ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos. Telegram, with nearly a billion monthly users, is a juicy target for cybercriminals, especially if they can exploit a zero-day vulnerability to spread malicious code. ESET malware researcher Lukasš Stefanko ran into one such exploit … More ESET Research Podcast: EvilVideo
ESET researchers discovered a zero-day exploit, which targets the Telegram app for Android, that appeared for sale for an unspecified price in an underground forum post from June 2024. Using the exploit to abuse a vulnerability that ESET named “EvilVideo,” attackers could share malicious Android payloads via Telegram channels, groups, and chats, and make them … More ESET Research discovers EvilVideo: Telegram app for Android targeted by zero-day exploit sending malicious videos
ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible. ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS vulnerability in the Roundcube Webmail server on October 11th, 2023. … More Winter Vivern exploits zero-day vulnerability in RoundcubeWebmail servers
Beyond the vulnerability in the Android kernel, the monthly round of security patches plugs another 38 security loopholes. Google has released its monthly round of security patches for Android that plugs a bevy of vulnerabilities, including a zero-day flaw that is believed to be actively exploited in the wild by threat actors. “There are indications … More Google squashes Android zero‑day bug exploited in targeted attacks
Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here’s what you can do to prevent cloud configuration conundrums. Forget shadowy attackers deploying bespoke zero-day exploits from afar. A risk that is far more real for organizations as they embark on ambitious digital transformation projects is human error. In fact, … More Plugging the holes: How to prevent corporate data leaks in the cloud
ESET Ireland 