Notorious cyberespionage group debases MSSQL. For a while, ESET researchers have been tracking the activities of the Winnti Group, active since at least 2012 and responsible for high-profile supply-chain attacks against the video game and software industry. Recently, we discovered a previously undocumented backdoor targeting Microsoft SQL (MSSQL) that allows attackers to maintain a very discreet … More Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor
With an average of 200 online accounts to create passwords for, using a password manager is a modern necessity. Research from Dashlane in 2015 estimated that the average internet user in the UK had 118 accounts registered to a single email address. That number is thought to be growing by 14% per year, so in … More Why you need a password manager
A researcher found that it was possible to subvert the platform’s password recovery mechanism and take control of user accounts. An independent researcher has found a security loophole in Instagram’s mobile password recovery flow that could have allowed attackers to break into user accounts. The flaw, discovered and reported by India-based researcher Laxman Muthiyah, has since … More How your Instagram account could have been hijacked
No business, whether large or small, can afford to ignore cybersecurity, and the pressure to protect businesses is mounting as cybercriminals hone their skills to target a company’s weakest points. While bigger corporations generally have large IT departments to respond to evolving threats such as crypto-jacking and ransomware attacks, small and medium-sized enterprises (SMEs) don’t … More Keeping your business safe
A reflection on whether this approach to addressing IoT security challenges can ‘deliver the goods’ and how consumer awareness can help. According to an article by the BBC, the United Kingdom’s Digital Minister Margot James is proposing legislation to introduce a new labelling system to show customers how secure an IoT product is. In order to … More The UK plans to legislate to secure IoT, but is it really the answer?
So, do you think you’ve been ‘pwned’? That’s the question to ask yourself. May 2nd is World Password Day, a day to reflect on just how vulnerable a poor password can leave you. As more and more of the processes and tools we use in our everyday lives shift to the online world, the number … More World Password Day: A day to review your defenses
The notorious six-digit string continues to ‘reign supreme’ among the most-hacked passwords. An analysis of the 100,000 most-commonly re-occurring breached passwords confirms that ‘123456’ is the undisputed king of atrocious passwords. Using data from Have I Been Pwned (HIBP), a website that allows users to check if their email addresses or passwords have appeared in a known … More Over 23 million breached accounts used ‘123456’ as password