How can organizations tackle the growing menace of attacks that shake trust in software? Cybersecurity is only as good as the weakest link, and in a supply chain this could be virtually anywhere. The big questions may be, “what and where is the weakest link?” and “is it something that you have control over and … More Supply‑chain attacks: When trust goes wrong, try hope?
A view of the Q4 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. 2020 was many things (“typical” not being one of them), and it sure feels good to be writing about it in the past tense. As if really trying to prove a … More ESET Threat Report Q4 2020
A few days ago, ESET researchers discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs. Three different malware families were spotted being distributed from tailored malicious updates to selected victims with no sign of leveraging any financial gain, but rather, only cyberespionage capabilities were seen. ESET dubbed the malicious operation NightScout. BigNox is a company based in … More ESET uncovers Operation NightScout: Cyberespionage supply-chain attack on gamers in Asia
If we can’t secure the supply chain, eventually everything else will break. Recent events have illustrated the need for robust continuity plans, and while these events are still unfolding, it also brings to light the need for robust supply chain planning. A review of the r/sysadmin group on Reddit reveals comments from systems administrators that their orders … More What happens when the global supply chain breaks?
New ESET white paper released describing updates to the malware arsenal and campaigns of this group known for its supply-chain attacks. Today, ESET Research releases a white paper updating our understanding of the Winnti Group. Last March, ESET researchers warned about a new supply-chain attack targeting video game developers in Asia. Following that publication, we continued … More Connecting the dots: Exposing the arsenal and methods of the Winnti Group