News

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains. API access to query their domains will give them greater visibility into the impact of data breaches on

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

Lots of stuff going on this week, beginning with me losing my mind try to get local control of IoT devices. I'm writing up a much more extensive blog post on this, suffice to say it's a complete mess and all of the suggestions I'

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). Firstly by the Estonian Central Criminal Police a few years ago, then by the FBI and global counterparts

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open sourcing Have I Been Pwned (HIBP) in August last year and then finally a couple of weeks ago, actually taking the first step with Pwned Passwords? Many people certainly noticed the

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

This week as part of the ongoing initiative to make breach data available to national governments, I'm very happy to welcome the national CERT of Uruguay, CERTuy. They are now the 2nd Latin American country and 20th country worldwide to have free and easy API level access to

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

This week has been absolutely dominated by code contributions to Pwned Passwords. This is such an awesome, humbling experience that so many people have wanted to contribute their time to something that makes online life better for all of us. The challenge I have now is, as expected, managing the

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

Supporting national CERTs with free API domain searches across their assets is becoming an increasing focus for Have I Been Pwned and today I'm happy to welcome the 19th government on board, Belgium. As of now, the Centre for Cyber Security Belgium (CCB) has full access to query

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

Continuing with the launch of the Have I Been Pwned Domain Search API to national government cyber agencies, I am very happy to welcome the first Latin American country on board, the Dominican Republic. Their National Cybersecurity Incident Response Team (CSIRT-RD) is the 18th national CERT that has free and

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

This week is the culmination of planning that began all the way back in August last year when I announced the intention to start open sourcing the HIBP code base. Today, it's finally happened with Pwned Passwords now completely open to all. That's only been possible

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

I've got 2 massive things to announce today that have been a long time in the works and by pure coincidence, have aligned such that I can share them together here today. One you would have been waiting for and one totally out of left field. Both these

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

Today I'm very happy to welcome the first Caribbean government to Have I Been Pwned, Trinidad & Tobago. As of today, the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has full and free access to query their government domains and gain visibility into where they'

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

For a week where I didn't think I had much to talk about, I was surprised by what I ended up with by the time I sat down to broadcast. Turns out there's always a lot to discuss, and that's before questions from the

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

Today I'm very happy to welcome the 16th government to Have I Been Pwned, Sweden. The Swedish National Computer Security Incident Response Team CERT-SE now has full and free access to query all government domains via HIBP's API and gain insights into the impact of data

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

This one is a real short intro as right now, it hurts to type (copy and paste is earlier 😊): I’m Back at a *REAL* Conference; Dealing with RSI; Shellies and MQTT; My IoT Aircon Hack; Drowning in Data Breaches.

References

1. I've been at a real

Presently sponsored by: Axonius gives IT and security teams the confidence they need to focus on the bigger picture. Learn more and try it free.

A fairly hectic week this one, in a large part due to chasing down really flakey network issues that are causing devices (namely Shelly relays) to be inaccessible. I suspect it's ARP related and as of now, it's still not fully resolved. You know how much

Most medical and fitness apps in Google Play have tracking capabilities enabled and their data collection practices aren’t transparent

The post Most health apps engage in unhealthy data‑harvesting habits appeared first on WeLiveSecurity

OSINT can be used by anyone, both for good and bad ends – here’s how defenders can use it to keep ahead of attackers

The post OSINT 101: What is open source intelligence and how is it used? appeared first on WeLiveSecurity

The fraudsters ran their campaigns from the cloud and used phishing attacks and email forwarding rules to steal financial information

The post Microsoft takes down large‑scale BEC operation appeared first on WeLiveSecurity

How do vishing scams work, how do they impact businesses and individuals, and how can you protect yourself, your family and your business?

The post Vishing: What is it and how do I avoid getting scammed? appeared first on WeLiveSecurity

ESET Research dissects campaigns by the Gelsemium and BackdoorDiplomacy APT groups – Hacking an orbiting satellite isn't necessarily the stuff of Hollywood

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Should we expect cybercriminals to ditch the pseudonymous cryptocurrency for other forms of payment that may be better at throwing law enforcement off the scent?

The post Tracking ransomware cryptocurrency payments: What now for Bitcoin? appeared first on WeLiveSecurity

The latest Chrome update patches a bumper crop of security flaws across the browser’s desktop versions

The post Google fixes actively exploited Chrome zero‑day appeared first on WeLiveSecurity

ESET researchers discover a new campaign that evolved from the Quarian backdoor

The post BackdoorDiplomacy: Upgrading from Quarian to Turian appeared first on WeLiveSecurity

ESET researchers shed light on new campaigns from the quiet Gelsemium group

The post Gelsemium: When threat actors go gardening appeared first on WeLiveSecurity

Law enforcement around the world used a messaging app called AN0M to monitor the communications of alleged criminals

The post Hundreds of suspected criminals arrested after being tricked into using FBI‑run chat app appeared first on WeLiveSecurity

Hacking an orbiting satellite is not light years away – here’s how things can go wrong in outer space

The post Hacking space: How to pwn a satellite appeared first on WeLiveSecurity

New ESET Threat Report is out – How to deal with online trolls – Teens, beware these 5 common scams

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Websites using Fancy Product Designer are susceptible to remote code execution attacks even if the plugin is deactivated

The post Zero‑day in popular WordPress plugin exploited to take over websites appeared first on WeLiveSecurity

A view of the T 1 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

The post ESET Threat Report T 1 2021 appeared first on WeLiveSecurity

From knock-off designer products to too-good-to-be-true job offers, here are five common schemes fraudsters use to trick teenagers out of their money and sensitive data

The post 5 common scams targeting teens – and how to stay safe appeared first on WeLiveSecurity

You may not be able to escape internet trolls, but you have a choice about how you will deal with them – here’s how you can handle trolls without losing your cool

The post Don’t feed the trolls and other tips for avoiding online drama appeared first on WeLiveSecurity

You, too, may be vulnerable to SIM swap attacks – How to defend yourself against rom-cons – Zero day in macOS allowed malware to take secret screenshots

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Here’s how easily your phone number could be stolen, why a successful SIM swap scam is only the beginning of your problems, and how you can avoid becoming a victim of the attack

The post I hacked my friend’s website after a SIM swap attack appeared first on WeLiveSecurity

Patches to remedy the vulnerabilities should be released over the coming weeks

The post Bluetooth bugs could allow attackers to impersonate devices appeared first on WeLiveSecurity

You would do well to update to macOS Big Sur 11.4 post-haste

The post Apple fixes macOS zero‑day bug that let malware take secret screenshots appeared first on WeLiveSecurity

Online dating scams often follow the same script – here’s what senior citizens should watch out for and how their younger relatives can help them avoid falling victim

The post Rom‑con: How romance fraud targets older people and how to avoid it appeared first on WeLiveSecurity

How stalkerware puts the stalkers' own data at risk – Watch out for FluBot – Building security into critical infrastructure

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

An all-new privacy dashboard and better location, microphone and camera controls are all aimed at curbing apps’ data-slurping habits

The post Android 12 will give you more control over how much data you share with apps appeared first on WeLiveSecurity

The attack is a reminder of growing cyberthreats to critical infrastructure while also showing why providers of essential services are ripe targets for cybercriminals

The post Colonial Pipeline attack: Hacking the physical world appeared first on WeLiveSecurity

Con artists use social media to find and target victims for various nefarious ends, including to extort relatives of missing persons

The post Scams target families of missing persons, FBI warns appeared first on WeLiveSecurity

Why FluBot is a major threat for Android users, how to avoid falling victim, and how to get rid of the malware if your device has already been compromised

The post Take action now – FluBot malware may be on its way appeared first on WeLiveSecurity

ESET research reveals that common Android stalkerware apps are riddled with vulnerabilities that further jeopardize victims and expose the privacy and security of the snoopers themselves

The post Android stalkerware threatens victims further and exposes snoopers themselves appeared first on WeLiveSecurity

The report provides unique insights into how the COVID-19 pandemic affected the data breach landscape

The post Verizon’s 2021 DBIR: Phishing and ransomware threats looming ever larger appeared first on WeLiveSecurity

Join ESET Research at RSA Conference 2021 – WhatsApp to restrict features for some users – 1 million apps rejected from the App Store last year

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The operation was carried out against an organized group that used online trading platforms to swindle victims out of US$36 million

The post European police bust major online investment fraud ring appeared first on WeLiveSecurity

Apple also claims to have foiled US$1.5 billion worth of potentially fraudulent transactions

The post 1 million risky apps rejected or removed from Apple’s App Store in 2020 appeared first on WeLiveSecurity

We will explore two threats – Android stalkerware and XP exploits

The post ESET Research goes to RSA Conference 2021 with two presentations appeared first on WeLiveSecurity

Your account won’t be deleted, but here's what you may want to be aware of if not even repeated reminders to accept the new policy do the trick

The post WhatsApp will limit features for users who don’t accept new data‑sharing rules appeared first on WeLiveSecurity

Ousaban banking trojan targeting Brazil – How to help your kids use safe passwords – DDoS attack takes Belgian government websites offline

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Millions of Brits could be at risk of cyberattacks due to poor default passwords and a lack of firmware updates

The post Popular routers found vulnerable to hacker attacks appeared first on WeLiveSecurity

How witches, wizards and superheroes can help your kids stay safe from cyber-villains, plus other parenting hacks to encourage your children to use secure passwords

The post Fantastic passwords and where your children can find them appeared first on WeLiveSecurity

The attack overwhelmed the systems of a Belgian ISP, leading to widespread service outages and disruptions

The post DDoS attack knocks Belgian government websites offline appeared first on WeLiveSecurity

Another in our occasional series demystifying Latin American banking trojans

The post Ousaban: Private photo collection hidden in a CABinet appeared first on WeLiveSecurity

The Patch Tuesday security update due in July should hammer the last nail in the coffin of Adobe Flash Player

The post Microsoft will soon remove Flash Player from Windows 10 devices appeared first on WeLiveSecurity

The agency’s new initiative will also warn about the high cost of the free lunch – the increased risk of malware exposure

The post INTERPOL aims to deal a blow to digital piracy appeared first on WeLiveSecurity

Governments as cyber-targets – FBI and Have I Been Pwned team up to notify Emotet victims – Mac users urged to plug a serious security hole

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The data breach notification site now allows you to check if your login credentials may have been compromised by Emotet

The post FBI teams up with ‘Have I Been Pwned’ to alert Emotet victims appeared first on WeLiveSecurity

A year into the pandemic, ESET reveals new research into activities of the LuckyMouse APT group and considers how governments can rise to the cybersecurity challenges of the accelerated shift to digital

The post Prime targets: Governments shouldn’t go it alone on cybersecurity appeared first on WeLiveSecurity

Mac users are being urged to update to macOS Big Sur 11.3 as at least one threat group is exploiting the zero-day bug to sneak past the operating system’s built-in security mechanisms

The post Apple patches severe macOS security flaw appeared first on WeLiveSecurity

All that glitters is not gold – look out for fake celebrity endorsements and other con jobs that aren’t going out of fashion any time soon

The post 4 common ways scammers use celebrity names to lure victims appeared first on WeLiveSecurity

WhatsApp Pink is not an update – Security holes in Apple's AirDrop – New zero-day plugged in Chrome

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The social media platform is stepping up efforts to help stomp out harassment and other abusive behavior

The post Instagram rolls out new features to help prevent cyberbullying appeared first on WeLiveSecurity

You can only stay safe by disabling AirDrop discovery in the system settings of your Apple device, a study says

The post AirDrop flaws could leak phone numbers, email addresses appeared first on WeLiveSecurity

The update patches a total of seven security flaws in the desktop versions of the popular web browser

The post Google rushes out fix for zero‑day vulnerability in Chrome appeared first on WeLiveSecurity

The malware sends automated replies to messages on WhatsApp and other major chat apps

The post WhatsApp Pink: Watch out for this fake update appeared first on WeLiveSecurity