NSA’s EternalBlue exploit reaching new heights since WannaCryptor outbreak

Attack attempts involving the USA’s National Security Agency’s exploit are in hundreds of thousands daily. It has been two years since EternalBlue opened the door to one of the nastiest ransomware outbreaks in history, known as WannaCryptor (or WannaCry). Since the now-infamous malware incident, attempts to use the exploit have only been growing in prevalence. Currently … More NSA’s EternalBlue exploit reaching new heights since WannaCryptor outbreak

Two white hats hack a Tesla, get to keep it

The electric automaker is working to release a fix for the underlying vulnerability in a matter of days. A duo of white-hat hackers have earned themselves a brand new Tesla Model 3 after exposing a vulnerability in the car’s integrated browser. Richard Zhu and Amat Cam, aka team ‘Fluoroacetate’, managed to break into the electric … More Two white hats hack a Tesla, get to keep it

50 million Facebook users affected in breach

It has yet to be determined whether the accounts were misused or what information was accessed. In the meantime, you can improve your account security with a few easy steps. Facebook disclosed on Friday, September 28, that attackers had exploited a flaw in its code that allowed them “to steal Facebook access tokens which they could … More 50 million Facebook users affected in breach

PowerPool malware exploits ALPC LPE zero-day vulnerability

Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure. On August 27, 2018, a so-called zero-day vulnerability affecting Microsoft Windows was published on GitHub and publicized via a rather acerbic tweet. It seems obvious that this was not part of a coordinated vulnerability disclosure and there was no … More PowerPool malware exploits ALPC LPE zero-day vulnerability

Semi-annual balance of mobile security

For Android, malware detections were down 27% compared to the first half of 2017; for iOS, they decreased 15% compared to the same period last year. Mobile security plays an increasingly important role in the protection of information assets, and this applies to both home and corporate users. So, this publication will focus on analyzing the … More Semi-annual balance of mobile security

A deep dive down the Vermin RAThole

ESET researchers have analysed remote access tools cybercriminals have been using in an ongoing campaign to systematically exfiltrate data from Ukrainian systems. In this blogpost, we will sum up the findings published in full in our white paper “Quasar, Sobaken and Vermin: A deeper look into an ongoing espionage campaign”. The attackers behind the campaign … More A deep dive down the Vermin RAThole