ESET Threat Blog

A few years ago, from time to time I used to visit the school where my wife taught IT, to talk to some of their students about IT security. In fact, we wrote a paper at that time(along with my good friend Eddy Willems), based on some research data we gathered between us in the … Read More…

Exactly how people will abuse digital technology for their own ends is difficult to predict, but organizations must plan ahead to protect data and systems. That's why we have been posting our "best guess" cybersecurity predictions on the Threat Blog this month. Today we present 9 of the most important predictions in the form of … Read More…

…not, on this occasion, the classic Blackhat "It's your fault that we've hacked your server, infected you with a virus, and broadcast your credit card details and gaming credentials to anyone one who cares to access the torrent" self-justification. (Which reminds me of a mugger saying "don't make me do this to you" while he … Read More…

Too bad it doesn’t exist. I mean really exist. Here is how an anti-phishing day that is designed to be a highly effective educational deterrent to phishing would work.
Google, Facebook, Hotmail, Yahoo, Twitter, Myspace, Banks, Online Gaming sites, such as World of WarCraft, and others would all send phishing emails to their users. Yes, phishing … Read More…

[Update: that article "IMF and the weakest link" is now up on SC Magazine's Cybercrime Corner.]
In a recent article for SC Magazine (I'll post the link here when it gets posted) on the International Monetary Fund security breach, I focused on the implications of technological versus psychosocial threats and countermeasures. Not, of course, the first time I've … Read More…

My colleagues in Hungary have released some slightly alarming statistics about malware awareness in their part of the world. Research carried out on their behalf by NRC suggests that a significant proportion of Hungarian Internet users don't even know what AV software is installed on their computer (or, presumably, if anything is installed.)
http://www.eset.hu/hirek/holgyek-tessek-vedekezni?back=%2Fhirek
Out of 1000 … Read More…

[This is a free translation of a blog by my colleague at ESET Latin America, Sebastián Bortnik. As ever, mistakes in translation and interpretation are down to me. Would this be a bad time to mention the AVIEN Malware Defense Guide for the Enterprise? DH]
Considering security in the enterprise is no easy task: … Read More…

Update: It seems like the initial article is inaccurate and that Paul Rellis never made any such comments about a 14 year old breaking into the X-Box live servers and have not offered to mentor him http://kotaku.com/5805742/microsoft-is-helping-an-xbox-live-hacker-develop-his-talent
TekGoblin reports (http://www.tekgoblin.com/2011/05/27/14-year-old-call-of-duty-hacker-hired-by-microsoft/) that a teenager who broke into the Call of Duty Modern Warfare 2 gameservers last month, … Read More…

Greetings Dear Reader,
We have published guidance material previously on passwords and passphrases, some are blogs and some are lengthier depending on your liking (link & link).  Even still it is always good practice to reinforce sensible password techniques.  For this blog, I plan on sharing an analogous self-ritual, and one that relies on a third … Read More…

On Thursday I will be participating in a cloud computing security discussion. The virtual event is free and you can register for it at http://techweb.com/iwkcloud. The entire agenda for the event can be found at https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1002827&K=MAA9&tab=agenda.
Do note that the times listed are EST. I will be participating between 2:45 and 3:30 PM EST.
Even if you … Read More…