Category: Security News

Hackers Force Chrome Users To Hand Over Google Passwords

September 16, 2024

New research has uncovered a new technique used by hackers to force Chrome users to reveal their Google account passwords, writes Forbes*. The malware, called StealC, locks the browser in kiosk mode, blocking the F11 and ESC keys to prevent users from exiting. The only thing displayed is a Google account login window, compelling users … More Hackers Force Chrome Users To Hand Over Google Passwords

ESET Research Podcast: HotPage

September 5, 2024

ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver. Usually when someone mentions adware, people think of low-quality half-baked malicious code used to spam victims with sketchy ads. But as we explain in this episode of our podcast, not all adware is created equal. HotPage is a recently … More ESET Research Podcast: HotPage

The key considerations for cyber insurance: A pragmatic approach

September 4, 2024

Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options. There must be a consideration of the ethical question of contributing to the payment of extortion demands of cybercriminals. Any company that is paying a … More The key considerations for cyber insurance: A pragmatic approach

In plain sight: Malicious ads hiding in search results

September 3, 2024

Sometimes there’s more than just an enticing product offer hiding behind an ad. One thing is true: Malware developers are deeply invested in improving their malware and exploring different ways to compromise end users. Malware spreading through ads is nothing new; for a long time, cybercriminals have had their sights fixed on online advertising networks as a distribution … More In plain sight: Malicious ads hiding in search results

ESET Research: Spy group exploits WPS Office zero day; analysis uncovers a second vulnerability

August 30, 2024

ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). The vulnerability was being exploited by APT-C-60, allegedly a South Korea-aligned cyberespionage group, to target East Asian countries. When examining the root cause, ESET discovered another way to exploit the faulty code (CVE-2924-7263). Following a coordinated disclosure process, both vulnerabilities are … More ESET Research: Spy group exploits WPS Office zero day; analysis uncovers a second vulnerability