Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
dmv.community is one of the many independent Mastodon servers you can use to participate in the fediverse.
A small regional Mastodon instance for those in the DC, Maryland, and Virginia areas. Local news, commentary, and conversation.

Administered by:

Server stats:

160
active users

dmv.community: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#eset

1 post1 participant0 posts today
Public
Tiskovec.cz

Zhruba polovina Čechů plánuje nákup kryptoměn, ale třetina z nich podceňuje kybernetická rizika. Nový průzkum ESET ukazuje, že lidé se obávají podvodů a útoků, ale mnozí nevědí, jaká rizika to mohou být. Jak se chránit před kybernetickými hrozbami při investicích do kryptoměn? Přečtěte si více o aktuálních trendech a doporučeních pro bezpečné investování! #Kryptoměny #Kyberbezpečnost #ESET

👉 Více informací najdete zde:
tiskovec.cz/clanky/pruzkum-ese

Tiskovec.czPrůzkum ESET: Češi chtějí nakupovat kryptoměny, podceňují ale kybernetická rizikaZhruba polovina Čechů a Češek plánuje nákup kryptoměn, necelá třetina je už vlastní nebo někdy vlastnila. Kromě složitosti a finanční rizikovosti se bojí také kybernetických rizik, třetina však netuší, jaká rizika by to měla být. Vyplývá to z nového průzkumu společnosti ESET. Podle bezpečnostních expertů se můžeme v Česku aktuálně setkávat s podvodem, při kterém útočníci využívají různé techniky manipulace, včetně falešného obsahu, který vydávají za články ve známých médiích. Cílem je oběť kontaktovat a přimět ji k nákupu falešných služeb, zboží nebo k investicím.
Public
OTX Bot

How ToddyCat tried to hide behind AV software

The ToddyCat APT group has developed a sophisticated tool called TCESB to stealthily execute payloads and evade detection. This tool exploits a vulnerability (CVE-2024-11859) in ESET Command line scanner for DLL proxying, using a modified version of the open-source EDRSandBlast malware. TCESB employs techniques like DLL proxying, kernel memory manipulation, and Bring Your Own Vulnerable Driver (BYOVD) to bypass security solutions. It searches for kernel structure addresses using CSV or PDB files, installs a vulnerable Dell driver, and decrypts AES-128 encrypted payloads. The discovery highlights the need for monitoring driver installations and Windows kernel debug symbol loading events to detect such sophisticated attacks.

Pulse ID: 67f3cb12758e286216442770
Pulse Link: otx.alienvault.com/pulse/67f3c
Pulse Author: AlienVault
Created: 2025-04-07 12:54:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#Dell#EDR
Public
OTX Bot

Shifting the sands of RansomHub's EDRKillShifter

ESET researchers analyze the ransomware ecosystem in 2024, focusing on the newly emerged RansomHub gang. They uncover connections between RansomHub affiliates and rival gangs Play, Medusa, and BianLian through the use of EDRKillShifter, a custom EDR killer developed by RansomHub. The researchers leverage the widespread adoption of EDRKillShifter to track affiliate activities across multiple gangs and reconstruct its development timeline. The article also discusses the rise of EDR killers in ransomware attacks and provides insights into their anatomy and defense strategies. Despite disruptions to major ransomware groups, new threats like RansomHub quickly filled the void, highlighting the need for continued vigilance and law enforcement efforts targeting both operators and affiliates.

Pulse ID: 67e5309c175c81db27157632
Pulse Link: otx.alienvault.com/pulse/67e53
Pulse Author: AlienVault
Created: 2025-03-27 11:03:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#BianLian#CyberSecurity#EDR
Public
OTX Bot

You will always remember this as the day you finally caught FamousSparrow

ESET researchers uncovered new activity by the FamousSparrow APT group, including two undocumented versions of their SparrowDoor backdoor. The group compromised a US financial sector trade group and a Mexican research institute in July 2024. The new SparrowDoor versions show significant improvements in code quality and architecture, implementing command parallelization. FamousSparrow also used the ShadowPad backdoor for the first time. The analysis revealed links between FamousSparrow and other China-aligned threat actors like Earth Estries. The group's continued development of tools during a period of apparent inactivity suggests they remained active but undetected from 2022 to 2024.

Pulse ID: 67e460646f872ac59c466323
Pulse Link: otx.alienvault.com/pulse/67e46
Pulse Author: AlienVault
Created: 2025-03-26 20:15:32

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor#China#CyberSecurity
Public
OTX Bot

Operation FishMedley targeting governments, NGOs, and think tanks

ESET researchers have uncovered a global espionage operation called Operation FishMedley, conducted by the FishMonger APT group, which is operated by the Chinese contractor I-SOON. The campaign targeted governments, NGOs, and think tanks across Asia, Europe, and the United States during 2022. The attackers used implants like ShadowPad, SodaMaster, and Spyder, which are common or exclusive to China-aligned threat actors. The operation involved sophisticated tactics including lateral movement, credential theft, and custom malware deployment. Seven victims were identified across various countries and sectors. The analysis provides technical details on the malware used, initial access methods, and command and control infrastructure.

Pulse ID: 67dd406f6ba9eecd280aa95e
Pulse Link: otx.alienvault.com/pulse/67dd4
Pulse Author: AlienVault
Created: 2025-03-21 10:33:19

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Asia#China#Chinese
Replied in thread
Public
𝙳𝚊𝚗𝚒𝚎𝚕𝚎 𝙼𝚒𝚌𝚌𝚒 🇪🇺

@prealpinux @linux Ad essere precisi, #ESET consiglia l'installazione di una distribuzione #Linux come una "buona opzione" tout court, aggiungendo poi "soprattutto per l’hardware più vecchio". Dall'articolo di PI, invece, sembra che l'opzione Linux sia suggerita *solo* in relazione all'hardware datato (una sorta di soluzione di ultima istanza). #softwarelibero #opensource

eset.com/de/about/presse/press

www.eset.comSecurity-Fiasko? 32 Millionen Computer in Deutschland laufen noch mit Windows 10 | ESET
Public
Xavier «X» Santolaria :verified_paw: :donor:

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #42/2024 is out!

It includes the following and much more:

#Cisco Investigating #Breach;

➝ Data from #Verizon's push-to-talk System for Sale;

#Gmail Alert For 2.5B Users As #AI Hack Confirmed;

➝ Dark Web Shut Down in Finland;

#Microsoft Lost Cloud Security Logs;

#ESET Breached;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

infosec-mashup.santolaria.net/

X’s InfoSec Newsletter · [InfoSec MASHUP] 42/2024By X’s InfoSec Newsletter
ExploreLive feeds
About