ESET Threat Blog

While our recent post on BYOD focuses on the prevalence and/or risk of inadequately trained staff potentially creating problems for the core IT infrastructure using their own personal devices for work, it seems others here at RSA are concerned with preventing the exact same thing, but from a different angle. I attended one “lighting round” … Read More…

Employee use of personally-owned computing devices for work-related purposes–known as Bring Your Own Device or BYOD–is not a new trend and security professionals have been concerned about it for some time, but there is a widely held view that the trend has been transformed of late. Why? Waves of mobile digital devices flooding into the … Read More…

Introduction
Mobile World Congress 2012 is almost upon us, and one of the most hotly-anticipated topics is the next generation of Microsoft’s smartphone operating system Windows Phone 8, which has been kept under wraps far more tightly than its PC counterpart, Windows 8.
While Microsoft was an early adopter in the creation of smartphones with Windows Mobile, … Read More…

A continuation on: Time to check your DNS settings?
After 7 March 2012, lots of people potentially can be hit as their systems are infected by a DNS Changer. Several government-CERTs have already warned their users. Rather than using the ISP’s DNS Servers, the malware has changed the settings to use DNS Servers controlled by the … Read More…

[More research from our colleagues in Russia]
In the beginning of February we found a new modification of our “old friend” Win32/Rovnix (the dropper detected as Win32/Rovnix.B trojan), which is the first bootkit using VBR (Volume Boot Record) infection. An interesting fact is that Rovnix bootkit components were used in Win32/Carberp, the most widely spread banking … Read More…

I recently signed up for Pinterest.com, a hip, trendy pin board style website that allows beefed up sharing of your interests with friends via a large visual bulletin board style forum where fans of a particular subject can post what they find compelling, and want to share. Then other friends can weigh in on the … Read More…

Computer security is not created, nor is it improved, by calling people stupid. That's the conclusion I have arrived at after more than two decades in computer security and auditing. To put it another way, we should stop dropping the "S" bomb, especially when it comes to people who don't know any better.
Consider the phenomenon … Read More…

Recently, the anonymizing network system TOR's (The Onion Router) traffic was ratcheted to a standstill in Iran, prompting a comparison by one of the TOR project developers to an emerging “arms race”. Users of the service, hoping to evade state censorship/snooping, encrypt the traffic that then gets routed anonymously around the globe. But it seems … Read More…

 Here are some further thoughts arising from the ACPO National Cyber Crime Conference held recently in the UK*.

DAC Janet Williams, ACPO’s e-Crime lead, summarized the current initiatives along these lines (apologies if I’ve introduced too many of my own preconceptions):

The UK intends to tackle cybercrime and make this one of the safest places to do … Read More…

Thinking of going online to get a Victoria's Secret giftcard for your Valentine? Be careful where you look! Some Google search results are rigged, especially image results. And some innocent-looking links are part of fraudulent activities such as cookie-stuffing and click-jacking. Below is a short video that shows what happens when you click on one … Read More…