With FaceApp in the spotlight, new scams emerge

ESET researchers discover fraudulent schemes piggybacking on the popularity of the face-modifying tool FaceApp, using a fake “Pro” version of the application as a lure. The latest hype around the FaceApp application has attracted scammers who want to make a quick profit. The FaceApp application, which offers various face-modifying filters, is available for both Android and iOS. While the app … More With FaceApp in the spotlight, new scams emerge

BlueKeep patching isn’t progressing fast enough

Keeping up with BlueKeep; or how many internet-facing systems, and in which countries and industries, remain ripe for exploitation? As of early July, more than 805,000 internet-facing systems remained susceptible to the BlueKeep security vulnerability, the news of which spooked the internet two months ago and prompted a flurry of alerts urging users and organizations … More BlueKeep patching isn’t progressing fast enough

A great show is now history, as is its insecure mobile app

With the end of Toruk, the famous Cirque du Soleil show, also ends a digital experiment that made your mobile device vulnerable. One of the famous Cirque du Soleil shows, Toruk, had its final performance in London on June 30th, 2019. This event, while unfortunate for the show’s fans, brought one positive effect: the mobile app … More A great show is now history, as is its insecure mobile app

Cybercrime seen to be getting worse: The time to act is now

What mounting public concern about falling victim to cybercrime says about government and corporate efforts at cybercrime deterrence. Is the risk of becoming a victim of cybercrime increasing? Most people in North America and Europe think it is, based on the surveys that I’ve been looking at. Earlier this year the European Union published the … More Cybercrime seen to be getting worse: The time to act is now

Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks

ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows. In June 2019, ESET researchers identified a zero-day exploit being used in a highly targeted attack in Eastern Europe. The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component. Once … More Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks