Cybersecurity

Flaw in ESET Security Software Used to Spread Malware From ToddyCat Group

Researchers have discovered that suspected state-backed hackers could exploit a vulnerability in software from cybersecurity firm ESET to secretly infect targeted devices with malicious code.

The vulnerability, tracked as CVE-2024-11859, allows attackers to plant a malicious dynamic-link library (DLL) and execute it through the ESET antivirus scanner, according to a report by the Russian cybersecurity firm Kaspersky. The malicious code runs in the background, bypassing system alerts and remaining undetected.

Slovakia-based ESET confirmed the flaw in an advisory last week and released a fix, describing it as a medium-severity issue with a CVSS score of 6.8 out of 10. The company urged users to update their systems to prevent potential exploitation.

Read the rest of the story at The Record.

