ESET Threat Blog

At ESET, we spend a great deal of time researching the latest technologies and how they may be affected by frauds and scams.  Sometimes these are "old fashioned" spam through email, or they may be programs like fake antivirus programs or ransomware. And we certainly have blogged extensively about PC support scams where the caller … Read More…

Phishers always try to find new ways to bypass security features and trick ‘educated’ users. Over the years we have seen simplistic phishing attempts where the required information had to be typed into the e-mail body. This worked at that time because phishing was new and hardly anyone had a notion of the implications. Later, … Read More…

We read that Zappos.com was breached on Sunday, to the tune of 24+ million users’ worth of information. But it seems at first blush they responded well. Of course, a company would hope to never have a breach at all, but when it happened at Zappos.com, here are some of the things they appear to … Read More…

We've noted the often staggering fees associated with a credit card breach, normally accompanied by a slew of bad press. We've seen Stratfor, in light of their recent hack, dealing with public exposure issues due, in part, to unencrypted payment card information (for which, to their credt, they’ve publicly apologized for). Now we see a … Read More…

Newton's 3rd law is often stated as "for every action there is an equal and opposite reaction." Actually, what Newton actually said is a little more complex* than that, but this article isn't about physics (or else I'd leave the discussion to someone better qualified). 
The Internet, despite its grounding in the physical world of hardware … Read More…

Recently we noted that unencrypted credit card storage was on the rise in 2011, and also highlighted the expense involved to the company in the event of a credit card breach. Now we see personal data – including unencrypted credit card information – being paraded out as a part of the recent Stratfor hack.
Also, we … Read More…

We’ve noted recently that many companies store credit card information in an unencrypted form, sometimes several years' worth. So what happens if your systems get hacked before you get around to securing that credit card data? Sure, there’s the embarrassment of telling your customers their data has been exposed–a legal requirement in more than 40 … Read More…

More websites stored unencrypted credit card payment information than ever this year, according to a recent report. I thought we had this figured out? Obviously this is a direct violation of Payment Card Industry Data Security Standard (PCI DSS) requirements. But seriously, this stuff is simple for the developers to fix, so why don’t they?
Also, … Read More…

“Operation Swiper” just busted the largest theft ring of its type in U.S. history. The $13 million dollar crime ring was exposed after a 2 year investigation by the New York City Police, primarily centering around selling Apple electronics overseas, according to Reuters. New York City Police Raymond Kelly said at a press conference “The … Read More…

This is actually a resource from 2009 that someone brought to my attention today. Skimming in this instance is nothing to do with separating milk, or speedreading, or even throwing stones across the lake. It's the not-so-gentle art of stealing credit (or debit) card data, normally in the course of a legitimate transaction.
A common example … Read More…