NEWSROOM
News Highlights
Comprehensive collection of ESET News, including the highest performing press releases, research, and thought leadership content gathered on single page.
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
ESET researchers discovered and disclosed code execution vulnerabilities (CVE-2024-7262 and CVE-2024-7263) in WPS Office for Windows, exploited by APT-C-60 to target East Asian countries. After identifying and analyzing the root cause, both vulnerabilities were patched. The exploits involved remote code execution and the manipulation of the custom protocol handler.
Old devices, new dangers: The risks of unsupported IoT tech
Outdated devices pose a security threat as they become vulnerable to cyber-attacks when manufacturer support ends. Exploited devices can be used for malicious activities, including surveillance and data theft. To mitigate risk, consider repurposing old devices in a disconnected manner or ensuring secure disposal. Upgrading to modern, supported devices is crucial for maintaining cybersecurity.
Why scammers want your phone number
Phone numbers are valuable targets for scammers, as they can be used for smishing, hacking, call forwarding, SIM swaps, and Caller ID spoofing. These tactics can lead to financial scams, corporate data phishing, and CEO fraud. To stay safe, individuals and businesses should validate requests, secure their accounts, limit public exposure, use mobile security, and avoid SMS-based authentication.
Annoying but necessary: How to decrease the burden of authentication requirements
Authentication mechanisms are crucial for cybersecurity but increasing complexity makes them vulnerable. ESET’s Secure Authentication offers a cloud-based solution with multifactor authentication to ease the burden on IT admins and protect against cyber breaches. However, it’s important to balance security with user experience and provide support for MFA fatigue.
Beware of fake AI tools masking very real malware threats
Ever attuned to the latest trends, cybercriminals distribute malicious tools that pose as ChatGPT, Midjourney and other generative AI assistants...
Building cyber-resilience: Lessons learned from the CrowdStrike incident
Organizations must resist attributing IT meltdowns to exceptional circumstances, instead conducting thorough post-mortems. While cyber-resilience plans can help, exceptional incidents may render them inadequate. It’s crucial to review incidents, consider reliance on single vendors, and promote diversified product selection to lower risk. Utilizing outdated technology poses a significant cyber risk and should be avoided.