Entries by Tomas Foltyn

Popular home routers plagued by critical security flaws

A study paints a dim picture of router security, as none of the 127 devices tested was free of severe vulnerabilities A recent study of more than 100 consumer-grade routers from seven, mostly large vendors has found that nearly all tested routers are affected by scores of unpatched and often severe security flaws that leave […]

Week in security with Tony Anscombe

Brute-force attacks against RDP surge – Is contact tracing the answer to ending the COVID-19 crisis? – Microsoft ships urgent security updates ESET researchers have released data that confirms a sharp increase in brute-force attacks against Remote Desktop Protocol connections during the pandemic-induced lockdowns. Also this week, we discussed the question of whether contact tracing […]

Microsoft releases emergency update to fix two serious Windows flaws

The out-of-band update plugs two remote code execution bugs in the Windows Codecs library, including one rated as critical Microsoft on Tuesday released emergency security patches to plug a pair of serious vulnerabilities in its Windows Codecs library that impact several Windows 10 and Windows Server versions. Indexed as CVE-2020-1425 and CVE-2020-1457, the two remote-code […]

Week in security with Tony Anscombe

Android ransomware posing as a COVID-19 tracing app – Ill-trained and ill-equipped newly-minted remote workers – How Bitcoin giveaway scams misuse Elon Musk’s name This week, ESET researchers published their findings about Android ransomware spreading under the guise of an official COVID-19 contact-tracing app developed by Health Canada. A study by IBM shows that many […]

Week in security with Tony Anscombe

This week, ESET researchers released their findings about Operation In(ter)ception, a campaign that leveraged LinkedIn-based spearphishing and took aim at aerospace and military companies in Europe and the Middle East between September and December 2019. Another major research effort by ESET experts revealed a campaign by the InvisiMole group that targeted high-profile organizations in the […]

Week in security with Tony Anscombe

ESET research into Gamaredon’s tricks – A flawed online voting platform – Massive hack-for-hire campaigns This week, ESET researchers published their findings about new malicious tools deployed by the Gamaredon group, including a VBA macro that takes advantage of the Microsoft Outlook email accounts of compromised targets to send spearphishing emails to their contacts. An […]

Microsoft ships hefty patch load this month

The latest Patch Tuesday knocks out a record-high number of vulnerabilities, including new bugs in the SMB protocol Microsoft has released a new batch of regular security updates for Windows and other supported software. With fixes for a whopping 129 vulnerabilities, including 11 rated as critical, the latest Patch Tuesday is the bulkiest on record. […]

Week in security with Tony Anscombe

A deep-clean of your Facebook history – Google’s Advanced Protection-Nest integration – Talking to your kids before they join social media Facebook is rolling out a new feature that makes it far easier for people to find and mass-delete their old posts, including to prevent their social media past from coming back to haunt them. […]

Mozilla fixes high‑risk Firefox flaws, bug in DoH feature

The browser maker rolls out updates on back-to-back days, including a patch to avoid unintentionally overloading DNS providers The Mozilla team has had a productive few days, having issued a update to Firefox only a day after releasing the web browser’s latest major version that plugged eight CVE-listed security holes. First, Tuesday saw the rollout […]

Facebook now lets you delete old posts in bulk

Dealing with skeletons lurking in your Facebook closet has never been easier Facebook is rolling out a new feature that will be a boon to anybody who’s looking to scrub their social media presence squeaky-clean. Called ‘Manage Activity’, the new tool will enable people to easily triage and then hide or delete their old – […]