News

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

Continuing the rollout of Have I Been Pwned (HIBP) to national governments around the world, today I'm very happy to welcome Poland to the service! The Polish CSIRT GOV is now the 34th onboard the service and has free and open access to APIs allowing them to query

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

In a complete departure from the norm, this week's video is the much-requested "cultural differences" one with Charlotte. No tech (other than my occasional plug for the virtues of JavaScript), but lots of experiences from both of us living and working in different parts of the

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare. Later in 2018, I did the same thing with the email address search feature used by Mozilla, 1Password and

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

First up, I'm really sorry about the audio quality on this one. It's the exact same setup I used last week (and carefully tested first) but it's obviously just super sensitive to the wind. If you look at the trees in the background you

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

Well, we're about 2,000km down on this trip and are finally in Melbourne, which was kinda the point of the drive in the first place (things just escalated after that). The whole journey is going into a long tweet thread you can find below (or mute -

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

How on earth does an enterprise rack-mounted NAS not come with rails to actually install it in the rack?! So yeah, that's what's in the box, something that should have been in the original box and not in a separate purchase. Just to add to the

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

Four years ago now, I started making domains belonging to various governments around the world freely searchable via a set of APIs in Have I Been Pwned. Today, I'm very happy to welcome the 33rd government, Indonesia! As of now, the Indonesian National CERT managed under the National

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

I somehow ended up blasting through an hour and a quarter in this week's video with loads of discussion on the CTARS / NDIS data breach then a real time "let's see what the fuss is about" with news that one of our state'

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

So I basically spent my whole day yesterday playing with Ubiquiti gear and live-tweeting the experience 😊 This was an unapologetically geeky pleasure and it pretty much dominates this week's video but hey, it's a fun topic. Still, there's a bunch of data breach

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

Data breaches, 3D printing and passwords - just the usual variety of things this week. More specifically, that really cool Pwned Passwords downloader that I know a bunch of people have been waiting on, and now we've finally released. It hits the existing k-anonymity API over 1 million

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

Just before Christmas, the promise to launch a fully open source Pwned Passwords fed with a firehose of fresh data from the FBI and NCA finally came true. We pushed out the code, published the blog post, dusted ourselves off and that was that. Kind of - there was just

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

A short one this week as the previous 7 days disappeared with AusCERT and other commitments. Geez it was nice to not only be back at an event, but out there socialising and attending all the related things that tend to go along with it. I'll leave you

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

It's back to business as usual with more data breaches, more poor handling of them and more IoT pain. I think on all those fronts there's a part of me that just likes the challenge and the opportunity to fix a broken thing. Or maybe I&

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

Didn't get a lot done this week, unless you count scuba diving, snorkelling, spear fishing and laying around on tropical sand cays 😎 This week is predominantly about the time we just spent up on the Great Barrier Reef which has very little relevance to infosec, IoT, 3D

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for free

Well that was an unusual ending. Both my mouse and keyboard decided to drop off right at the end of this week's video and without any control whatsoever, there was no way to end the live stream! Wired devices from kids borrowed, I eventually got back control and

Here’s what to watch out for when buying or selling stuff on the online marketplace and how to tell if you’re being scammed

The post 8 common Facebook Marketplace scams and how to avoid them appeared first on WeLiveSecurity

One in five organizations have teetered on the brink of insolvency after a cyberattack. Can your company keep hackers at bay?

The post Cyberattacks: A very real existential threat to organizations appeared first on WeLiveSecurity

As scammers continue to ask people to take fake surveys, can you recognize some common telltale signs you're dealing with a scam?

The post Watch out for survey scams – Week in security with Tony Anscombe appeared first on WeLiveSecurity

The lead-up to the Canada Day festivities has brought a tax scam with it

The post Phishing scam poses as Canadian tax agency before Canada Day appeared first on WeLiveSecurity

If the promise of a cash prize in return for answering a few questions sounds like a deal that is too good to be true, that’s because it is

The post Costco 40th anniversary scam targets WhatsApp users appeared first on WeLiveSecurity

War in Europe, a reminder for shared service centers and shoring operations to re-examine IT security posture

The post Do back offices mean backdoors? appeared first on WeLiveSecurity

Here are some of the most common ways hackers can get hold of other people’s credit card data – and how you can keep yours safe

The post 5 ways cybercriminals steal credit card details appeared first on WeLiveSecurity

As Instagram tests a new age verification tool, what are some of the concerns when it comes to confirming someone's age on the internet?

The post Instagram’s new age verification tool – Week in security with Tony Anscombe appeared first on WeLiveSecurity

(Almost) everything you always wanted to know about virtual private networks, but were afraid to ask

The post Virtual private networks: 5 common questions about VPNs answered appeared first on WeLiveSecurity

Educating employees about how to spot phishing attacks can strike a much-needed blow for network defenders

The post Phishing awareness training: Help your employees avoid the hook appeared first on WeLiveSecurity

How crypto mixers, also known as crypto tumblers, are used to obscure the trail of digital money

The post Crypto mixers: What are they and how are they used? appeared first on WeLiveSecurity

As the risk of receiving a malware-laden email increases, take a moment to consider how to spot attacks involving malicious spam

The post How to spot malicious spam – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Emotet malware is back with ferocious vigor, according to ESET telemetry in the first four months of 2022. Will it survive the ever-tightening controls on macro-enabled documents?

The post How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security appeared first on WeLiveSecurity

Five years ago, ESET researchers released their analysis of the first ever malware that was designed specifically to attack power grids

The post Industroyer: A cyber‑weapon that brought down a power grid appeared first on WeLiveSecurity

Here are three themes that stood out at the world's largest gathering of cybersecurity professionals

The post 3 takeaways from RSA Conference 2022 – Week in security with Tony Anscombe appeared first on WeLiveSecurity

API-based data transfer is so rapid, there’s but little time to stop very bad things happening quickly

The post RSA – APIs, your organization’s dedicated backdoors appeared first on WeLiveSecurity

Digital fiddling somehow got mixed up in a real war

The post RSA – Creepy real‑world edition appeared first on WeLiveSecurity

Technology is understandably viewed as a nuisance to be managed in pursuit of the health organizations’ primary mission

The post RSA – Digital healthcare meets security, but does it really want to? appeared first on WeLiveSecurity

How erring on the side of privacy might ultimately save you from chasing down a virtual rendition of you doing the bidding of a scammer

The post RSA – Spot the real fake appeared first on WeLiveSecurity

Give employees the knowledge needed to spot the warning signs of a cyberattack and to understand when they may be putting sensitive data at risk

The post Cybersecurity awareness training: What is it and what works best? appeared first on WeLiveSecurity

A review of the key trends that defined the threatscape in the first four months of 2022 and what these developments mean for your cyber-defenses

The post Key insights from ESET’s latest Threat Report – Week in security with Tony Anscombe appeared first on WeLiveSecurity

It’s been 100 days since Russia invaded Ukraine, and we look back at various cyberattacks connected to the conflict

The post 100 days of war in Ukraine: How the conflict is playing out in cyberspace appeared first on WeLiveSecurity

A view of the T 1 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

The post ESET Threat Report T 1 2022 appeared first on WeLiveSecurity

A 14-year-old shares his thoughts about technology and the potential privacy and security implications of the internet

The post Talking to children about the internet: A kid’s perspective appeared first on WeLiveSecurity

Falsehoods about the war in Ukraine come in all shapes and sizes – here are a few examples of what’s in the fake news

The post Keeping it real: Don’t fall for lies about the war appeared first on WeLiveSecurity

As with everything digital, there's someone, somewhere devising a method to steal the assets away from their rightful owners

The post Scams targeting NFT investors – Week in security with Tony Anscombe appeared first on WeLiveSecurity

New and exacerbated cyber-risks following Russia’s invasion of Ukraine are fueling a new urgency towards enhancing resilience

The post Cybersecurity: A global problem that requires a global answer appeared first on WeLiveSecurity

Listen to Aryeh Goretsky, Martin Smolár, and Jean-Ian Boutin discuss what UEFI threats are capable of and what the ESPecter bootkit tells us about their evolution

The post ESET Research Podcast: UEFI in crosshairs of ESPecter bootkit appeared first on WeLiveSecurity

The landmark regulation changed everyone’s mindset on how companies worldwide collect and use the personal data of EU citizens

The post 5 reasons why GDPR was a milestone for data protection appeared first on WeLiveSecurity

As NFTs exploded in popularity, scammers also jumped on the hype. Watch out for counterfeit NFTs, rug pulls, pump-and-dumps and other common scams plaguing the industry.

The post Common NFT scams and how to avoid them appeared first on WeLiveSecurity

When you hear the term ‘cryptocurrency’, does ‘secure’ also spring to mind? Here are some implications of the lack of sound security practices in the world of crypto.

The post Cryptocurrency: secure or not? – Week in security with Tony Anscombe appeared first on WeLiveSecurity

ESET researchers spot an updated version of the malware loader used in the Industroyer2 and CaddyWiper attacks

The post Sandworm uses a new version of ArguePatch to attack targets in Ukraine appeared first on WeLiveSecurity

Cybercriminals continue to mine for opportunities in the crypto space – here's what you should know about coin-mining hacks and crypto theft

The post The flip side of the coin: Why crypto is catnip for criminals appeared first on WeLiveSecurity

In the age of the perpetual news cycle and digital media, the risks that stem from the fake news problem are all too real

The post Fake news – why do people believe it? appeared first on WeLiveSecurity

The decision to release a ransomware decryptor involves a delicate balancing act between helping victims recover their data and alerting criminals to errors in their code

The post The downside of ‘debugging’ ransomware appeared first on WeLiveSecurity

Can you spot the tell-tale signs of a phishing attempt and check if an email that has landed in your inbox is legit?

The post How to spot and avoid a phishing attack – Week in security with Tony Anscombe appeared first on WeLiveSecurity

The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud

The post 10 reasons why we fall for scams appeared first on WeLiveSecurity

What can organizations do to capitalize on the current fluidity in the job market in order to bring fresh cybersecurity talent into the fold?

The post Opportunity out of crisis: Tapping the Great Resignation to close the cybersecurity skills gap appeared first on WeLiveSecurity

LinkedIn scammers attack when we may be at our most vulnerable – here’s what to look out for and how to avoid falling victim to fraud when using the platform

The post Common LinkedIn scams: Beware of phishing attacks and fake job offers appeared first on WeLiveSecurity

The conflict in Ukraine has highlighted the risks of cyberespionage attacks that typically involve Advanced Persistent Threat groups and often target organizations' most valuable data

The post Defending against APT attacks – Week in security with Tony Anscombe appeared first on WeLiveSecurity

The bitter truth about how fraudsters dupe online daters in this new twist on romance fraud

The post There’s no sugarcoating it: That online sugar daddy may be a scammer appeared first on WeLiveSecurity

Here's what you should know about some of the nastiest mobile malware around – from malicious software that takes phones and data hostage to RATs that allow hackers to control devices remotely

The post 3 most dangerous types of Android malware appeared first on WeLiveSecurity

Organizations need to get better at mitigating threats from unknown vulnerabilities, especially as both state-backed operatives and financially-motivated cybercriminals are increasing their activity

The post What’s behind the record‑high number of zero days? appeared first on WeLiveSecurity

Here's what you should know about FlowingFrog, LookingFrog and JollyFrog, the three teams making up the TA410 espionage umbrella group

The post TA410 under the microscope – Week in security with Tony Anscombe appeared first on WeLiveSecurity

ESET researchers reveal a detailed profile of TA410: we believe this cyberespionage umbrella group consists of three different teams using different toolsets, including a new version of the FlowCloud espionage backdoor discovered by ESET.

The post A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity appeared first on WeLiveSecurity

BEC fraud generated more losses for victims than any other type of cybercrime in 2021. It’s long past time that organizations got a handle on these scams.

The post The trouble with BEC: How to stop the costliest internet scam appeared first on WeLiveSecurity

Camfecting doesn’t ‘just’ invade your privacy – it could seriously impact your mental health and wellbeing. Here’s how to keep an eye on your laptop camera.

The post Webcam hacking: How to know if someone may be spying on you through your webcam appeared first on WeLiveSecurity

As the Five Eyes nations warn of attacks against critical infrastructure, we look at the potentially cascading effects of such attacks and how essential systems and services can ramp up their defense

The post Cybersecurity threats to critical infrastructure – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Lessons from history and recent attacks on critical infrastructure throw into sharp relief the need to better safeguard our essential systems and services

The post Critical infrastructure: Under cyberattack for longer than you might think appeared first on WeLiveSecurity

Here’s what to know about vulnerabilities in more than 100 Lenovo consumer laptop models and what you can do right away to stay safe – all in under three minutes

The post Is your Lenovo laptop vulnerable to cyberattack? appeared first on WeLiveSecurity