague Robert Lipovsky posted an article on a new threat called Win32/Delf.QCZ, also known as Trojan.Badlib or Trojan.Win32.Miner.h. This threat caught the attention of others and additional information has since been added by fellow researchers on the blogs of Kaspersky and Symantec as well as on the H-Online … Read More…

So you get a Twitter tweet or Facebook notification from what “seems to be” a friend saying they have the latest information in the development of Hurricane Irene, if you just “click here.” When you do, you find that your “friend” might really be computer script from a distant land directing you to a fake … Read More…

When diabetic security researcher Jay Radcliffe demonstrated at BlackHat how he could take control of the pump that controls insulin levels in his own body, it seemed quite reasonable that he didn't name the manufacturer because "If I name the vendor, then any bad guy or evil hacker…can start exploit code on it right away."
Having … Read More…

Amidst a lack of fanfare this past weekend on a mailing list, a memory exhaustion hack popped up for the Apache webserver that may result in a Denial-of-Service (DoS) style attack. Since the Apache application serves up north of 65% of the websites on the internet, a plausible attack becomes quite an issue, especially if … Read More…

…but it doesn't necessarily want you to be free.
Since Cameron Camp and I have written here and here about the implications of the UK government's meditations on curbing civil unrest by curbing social media services, it's interesting to see that the estimable Kim Davis, who previously categorized UK Prime Minister David Cameron's pronouncements as bluster, has also expanded … Read More…

You may be aware that Cameron Camp and I regularly write articles for SC Magazine's Cybercrime Corner: here here's a catch-up list of the most recent, in the hope that you might find them of use and interest. At any rate, it'll give some idea of the range of content covered.

Ten years later, still the same malware?
Cameron … Read More…