Items tagged with ESET
A new security vulnerability has now been detailed that exposes portions of your device’s Wi-Fi traffic to nefarious individuals. The Kr00k vulnerability was disclosed today by ESET researchers presenting at the RSA Security Conference. The problem lies with Wi-Fi chips that were manufactured by Broadcom and Cypress Semiconductor, and Kr00k would allow anyone with the proper tools within close proximity to your Wi-Fi network to bypass WPA2 encryption. Kr00k takes advantage of a period of a time when a device disconnects from a network either when roaming from access point to access point, or when it is forced off in a suspicious manner. After the targeted device then reconnects to the network,...
Read more...
Microsoft announced this week that it has teamed up with the FBI and other partners including ESET to dismantle the massive botnet called Gamarue (Andromeda). Microsoft says that it and its partners began the journey to disrupt the botnet all the way back in 2015. A coordinated take down started on November 29, 2017 and an arrest was made. ESET wrote, "A coordinated take down started on November 29, 2017 and as a result of this joint effort, law enforcement agencies across the globe were able to make an arrest and obstruct activity of the malware family responsible for infecting more than 1.1 million systems per month." The road to the arrest started in 2015 when the Microsoft Windows Defender...
Read more...
Google Chrome might be the most popular web browser in the world, but it has long been criticized for the app bloat that has accumulated over the years and its negative impact on resources and battery life. The "bloat" is about to increase again today, although Google says that the latest addition to Chrome should help protect your system from attacks. The Google team says now detailing three feature updates in Chrome for Windows that helps users "recover from unwanted software infections". The first addition comes in the form of a background monitor that can determine if an extension has changed your browser settings without first getting your permission. If Chrome detects modifications, it...
Read more...
Orbit Downloader is a nifty tool. It’s a web browser file downloading add-on, and it lets users more easily manage their downloaded files, download embedded videos, speed up downloads, and more. Unfortunately, it’s also apparently now an effective tool for delivering Distributed Denial of Service (DDoS) attacks. The ESET security folks discovered an extra component in the Orbit Downloader code (specifically, “orbitdm.exe”) that sends an HTTP GET request to an Orbit server, and the server spits back two URLs. One points to a version of a Win32 PE DLL file that the software downloads without the user knowing, and the other “seems to generate a response via HTTP POST...
Read more...
When it comes to ISPs throttling Peer-to-peer (P2P) traffic, the denials fly as quick as the accusations. First the FCC contradicts Comcast's claims that it only throttles P2P traffic when there is network congestion; now, as News.com reports, AT&T rebuffs claims from BitTorrent client developer, Vuze, that AT&T uses false reset messages to impact P2P traffic: "In response to your specific question about AT&T's network management practices, AT&T does not use "false reset messages" to manage its network. We agree with Vuze that the use of the Vuze Plug-In to measure network traffic has numerous limitations and deficiencies, and does not demonstrate whether any particular network...
Read more...
