SANS

ISC Stormcast For Thursday, February 23rd 2017 https://isc.sans.edu/podcastdetail.html?id=5387, (Thu, Feb 23rd)

23 Feb 2017

...

Quick and dirty generic listener, (Tue, Feb 21st)

22 Feb 2017

From time to time, we see spikes on some odd port in our data and we want to figure out what the ...

ISC Stormcast For Wednesday, February 22nd 2017 https://isc.sans.edu/podcastdetail.html?id=5385, (Wed, Feb 22nd)

22 Feb 2017

...

Old posts >>


Sophos

Global spam drops by more than half – now what?

22 Feb 2017

Global spam levels plummeted at the end of 2016 and haven't gone back up - but sadly there's still an awful lot of spam left.

News in brief: pushback on Pirate Bay ban; course in fake news; autonomous Ubers get passengers

22 Feb 2017

Your daily round-up of some of the other stories in the news

Facebook rapped for dragging its feet on pictures stolen for ‘like-farming’

22 Feb 2017

As Facebook drags its feet over removing stolen images of a child for like-farming clickbait, what does this mean for the platform's commitment to tackling 'fake news'?

Sure, you might have bought the car, but does someone else control it?

22 Feb 2017

A researcher who was able to control his so-called 'smart' car three years after he sold it raises concerns about secondhand IoT devices

Google outs Windows flaw after Microsoft misses a patch deadline

22 Feb 2017

Google's move is the latest in a round of spats with Microsoft over its Project Zero initiative to nudge vendors into fixing flaws

Border agents could be forced to get a warrant before searching devices

22 Feb 2017

Senator warns that border agents' 'digital dragnets' are distracting them from actual threats

Live from RSA 2017 – the inside track [Chet Chat Podcast 258]

22 Feb 2017

Chester Wisniewski and John Shier share their thoughts from the floor of this year's RSA Conference in San Francisco.

Old posts >>

News in brief: Concern about Windows 10; Hacks cost Yahoo; PHP gets better crypto

21 Feb 2017

Your daily round-up of some of the other stories in the news

Google and Bing plan to bury pirated content

21 Feb 2017

From 1 June 2017 Google and Bing will to de-prioritise unlawful sharing sites

Thugs who sent Brian Krebs heroin and a SWAT team sentenced

21 Feb 2017

No word on when we'll see the movie, but the plot points keep coming.


TrendMicro

Old posts >>

The Healthcare Underground: Electronic Health Records for Sale

21 Feb 2017

In 2016, 91 percent of the U.S. population had health insurance coverage which means at a given time, any person will be effected in the event of a healthcare data breach. How it affects individuals may differ case by case perspective, but its impact to affected people and healthcare institutions are far from mild. In our latest research paper titled Cybercrime and other Threats faced by Healthcare industry, we look at the other side of a healthcare data breach and trace back what happens to electronic health records (EHR) after they are stolen.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

The Healthcare Underground: Electronic Health Records for Sale

RAMNIT: The Comeback Story of 2016

20 Feb 2017

Earlier this year, Action Fraud, the UK’s fraud and cybercrime reporting center, issued a warning that cyber criminals were taking advantage of generous individuals by sending phishing emails purportedly from Migrant Helpline, a charity organization dedicated to assisting migrants across the country. These emails contain a link that is supposed to lead to a donations page. However, instead of landing on a legitimate website, the user instead unwittingly downloads one of the most tenacious malwares in the wild: the veteran Trojan known as RAMNIT, which staged a comeback in 2016.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

RAMNIT: The Comeback Story of 2016

What’s In Shodan? Analyzing Exposed Cyber Assets in the United States

15 Feb 2017

Thanks to the Internet of Things (IoT), the world is now much more connected. While IoT brings about many benefits and has made life easier for us, there are some important questions we still have to ask: is IoT also making the world a little less secure? More importantly, is IoT making us vulnerable to attackers?

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

What’s In Shodan? Analyzing Exposed Cyber Assets in the United States

CERBER Changes Course, Triple Checks for Security Software

15 Feb 2017

CERBER is a ransomware family that has seen its share of unusual features since its appearance early last year. From its use of audio warnings, to the targeting of cloud platforms and databases, to distribution via malvertising, emailed scripting files, and exploit kits, CERBER has always been willing to keep up with the times, as it was. One reason for its apparent popularity may be the fact that it is sold in the Russian underground, giving a wide variety of cybercriminals access to it.

However, we've started seeing CERBER variants (which we detect as RANSOM_CERBER.F117AK) add a new wrinkle to their behavior: they have gone out of their way to avoid encrypting security software. How did they do this?

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

CERBER Changes Course, Triple Checks for Security Software

Tracking the Decline of Top Exploit Kits

14 Feb 2017

The latter half of 2016 saw a major shift in the exploit kit landscape, with many established kits suddenly dropping operations or switching business models. Angler, which has dominated the market since 2015, suddenly went silent. We tracked 3.4 million separate Angler attacks on our clients in the first quarter of 2016, and the rate...

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Tracking the Decline of Top Exploit Kits

Unix: A Game Changer in the Ransomware Landscape?

14 Feb 2017

2016 was the year when ransomware reigned. Bad guys further weaponized extortion into malware, turning enterprises and end users into their cash cows by taking their crown jewels hostage. With 146 families discovered last year compared to 29 in 2015, ransomware’s rapid expansion and development are projected to spur cybercriminals into diversifying and expanding their platforms, capabilities, and techniques in order to accrue more targets.

Indeed, we’ve already seen them testing new waters by tapping the mobile user base, and more recently developing ransomware for other operating systems (OS) then peddling it underground to affiliates and budding cybercriminals. Linux.Encoder (detected by Trend Micro as ELF_CRYPTOR family) was reportedly the first for Linux systems; it targeted Linux web hosting systems through vulnerabilities in web-based plug-ins or software such as Magento’s. In Mac OS X systems, it was KeRanger (OSX_KERANGER)—found in tampered file-sharing applications and malicious Mach-O files disguised as a Rich Text Format (RTF) documents. Their common denominator? Unix.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Unix: A Game Changer in the Ransomware Landscape?

Mirai Widens Distribution with New Trojan that Scans More Ports

13 Feb 2017

Late last year, in several high-profile and potent DDoS attacks, Linux-targeting Mirai (identified by Trend Micro as ELF_MIRAI family) revealed just how broken the Internet of Things ecosystem is. The malware is now making headlines again, thanks to a new Windows Trojan that drastically increases its distribution capabilities.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Mirai Widens Distribution with New Trojan that Scans More Ports

Brute Force RDP Attacks Plant CRYSIS Ransomware

09 Feb 2017

In September 2016, we noticed that operators of the updated CRYSIS ransomware family (detected as RANSOM_CRYSIS) were targeting Australia and New Zealand businesses via remote desktop (RDP) brute force attacks. Since then, brute force RDP attacks are still ongoing, with both SMEs and large enterprises across the globe affected. In fact, the volume of these attacks doubled in January 2017 from a comparable period in late 2016. While a wide variety of sectors have been affected, the most consistent target has been the healthcare sector in the United States.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Brute Force RDP Attacks Plant CRYSIS Ransomware

Lurk: Retracing the Group’s Five-Year Campaign

06 Feb 2017

Fileless infections are exactly what their namesake says: they're infections that don't involve malicious files being downloaded or written to the system’s disk. While fileless infections are not necessarily new or rare, it presents a serious threat to enterprises and end users given its capability to gain privileges and persist in the system of interest to an attacker—all while staying under the radar. For instance, fileless infections have been incorporated in a targeted bot delivery, leveraged to deliver ransomware, infect point-of-sale (PoS) systems, and perpetrate click fraud. The key point of the fileless infection for the attacker is to be able to evaluate each compromised system and make a decision whether the infection process should continue or vanish without a trace.

The cybercriminal group Lurk was one of the first to effectively employ fileless infection techniques in large-scale attacks—techniques that arguably became staples for other malefactors.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Lurk: Retracing the Group’s Five-Year Campaign

Routers Under Attack: Current Security Flaws and How to Fix Them

31 Jan 2017

How is it possible for users to lose hundreds of dollars in anomalous online bank transfers when all of their gadgets have security software installed?

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Routers Under Attack: Current Security Flaws and How to Fix Them


Kaspersky

Financial cyberthreats in 2016

22 Feb 2017

In 2016 we continued our in-depth research into the financial cyberthreat landscape. We've noticed over the last few years that large financial cybercriminal groups have started to concentrate their efforts on targeting large organizations – such as banks, payment processing systems, retailers, hotels and other businesses where POS terminals are widely used.

Old posts >>

New(ish) Mirai Spreader Poses New Risks

21 Feb 2017

A cross-platform win32-based Mirai spreader and botnet is in the wild and previously discussed publicly. However, there is much information confused together, as if an entirely new IoT bot is spreading to and from Windows devices. This is not the case. Instead, an accurate assessment is that a previously active Windows botnet is spreading a Mirai bot variant.

Spam and phishing in 2016

20 Feb 2017

2016 saw a variety of changes in spam flows, with the increase in the number of malicious mass mailings containing ransomware being the most significant. These programs are readily available on the black market, and in 2017 the volume of malicious spam is unlikely to fall.

Dissecting Malware

17 Feb 2017

From March 30 through April 2, 2017, one of them — Principal Security Researcher at Kaspersky Lab Nicolas Brulez — will deliver a course on the subject he has been training people around the world on for 12 years, malware reverse engineering.

Mobile apps and stealing a connected car

16 Feb 2017

The concept of a connected car, or a car equipped with Internet access, has been gaining popularity for the last several years. By using proprietary mobile apps, it is possible to get some useful features, but if a car thief were to gain access to the mobile device that belongs to a victim that has the app installed, then would car theft not become a mere trifle?

Breaking The Weakest Link Of The Strongest Chain

16 Feb 2017

Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. The attack compromised their devices and exfiltrated data to the attackers’ C&C. In addition, the compromised devices were pushed Trojan updates. The operation remains active at the time of writing this post.

A look into the Russian-speaking ransomware ecosystem

14 Feb 2017

In other words, crypto ransomware is a fine tuned, user friendly and constantly developing ecosystem. In the last few years we, at Kaspersky Lab, have been monitoring the development of this ecosystem. This is what we’ve learned.

Features of secure OS realization

09 Feb 2017

There are generally accepted principles that developers of all secure operating systems strive to apply, but there can be completely different approaches to implementing these principles.

Fileless attacks against enterprise networks

08 Feb 2017

This threat was originally discovered by a bank’s security team, after detecting Meterpreter code inside the physical memory of a domain controller (DC). Kaspersky Lab participated in the forensic analysis, discovering the use of PowerShell scripts within the Windows registry. Additionally it was discovered that the NETSH utility as used for tunnelling traffic from the victim’s host to the attacker´s C2.

Rocket AI and the next generation of AV software

07 Feb 2017

What would happen if we did the same thing that the respected AI experts did? We could come to agreements with other representatives in the cybersecurity area and create a joint project. Meet Rocket AV.


ThreatPost

Criminals Monetizing Attacks Against Unpatched WordPress Sites

22 Feb 2017

Sites still vulnerable to a REST API endpoint flaw in WordPress are now being targeted by attackers trying to turn a profit.

Google Upspin Secure File-Sharing Released to Open Source

22 Feb 2017

New file-sharing protocols and interfaces called Upspin have been released to open source. Built by Google, Upspin returns access control and data security to the user.

Intermediate CA Caching Could Be Used to Fingerprint Firefox Users

22 Feb 2017

The way Firefox caches intermediate CA certificates could allow for the fingerprinting of users and the leakage of browsing details, a researcher warns.

Old posts >>

Data Stealing Malware TeamSpy Resurfaces in Spam Campaign

21 Feb 2017

After a nearly four-year respite, the data-stealing TeamSpy malware has resurfaced in a spam campaign.

OpenSSL Update Fixes High-Severity DoS Vulnerability

21 Feb 2017

US-CERT issues alert to server admins warning of a dangerous OpenSSL vulnerability and urges 1.1.0 users update to version 1.1.0e.

Google Discloses Unpatched Microsoft Vulnerability

21 Feb 2017

Google Project Zero researchers are warning of an unpatched Microsoft vulnerability in the Windows' GDI library that allows attackers to steal sensitive data from program memory.

Rook Security on Online Extortion

21 Feb 2017

Mat Gangwer, CTO, and Tom Gorup, Security Operations Lead, at Rook Security talk to Mike Mimoso about the aggressive rise in online extortion and how it threatens not only data but physical safety.

Windows Botnet Spreading Mirai Variant

21 Feb 2017

A Windows-based botnet is spreading a Mirai variant that is also capable of spreading to Linux systems under certain conditions, Kaspersky Lab researchers said.

Squirrels, Not Hackers, Pose Biggest Threat to Electric Grid

17 Feb 2017

According to Marcus Sachs, CSO with the North American Electric Reliability Corporation, doomsday fears of a cyberattack against the U.S. electric grid are overblown.

SMTP Strict Transport Security Coming Soon to Gmail, Other Webmail Providers

17 Feb 2017

SMTP Strict Transport Security is coming to major webmail providers this year, a Google engineer said at RSA Conference


Symantec

Android ransomware requires victim to speak unlock code

22 Feb 2017

Latest Android.Lockdroid.E variant uses speech recognition instead of typing for unlock code input.

Read More

Old posts >>

Symantec and other industry leaders announce expanded Cyber Threat Alliance

14 Feb 2017

Cybersecurity consortium formally establishes rapid security intelligence sharing system to combat cybercrime and advanced attacks.

Read More

Sage 2.0 ransomware delivered by Pandex spambot, mimics Cerber routines

13 Feb 2017

New variants of Sage ransomware sport Cerber-like behavior, although no definitive link was found between the two families.

Read More

Attackers target dozens of global banks with new malware

12 Feb 2017

Watering hole attacks attempt to infect more than 100 organizations in 31 different countries.

Read More

Latest Intelligence for January 2017

10 Feb 2017

The email malware rate drops due to Necurs botnet inactivity and two new Android malware families appeared.

Read More

Android ransomware repurposes old dropper techniques

06 Feb 2017

Android ransomware is now using dropper techniques to drop malware on rooted devices as well as an inefficient 2D barcode ransom demand.

Read More

Android ad malware on Google Play combines three deception techniques

03 Feb 2017

Three apps on Google Play use delayed attacks, self-naming tricks, and an attack list dictated by a command and control server to click on ads in the background without the user's knowledge.

Read More

Greenbug cyberespionage group targeting Middle East, possible links to Shamoon

23 Jan 2017

Greenbug may answer the question of how Shamoon obtains the stolen credentials needed to carry out its disk-wiping attacks.

Read More

Microsoft Patch Tuesday – January 2017

10 Jan 2017

This month the vendor has released four bulletins, one of which is rated Critical.

Read More

Airport boarding gate display leaks booking codes, puts passenger data at risk

10 Jan 2017

Attackers could gain full control over passenger bookings, cancel flights, and steal sensitive information with leaked booking codes.

Read More

Latest Intelligence for December 2016

06 Jan 2017

The number of web attacks blocked per day were up by almost 100,000, and Symantec helps law enforcement crack down on cybercrime.

Read More

Bayrob: Three suspects extradited to face charges in US

16 Dec 2016

Symantec’s assistance paves way for long-running FBI investigation into gang that stole up to $35 million from victims.

Read More

Latest Intelligence for November 2016

14 Dec 2016

Email malware nearly doubles to one in 85 emails and spam rate rises for third month in a row.

Read More

Microsoft Patch Tuesday – December 2016

13 Dec 2016

This month the vendor is releasing 12 bulletins, six of which are rated Critical.

Read More

PowerShell threats surge: 95.4 percent of analyzed scripts were malicious

08 Dec 2016

Symantec analyzed 111 threat families that use PowerShell, finding that they leverage the framework to download payloads and traverse through networks.

Read More

Avalanche malware network hit with law enforcement takedown

01 Dec 2016

Symantec plays part in takedown of the Avalanche malware-hosting network.

Read More

Shamoon: Back from the dead and destructive as ever

30 Nov 2016

Malware hit targets in Saudi Arabia and was configured to wipe disks on November 17.

Read More

Mirai: New wave of IoT botnet attacks hits Germany

29 Nov 2016

New variant of malware used in attacks that knocked 900,000 home internet users offline.

Read More

Gatak: Healthcare organizations in the crosshairs

21 Nov 2016

Mysterious threat group infects organizations using malicious key generators for pirated software.

Read More

Android banking malware whitelists itself to stay connected with attackers

17 Nov 2016

New Android.Fakebank.B variants use social engineering to bypass a battery-saving process and stay active in the background.

Read More


F-Secure

Bitcoin Friction Is Ransomware’s Only Constraint

22 Feb 2017

In January 2017, I began tracking the “customer portal” of an innovative new family of crypto-ransomware called Spora. Among its innovations are a dedicated domain (spora.biz, spora.bz, et cetera) running a Tor web proxy, HTTPS support, an initially lower extortion demand, and tiered pricing with options to unencrypt individual files (up to 25Mb in size) […]

Old posts >>

F-Secure Does Cyber Security

15 Feb 2017

For more than 10 years, we’ve released an annual report/summary featuring observations, research, and malware trends. And in past years, this publication has included the word “threat” in its title. But no more! There are rather significant changes this year in our… State of Cyber Security. The new title reflects a change in the type […]

“F-Secure does red teaming?”

08 Feb 2017

On June 2nd 2015, F-Secure announced via a press release its acquisition of the Danish Cyber Security firm, nSense. That press release contained the following snippet: “the combined portfolio will allow F-Secure to provide top-tier incident response and forensic expertise, comprehensive vulnerability assessment, and threat intelligence and security management services to enterprises and businesses with […]

Noun: Confirmation Bias

01 Feb 2017

Confirmation bias, according to Google, is “the tendency to interpret new evidence as confirmation of one’s existing beliefs or theories.” Technology… potentially opens up a vast new realm of evidence, and that, if not very carefully analyzed, risks feeding confirmation bias. Last Friday, Journal News reported that a man from Middletown, Ohio was charged with […]

Noun: Sockpuppet

16 Jan 2017

An Internet sockpuppet, according to Google, is “a false online identity, typically created by a person or group in order to promote their own opinions or views.” Sockpuppets are nothing particularly new… they go back as far as USENET. But it feels that recently, sockpuppetry has reached new heights. Twitter is an easy place to […]

F-Secure Vulnerability Reward Program Update

10 Jan 2017

A message from Calvin, a security vulnerability expert and member of our Anti-Malware Unit. The AMU team has a customer care/support focus. Happy New Year to all you readers out there! A year has passed since we launched our F-Secure Vulnerability Reward Program (bug bounty) and time really flies. Here’s a snapshot of what we’ve […]

What’s The Deal With Digital Forensics, Incident Response, And Attribution?

21 Dec 2016

After several high-profile cyber attacks made big news headlines this year, it’s become evident to me, through online commentary, that there’s some confusion in the public space about how incident response services are utilized, how attribution is performed, and how law enforcement’s role fits into cyber crime investigations. I’m hoping this article helps to clear […]

On Botting, Cheating, And DDoSers

07 Dec 2016

On November 10th 2016 Blizzard enacted a “ban wave” on thousands of World of Warcraft accounts for “botting”, a term widely used to describe using third party programs to automate gameplay. Technically it wasn’t a “ban wave” – the accounts in question received between 6 and 24 month suspensions based on how often they’d been […]

A Joint Centre To Combat Hybrid Warfare Threats

24 Nov 2016

Helsinki will host a new centre focused on curbing the growing threat of hybrid warfare according to recent reports. Disinformation and fake news is considered “hybrid warfare” in this context. The proposed annual budget is reportedly estimated at two million euros. I think… they’re gonna need a bigger boat. Fighting against hybrid warfare disinformation will […]

Yahoo! Voice Call 2FA Fail

17 Nov 2016

Netflix recently fixed an account takeover vulnerability involving automated phone calls and caller ID spoofing. The issue? An attacker could use Netflix’s “forgot email/password” feature to reset an account’s password by directing the reset code to a voice call. In order to force the code to voice mail, the attacker would need to call the […]

What’s The Deal With “Next Gen”?

16 Nov 2016

We’re frequently asked about “Next Gen” antivirus companies, which is not surprising. They’ve been making a lot of noise and bold claims during the last couple of years (so, basically, since they were founded). So let’s take a look at what they’re all about. Coopetition in the AV industry But before getting into what “Next […]

A RAT For The US Presidential Elections

10 Nov 2016

A day before the controversial United States Presidential elections, an email was distributed to inform the recipients of a possible attack during election day as mentioned in a manifesto, allegedly from the ISIS terrorist group, entitled “The Murtadd Vote”. The email was supposedly sent by the head of a US-based terrorist monitoring group. The message […]

How To Vet URL Shorteners #2016CampaignEdition

31 Oct 2016

John Podesta, the Chairman of Hillary Clinton’s 2016 presidential campaign, allowed his Gmail account to be compromised in March 2016. And as a consequence, his correspondence has been in the news throughout the month of October. Recently, the March 2016 phishing message itself was published. Do you notice anything odd about the message? The very […]

CSS Disclosure: tar Extract Pathname Bypass

27 Oct 2016

T2’16 Infosec Conference kicked off this morning in Helsinki. And to celebrate this, F-Secure CSS security consultant Harry Sintonen has a vulnerability disclosure to publish. See below for more info. tar Extract Pathname Bypass Full Disclosure: POINTYFEATHER / tar Extract Pathname Bypass (CVE-2016-6321) Tagged: CSS, Disclosure, Kyb3r, tar, Vulnerability

Hacking An Election Is Hard. Why Not Pwn The Messenger Instead?

26 Oct 2016

Election day USA, November 8th, is nigh. US elections (during a presidential election year) are a massive affair comprising federal, state, and local candidates for all sorts of elected positions: president, governors, senators, representatives, judges, state and county commissioners, et cetera. They are organized and run at the county level. There are 3,144 counties and […]

Fun With Internet Metadata (AKA The Deep Web)

21 Oct 2016

Our Cyber Security Services (CSS) division spend a fair amount of time working with companies on threat assessments. They’ve been doing this stuff for several years, and during that time, they developed some useful tools to make their jobs easier. One of those tools is Riddler. It’s a web crawler that makes Internet metadata available via […]

What’s The Deal With Non-Signature-Based Anti-Malware Solutions?

17 Oct 2016

Gartner recently published an insightful report entitled “The Real Value of a Non-Signature-Based Anti-Malware Solution to Your Organization”. In this report, it discusses the ways in which non-signature technologies can be used to augment an organization’s endpoint protection strategy. Let’s take a look at how Gartner has defined non-signature malware detection solutions. Here’s a clip directly […]

Definitely Not Cerber

20 Sep 2016

At the beginning of last week we noticed a spam campaign delivering a double zipped JScript file. The campaign started on September 8th. The email had the subject line of “RE: [name of recipient]” with an empty body, and an attached zip file named “[recipient name][a-z]{4}.zip”. The characteristics of the mail, naming of the attached item, […]

Seriously, Put Away The Foil

15 Sep 2016

I was scanning the headlines this morning, as I do, and came across this article by YLE Uutiset (News). — “Finnish police: Keep your car keys in the fridge” From YLE’s article: “These so-called smart keys work by emitting a signal when the driver touches the door handle. The lock opens when it recognises the […]

0ld 5ch00l MBR Malware

07 Sep 2016

I recently installed Audacity, an open source audio editor… And while verifying the current version to download, I came across an interesting security notification. Before I read the details, I fully expected to discover yet another case of some crypto-ransomware group hijacking and trojanizing an application installer. But not so! Audacity’s download partner was infiltrated […]


McAfee

Spora Ransomware Infects ‘Offline’—Without Talking to Control Server

22 Feb 2017

Spora is a ransomware family that encrypts victims’ files and demands money to decrypt the files. It has infected many computers in a short time due to a huge spam campaign. It has a very special feature—to work offline. Propagation vector The spam campaign carries a .zip file, which contains an HTA (HTML Application) file to …

The post Spora Ransomware Infects ‘Offline’—Without Talking to Control Server appeared first on McAfee Blogs.

Old posts >>

Macro Malware Targets Macs

14 Feb 2017

Macro malware has been spreading for years. New techniques arise all the time to hide malicious code and thus increase the difficulty of analysis. However, just targeting Microsoft Windows no longer seems to be enough for the malware authors. The Mac appears to be the new challenge, and attackers appear to be rising to this …

The post Macro Malware Targets Macs appeared first on McAfee Blogs.

The Cyber Threat Alliance Steps Up to Boost Protection

14 Feb 2017

With each new cyber threat report, we learn about the increasing volume of new, complex threats appearing across a myriad of server systems, networking equipment, personal computing platforms, and IoT devices. We also read about the real-world challenges that information security professionals face when attempting to identify, scope, and prioritize security events generated by their …

The post The Cyber Threat Alliance Steps Up to Boost Protection appeared first on McAfee Blogs.

Analyzing KillDisk Ransomware, Part 2: Variants and Screen Unlocking

14 Feb 2017

At McAfee Labs we recently analyzed the ransomware KillDisk. In part 1 of this analysis, we discussed the basics of the malware and its whitelisting to protect itself. In this part, we will provide more information about the malware’s internals, this variant, and steps to unlock the ransomware lock screen. Variant 1. This variant seems to be inspired by …

The post Analyzing KillDisk Ransomware, Part 2: Variants and Screen Unlocking appeared first on McAfee Blogs.

Intel Security Launches ‘Threat Landscape Dashboard’

10 Feb 2017

Every week, we read in the news of another breach or targeted campaign, as more patches are released to protect against the next strain of sophisticated malware. For the administrators responsible for safeguarding a company’s systems, networks, and digital information, keeping up is an overwhelming task, made doubly difficult because it is often hard to …

The post Intel Security Launches ‘Threat Landscape Dashboard’ appeared first on McAfee Blogs.

Pentesters Need to Keep Track of Browser Options

09 Feb 2017

Penetration testers searching for vulnerabilities always include cross-site scripting (XSS) attacks as one of their methods. Recently we observed an unusual XSS-related case that taught us something new. During an XSS-related test, we inserted the “<script>alert(1)</script>” payload as a GET request’s parameter and executed this command in Internet Explorer 11. We expected to see our …

The post Pentesters Need to Keep Track of Browser Options appeared first on McAfee Blogs.

Analyzing CVE-2016-9311: NTPD Vulnerability Can Lead to Denial of Service

03 Feb 2017

The network time protocol synchronizes time across various devices on a network. The network time protocol daemon (NTPD) is an open-source implementation of this protocol. In the last couple of months, a number of vulnerabilities have been reported in NTPD. One is CVE-2016-9311, which can cause a crash leading to a denial of service. We …

The post Analyzing CVE-2016-9311: NTPD Vulnerability Can Lead to Denial of Service appeared first on McAfee Blogs.

Spotlight on Shamoon

27 Jan 2017

Our analysis this month has pointed to Shamoon emerging in the Middle East. We have recently seen a number of similarities that we had highlighted in our earlier blogs (on mcafee.com). The campaign continues to target organizations in the Middle East from a variety of verticals. Reports suggest that a further 15 disk-wiping Shamoon incidents …

The post Spotlight on Shamoon appeared first on McAfee Blogs.

With Release of Windows 10, Questions About BitLocker Arise Again

26 Jan 2017

This post was written by Ted Pan. For those of you who were around during the original release of Microsoft’s BitLocker, previously known as Secure Startup, you will remember that it was meant to completely eliminate the necessity for third-party security software. Yes, BitLocker was going to secure our machines against all forms of attack …

The post With Release of Windows 10, Questions About BitLocker Arise Again appeared first on McAfee Blogs.

Analyzing KillDisk Ransomware, Part 1: Whitelisting

20 Jan 2017

At McAfee Labs we recently analyzed the ransomware KillDisk. We will share our analysis in two parts: the first, this article, contains general information about the malware and its whitelisting technique; the second part will appear soon with an analysis of its variants and techniques, including how to unlock the locked screen in an infected …

The post Analyzing KillDisk Ransomware, Part 1: Whitelisting appeared first on McAfee Blogs.

Stopping Malware With a Fake Virtual Machine

19 Jan 2017

As we explained in a previous post, some advanced malware can detect a virtual environment such as a sandbox to avoid detection and analysis. Some threats can also detect monitoring tools used for malware analysis. Often such malware will not execute or change their behavior to appear harmless. Because some malware uses these tactics, planting …

The post Stopping Malware With a Fake Virtual Machine appeared first on McAfee Blogs.

Trojanized Photo App on Google Play Signs Up Users for Premium Services

13 Jan 2017

Mobile apps usually have names that give some indication of their function. In one recent case, however, we found a misnamed app that turned out to be malicious. Every Android app has an ID value, commonly known as the package name, to uniquely identify it on a device and in Google Play. Most package names …

The post Trojanized Photo App on Google Play Signs Up Users for Premium Services appeared first on McAfee Blogs.

Turkish Instagram Password Stealers Found on Google Play

12 Jan 2017

Intel Security’s mobile malware research team has found several Instagram password stealers on the Google Play store. (Google has since removed the apps.) These malware are distributed as utilities and tools for analyzing access and automating the following of Instagram accounts. The main targets of the malware are Turkish Instagram users. The malware lead victims …

The post Turkish Instagram Password Stealers Found on Google Play appeared first on McAfee Blogs.

Top Tips for Securing Home Cameras

05 Jan 2017

Installing a home surveillance camera system can add great benefits but also may introduce new risks to privacy and network security. The goal is to increase your security and peace of mind, while avoiding cybersecurity threats. Here are three tips to consider when purchasing, installing, and configuring your new home camera system. The risks Home …

The post Top Tips for Securing Home Cameras appeared first on McAfee Blogs.

2016 restera dans les annales comme «l’année du ransomware»

04 Jan 2017

L’année 2016 a mis en évidence une forte recrudescence des menaces de type ransomware et la nécessité de mettre en place une architecture de sécurité avancée. L’émergence du bitcoin a permis d’anonymiser les transactions. Il joue un rôle important dans l’essor des attaques de ransomware. Certains ransomwares sont capables de détecter et de contourner les environnements …

The post 2016 restera dans les annales comme «l’année du ransomware» appeared first on McAfee Blogs.

Digging Into a Windows Kernel Privilege Escalation Vulnerability: CVE-2016-7255

30 Dec 2016

The Windows kernel privilege escalation vulnerability CVE-2016-7255 has received a lot of media attention. On November’s Patch Tuesday, Microsoft released a fix for this vulnerability as part of bulletin MS16-135. CVE-2016-7255 was used to perform a targeted attack and a sample was found in the wild, according to Microsoft. Google and Microsoft have already confirmed …

The post Digging Into a Windows Kernel Privilege Escalation Vulnerability: CVE-2016-7255 appeared first on McAfee Blogs.

Next Targets for Cybercriminals: the Long Term (Part 2)

27 Dec 2016

In the previous post in this series, I outlined how cybercriminals will use the holiday season to victimize unwary consumers and target businesses. They will also dive deeper into leveraging devices connected to the Internet of Things (IoT). The long-term outlook expands their reach to more bold and potentially more lucrative pastures. Rise of blockchain …

The post Next Targets for Cybercriminals: the Long Term (Part 2) appeared first on McAfee Blogs.

Next Targets for Cybercriminals: the Short Term (Part 1)

25 Dec 2016

  Knowing what cybercriminals are targeting today is easy. Their attacks are loud, impactful, and have the elegance of a herd of bulls crashing through a china shop. The tougher challenge is figuring out where they will take aim tomorrow. Knowing where cyber threats will arise gives us the necessary insights to remain one step …

The post Next Targets for Cybercriminals: the Short Term (Part 1) appeared first on McAfee Blogs.

Floki Bot a Sensation With International Cybercriminals

23 Dec 2016

Floki Bot, new financial malware, is popular with English-, Portuguese-, and Russian-speaking underground criminal markets, winning over cybercriminals with new features and functionality. It is currently in use by a number of cybercrime groups around the world and is sold on the dark market for about US$1,000, according to Flashpoint and Cisco Talos. Improvements abound …

The post Floki Bot a Sensation With International Cybercriminals appeared first on McAfee Blogs.

Did You Forget to Patch Your IP Camera?

21 Dec 2016

IP cameras are usually “purchase, install, and don’t touch” devices. But in the current climate of cyberattacks, they now require regular updates and patches. Otherwise your security tool may be hacked, leak video, or join a cybercriminal botnet without your knowing. IP cameras are targets Like all Internet-connected devices, IP cameras are at risk of …

The post Did You Forget to Patch Your IP Camera? appeared first on McAfee Blogs.

An Overview of Malware Self-Defense and Protection

19 Dec 2016

Many malware authors spend a great deal of time and effort to develop complex code. Their success depends on a threat’s remaining undetected and avoiding sandbox analysis, antivirus efforts, or malware analysts. This post offers an overview of the mechanisms used by malware to evade detection. If malware is detected quickly, it has little time …

The post An Overview of Malware Self-Defense and Protection appeared first on McAfee Blogs.

‘Popcorn Time’ Ransomware Sure to Cause Indigestion

19 Dec 2016

In early December the new ransomware “Popcorn Time” was discovered. It gives the victim the option of paying the ransom or infecting two other individuals and getting them to pay. “Popcorn Time” is a legitimate application for streaming movies and series. The ransom note gives the victim seven days to choose either option or the …

The post ‘Popcorn Time’ Ransomware Sure to Cause Indigestion appeared first on McAfee Blogs.

‘SSL Death Alert’ (CVE-2016-8610) Can Cause Denial of Service to OpenSSL Servers

14 Dec 2016

Recently we noticed a security patch has been published for the OpenSSL vulnerability called SSL Death Alert. As with other serious security vulnerabilities, this one grabbed our attention because the discoverer of the vulnerability says that it may cause a denial of service to an OpenSSL web server. To better protect our customers from this …

The post ‘SSL Death Alert’ (CVE-2016-8610) Can Cause Denial of Service to OpenSSL Servers appeared first on McAfee Blogs.

“Trojanization” of Legit Apps on the Rise

13 Dec 2016

Intel Security today released its McAfee Labs Threats Report: December 2016. The report’s third key topic illustrates how attackers are creating difficult-to-detect malware by infecting legitimate code with Trojans and leveraging that legitimacy to remain hidden as long as possible. Author Craig Schmugar of McAfee Labs also recommends policies and procedures that will help protect …

The post “Trojanization” of Legit Apps on the Rise appeared first on McAfee Blogs.

McAfee Labs December Threats Report Explores Many Facets of Deception

13 Dec 2016

In the McAfee Labs Threats Report: December 2016 published today, we write about three seemingly disparate topics. However, on closer inspection, they have a common thread. All discuss deception in one way or another, whether ways in which ransomware authors have enhanced their code to sidestep sandboxes, how Trojans infect legitimate code to appear benign, …

The post McAfee Labs December Threats Report Explores Many Facets of Deception appeared first on McAfee Blogs.

Do You Need to Pull Up Your SOCs?

13 Dec 2016

This week’s McAfee Labs Threats Report: December 2016 revealed the results of a survey gauging the state of the security operations center (SOC). The following is an excerpt from this article. A few years ago, dedicated SOCs seemed to be going the way of the dinosaur—the era of big rooms with big monitors and teams …

The post Do You Need to Pull Up Your SOCs? appeared first on McAfee Blogs.

2016: A Year at Ransom

13 Dec 2016

This week’s McAfee Labs Threats Report: December 2016 provides an overview of how ransomware has evolved over the course of 2016, and how the industry has responded. Through the end of Q3, the number of new ransomware samples this year totaled 3,860,603, an increase of 80% since the beginning of the year. Beyond volume, ransomware exhibited notable …

The post 2016: A Year at Ransom appeared first on McAfee Blogs.

How to Protect Against OpenSSL 1.1.0a Vulnerability CVE-2016-6309

13 Dec 2016

Recently the OpenSSL security library gained a fix for a critical security issue (CVE-2016-6309) that affects OpenSSL Version 1.1.0a. The remote attackers can cause the OpenSSL server to crash, or execute arbitrary code on it, by simply sending a handshake packet with a message larger than 16KB. To defend against these attacks we analyzed the …

The post How to Protect Against OpenSSL 1.1.0a Vulnerability CVE-2016-6309 appeared first on McAfee Blogs.

Shamoon Rebooted in Middle East, Part 2

09 Dec 2016

Last week we provided some initial analysis on recent attacks targeting organizations in the Middle East.  The attack has hallmarks of the Shamoon campaign of 2012. We now have additional data related to the components used within the new campaign, which has three distinct components: dropper, wiper, and wiper driver. The language of these three …

The post Shamoon Rebooted in Middle East, Part 2 appeared first on McAfee Blogs.

Farewell to the SHA-1 Hash Algorithm

01 Dec 2016

Rest in peace SHA-1. Like all security controls, they are valuable only for a certain time. SHA-1, a legacy hashing algorithm once used heavily in secure web browsing, has outlived its usefulness; it is time for its permanent retirement. Microsoft, Mozilla, and Google just announced they will finally drop all support for SHA-1 early next …

The post Farewell to the SHA-1 Hash Algorithm appeared first on McAfee Blogs.

Shamoon Rebooted?

29 Nov 2016

We have recently received notifications and samples from impacted organizations in the Middle East that have hallmarks of the Shamoon campaign from 2012. The main component of these attacks was the usage of a wiper component that, once activated, destroyed the hard disks of infected machines. The initial infection vector for the recent attacks is …

The post Shamoon Rebooted? appeared first on McAfee Blogs.

Big, Hard-to-Solve Problems

29 Nov 2016

Improving the Lifecycle of Threat Defense Effectiveness When a new security tool or technique is released, Version 1.0 is usually pretty effective, and successive versions get even better with real-world scenarios and user feedback. Eventually, the bad guys realize that this new thing is causing them real problems, so they start looking for ways over, …

The post Big, Hard-to-Solve Problems appeared first on McAfee Blogs.

‘McAfee Labs 2017 Threats Predictions’ Report Zeroes In on Cloud and IoT Threats

29 Nov 2016

In the McAfee Labs 2017 Threats Predictions report, published today, we cover a lot of ground but focus particularly on two areas that will impact IT security for years to come: threats to the cloud and the Internet of Things. The report kicks off with a big-picture examination of difficult-to-solve problems in cyber security and …

The post ‘McAfee Labs 2017 Threats Predictions’ Report Zeroes In on Cloud and IoT Threats appeared first on McAfee Blogs.

You Can Outsource the Work, but You Cannot Outsource the Risk

29 Nov 2016

Threats, Regulations, and Vendor Responses to Risks in the Cloud As more companies get comfortable with cloud services, trust and usage will go up, and that will inevitably attract the attention of cybercriminals. Although an increasing array of sensitive and confidential data is moving to cloud storage and processing, we expect that most businesses will …

The post You Can Outsource the Work, but You Cannot Outsource the Risk appeared first on McAfee Blogs.

Welcome to the Wild West, Again!

29 Nov 2016

Threats, Regulations, and Vendor Responses to Risks in the Internet of Things The Wild West, a place of exaggerated lawlessness in the United States during the 1800s, has returned once again as a metaphor for the Internet of Things (IoT). Driven by similar issues of exploration, homesteading, and prospecting for riches, IoT devices are becoming …

The post Welcome to the Wild West, Again! appeared first on McAfee Blogs.

Upcoming Intel Security Webcast on McAfee Labs 2017 Threats Predictions Moderated by Intel Security CTO Raj Samani

23 Nov 2016

McAfee Labs 2017 Threats Predictions The cyberattack surface is growing faster than ever before, driven by trends and technologies like the cloud and the Internet of Things (IoT). As the digital landscape evolves, so will threats. What can we expect a year from now—or four years from now? Prepare for the future by attending the …

The post Upcoming Intel Security Webcast on McAfee Labs 2017 Threats Predictions Moderated by Intel Security CTO Raj Samani appeared first on McAfee Blogs.

Worms Could Spread Like Zombies via Internet of Things

21 Nov 2016

Security researchers recently created a proof-of-concept attack against Internet-connected lightbulbs, causing breached devices to infect their neighbors. The propagation continues and spreads itself across the community. This hack highlights the insecurity in one of many Internet of Things (IoT) network protocols. Researchers say the worm, which currently targets Philips Hue lightbulbs, can set off a …

The post Worms Could Spread Like Zombies via Internet of Things appeared first on McAfee Blogs.

More Capable IoT Botnets to Emerge as the ‘Pros’ Enter the Fray

09 Nov 2016

On the heels of severe distributed denial of service (DDoS) attacks, we see new botnets emerging that are powered by the Internet of Things (IoT). There are already hundreds of such botnets in the underground hacking ecosystem, from which services, code, and specific attacks can be purchased or acquired. New botnets are being developed to …

The post More Capable IoT Botnets to Emerge as the ‘Pros’ Enter the Fray appeared first on McAfee Blogs.

Talking About Cyber Risks Educates the Community

07 Nov 2016

In the last 12 months, we have seen an unprecedented number of cyberattacks occur or come to light. Sophisticated attacks against governments, businesses, consumers, and the pillars of the Internet itself. The future appears to be fraught with runaway risks. Can security tame data breaches, ransomware, massive denial of service assaults, cyber theft, and attacks against autonomous and …

The post Talking About Cyber Risks Educates the Community appeared first on McAfee Blogs.

Cerber Ransomware Now Hunts for Databases

04 Nov 2016

Cerber is one of the most popular ransomware packages. It has upgraded itself to also target databases. It is available for purchase as a service (ransomware as a service) on the “dark net” as part of an affiliate program. Cerber is part of a turnkey service in which clients share 40% of their profits with …

The post Cerber Ransomware Now Hunts for Databases appeared first on McAfee Blogs.

Top 5 Things to Know About Recent IoT Attacks

02 Nov 2016

Recent Internet attacks have resulted in several popular sites becoming unreachable. The list includes Twitter, Etsy, Spotify, Airbnb, Github, and The New York Times. These incidents have brought to light a new threat to online services: botnets powered by the Internet of Things (IoT). Distributed denial of service (DDoS) attacks have been commonplace for more …

The post Top 5 Things to Know About Recent IoT Attacks appeared first on McAfee Blogs.

The Latest IoT Device I Do Not Want Hacked

01 Nov 2016

What if someone hacked this remotely controlled semiautonomous tractor? I am a cybersecurity guy and a huge fan of technology. One of the challenges we face in the security industry is the growth of the Internet of Things (IoT). IoT is about connecting everyday objects to the Internet. It might be a toaster, alarm clock, …

The post The Latest IoT Device I Do Not Want Hacked appeared first on McAfee Blogs.

A ‘Second Economy’ Prognosis for Health Care Cybersecurity

26 Oct 2016

Intel Security CTO Steve Grobman has pointed out that gaining the upper hand in cybersecurity requires that we extend our thinking beyond the physical economy of money, assets, goods, and services to a Second Economy defined by the currencies of trust, time, and money. As in other industries, health care is working toward maximizing efficiencies, …

The post A ‘Second Economy’ Prognosis for Health Care Cybersecurity appeared first on McAfee Blogs.

How ‘Weaponized’ Medical Data Could Be as Damaging as Clinton’s Emails or Trump’s Videos

26 Oct 2016

The 2016 presidential election in the United States will be remembered for a great many things. Never before in US history has the disclosure or nondisclosure of personal information figured so prominently in public debate. Never before has the ability to compromise and disclose personal information been used as a political weapon to damage the …

The post How ‘Weaponized’ Medical Data Could Be as Damaging as Clinton’s Emails or Trump’s Videos appeared first on McAfee Blogs.

How to Secure the Future of the Internet of Things

22 Oct 2016

The world of security for the Internet of Things just became more complex. IoT devices are no longer a potential threat to their owners; now they pose a significant threat to everything connected to the Internet. The old IoT security problem For the past year, the cybersecurity and IoT communities have been at odds regarding …

The post How to Secure the Future of the Internet of Things appeared first on McAfee Blogs.

Unfolding the Mystery of Cerber Ransomware’s Random File Extension

20 Oct 2016

In an earlier blog, we discussed the evolution of the popular Cerber ransomware from Version 1 to 2. Recently we came across two newer versions of Cerber (we’ll call them Versions 3 and X). Cerber 3 has few changes but Version X has some new behavior that caught our attention. (We call this version X, …

The post Unfolding the Mystery of Cerber Ransomware’s Random File Extension appeared first on McAfee Blogs.

Password-Protected Attachment Serves Ransomware

18 Oct 2016

Attacks by macro malware carrying ransomware are growing, as we have recently reported. Since early March we have seen macro malware using high-obfuscation algorithms to hide itself from static and traditional antimalware detection techniques. Macro malware continues to evolve and use new tricks to evade detection. In addition to these evasion techniques, McAfee Labs researchers have …

The post Password-Protected Attachment Serves Ransomware appeared first on McAfee Blogs.

How to: Testing Android Application Security, Part 4

17 Oct 2016

One of the best ways to develop secure Android applications is to engage in penetration (pen) testing, in effect trying to break into your application just as an attacker might do. This is the fourth in a series of posts on pen testing Android applications. In the first we set up the testing environment and captured traffic. In …

The post How to: Testing Android Application Security, Part 4 appeared first on McAfee Blogs.

No More Ransom Adds Law Enforcement Partners From 13 Countries

17 Oct 2016

  Intel Security and Kaspersky Labs today announced that 13 law enforcement agencies have joined No More Ransom, a partnership between cybersecurity industry and law enforcement organizations to provide ransomware victims education and decryption tools through www.nomoreransom.org. Intel Security, Kaspersky Labs, Dutch National Police, and Europol will be joined by members from Bosnia and Herzegovina, …

The post No More Ransom Adds Law Enforcement Partners From 13 Countries appeared first on McAfee Blogs.

Ransomware Variant XTBL Another Example of Popular Malware

17 Oct 2016

We have seen a huge increase in ransomware during the past couple of years. At McAfee Labs we have recently received a sample of the low-profile XTBL, a ransomware family that encrypts files and demands ransom from its victims to decrypt the files. Like other ransomware variants, XTBL propagates through a wide range of spam campaigns. Attackers …

The post Ransomware Variant XTBL Another Example of Popular Malware appeared first on McAfee Blogs.

Android Banking Trojan Asks for Selfie With Your ID

14 Oct 2016

In the first half of 2016 we noticed that Android banking Trojans had started to improve their phishing overlays on legitimate financial apps to ask for more information. Victims were requested to provide “Mother’s Maiden Name,” “Father’s Middle Name,” “Maternal Grandmothers Name,” or a “Memorable Word.” Attackers used that data to respond to security questions and obtain …

The post Android Banking Trojan Asks for Selfie With Your ID appeared first on McAfee Blogs.

Everyone Loves Selfies, Including Malware!

13 Oct 2016

I was talking with some of my coworkers the other day about why I wanted to jump to the larger iPhone 7 Plus.  For me it came down to the camera.  I travel a lot for work and even though photography is something of a hobby of mine, I don’t always have my “good camera” …

The post Everyone Loves Selfies, Including Malware! appeared first on McAfee Blogs.

New Security Reality for Internet of Things

04 Oct 2016

  Recent distributed denial of service (DDoS) attacks are forcing a shift in how we think about the Internet of Things (IoT). The dangers are expanding as attackers are taking advantage of billions of IoT devices, conscripting them into their botnet armies for massive DDoS attacks.   Nontraditional risks The estimates vary, but they suggest between …

The post New Security Reality for Internet of Things appeared first on McAfee Blogs.

CTO Q&A: Campaign Hacks, Yahoo! and Clinton-Trump

03 Oct 2016

Over the last several days, we’ve seen headlines on potential cyberattacks on state voter registries, cybersecurity front and center in the Clinton-Trump presidential debate, and new revelations into the Yahoo! cyber-breach that appears to have compromised more than 500 million user accounts. Intel Security CTO Steve Grobman fielded a number of questions on these events …

The post CTO Q&A: Campaign Hacks, Yahoo! and Clinton-Trump appeared first on McAfee Blogs.

Sharing Cybersecurity Threat Intelligence Is the Only Way We Win

30 Sep 2016

Cybersecurity is a team sport. The bad guys share information, expertise, and code as they help one another. The good guys must do the same to keep pace. Sharing threat intelligence is a key aspect in which the knowledge gained by the owners of sensor networks can share data with the security analysis community.  This generosity …

The post Sharing Cybersecurity Threat Intelligence Is the Only Way We Win appeared first on McAfee Blogs.

Macro Malware Employs Advanced Sandbox-Evasion Techniques

29 Sep 2016

During the past couple of weeks, McAfee Labs has observed a new variant of macro malware. With this variant when we click on a doc file, we see the message “This document is protected against unauthorized use. Enable Editing and Enable Content to read content” along with a request to enable macros. If a user clicks …

The post Macro Malware Employs Advanced Sandbox-Evasion Techniques appeared first on McAfee Blogs.

How Can We Stop ‘ROP’ Cyberattacks?

28 Sep 2016

IBM recently announced a software-oriented solution to help eradicate attacks by return-oriented programming (ROP) malware. ROP malware is a significant and growing problem in the industry. Crafty hackers will use snippets of code from other trusted programs and stitch them together to create their attacks. This method has become a very popular and effective technique for …

The post How Can We Stop ‘ROP’ Cyberattacks? appeared first on McAfee Blogs.

‘McAfee Labs Threats Report’ Offers Primer on Security Data Science, Analytics, Big Data, Machine Learning

28 Sep 2016

Analytics, big data, automation, and machine learning are all terms we use when talking about the future of cybersecurity. As the volume of security data increases, data science will become an important weapon to disrupt adversaries. Too often, these terms are used as synonyms, but they refer to different parts of the domain of data …

The post ‘McAfee Labs Threats Report’ Offers Primer on Security Data Science, Analytics, Big Data, Machine Learning appeared first on McAfee Blogs.

‘McAfee Labs Threats Report’ Delves Into Dangers of Data Loss

26 Sep 2016

Data is leaking out of your organization: accidentally or intentionally, by internals or externals, physically or electronically. During the past year, we have performed extensive research to identify what data is being targeted, who is taking it, how they are getting it out, and the best practices to reduce your exposure to data loss. We …

The post ‘McAfee Labs Threats Report’ Delves Into Dangers of Data Loss appeared first on McAfee Blogs.

‘McAfee Labs Threats Report’ Examines Whether Ransomware Is Coming to a Hospital Near You

23 Sep 2016

Delivering uninterrupted services with immediate access to information is not an easy task. Doing it with legacy systems, a fragmented workforce, and inconsistent security is a monumental job. Unfortunately, this is the state of many hospitals, leading the criminal underground to their back doors. Ransomware attackers have shifted focus, moving from consumers to organizations with …

The post ‘McAfee Labs Threats Report’ Examines Whether Ransomware Is Coming to a Hospital Near You appeared first on McAfee Blogs.

Hardware Hack Bypasses iPhone PIN Security Counter

22 Sep 2016

A security researcher from the University of Cambridge has found a way to hack the iPhone NAND memory hardware to sufficiently bypass an important security feature, allowing a brute-force attack against the passcode lock of an iPhone 5C. This is the same lock that stymied the FBI as part of the highly publicized privacy case in …

The post Hardware Hack Bypasses iPhone PIN Security Counter appeared first on McAfee Blogs.

Unregulated at Any Speed: DoT’s Cybersecurity Policy for Self-Driving Cars

21 Sep 2016

Despite headlines, hype, and hysteria, US government rightly chooses cybersecurity guidance over regulation. The Obama administration today unveiled its long-awaited safety policy for self-driving or automated vehicles (AVs). Despite the recent tragic death of a passenger travelling in a Tesla-built AV, and persistent discussions of spectacular cyber-sabotage scenarios, the government chose a wise, sober course …

The post Unregulated at Any Speed: DoT’s Cybersecurity Policy for Self-Driving Cars appeared first on McAfee Blogs.

Cryptocurrencies a Target for Cybercriminals, Part 2: Social Platforms Come Next

19 Sep 2016

One target of cybercriminals is cryptocurrencies, which hold tremendous wealth but are largely anonymous. This limits the attack surface mostly to avenues requiring complex technical approaches. Always preferring the path of least resistance, many fraudsters and online thieves prefer to target people rather than systems. This is the second of two posts on threats to …

The post Cryptocurrencies a Target for Cybercriminals, Part 2: Social Platforms Come Next appeared first on McAfee Blogs.

Locky Ransomware Hides Inside Packed .DLL

16 Sep 2016

McAfee Labs has seen a huge increase in Locky ransomware in recent months (discussed in an earlier blog). Locky is aggressively distributed via a JavaScript-based downloader sent as an attachment in spam emails. Since its first variant Locky has taken advantage of compromised domains to download its malicious executable. Recently it has downloaded a malicious dynamic link …

The post Locky Ransomware Hides Inside Packed .DLL appeared first on McAfee Blogs.

Cryptocurrencies a Target for Cybercriminals, Part 1: the Risks of Innovation

14 Sep 2016

All cryptocurrencies are a target for cybercriminals. Anywhere there is value, criminals, fraudsters, and charlatans will soon follow. Call it the Willie Sutton principle. Sutton, a famous bank robber in the 1920s–30s, was asked why he robbed banks. His reply was “Because that’s where the money is.” The simplicity rings true. That same age-old principle …

The post Cryptocurrencies a Target for Cybercriminals, Part 1: the Risks of Innovation appeared first on McAfee Blogs.

The Quarterly Threats Report: What Does It Mean for You?

14 Sep 2016

The latest edition of the Quarterly Threats Report (QTR) was released this week by McAfee Labs.  If you’re not familiar with them, McAfee Labs is our research organization tasked with researching all the latest threats that people are seeing out there in the wild as well as looking as trends that help indicate what the …

The post The Quarterly Threats Report: What Does It Mean for You? appeared first on McAfee Blogs.

Machine Learning, the Unsung Hero in the Latest ‘Threats Report’

14 Sep 2016

The story about ransomware in hospitals in our newly published McAfee Labs Threats Report: September 2016 will probably garner most of the media’s attention, but I think the most interesting story in the report is about machine learning. Here’s why. Intel Security has used machine learning in our classification models since the mid-2000s. Initially, we …

The post Machine Learning, the Unsung Hero in the Latest ‘Threats Report’ appeared first on McAfee Blogs.

Malware Hides in Installer to Avoid Detection

25 Aug 2016

At McAfee Labs we recently observed various threat families using the Nullsoft Scriptable Install System (NSIS). This practice is not new, but our analysis shows that several malware families are employing the same technique to hide their packed executable code. Usually every malware family uses its own polymorphic packers to obfuscate its payload. In this …

The post Malware Hides in Installer to Avoid Detection appeared first on McAfee Blogs.

Improve Protection Against Cyberattacks Through Shared Threat Intelligence

25 Aug 2016

At the RSA Conference 2016 in San Francisco, Chris Young, GM and SVP of Intel Security, said that one of the best ways to improve response time to attacks and overall awareness of attacks and adversaries is through the timely sharing of threat intelligence. He also talked about Intel Security’s responsibility as a leading security …

The post Improve Protection Against Cyberattacks Through Shared Threat Intelligence appeared first on McAfee Blogs.

‘Wildfire’ Ransomware Extinguished by Tool From NoMoreRansom; Unlock Files for Free

23 Aug 2016

Intel Security and Kaspersky Lab, partners in the project NoMoreRansom, are pleased to announce today the availability of a decryption tool for victims of the Wildfire variant of ransomware. This tool is available following successful collaboration with the Dutch police and the European Cybercrime Centre. This strong public-private partnership has led to the seizure of …

The post ‘Wildfire’ Ransomware Extinguished by Tool From NoMoreRansom; Unlock Files for Free appeared first on McAfee Blogs.

Cerber Ransomware Updates Configuration File

16 Aug 2016

McAfee Labs has recently analyzed Version 2 of Cerber, one of the leading ransomware programs. Cerber infects systems via social media tricks such as spam email with malicious links or documents, malvertising campaigns, exploits of vulnerable websites, and also takes advantages of exploit kits like Angler, Nuclear, and others. During our analysis of the new …

The post Cerber Ransomware Updates Configuration File appeared first on McAfee Blogs.

Bing.VC Hijacks Browsers Using Legitimate Applications

10 Aug 2016

Browser hijackers are a type of malware that modifies a web browser’s settings without the user’s permission. Generally a browser hijacker injects unwanted advertising into the browser. It replaces the home page or search page with its own. It also steals cookies and can install a keylogger to fetch other sensitive information. McAfee Labs has recently …

The post Bing.VC Hijacks Browsers Using Legitimate Applications appeared first on McAfee Blogs.

Obfuscated Malware Discovered on Google Play

10 Aug 2016

The McAfee Labs Mobile Malware Research team found early this week on Google Play a set of malware published by the developer account ValerySoftware: Each one of these apps have been downloaded and installed up to 500 times, which means up to 3,000 devices could be infected by this threat. Some characteristics of this malware: …

The post Obfuscated Malware Discovered on Google Play appeared first on McAfee Blogs.

Banload Trojan Targets Brazilians With Malware Downloads

09 Aug 2016

McAfee Labs has recently encountered new variants of the Banload Trojan. Banload has been around since the last decade. This malware generally arrives on a victim’s system through a spam email containing an archived file or bundled software as an attachment. In a few cases, this malware may also be dropped by other malware or …

The post Banload Trojan Targets Brazilians With Malware Downloads appeared first on McAfee Blogs.

‘Cat-Loving’ Mobile Ransomware Operates With Control Panel

08 Aug 2016

Recently the McAfee Labs Mobile Malware Research team found a sample of ransomware for Android with botnet capabilities and a web-based control panel service. The malware is running on a legitimate cloud service provider. The payload of this malware can encrypt a victim’s files, steal SMS messages, and block access to the device. In this …

The post ‘Cat-Loving’ Mobile Ransomware Operates With Control Panel appeared first on McAfee Blogs.

Setting Up HTTPS for Google App Engine Applications

08 Aug 2016

Thursday, we posted advice on creating a custom domain name for an application developed with Google’s App Engine. In this post, we will learn how to add SSL support and force the App Engine application to use only SSL. Start by obtaining an SSL certificate for your domain from an authorized certificate authority. Consider following …

The post Setting Up HTTPS for Google App Engine Applications appeared first on McAfee Blogs.

Creating a Custom Domain Name with a Google App Engine Application

05 Aug 2016

Google’s App Engine is a Platform as a Service (PaaS) for developers that provides features and frameworks to quickly and easily build scalable web applications. Developers can create applications and deploy them to the App Engine. When a web application is created using the App Engine, the application is assigned a unique project ID. Developers …

The post Creating a Custom Domain Name with a Google App Engine Application appeared first on McAfee Blogs.

Active iOS Smishing Campaign Stealing Apple Credentials

29 Jul 2016

Intel Security Mobile Research recently found an active phishing campaign targeting iOS users via SMS messages. The message tells users that their Apple accounts have been temporarily locked to trick them into accessing a phishing site and steal the real Apple credentials. Here is an example of an SMS message from this campaign: The message pretends to be …

The post Active iOS Smishing Campaign Stealing Apple Credentials appeared first on McAfee Blogs.

Taking Steps to Fight Back Against Ransomware

27 Jul 2016

Ransomware is an attack in which malware encrypts files and extorts money from victims. It has become a favorite among cybercriminals because it is easy to develop, simple to execute, and does a very good job of compelling users to pay to regain access to their precious files or systems. Almost anyone and every business …

The post Taking Steps to Fight Back Against Ransomware appeared first on McAfee Blogs.

Trojanized Propaganda App Uses Twitter to Infect, Spy on Terrorist Sympathizers

26 Jul 2016

The Mobile Malware Research Team of Intel Security has discovered in recent weeks a number of new threats in the Middle East. In May, we uncovered a spying campaign targeting cybersecurity professionals in Saudi Arabia. This week, the team exposed a strain of spyware targeting another specific group of mobile users: individuals with possible sympathies toward …

The post Trojanized Propaganda App Uses Twitter to Infect, Spy on Terrorist Sympathizers appeared first on McAfee Blogs.

No More Ransom: A New Initiative to Battle Ransomware

25 Jul 2016

Ransomware has seen a huge increase over the past couple of years.  According to our June Quarterly Threats Report, there was a 113% increase in ransomware over the past year.  However, the real indicator for me has been an increase in questions about ransomware I get from people once they find out I work for …

The post No More Ransom: A New Initiative to Battle Ransomware appeared first on McAfee Blogs.

Intel Security Teams With Industry, Law Enforcement to Thwart ‘Shade’ Ransomware

25 Jul 2016

Intel Security, Europol, Kaspersky Lab, and Dutch police have taken down the Shade ransomware botnet and captured encryption keys to unlock victims’ systems. Although we talk a great deal of the value of public-private partnerships in the fight against cybercrime, few events in the cybersecurity field are more inspiring than seeing such collaboration in action and …

The post Intel Security Teams With Industry, Law Enforcement to Thwart ‘Shade’ Ransomware appeared first on McAfee Blogs.

Phishing Attacks Employ Old but Effective Password Stealer

21 Jul 2016

A few months ago we received a sample from a customer that turned out to be a password stealer (PWS). One thing about this malware stood out: the subdirectory used in the access panel URL. It contained the string “***=**U=TEAM” (which we have obfuscated). Our investigations lead us to believe this may be a case of industrial …

The post Phishing Attacks Employ Old but Effective Password Stealer appeared first on McAfee Blogs.

Patch Now: Simple Office ‘Protected View’ Bypass Could Have Big Impact

12 Jul 2016

Protected View is a security feature of Microsoft Office. According to research from MWR Labs, Protected View mode is a strong application-level sandbox. In a real-world attack scenario, Office documents from the Internet, such as downloaded documents from browsers (Chrome, Edge, Internet Explorer), or attachments received on emails clients (such as Outlook), are opened by default in …

The post Patch Now: Simple Office ‘Protected View’ Bypass Could Have Big Impact appeared first on McAfee Blogs.

Trojanized Pokémon GO Android App Found in the Wild

08 Jul 2016

Pokémon GO is a new mobile game that allows fans to “catch” Pokemons in the real world using augmented reality and their smartphones capabilities such as location technology and built-in cameras. The game was released on July 6 on both the Apple App Store and Google Play but only in Australia, New Zealand, and one day …

The post Trojanized Pokémon GO Android App Found in the Wild appeared first on McAfee Blogs.

Business Email Compromise Hurts Your Organization

06 Jul 2016

As many workers do today, you probably get emails from your boss asking you to perform various tasks. You may also get unusual requests under unusual circumstances—perhaps to put out a fire for a big client or to impress a potential customer. Sometimes in haste you don’t follow standard procedures. But that makes you vulnerable …

The post Business Email Compromise Hurts Your Organization appeared first on McAfee Blogs.

June #SecChat Recap: Findings from the 2016 Verizon DBIR

30 Jun 2016

This year’s highly anticipated Verizon 2016 Data Breach Investigations Report (Verizon DBIR) analyzed cybersecurity findings from 100,000 incidents and 2,260 confirmed breaches, taking a deep dive into popular attack types and threats in 2015. During our June Twitter #SecChat, we discussed findings from the report, and examined prominent threats and their impact on industries. Participating …

The post June #SecChat Recap: Findings from the 2016 Verizon DBIR appeared first on McAfee Blogs.

Security Best Practices for Azure App Service Web Apps, Part 4

24 Jun 2016

Microsoft’s Azure App Service is a fully managed Platform as a Service for developers that provides features and frameworks to quickly and easily build apps for any platform and any device. In spite of its ease of use, developers still need to keep security in mind because Azure will not take care of every aspect of security. …

The post Security Best Practices for Azure App Service Web Apps, Part 4 appeared first on McAfee Blogs.

Macro Malware Adds Tricks, Uses MaxMind to Avoid Detection

21 Jun 2016

Macro malware continues to evolve and use new tricks to evade detection. This threat is responsible for downloading malicious Trojans such as Dridex and ransomware such as Locky. Recently McAfee Labs has encountered a new variant of macro malware that uses new techniques to avoid executing in an undesirable environment. With this variant when we …

The post Macro Malware Adds Tricks, Uses MaxMind to Avoid Detection appeared first on McAfee Blogs.

JavaScript-PHP Joint Exercise Delivers Nemucod Ransomware

21 Jun 2016

The ransomware Nemucod has been very prevalent in the last few months. Nemucod’s habit of frequently changing its delivery mechanism and infection vector to evade detection makes this threat very challenging to security researchers. Recently, we observed in the wild a new variant of Nemucod that shows another change. This variant downloads a PHP file along …

The post JavaScript-PHP Joint Exercise Delivers Nemucod Ransomware appeared first on McAfee Blogs.

Microsoft’s June Patch Kills Potential CFG Bypass

16 Jun 2016

After applying Microsoft’s June patch, we noticed some interesting changes that prevent a security bypass of Windows’ Control Flow Guard (CFG). The changes are in the Shader JIT compiler of the Windows Advanced Rasterization Platform (WARP) module (d3d10warp.dll). The Shader JIT compiler could formerly be used to create a CFG bypass. CFG is known to …

The post Microsoft’s June Patch Kills Potential CFG Bypass appeared first on McAfee Blogs.

Intel Innovates to Stop Cyberattacks

16 Jun 2016

Intel, in partnership with Microsoft, has published a technology preview, showing how innovation in silicon architecture can help protect against advanced code-reuse attack techniques. This is an example of how brilliant minds across the industry can think long term to address cybersecurity problems through improvements in hardware. Key components, such as the central processing unit, …

The post Intel Innovates to Stop Cyberattacks appeared first on McAfee Blogs.

Mobile App Collusion Highlights McAfee Labs Threats Report

14 Jun 2016

I would be lost without my smartphone and its many convenient features. I look at my calendar and click to schedule an online meeting, inviting attendees from my contact list. I use my airline app to make sure my flight is on time and click to check the weather at my destination. I pick a …

The post Mobile App Collusion Highlights McAfee Labs Threats Report appeared first on McAfee Blogs.

‘Thrones’ Jon Snow Appears to Employ Neutrino Exploit Kit

10 Jun 2016

This blog post was written by Kalpesh Mantri. You read that right. Jon Snow appears to be back from the dead. That would make “Game of Thrones” fans happy, but unfortunately this Jon Snow is not the same character. This John (with an h) Snow is related to Neutrino exploit kits, one of the commonly used …

The post ‘Thrones’ Jon Snow Appears to Employ Neutrino Exploit Kit appeared first on McAfee Blogs.

Experts Discuss the 2016 Verizon DBIR: June #SecChat

10 Jun 2016

Cybersecurity in 2016 has been full of sensational headlines. Ransomware has shut down multiple hospitals, millions of credentials have been pilfered, and countless companies have had their records stolen using phishing tactics. But is it really accurate to judge the state of the industry by headlines alone? What if we took a more analytical approach …

The post Experts Discuss the 2016 Verizon DBIR: June #SecChat appeared first on McAfee Blogs.

Zcrypt Expands Reach as ‘Virus Ransomware’

08 Jun 2016

Intel Security has recently seen a new kind of ransomware–Zcrypt—that can self-replicate. This “virus ransomware” arrives via email in a malicious attachment or by usurping an Adobe Flash Player installation. The malware copies itself onto removable drives to infect other machines. Zcrypt uses the Nullsoft Scriptable Install System, which works like a Zip file, decompressing …

The post Zcrypt Expands Reach as ‘Virus Ransomware’ appeared first on McAfee Blogs.

Threat Actors Employ COM Technology in Shellcode to Evade Detection

06 Jun 2016

COM (Component Object Model) is a technology in Microsoft Windows that enables software components to communicate with each other; it is one of the fundamental architectures in Windows. From the security point of view, several “features” built into COM have lead to many security vulnerabilities. These features include ActiveX (an Internet Explorer plug-in technology), the …

The post Threat Actors Employ COM Technology in Shellcode to Evade Detection appeared first on McAfee Blogs.

Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript

06 Jun 2016

This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks, McAfee Labs has observed a huge increase in spam related to Locky, a new ransomware threat spread via spam campaigns. The contents of the spam email are carefully crafted to lure victims using social engineering …

The post Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript appeared first on McAfee Blogs.

Trillium Exploit Kit Update Offers ‘Security Tips’

02 Jun 2016

McAfee Labs has previously blogged about the Trillium Exploit Kit Version 3.0, which is commonly used to create and distribute malware. Last week, Version 4.0 appeared on several underground forums. We have analyzed the new version of the tool and it contains new functionality. These include: PDF downloader Password generator Security tips PDF downloader The user …

The post Trillium Exploit Kit Update Offers ‘Security Tips’ appeared first on McAfee Blogs.

Android Spyware Targets Security Job Seekers in Saudi Arabia

31 May 2016

The Middle East is the new Wild West of mobile malware, especially for targeted attacks and intelligence gathering campaigns. During the past few years, Intel Security Mobile Research has monitored and reported on several countries in the region and has found an alarming increase in campaigns using mobile malware for not only disruption and hacktivism …

The post Android Spyware Targets Security Job Seekers in Saudi Arabia appeared first on McAfee Blogs.

Seeing Through Darkleech Obfuscation: a Quick Hack to Iframes

27 May 2016

This blog post was written by Kalpesh Mantri. Darkleech is an Apache module on the dark web that distributes malware. This tool, which appeared in 2012, was first used to infect many Apache servers and later sites running Microsoft IIS. The campaign infecting IIS sites was named pseudo-Darkleech because it resembles the Apache infector module. (In this …

The post Seeing Through Darkleech Obfuscation: a Quick Hack to Iframes appeared first on McAfee Blogs.

Android Banking Trojan ‘SpyLocker’ Targets More Banks in Europe

26 May 2016

Since the discovery of the Android banking Trojan SpyLocker, Intel Security has closely monitored this threat. SpyLocker first appeared disguised as Adobe Flash Player and targeted customers of banks in Australia, New Zealand, and Turkey. Recently we have found that the distribution method for this malware has changed. In addition to employing malicious websites that …

The post Android Banking Trojan ‘SpyLocker’ Targets More Banks in Europe appeared first on McAfee Blogs.

Which Cybersecurity Data Should You Trust?

24 May 2016

  Limitations of security data We are constantly battered by cybersecurity data, reports, and marketing collateral—and we shouldn’t treat all of this information equally. Security data has inherent limitations and biases, which result in varying value and relevance in how it should be applied. It is important to understand which data is significant and how best to …

The post Which Cybersecurity Data Should You Trust? appeared first on McAfee Blogs.

ISAO Group Hosts Productive 3rd Public Meeting

24 May 2016

This post first appeared at Policy@Intel. The Information Sharing and Analysis Organization Standards Organization (ISAO SO) held its Third Public Forum on May 18–19 in Anaheim, California. More than 100 participants from academia, government, and industry sectors, including multiple participants from Intel, assembled to discuss the initial drafts recently published by the ISAO SO and …

The post ISAO Group Hosts Productive 3rd Public Meeting appeared first on McAfee Blogs.

Malware Mystery: JS/Nemucod Downloads Legitimate Installer

21 May 2016

JS/Nemucod is the detection name given to a family of malicious JavaScript downloaders that have appeared in spam campaigns since last year. They usually arrive as an email attachment, embedded in a ZIP archive, and pretend to be an invoice, a delivery notice, a resume, anything that may seem harmless and can be used as a social engineering …

The post Malware Mystery: JS/Nemucod Downloads Legitimate Installer appeared first on McAfee Blogs.

Attacks on SWIFT Banking System Benefit From Insider Knowledge

20 May 2016

In recent months, we’ve seen headlines about the compromise of a bank in Bangladesh from which cybercriminals attempted to steal US$951 million. The malware they used was able to manipulate and read unique messages from SWIFT (Society for Worldwide Interbank Financial Telecommunication), as well as adjust balances and send details to a remote control server. …

The post Attacks on SWIFT Banking System Benefit From Insider Knowledge appeared first on McAfee Blogs.

5 Steps to Enhance Security of Cloud Applications

18 May 2016

When you move applications to the cloud, the attack surface changes while the vulnerabilities at application, database, and network level persist. To address these issues, securing the cloud perimeter, preventing unauthorized access, and protecting data is crucial. The first step is to reduce the attack surface. Run a port scan specific to an instance IP and lock …

The post 5 Steps to Enhance Security of Cloud Applications appeared first on McAfee Blogs.

Can Zealous Security Cause Harm?

17 May 2016

Good security requires balancing risks, costs, and usability. Too much or too little of each can be unhealthy and lead to unintended consequences. We are entering an era where the risks of connected technology can exceed the inconveniences of interrupted online services or the release of sensitive data. Failures can create life-safety issues and major …

The post Can Zealous Security Cause Harm? appeared first on McAfee Blogs.

Sex Sells: Looking at Android Adult Adware Apps

13 May 2016

Advertising is one of the primary methods to generate money from mobile devices. Ads can be displayed in the browser when you visit a specific website or can appear in free apps. In the case of mobile apps, the developer must select a theme that attracts many users to increase revenues. There is probably no …

The post Sex Sells: Looking at Android Adult Adware Apps appeared first on McAfee Blogs.

Key Lessons From Verizon’s ‘2016 Data Breach Investigations Report’

12 May 2016

The annual Data Breach Investigations Report (DBIR) is out and reinforces the value of well-established cybersecurity practices. The good folks at Verizon have once again published one of the most respected annual reports in the security industry. The report sets itself apart with the authors intentionally avoiding unreliable “survey” data and instead striving to communicate …

The post Key Lessons From Verizon’s ‘2016 Data Breach Investigations Report’ appeared first on McAfee Blogs.

Server-Side Request Forgery Takes Advantage of Vulnerable App Servers

12 May 2016

Server-side request forgery is an attack in which an attacker can force a vulnerable server to trigger malicious requests to third-party servers and or to internal resources. This vulnerability can then be leveraged to launch specific attacks such as a cross-site port attack, service enumeration, and various other attacks. This ability makes server-side request forgery …

The post Server-Side Request Forgery Takes Advantage of Vulnerable App Servers appeared first on McAfee Blogs.

Current Campaign Delivers Hundreds of Thousands of Polymorphic Ransomware

10 May 2016

You might have been getting out of bed when attackers started sending hundreds of thousands of fake invoices the morning of April 27. Between 5:45 am and 11 am Pacific time, the first phase of the operation was steamrolling along. The invoices sent with fake .rtf files attached were in no way legitimate. In McAfee …

The post Current Campaign Delivers Hundreds of Thousands of Polymorphic Ransomware appeared first on McAfee Blogs.

Android Malware Clicker.G!Gen Found on Google Play

04 May 2016

Recently the Mobile Malware Research Team of Intel Security found on Google Play a new campaign of Android/Clicker.G in dozens of published malicious apps. This threat targets Russians but the apps are accessible worldwide. The attackers lure their victims with apps associated with health care, sports, food, games, and many other topics. Some of the …

The post Android Malware Clicker.G!Gen Found on Google Play appeared first on McAfee Blogs.

The Morning After: What Happens to Data Post-Breach?

02 May 2016

This post first appeared on the security website Dark Reading. We need consumers and businesses to not simply shrug off data breaches but to take active measures to protect their data. We are hopeful that new insights will provide a compelling answer to the question “So what?” No company is bulletproof when it comes to …

The post The Morning After: What Happens to Data Post-Breach? appeared first on McAfee Blogs.

Fake Android Update Delivers SMS, Click Fraud in Europe

29 Apr 2016

Intel Security Mobile Research has been monitoring a mobile malware campaign targeting users in Germany, France, and Russia since the beginning of the year. Several users have complained in forums and social networks about a suspicious file with the name Android_Update_6.apk being automatically downloaded when a website is loaded. Recently a user tweeted that one …

The post Fake Android Update Delivers SMS, Click Fraud in Europe appeared first on McAfee Blogs.

CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability

27 Apr 2016

DLL planting, also known as DLL side loading, is a popular attack technique today. If we take a look at the list of advisories Microsoft has recently published, it is clear that a large number of vulnerabilities encompass DLL planting. We have seen many targeted attacks that abuse Windows OLE in many ways. At BlackHat USA 2015, an …

The post CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability appeared first on McAfee Blogs.

Malware Takes Advantage of Windows ‘God Mode’

27 Apr 2016

Microsoft Windows has hidden an Easter Egg since Windows Vista. It allows users to create a specially named folder that acts as a shortcut to Windows settings and special folders, such as control panels, My Computer, or the printers folder. This “God Mode” can come in handy for admins, but attackers are now using this undocumented feature for evil …

The post Malware Takes Advantage of Windows ‘God Mode’ appeared first on McAfee Blogs.

Macro Malware Employs Advanced Obfuscation to Avoid Detection

26 Apr 2016

Attacks by macro malware carrying ransomware are growing, as we have recently reported on Blog Central here and here. Now McAfee Labs researchers have witnessed a new variant of macro malware that employs fudging techniques such as virtual machine awareness, sandbox awareness, and more. Since early March we have seen macro malware using high-obfuscation algorithms to protect itself …

The post Macro Malware Employs Advanced Obfuscation to Avoid Detection appeared first on McAfee Blogs.

Unsubscribing From Unwanted Email Carries Risks

18 Apr 2016

We all receive loads of unwanted email solicitations, warnings, and advertisements. The number can be overwhelming to the point of obnoxiousness. Some days it feels like an unending barrage of distracting deliveries that require a constant scrubbing of my inbox. Beyond being frustrating, there are risks. In addition to the desired and legitimate uses of email, …

The post Unsubscribing From Unwanted Email Carries Risks appeared first on McAfee Blogs.

CVE-2016-0153: Microsoft Patches Possible OLE Typo

14 Apr 2016

Recently McAfee Labs discovered an interesting bug in Windows’ OLE implementation, which Microsoft patched this week. Now that the patch is available, we can discuss this vulnerability, which resides in the OleRegEnumVerbs() function of ole32.dll. During our research we found that a stack corruption vulnerability in ole32!OleRegEnumVerbs can be triggered if we embed any OLE1 …

The post CVE-2016-0153: Microsoft Patches Possible OLE Typo appeared first on McAfee Blogs.

When It Comes To Cyberthreat Intelligence, Sharing Is Caring

13 Apr 2016

This blog was originally posted at Dark Reading on March 31. Shared cyberthreat intelligence will soon be a critical component of security operations, enabling organizations to better protect their digital assets and respond more quickly to emerging threats. On March 17, the US Department of Homeland Security announced the deployment of the Automated Indicator Sharing …

The post When It Comes To Cyberthreat Intelligence, Sharing Is Caring appeared first on McAfee Blogs.

Convergence and the Future of Cyber Security

12 Apr 2016

CSE 2016 Future of Cyber Security by Matthew Rosenquist from Matthew Rosenquist The security industry is changing. Technology innovation is eroding the distance between the roles and responsibilities of traditionally independent physical and cyber security teams. Modern physical security tools now rely heavily on networks, clouds, firmware, and software—which puts them at risk of cyber …

The post Convergence and the Future of Cyber Security appeared first on McAfee Blogs.

DHS Accelerates Information Sharing Standards Effort; Intel to Chair Working Group

29 Mar 2016

This post first appeared at Policy@Intel on March 9. In an effort to accelerate cyber information sharing, and in response to a presidential executive order, the Department of Homeland Security recently announced the formation of the Information Sharing and Analysis Organization (ISAO) Standards Organization. The organization comprises six working groups, and I’ve been appointed chair …

The post DHS Accelerates Information Sharing Standards Effort; Intel to Chair Working Group appeared first on McAfee Blogs.

McAfee Labs Unlocks LeChiffre Ransomware

28 Mar 2016

At McAfee Labs we recently received a low-profile ransomware called LeChiffre. Unlike ransomware that is distributed by a spam campaign or downloaded by other malware, this sample needs to be run manually on a victim’s machine to encrypt files. As we analyzed this ransomware, we found that we could unlock all LeChiffre-encrypted files without having to pay …

The post McAfee Labs Unlocks LeChiffre Ransomware appeared first on McAfee Blogs.

W97M Downloader Serves Vawtrak Malware

23 Mar 2016

McAfee Labs recently found a variant of the W97M macro malware downloader that runs the Vawtrak malware. Although W97M usually employs Microsoft Office documents to run malicious Visual Basic scripts that download and run malware, this instance of W97M contains an embedded executable that is dropped onto the file system using a malicious macro. W97M …

The post W97M Downloader Serves Vawtrak Malware appeared first on McAfee Blogs.

McAfee Labs Threats Report Discusses Cyber Threat Intelligence Sharing and More

22 Mar 2016

During keynote presentations at the RSA Conference 2016 in early March, Chris Young from Intel Security, Mark McLaughlin from Palo Alto Networks, and Michael Brown from Symantec discussed the need to share cyber threat intelligence (CTI). There were also a half-dozen conference sessions that examined this important topic. Young made the point that sharing CTI …

The post McAfee Labs Threats Report Discusses Cyber Threat Intelligence Sharing and More appeared first on McAfee Blogs.

Cybersecurity Suffers Due to Human Resources Challenges

21 Mar 2016

The cybersecurity industry is in a state of disrepair. Growing human resource problems put the efforts to secure technology at risk, due to insufficient staffing, skills, and diversity. The need for talent is skyrocketing, but there are not enough qualified workers to meet current or future demands. By 2017 prospective hiring organizations may have upwards …

The post Cybersecurity Suffers Due to Human Resources Challenges appeared first on McAfee Blogs.

5G Networks Pose Cyber Risks, Opportunities

18 Mar 2016

Fifth-generation networking (5G) holds the potential for a massive immersion of technology into the lives of people and businesses. It is an evolution of technology that could allow enough bandwidth for 50 billion smart devices, driving toward a world in which everything that computes will be connected. Such transformative technology opens great opportunities, but also presents new …

The post 5G Networks Pose Cyber Risks, Opportunities appeared first on McAfee Blogs.

Hacktivists Turn to Phishing to Fund Their Causes

16 Mar 2016

At Intel Security we recently observed a phishing campaign targeting Apple account holders. The link directed the user to a compromised WordPress site used to serve the fake Apple ID login page. Users are asked to log in with their Apple IDs, and then are requested to update billing information and credit card details. In the following …

The post Hacktivists Turn to Phishing to Fund Their Causes appeared first on McAfee Blogs.

Report Highlights Enterprise Biometric Vulnerabilities, Opportunities

16 Mar 2016

Authentication in the modern enterprise is becoming more difficult. The risks are rising, but adding more security controls can impede workers and are difficult to integrate into legacy systems. Biometrics may be a better path to improve security while not adversely impacting the user experience. But there are risks; biometric systems are not without vulnerabilities …

The post Report Highlights Enterprise Biometric Vulnerabilities, Opportunities appeared first on McAfee Blogs.

TeslaCrypt Ransomware Arrives via Neutrino Exploit Kit

15 Mar 2016

This post was written by Sriram P. and Varadharajan Krishnasamy. TeslaCrypt is a ransomware family that encrypts files and extorts money from its victims to decrypt the files. Similar to other ransomware variants, TeslaCrypt propagates through a wide range of spam campaigns and is also downloaded with the help of other malware: W97M/Downloader JS/Nemucod Angler exploit kit …

The post TeslaCrypt Ransomware Arrives via Neutrino Exploit Kit appeared first on McAfee Blogs.

Sensitive California Student Information to Be Released to Nonprofit

14 Mar 2016

The US District Court of California (Eastern district) has issued an order requiring the California Department of Education (CDE) to produce data to the plaintiffs in a lawsuit involving allegations that the CDE failed to provide adequate services to children with disabilities. The data in question will include information on all children, kindergarten through high …

The post Sensitive California Student Information to Be Released to Nonprofit appeared first on McAfee Blogs.

Criminals are Getting Excited for Tax Filing Season

11 Mar 2016

Cybercriminals are plotting to take advantage of tax season, by fraudulently impersonating consumers and scamming Americans. For the citizens of the United States, tax season is upon us, during which we diligently file our annual tax returns with the US Internal Revenue Service (IRS). A big problem, however, is that, in this digital age of …

The post Criminals are Getting Excited for Tax Filing Season appeared first on McAfee Blogs.

Macro Malware Associated With Dridex Finds New Ways to Hide

08 Mar 2016

Macro malware is on the upswing and cybercriminals are always searching for new ways to deceive users and evade detection. McAfee Labs recently discovered a W97M/Downloader variant that uses a new technique to obfuscate its malicious intentions. Almost one year ago, we discovered Microsoft Office XML documents containing compressed MSO ActiveMime objects. These objects extract an encrypted OLE …

The post Macro Malware Associated With Dridex Finds New Ways to Hide appeared first on McAfee Blogs.

Locky Ransomware on Rampage With JavaScript Downloader

08 Mar 2016

Locky is a ransomware family that encrypts victims’ files and demands money to decrypt the files. It has infected many computers in a short time due to a huge spam campaign. Propagation vector                                                                                   Locky ransomware propagates onto victims’ systems through a widespread spam campaign using an attached Microsoft Word document with maliciously crafted macros. Recently, however, the …

The post Locky Ransomware on Rampage With JavaScript Downloader appeared first on McAfee Blogs.

Trillium Toolkit Leads to Widespread Malware

04 Mar 2016

Any aspiring cybercriminal can buy one of many malicious toolkits to craft a downloader and distribute malware. After a time these downloaders are leaked to forums and other download sites and become available to the masses. This is often when we see a spike in their use. The toolkit Trillium Security MultiSploit Tool v3 was cracked last week …

The post Trillium Toolkit Leads to Widespread Malware appeared first on McAfee Blogs.

A Future Beyond Mobile Devices; Trusting the Promises of Mobile World Congress

03 Mar 2016

More than 100,000 people descended upon Mobile World Congress (MWC) last week to watch experts from around the world discuss and share their views of what the future has in store for “mobile.” After four days at the event, what became obvious to me is that we have certainly progressed from the days when a …

The post A Future Beyond Mobile Devices; Trusting the Promises of Mobile World Congress appeared first on McAfee Blogs.

Targeted Ransomware No Longer a Future Threat

01 Mar 2016

This post was written by Christiaan Beek and Andrew Furtak. In 2015, Intel Security investigated a ransomware campaign that targeted the financial sector of a certain country. This was the first time we had observed ransomware targeting a particular sector. The infection vector in that case involved a phishing campaign directed at multiple financial institutions. …

The post Targeted Ransomware No Longer a Future Threat appeared first on McAfee Blogs.

Malicious Forums Turn Amateur Hackers Into Cybercriminals

25 Feb 2016

Security researchers are aware of forums that offer downloads of malicious software such as keyloggers and remote access tools. Some inexperienced hackers may visit these forums and decide to chase the money and create a malicious agenda. The following is a snippet from a popular hacking forum. We recently received a submission with the filename 17_02_16~_HKL_Purchase_Order.ace. This …

The post Malicious Forums Turn Amateur Hackers Into Cybercriminals appeared first on McAfee Blogs.

Mobile World Congress: a Microcosm of a Hyper-Connected Future

24 Feb 2016

Mobile World Congress 2016 has given us a glimpse into the innovations that will hit our stores this year. From the looks of things we will get much more than just thinner handsets. Many phone manufacturers have flooded the event with gadgets and accessories that can be bundled with phones. These include virtual reality headsets, …

The post Mobile World Congress: a Microcosm of a Hyper-Connected Future appeared first on McAfee Blogs.

Nivdort: Data-Stealing Trojan Arrives via Spam

18 Feb 2016

During the past couple of weeks, McAfee Labs has observed a huge increase in spam related to Nivdort, a malicious file that usually arrives as a .zip attachment and tries to download other malware. This malware can steal a victim’s credentials, including personal details related to online shopping, banking, and other social networking websites. Nivdort’s spam …

The post Nivdort: Data-Stealing Trojan Arrives via Spam appeared first on McAfee Blogs.

Intel Security Wins 2015 AV-TEST Award for Best Usability

18 Feb 2016

On February 17, AV-TEST CEO Guido Habicht announced that Intel Security was awarded the AV-TEST BEST USABILITY 2015 AWARD for McAfee Endpoint Security (Versions 8.8 and 10.0). This award is given annually to the most user-friendly enterprise-class product for the year. On behalf of Intel Security, Jon Carpenter (right) accepts the AV-TEST BEST USABILITY 2015 …

The post Intel Security Wins 2015 AV-TEST Award for Best Usability appeared first on McAfee Blogs.

Does Anyone Really Care About Mobile Security?

17 Feb 2016

I’ve attended Mobile World Congress a number of times and it is fair to say the concept of the show has evolved over the years. Previously, when someone said “mobile” we thought of physical handsets; whereas the term today has a much more complex definition. “Mobile” now is a reflection of the Internet of Things …

The post Does Anyone Really Care About Mobile Security? appeared first on McAfee Blogs.

Clever Phishing Attacks Target Google, Yahoo, DHL Customers

16 Feb 2016

Last week McAfee Labs received a phishing page that efficiently uses the CSS format of the Gmail login page and appears to be a legitimate Gmail page. When we opened the malformed HTML file we sometimes saw this warning: After the warning, the following Gmail login page appeared. Even the tech savvy could fall prey to this …

The post Clever Phishing Attacks Target Google, Yahoo, DHL Customers appeared first on McAfee Blogs.

Ransomware Targets Healthcare Sector

15 Feb 2016

When we develop threats predictions at Intel Security, I personally like to conduct some proper research and base my statements on indicators of what we have seen in the field and what we believe will increase in the next six to 12 months. In the McAfee Labs 2016 Threats Predictions, we stated that ransomware would …

The post Ransomware Targets Healthcare Sector appeared first on McAfee Blogs.

HydraCrypt Variant of Ransomware Distributed by Angler Exploit Kit

12 Feb 2016

McAfee Labs recently came across the new ransomware variant HydraCrypt. Like some previous ransomware variants, HydraCrypt is distributed using the Angler exploit kit. HydraCrypt encrypts a victim’s files and appends the filenames with the extension “hydracrypt_ID_<8 random characters>.” The malware also drops one plain-text file on the victim’s machine and opens a red window displaying the …

The post HydraCrypt Variant of Ransomware Distributed by Angler Exploit Kit appeared first on McAfee Blogs.

A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption

05 Feb 2016

Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt supplies. Intel Security’s approach in understanding this event included making contact with the impacted organization to offer our support and, where possible, retrieving data in order to analyze the true nature of the …

The post A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption appeared first on McAfee Blogs.

January #SecChat Recap: What Will 2016 Bring for Cybersecurity?

02 Feb 2016

The cybersecurity sector is continually evolving, with new changes affecting the way information is traded and protected. Now that 2016 is in full swing, it’s time to start looking forward to which threats lie ahead. In our January #SecChat, we turned our focus to top security predictions for the New Year. Participating in this chat …

The post January #SecChat Recap: What Will 2016 Bring for Cybersecurity? appeared first on McAfee Blogs.

File-Hosting Site Turns Your File Into Adware

28 Jan 2016

We recently received a sample from a customer and upon initial analysis it looked like a bundled software installer. Upon execution, the installer launches a website and then attempts to download an executable—an installer for FLV Player. Nothing out of the ordinary, but what grabbed our attention was the website that had loaded after execution. …

The post File-Hosting Site Turns Your File Into Adware appeared first on McAfee Blogs.

Cyber Criminals Gain in Sophistication With Integrity Attacks

26 Jan 2016

One constant in cybersecurity is the continual rise of sophistication and creativity of attackers. In 2016, we will see a fundamental expansion of their techniques, including the rise of integrity attacks. The industry has become accustomed to traditional availability and confidentiality attacks, which are typically crude but often effective. Denial of service attacks, for example, undermine …

The post Cyber Criminals Gain in Sophistication With Integrity Attacks appeared first on McAfee Blogs.