Posts

The latest from Bernie

When Malware is Digitally Signed by an Anti-Malware Company

-
Image
  In October 2024, a sneaky malware campaign started spreading. The threat actors used a message that looked like it came from the Israeli partner of ESET, a well-known anti-malware company. They targeted Israeli businesses and educational institutions. But here’s the catch: the message didn’t show any signs of having malicious content. Analysts who initially checked out the email thought there was nothing fishy about it. The email warns recipients that their company is being targeted by “state-sponsored threat actors.” It suggests downloading and installing the “ESET Unleashed” app to protect against this threat. The email’s link seems legitimate, pointing to a valid ESET server. The file on the download link contains an executable file (Setup.exe) and four DLL files. Upon closer inspection, it turns out that the DLL files are part of ESET’s anti-virus software, but the EXE file is actually a malicious data wiper but it was digitally signed by ESET. This malware has an interesting...
Post a Comment
Read more

Tech Party List, A Satirical List

-
Image
  **WARNING:** This post is not intended for individuals who are easily offended. Should you find satirical content objectionable, please leave this page immediately. YOU HAVE BEEN WARNED. With the Philippine elections coming very soon, One of the most colorful part this national exercise is the proliferation of Party Lists that have a great name recall. In the Philippines, the party-list system is a mechanism of proportional representation in the election of representatives to the House of Representatives. This system allows national, regional, and sectoral parties or organizations to gain seats in the House based on the proportion of votes they receive. The goal of the party-list system is to ensure that marginalized and underrepresented sectors of society have a voice in the legislative process. Each party-list group represents specific sectors such as labor, farmers, women, youth, indigenous peoples, and other marginalized groups. Voters can choose a party-list group during el...
Post a Comment
Read more

Wow! I Got Mail!

-
Image
  It looks like a not-so-anonymous donor is willing to donate money for use in my non-existent "charity work in my area". 🤣 BUT SERIOUSLY... this is yet another example of threat actors that simply want to (a) verify my email address so they can continue sending me scam messages. (b) lure me in and scam me if I am greedy enough to "bite" into their lure.  Should anyone else receive a similar message, the best way to handle it is to simply ignore it and tag it as "junk email".  Oh, and if similar messages from unknown sources come your way... well you know what to do.
Post a Comment
Read more

Oh no! My TikTok is Being Hacked!

-
Image
  . ..and then I realized that I don't have a TikTok account. I’ve also received similar messages claiming that new log-ins have been detected on my non-existent X (aka Twitter) and my MFA-protected Facebook account. This is a relatively new tactic that will trick unsuspecting recipients into clicking on a fake log-in screen for TikTok, X, or Facebook, hoping to steal their login credentials. So, stay alert and don’t fall for it! Have you received messages similar to this?
Post a Comment
Read more

Protecting Your Business: How Logging Made Easy (LME) Can Safeguard SMEs from Cyber Threats

-
Image
  Small to medium-sized business owners who handle sensitive information such as personal data, bank details, and confidential information should consider having their IT experts evaluate the feasibility of implementing Logging Made Easy (LME) within their infrastructure. CISA recently released version 2 of the LME. Currently, small and medium-sized enterprises (SMEs) are perceived as “low hanging fruit” by threat actors, making them easy targets for hacking and data breaches. Implementing systems similar to the LME can help owners mitigate this risk. What is LME? Logging Made Easy (LME), a free and open-source log management solution, was developed by the Cybersecurity and Infrastructure Security Agency (CISA). It’s tailored to assist small to medium-sized organizations in monitoring their networks, identifying threats, and bolstering their overall cybersecurity measures. Why would SME owners need to bother with this? SME owners should be intrigued by the potential of LME (or any ...
Post a Comment
Read more