Authorities remove web shells from compromised Exchange servers

Law enforcement steps in to thwart attacks leveraging the recently-disclosed Microsoft Exchange Server vulnerabilities. The United States’ Federal Bureau of Investigation (FBI) has carried out a court-approved operation to “copy and remove” malicious web shells from hundreds of systems across the US that were compromised through the mass exploitation of zero-day flaws in Microsoft Exchange … More Authorities remove web shells from compromised Exchange servers

Black Hat: Protecting Industrial Control System

Aiming to protect critical infrastructure against attacks. Industrial Control System (ICS) security was ramped up at Black Hat USA – with packed sessions ranging from specific attacks to vulnerable hardware – all with the aim of protecting critical infrastructure, whose security shortcomings so frequently hit the headlines these days. While industrial control protocols themselves are horribly insecure, there is … More Black Hat: Protecting Industrial Control System

System update headaches? ESET is the cure

On average, people have more than 50 software applications on their Windows computers.1 Combine this with your mobile device apps and alternative operating systems, and you could end up spending all of your time updating applications or fixing update issues. How to handle the headaches associated with keeping your devices up to date? Let ESET … More System update headaches? ESET is the cure

Translating power grid security concerns into action

On the heels of our recent investigations into threats against critical infrastructure like power grids, transportation and other systems that we count on every day, public agencies and private parties alike wonder if we can trust the power grid (see this selection of WeLiveSecurity articles). I was recently invited to speak at a Lexington Institute Capitol Hill … More Translating power grid security concerns into action

Industroyer: Biggest threat to industrial control systems since Stuxnet

The 2016 attack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for an hour was caused by a cyberattack. ESET researchers have since analyzed samples of malware, detected by ESET as Win32/Industroyer, capable of performing exactly that type of attack. Whether the same malware was really involved in what cybersecurity … More Industroyer: Biggest threat to industrial control systems since Stuxnet