はてなブックマーク

Award-winning news, views, and insight from the ESET security community ESET Research BlackLotus UEFI bootkit: Myth confirmed The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window hasn’

Award-winning news, views, and insight from the ESET security community ESET Research When "secure" isn't secure at all: High-impact UEFI vulnerabilities discovered in Lenovo consumer laptops ESET researchers discover multiple vulnerabilities in various Lenovo laptop models that allow an attacker with admin privileges to expose the user to firmware-level malware ESET researchers have discovered an

ESET researchers have analyzed malware that has been targeting high performance computing (HPC) clusters, among other high-profile targets. We reverse engineered this small, yet complex, malware that is portable to many operating systems including Linux, BSD, Solaris, and possibly AIX and Windows. We have named this malware Kobalos for its tiny code size and many tricks; in Greek mythology, a Koba

Award-winning news, views, and insight from the ESET security community Ramsay: A cyber-espionage toolkit tailored for air-gapped networks ESET researchers uncover several instances of malware that uses various attack vectors to target systems isolated by an air gap ESET researchers have discovered a previously unreported cyber-espionage framework that we named Ramsay and that is tailored for coll

Award-winning news, views, and insight from the ESET security community ESET Research KrØØk: Serious vulnerability affected encryption of billion+ Wi-Fi devices ESET researchers uncover a previously unknown security flaw allowing an adversary to decrypt some wireless network packets transmitted by vulnerable devices ESET Research has published its latest white paper, KrØØk - CVE-2019-15126: Seriou

ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows In June 2019, ESET researchers identified a zero-day exploit being used in a highly targeted attack in Eastern Europe. The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component. Once th

Award-winning news, views, and insight from the ESET security community ESET Research OceanLotus: macOS malware update Latest ESET research describes the inner workings of a recently found addition to OceanLotus’s toolset for targeting Mac users Early in March 2019, a new macOS malware sample from the OceanLotus group was uploaded to VirusTotal, a popular online multi-scanner service. This backdoo

Award-winning news, views, and insight from the ESET security community ESET Research LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe Update, 9 October 2018: The remediation se

Update (11 September 2018): Microsoft has provided a patch for this in today’s Windows Update. On August 27, 2018, a so-called zero-day vulnerability affecting Microsoft Windows was published on GitHub and publicized via a rather acerbic tweet. It seems obvious that this was not part of a coordinated vulnerability disclosure and there was no patch at the time this tweet (since deleted) was publish

Award-winning news, views, and insight from the ESET security community An acoustic attack can bluescreen your Windows computer Security researchers have demonstrated how attackers could cause physical damage to hard drives, and cause PCs to crash, just by playing sounds through a computer's speaker. A denial-of-service (DoS) attack against your organisation's website is bad enough, preventing cus

Award-winning news, views, and insight from the ESET security community ESET Research A tale of two zero-days Double zero-day vulnerabilities fused into one. A mysterious sample enables attackers to execute arbitrary code with the highest privileges on intended targets Late in March 2018, ESET researchers identified an interesting malicious PDF sample. A closer look revealed that the sample exploi

Award-winning news, views, and insight from the ESET security community ESET Research Lazarus KillDisks Central American casino The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets.

Award-winning news, views, and insight from the ESET security community ESET Research, Critical Infrastructure, Ukraine Crisis – Digital Security Resource Center Industroyer: Biggest threat to industrial control systems since Stuxnet ESET has analyzed a sophisticated and extremely dangerous malware, known as Industroyer, which is designed to disrupt critical industrial processes. Update (July 17th

Award-winning news, views, and insight from the ESET security community ESET Research Turla’s watering hole campaign: An updated Firefox extension abusing Instagram The Turla espionage group is still using watering hole techniques to redirect potentially interesting victims to their C&C infrastructure. Update, 21 June 2017: Due to our misunderstanding of communications with Google, the Firefox ext

Among all the Linux samples that we receive every day, we noticed one sample detected only by Dr.Web - their detection name was Linux.LuaBot. We deemed this to be suspicious as our detection rates for the Luabot family have generally been high. Upon analysis, it turned out that this was, indeed, a bot written in Lua, but it represents a new family, and is not related to previously seen Luabot malw

Award-winning news, views, and insight from the ESET security community Ransomware KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt ESET has discovered a Linux variant of the KillDisk component that renders Linux machines unbootable, while encrypting files and requesting a large ransom at the same time. ESET researchers have discovered a Linux variant of the KillDisk malware t

In 2016, companies have had their security solutions tested by increasingly sophisticated cybercriminals. We look at the year’s biggest security incidents. 2016 has been a challenging year for politics, public sanity and celebrity longevity, but also, for individuals and companies, a testing time in terms of online security. Pitted against increasingly sophisticated and targeted cybercriminals, it

Award-winning news, views, and insight from the ESET security community ESET Research Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads Millions of readers who visit popular news websites have been targeted by a series of malicious ads redirecting them to the Stegano exploit kit. Update (December 15th): Further research and comparison of our fin

Award-winning news, views, and insight from the ESET security community Cybercrime ESET releases new decryptor for TeslaCrypt ransomware If your encrypted files had the extensions .xxx, .ttt, .micro, .mp3 or left unchanged, then ESET has good news for you. Have you been infected by one of the new variants (v3 or v4) of the notorious ransomware TeslaCrypt? If your encrypted files had the extensions