DNSpooq bugs expose millions of devices to DNS cache poisoning

Security flaws in a widely used DNS software package could allow attackers to send users to malicious websites or to remotely hijack their devices. Millions of devices could be vulnerable to Domain Name System (DNS) cache poisoning and remote code execution attacks due to seven security flaws in dnsmasq, DNS forwarding and caching software commonly found in smartphones, … More DNSpooq bugs expose millions of devices to DNS cache poisoning

Aerospace and military companies in the crosshairs of cyberspies

ESET researchers uncover targeted attacks against high-profile aerospace and military companies. At the end of last year, we discovered targeted attacks against aerospace and military companies in Europe and the Middle East, active from September to December 2019. A collaborative investigation with two of the affected European companies allowed us to gain insight into the … More Aerospace and military companies in the crosshairs of cyberspies

ESET researchers detect a new trick used by malware to slip into the official Android app store

ESET researchers discovered an extremely stealthy – yet surprisingly simple – technique that allowed Android malware to stay under the radar. Analyzing the DEFENSOR ID app that was – at the time – available on the official Android app store, ESET researchers learned the app misused Accessibility Services but required no other suspicious permission nor … More ESET researchers detect a new trick used by malware to slip into the official Android app store

Old extortion spam email in Irish mailboxes, with a new Coronavirus twist

At ESET Ireland we’ve come across a novel twist on the usual “send money or bad things will happen” extortion spam email, hitting Irish mailboxes. The extortion letter starts in the usual manner, showing a victim’s password, likely gathered from one of the major security breaches over the years, which the victim could recognise as … More Old extortion spam email in Irish mailboxes, with a new Coronavirus twist

Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon

ESET researchers have discovered a new downloader with a novel, not previously seen in the wild installation technique. DePriMon is a malicious downloader, with several stages and using many non-traditional techniques. To achieve persistence, the malware registers a new local port monitor – a trick falling under the “Port Monitors” technique in the MITRE ATT&CK knowledgebase. … More Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon