WeLiveSecurity

Les influenceurs dans le collimateur : comment les cybercriminels ciblent les créateurs de contenu

Les influenceurs sur les réseaux sociaux peuvent offrir une portée et une crédibilité aux escroqueries et à la distribution ...
WeLiveSecurity

Credential stuffing: What it is and how to protect yourself

Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts ...
WeLiveSecurity

Escroquerie en ligne & colis mystères : connaissez-vous les « brushing scams » et savez-vous comment vous en protéger

Avez-vous déjà reçu un colis que vous n'aviez pas commandé ? Cela pourrait être un signe que vos données ont été compromises ...
WeLiveSecurity

LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group

Update, 9 October 2018: The remediation section of the white paper contained inaccurate information. Secure Boot doesn't protect against the UEFI rootkit described in this research. We advise that you ...
WeLiveSecurity

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

In 2024, ESET researchers noticed previously undocumented malware in the network of a Southeast Asian governmental entity. This led us to uncover even more new malware on the same system, none of ...
WeLiveSecurity

Black Hat Europe 2025: Reputation matters – even in the ransomware economy

Black Hat Europe 2025 opened with a presentation by Max Smeets of Virtual Rotes titled ‘Inside the Ransomware Machine’. The talk focused on the LockBit ransomware-as-a-service (RaaS) gang and Max’s ...
WeLiveSecurity

MuddyWater: Snakes by the riverbank

ESET researchers have identified new MuddyWater activity primarily targeting organizations in Israel, with one confirmed target in Egypt. MuddyWater, also referred to as Mango Sandstorm or TA450, is ...
WeLiveSecurity

PlushDaemon compromises network devices for adversary-in-the-middle attacks

ESET researchers provide insights into how PlushDaemon performs adversary-in-the-middle attacks using a previously undocumented network implant that we have named EdgeStepper, which redirects all DNS ...
WeLiveSecurity

Gotta fly: Lazarus targets the UAV sector

ESET researchers have recently observed a new instance of Operation DreamJob – a campaign that we track under the umbrella of North Korea-aligned Lazarus – in which several European companies active ...
WeLiveSecurity

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception

This blogpost introduces our latest white paper, presented at Virus Bulletin 2025, where we detail the operations of the North Korea-aligned threat actor we call DeceptiveDevelopment and its ...
WeLiveSecurity

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

ESET Research has discovered HybridPetya, on the VirusTotal sample sharing platform. It is a copycat of the infamous Petya/NotPetya malware, adding the capability of compromising UEFI-based systems ...