DUBAI, UAE: ESET will highlight its latest and as yet unpublished research during the RSA Conference 2021 taking place virtually during May 17-20. ESET researchers Jean-Ian Boutin, Alexis Dorais-Joncas, Zuzana Hromcová and Lukáš Štefanko will provide a deep dive into Windows XP exploits, how nation-state actors have been breaching air-gapped networks and Android stalkerware. Having three presentations included in the RSA Conference agenda is a record for ESET, a global leader in IT security.
Two of the presentations will take place on the opening day of the conference on May 17. ESET researcher Lukáš Štefanko will address “Security: The Hidden Cost of Android Stalkerware” from 11:20 to 12:00 PDT (20:20 to 21:00 CEST). Stalkerware is used to spy on users by gathering, transmitting, and storing their personal information. ESET Research has discovered serious vulnerabilities in Android stalkerware apps and their monitoring servers that could result in serious user impact if exploited.
“Mobile stalkerware is a popular threat sold legally on various websites,” explains Štefanko. “Based on ESET telemetry, the number of detections of stalkerware in 2020 rose by 48% compared to 2019. I will cover more than 80 different families of Android stalkerware and focus on security issues and privacy flaws in their code.”
Immediately following Štefanko, Head of Threat Research at ESET Jean-Ian Boutin and ESET researcher Zuzana Hromcová will take the virtual stage with “Beyond Living-Off-the-Land: Why XP Exploits Still Matter” from 12:05 to 12:45 PDT (21:05 to 21:45 CEST). Living-off-the-land refers to a technique where attackers use legitimate, preinstalled tools to carry out their malicious operations.
“This presentation will introduce the evolution of this technique, and explain how vulnerable binaries can be leveraged to replace the well-known and well-mapped living-off-the-land binaries,” says Hromcová.
“A vulnerable Windows XP DLL can quickly turn incident response into a nightmare, even on non-XP machines,” adds Boutin. “Learn from ESET’s experience and leverage our guidance to fortify your defenses against this emerging trend.”
The final presentation from ESET Research will be delivered by Alexis Dorais-Joncas, security intelligence team lead at ESET. His presentation on May 19 (time yet to be confirmed) is headlined: “Jumping the air-gap: 15 years of nation-state efforts.”
“Nation-state actors have been breaching air-gapped networks for over a decade, and we’ve analyzed and compared all their malicious frameworks known to date,” emphasizes Dorais-Joncas. “So, learn from the best and discover how they’re doing this, so you can protect yourself better.”
To watch the presentations live, register at the RSA Conference 2021 website. Check the full agenda to find the pass that best suits your interests.
If you cannot join the event live, you can still read the two white papers that ESET will release during the conference – the first by Lukáš Štefanko on Android stalkerware and the second by Alexis Dorais-Joncas on breaching air-gapped networks. Check out WeLiveSecurity, where both pieces will be published. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.
-Ends-
About ESET
For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multifactor authentication, ESET’s high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET’s R&D centers worldwide, working in support of our shared future. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and Twitter.
© Press Release 2021
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.
