New TeleBots backdoor: First evidence linking Industroyer to NotPetya

ESET’s analysis of a recent backdoor used by TeleBots – the group behind the massive NotPetya ransomware outbreak – uncovers strong code similarities to the Industroyer main backdoor, revealing a rumored connection that was not previously proven. Among the most significant malware-induced cybersecurity incidents in recent years were the attacks against the Ukrainian power grid – which … More New TeleBots backdoor: First evidence linking Industroyer to NotPetya

Most routers full of firmware flaws that leave users at risk

If you own a Wi-Fi router, it may well be riddled with security holes that expose you to a host of threats. Five out of every six (83%) Wi-Fi routers in US homes and offices leave their users at risk of cyberattacks, because their firmware is inadequately updated for security vulnerabilities, research by The American Consumer … More Most routers full of firmware flaws that leave users at risk

Virus Bulletin 2018: Supply chain hacking grows up

Striking the balance between supply, demand and safety is a major concern. With the pressure to ship as early as possible, especially when it comes to hardware, what assurances do we have that the hardware is really clean, and that future updates won’t be hacked? Here at Virus Bulletin 2018, the conversation of how to … More Virus Bulletin 2018: Supply chain hacking grows up

LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group

ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe. UEFI rootkits are widely viewed as extremely dangerous tools for implementing cyberattacks, as they are hard to detect and able to survive security … More LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group

Attackers crack Newegg’s defenses, grab customers’ credit card data

The skimmer, injected into the store’s payment page, harvested credit-card details from the store’s online customers for more than a month. The major electronics and computer hardware retailer Newegg has announced that attackers have compromised its online payments system, potentially scooping up buyers’ credit-card data over a period of more than a month. “Yesterday we … More Attackers crack Newegg’s defenses, grab customers’ credit card data

DanaBot shifts its targeting to Europe, adds new features

ESET researchers have discovered new DanaBot campaigns targeting a number of European countries. Recently, we have spotted a surge in activity of DanaBot, a stealthy banking Trojan discovered earlier this year. The malware, first observed in campaigns targeting Australia and later Poland, has apparently expanded further, with campaigns popping up in Italy, Germany, Austria, and … More DanaBot shifts its targeting to Europe, adds new features

Bristol airport takes flight screens offline after apparent ransomware attack

The screens in “key locations” are back up and running again, while the airport paid no ransom to return its systems to working order. Bristol Airport in South West England has been hit by an apparent ransomware attack that prompted the airport to take flight information screens offline in an effort to keep the attack … More Bristol airport takes flight screens offline after apparent ransomware attack