ESET researchers shed light on new campaigns from the quiet Gelsemium group. Since mid-2020, ESET Research has been analyzing multiple campaigns, later attributed to the Gelsemium cyberespionage group, and has tracked down the earliest version of their main malware, Gelsevirine, to 2014. During the investigation, ESET researchers found a new version of Gelsevirine, a backdoor … More Gelsemium: When threat actors go gardening
A few days ago, ESET researchers discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs. Three different malware families were spotted being distributed from tailored malicious updates to selected victims with no sign of leveraging any financial gain, but rather, only cyberespionage capabilities were seen. ESET dubbed the malicious operation NightScout. BigNox is a company based in … More ESET uncovers Operation NightScout: Cyberespionage supply-chain attack on gamers in Asia
If we can’t secure the supply chain, eventually everything else will break. Recent events have illustrated the need for robust continuity plans, and while these events are still unfolding, it also brings to light the need for robust supply chain planning. A review of the r/sysadmin group on Reddit reveals comments from systems administrators that their orders … More What happens when the global supply chain breaks?
Security researchers have demonstrated how attackers could cause physical damage to hard drives, and cause PCs to crash, just by playing sounds through a computer’s speaker. A denial-of-service (DoS) attack against your organisation’s website is bad enough, preventing customers from reaching your online presence and perhaps preventing you from processing new orders – but imagine the chaos … More An acoustic attack can blue screen your Windows computer
Cybercrime and other forms of “cyber-badness” affect different professions in different ways. Recently I participated in a panel about the cybersecurity concerns of journalists and the news media, hosted by the Inter America Press Association (IAPA). An account of the panel was published on WeLiveSecuritylast month but in this article I want to pass along some of the … More Cybersecurity for journalists and the news media