The Network Time Protocol (NTP) has been critical in ensuring time is accurately kept for various systems businesses and organizations rely on. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time. As such, should there be a severe mismatch in time, users would not be able to authenticate and gain access to systems. From the perspective of incident handling and incident response, well-synchronized time across systems facilitates log analysis, forensic activities and correlation of events. Depending on operational requirements, organizations may choose to utilize public NTP servers for their time synchronization needs. For organizations that require higher time accuracy, they could opt for Global Positioning Systems (GPS) appliances and use daemons such as GPSD [1] to extract time information from these GPS appliances.
It has been over 3 years since the specification for TLS 1.3 was published[1], and although the protocol has some minor drawbacks, it is undoubtedly the most secure TLS version so far. One would therefore hope that the adoption of TLS 1.3 and its use on web servers around the globe would steadily increase over time (ideally hand in hand with a slow disappearance of older cryptographic protocols, especially the historic SSL 2.0 and SSL 3.0).
I did record a video for my diary entry "Strings Analysis: VBA & Excel4 Maldoc", showing how to use CyberChef to analyze a maldoc.
Malware analysis is difficult.
Gift card fraud may sound like small beer against ransomware - but it's personal, it hurts, and it's still a multi-million dollar problem.
Latest episode - listen now!
Could a rogue vendor with a dodgy payment terminal rip you off via Apple Pay? Maybe. Here's what to do about it.
Let's Encrypt is set to become a mainstream, self-certifying web certificate authority - here's why it took so many years.
Latest episode - listen now!
It wasn't dead, just resting.
The Microsoft Autodiscover "Great Leak" explained - and how to prevent it
"It is a matter of time before working exploits are available," warns VMware.
Fake heads! (Cue dystopian scifi music.)
"Stop. Think. Connect." Say those words aloud - and please pronounce the pauses prescribed by the periods!
We go into more detail about a fake version of the iTerm2 app that downloads and runs malware, detected by Trend Micro as TrojanSpy.Python.ZURU.A, which collects private data from a victim’s machine.
Trend Micro detected a new campaign using a recent version of the known FormBook infostealer. Newer FormBook variants used the recent Office 365 zero-day vulnerability, CVE-2021-40444.
IoT is a big security headache for a lot of reasons. So how can these be part of a Zero Trust architecture?
We recently spotted fake installers of popular software being used to deliver bundles of malware onto victims’ devices. These installers are widely used lures that trick users into opening malicious documents or installing unwanted applications.
Water Basilik Uses New HCrypt Variant to Flood Victims With RAT Payloads & Biden Administration Issues Sanctions To Counter Ransomware
In this entry, we look at the techniques typically employed by the Cring ransomware, as well as the most affected regions and industries.
Trend Micro’s Next-Generation IPS protects organizations from threats as attackers now target remote work-related vulnerabilities.
Recently, we discovered that the cryptomining trojan z0Miner has been taking advantage of the Atlassian’s Confluence remote code execution (RCE) vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August.
In this blog entry we look into a fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans (RATs) in victim systems. This new variant also uses an updated obfuscation mechanism which we detail.
2021 Midyear Cybersecurity Report and Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware
Citizen Lab has released a report on a new iPhone threat dubbed ForcedEntry. This zero-click exploit seems to be able to circumvent Apple's BlastDoor security, and allow attackers access to a device without user interaction.
Trend Micro’s midyear report highlights the growing importance of cloud security as attacks increase in frequency and complexity.
The September 2021 Patch Tuesday cycle is relatively good news for system administrators with only 66 total bulletins. Perhaps more significantly, only three of these were Critical bulletins.
We have continued tracking APT-C-36, also known as Blind Eagle, since our research on this threat actor in 2019. We share new findings of APT-C-36’s ongoing spam campaign targeting South American entities.
Biden announces cybersecurity initiative partnership, US Government seeks public feedback on draft federal zero trust strategy and more.
Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger.
The announcement marks the US’s extensive collaboration with various private and education sector leaders to address the rising cyber threats in the country.
The collaboration aims to enhance various features on GM’s connected cars, with the hope of having millions of vehicles with 5G connectivity on the road by 2024.
Proxytoken vulnerability can modify Exchange server configs and Lockbit jumps its own countdown, publishes Bangkok Air files
We take a closer look at the SSL/TLS certificates used by malware.
The United Nations Regulation No. 155 sets requirements for cybersecurity in vehicles. We conducted a threat modelling exercise on its defined attack vectors as a form of risk assessment in order to help organizations comply with this regulation and identify what to prioritize.
The latest version comes weeks after US President Biden announced a memo, calling on the improvement of control systems cybersecurity. It also expands the coverage of previous editions, covering all control systems.
Key takeaways from H1’ 2021 Linux threat report and Google removes fake crypto-mining apps and more.
New on the Trend Micro Cloud One security platform: Learn how easy it is to monitor, identify, and quarantine malicious file entering your Azure Blobs.
Recently two consumer cybersecurity vendors merged their respective businesses, what will the impact be on customers, and the cybersecurity industry?
We recently detected an aggressive malware distribution campaign delivering LokiBot via multiple techniques, including the exploitation of older vulnerabilities.
Our research paper provides an in-depth analysis of Earth Baku's new cyberespionage campaign, particularly the group's use of advanced malware tools and multiple attack vectors.
As the popularity of Linux continues to increase, so does its attack surface. This brings to light a pressing question for organizations: who is responsible for the security of all the Linux instances running your cloud environment?
Independent lab results prove the high performance of TippingPoint Threat Protection System.
This Week in Security News: Tokyo Olympics Leveraged in Cybercrime Attack and T-Mobile Confirms Hack
Here's how the T-Mobile breach may affect you, and what you can do to protect your data.
The country is set to take a pioneering role with its latest autonomous vehicle law, temporarily bridging gaps until more concise international and European legal frameworks are set.
Just before the opening of the Tokyo Olympics, we confirmed an attack that directed users from a fake TV broadcast schedule page to browser notification spam.
We recently discovered eight deceptive mobile apps that masquerade as cryptocurrency cloud mining applications where users can earn cryptocurrency by investing money into a cloud-mining operation.
While investigating the Confucius threat actor, we found a recent spear phishing campaign that utilizes Pegasus spyware-related lures to entice victims into opening a malicious document downloading a file stealer.
The ransomware group LockBit resurfaced in June with LockBit 2.0, with reports indicating an increased number of targeted companies and the incorporation of double extortion features. Our detections followed attack attempts in Chile, Italy, Taiwan, and the UK from July to August.
This Week in Security News: Hackers Steal $600 million in Largest Ever Cryptocurrency Heist and Cybersecurity is the New ‘Great Game’
Let's Talk Security: Season 02 // Episode 05: Host, Rik Ferguson, interviews Vice President and Chief Information Security Officer for Carrier, Nicole Darden Ford. Together they discuss the changing cybersecurity landscape.
We look into the different implementations of PrintNightmare and include recommendations on how security teams can safeguard their workloads.
The agency also reported that attacks on the supply chain have grown in number and become more sophisticated. Sixty-two percent of the attacks were also done using malware, requiring enterprises to future-proof their security.
The US president announces the creation of a new cybersecurity initiative, aiming to improve the security of critical infrastructure control systems. New performance goals will also be made, ensuring a consistent baseline for cybersecurity.
The agency’s latest reports said that system failure comprises more than half of telecom incidents for 2020. Sixty-nine percent of incidents also affected the qualified trust services during the same year.
August proves to be a quieter month for Microsoft, after an eventful July. This month, there were only 44 security bulletins, part of which are three Print Spooler flaws and a further fix for PetitPotam.
Since June 2021, we’ve been monitoring an in-development ransomware builder called Chaos, which is being offered for testing on an underground forum.
We found a new social engineering-based malvertising campaign targeting Japan that delivered a malicious application. The malicious application abused sideloading vulnerabilities to load and start the Cinobi banking trojan.
This week, learn how false advertisers use spam browser notifications to gain ad revenue. Also, read about the results from Trend Micro’s first half 2021 biannual Cyber Risk Index report.
In this blog entry, we will take a look at two examples of supply chain attacks that our Managed Detection and Response (MDR) team encountered in the past couple of months.
DHS's second issue requires pipeline operators to implement various cybersecurity measures to protect their operations from cyber attacks. This directive also builds upon the department's May directive following the Colonial Pipeline attack.
Learn about the current state of cyber risk organizations are facing today based on the Cyber Risk Index results for the first half of 2021.
As many countries reintroduced lockdowns and restrictions, more people are once again stuck at home. Not only are people possibly bored at home, but many major sporting events are taking place. This brings fans to streaming sites to watch the games and inadvertently becoming victims of a major click fraud campaign.
Threat Actors Exploit Apache Hadoop YARN and BlackMatter Ransomware Claims to Be Best of REvil, Darkside.
Let's Talk Security: Season 02 // Episode 04: Host, Rik Ferguson, interviews the Head of Cyber Security for Moonpig, Tash Norris. Together they question, what could go wrong in the world of cyber security?
We summarize the characteristics, threats, and recommendations to improve the security posture of enterprises' and telecommunications companies' IT infrastructure.
The latest trend report also said that security concerns negatively impact the adoption of IoT technologies and the growth of Industry 4.0
Collaboration with industry partners is helping secure the digital world by distributing Trend Micro vulnerability information to security vendors more quickly so they can enhance protection for their customers.
We look into how threat actors are exploiting Apache Hadoop YARN, a part of the Hadoop framework that is responsible for executing tasks on the cluster. This analysis covers the payloads deployed, the tactics used in the attacks, and basic recommendations for strengthening cloud security.
Let's Talk Security: Season 02 // Episode 03: Host, Rik Ferguson, interviews Founder & CEO of MyConnectedHealth, Tyler Cohen Wood. Together they discuss the new digital normal.
The Global Certification Forum (GCF) and the 5G Automotive Association (5GAA) announced their collaboration on a new program that will support the drive for interoperability, reliability, and safety of up and coming C-V2X systems.
Learn how to build a cloud migration strategy that keeps security in mind.
StrongPity APT Group Deploys Android Malware for the First Time and STIX Cyberthreat Sharing Standards Approved
In our last update on the XCSSET campaign, we updated some of its features targeting latest macOS 11 (Big Sur). Since then, the campaign added more features to its toolset, which we have continually monitored. We have also discovered the mechanism used to steal information from various apps, a behavior that has been present since we first discussed XCSSET.
Respect in Security aims to make a concrete difference to the levels of abuse and harassment that are unfortunately all too common in our industry.
The Covid-19 pandemic has created an unlimited supply of news and topics for cybercriminals to utilize in their attacks, as well as major organizations to spoof. Learn what your organization can do to combat these timely threats.
We recently conducted an investigation into a malicious Android malware sample, which we believe can be attributed to the StrongPity APT group, that was posted on the Syrian e-Gov website. To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks.
MSPs – Say no to the next Ransomware! Protect your Business 24x7 with Trend Micro’s security analysts
Having covered TeamTNT in several of our blog entries over the past couple of years, we embarked on a research that encompasses the malicious actor group’s campaigns, tools, and techniques in 2020 and early 2021.
Trends and Shifts in the Underground N-Day Exploit Market and Scams Make Getting Verified on Social Media a Minefield.
5G brings countless benefits to enterprises through its scalability, speed, and connectivity. However, these very same features might actually amplify the damage caused by threats if they do infiltrate systems. Security should be a prime concern for enterprises that use 5G networks.
The recall affects over 200,000 Models 3 and Y vehicles
With 5G introducing new risks, many are finding they don’t have the visibility, tooling or resources to manage such networks securely.
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle.
Over the past two calendar years, we conducted research on the underground exploit market to learn more about the life cycle of exploits, the kinds of buyers and sellers who transact, and the business models that are in effect in the underground.
Ransomware and phishing attacks will continue to be utilized and will likely see increases in their usage by malicious actors in targeting their victims. Learnings and recommendations from report to improve your prevention and response to these threats.
On June 25, 2021, ETSI released its new IoT Testing Specifications completed by the organization’s committee on Methods for Testing and Specifications. The documents contain seven standards addressing the testing of the IoT MQ Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP) protocols and the foundational security IoT-Profile.
What tactics do Instagram account hackers use? What do these cybercriminals do with stolen accounts? How can users protect their accounts? We look into Instagram account hacking incidents from a security researcher’s perspective and share recommendations for users of Instagram and other social media platforms.
We recently coined this as the Summer of Cybercrime. Major ransomware attacks continue to hit companies globally. The attacks can cause significant damage, from a financial, reputation and productivity standpoint.
Kaseya hit with ransomware attack and top 3 mobile threat takeaways from MWC
We discovered a new malware that targets online gambling companies in China via a watering hole attack, in which visitors are tricked into downloading a malware loader disguised as a legitimate installer for well-known apps such as Adobe Flash Player or Microsoft Silverlight.
We continue monitoring cybercriminals and threats that abuse the pandemic. In this update, we detail trends in malicious activities and deployments that exploit vaccination developments and processes worldwide.
Vulnerabilities aren't the only risk that comes with open source software use. Learn how you can best mitigate licensing risks to ensure your team is meeting all legal requirements while building with open source code.
Cobalt Strike is a well-known beacon or post-exploitation tool that has been linked to several ransomware campaigns. This report focuses on the process of uncovering its tracks in order to fully contain and remove a malware infection.
Kaseya has been hit with a REvil (aka Sodinokibi) ransomware attack at the dawn of the Fourth of July weekend. The attack was geared toward their on-premises VSA product.
Nefilim ransomware attack through a MITRE Att&ck lens and PoC exploit circulating for critical Windows Print Spooler bug, and more.
The PurpleFox Exploit Kit is now being distributed via WPAD attacks targeting Indonesian users.
The Trend Micro research paper, "2020 Report on Threats Affecting ICS Endpoints,” presents findings on ICS endpoints and the threats that plague them. From these findings, we rounded up the list of the top ten countries with the most malware and grayware detections.
Social media is a double-edged sword, and as we celebrate #SocialMediaDay, let’s remember to use best security practices to keep us safe from malicious actors who abuse the platforms.
Cloud workload security and endpoint protection are key to managing security risk. Two new independent IDC reports help CISOs consider their strategic partner options.
Secret management plays an important role in keeping essential information secure and out of threat actors’ reach. We discuss what secrets are and how to store them securely.
Let's Talk Security: Season 02 // Episode 02: Host, Rik Ferguson, interviews Forrester Analyst, Allie Mellen. Together they discuss to adapt or die.
Follow the story of Company X as they suffer an attack from the notorious modern ransomware family, Nefilim, and their affiliates, to learn how you can better mitigate against the common tactic and techniques used in these attacks.
Fake DarkSide campaign targets energy and food sectors and Tulsa police-citation data leaked by Conti Gang
Trend Micro Cloud One + New Relic come together to offer complete cloud visibility
Why tax deductions for ransom payments send the wrong signals to threat actors and their victims
The expedited move to digital transformation has been a lifeline for organizations during the pandemic. Now that these investments have been made, what’s next to continue to drive operational improvements?
While investigating samples of NukeSped, a remote access trojan (RAT), Trend Micro came across several Bundlore adware samples using the same fileless routine that was spotted in NukeSped.
Trend Micro is helping customers natively deploy Infrastructure as Code (IaC) resources for security the same way as cloud native infrastructure in collaboration with AWS CloudFormation.
Bash ransomware targets Linux Distributions and Trend Micro touts zero trust risk insights
Threat actors behind a recent campaign pose as DarkSide in a bid to deceive targets into paying ransom.
The team behind a company is the reason for its success. At Trend Micro, we are proud to have a team filled with intelligent individuals who foster innovation to solve tomorrow's challenges to secure our digital world today.
We investigate how certain hacking tools are used to move laterally on victims’ networks to deploy ransomware. These tools contain reconnaissance/spreader scripts, exploits for Red Hat and CentOS, binary injectors, and more. In this blog, we focus on analyzing the worm and ransomware script.
While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.
We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar.
FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset, we has been tracking deployments of this spyware since 2011. In the report we decided to share some of our unseen findings about the actual state of FinSpy implants.
We take a closer look at threats linked to loss of accounts with popular video game digital distribution services, such as Steam and Origin. We also explore the kind of game-related data that ends up on the black market.
What do cyberthreats, Kubernetes and donuts have in common – except that all three end in “ts”, that is? All these topics will be mentioned during the new SAS@Home online conference, scheduled for September 28th-29th, 2021.
In this article we demonstrate a detection evasion technique using CLR that may be useful for penetration testing as well as a couple of tips for SOCs to help detect such attacks.
Last week, Microsoft reported the RCE vulnerability CVE-2021-40444 in the MSHTML browser engine. Kaspersky is aware of targeted attacks using this vulnerability, and our products protect against attacks leveraging it.
This report discusses the statistics gathered by Kaspersky Safe Kids on the websites and apps children use, and on children’s YouTube search queries in summer 2021.
We deliver a range of services: incident response, digital forensics and malware analysis. Data in the report comes from our daily practices with organizations seeking assistance with full-blown incident response or complementary expert activities for their internal incident response teams.
Statistics on industrial automation system threats in the first half of 2021: by Kaspersky ICS CERT: share of attacked ICS computers, detected malware etc.
Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.
Experts say the detection delay of 17 months is a colossal security blunder by the retailer.
The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients.
First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks.
This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild.
RFID gun tags leave the military exposed to tracking, sniffing and spoofing attacks, experts say.
Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity.
Access to heart monitors disabled by the attack allegedly kept staff from spotting blood & oxygen deprivation that led to the baby's death.
The group uses millions of password combos at the rate of nearly 2,700 login attempts per minute with new techniques that push the ATO envelope.
Researchers have demonstrated that someone could use a stolen, locked iPhone to pay for thousands of dollars of goods or services, no authentication needed.
Our new Wireshark Workshop videos can help security professionals build their skills in analyzing malicious traffic caused by Windows-based malware.
The post Wireshark Tutorial: Wireshark Workshop Videos Now Available appeared first on Unit42.
Email credential harvesting can lead to business email compromise and ransomware. Often, attackers simply ask for victims’ credentials.
The post Credential Harvesting at Scale Without Malware appeared first on Unit42.
The Unit 42 Cloud Threat Report, 2H 2021, covers supply chain attacks in the cloud and provides actionable recommendations to help prevent them.
The post Highlights From the Unit 42 Cloud Threat Report, 2H 2021 appeared first on Unit42.
Network security trends, May-July 2021: We analyze how vulnerabilities are being exploited in the wild and rank the most common types of attacks.
The post Network Security Trends: May-July 2021 appeared first on Unit42.
Four critical OMI vulnerabilities – one unauthorized RCE and three privilege escalation – were recently disclosed. Here’s how to remediate them.
The post Threat Brief: OMI Vulnerabilities (CVE-2021-38645, CVE-2021-38647, CVE-2021-38648 and CVE-2021-38649) appeared first on Unit42.
Dangling domains are a largely overlooked threat in DNS, but they can be exploited for domain hijacking and are important to detect.
The post Dangling Domains: Security Threats, Detection and Prevalence appeared first on Unit42.
Travel-themed phishing URLs are on the rise as attackers take aim at people cooped up at home due to the pandemic who are eager to travel.
The post Phishing Eager Travelers appeared first on Unit42.
JavaScript-based phishing is used by some attackers to evade phishing detection systems. We trained a deep learning model to catch it.
The post PhishingJS: A Deep Learning Model for JavaScript-Based Phishing Detection appeared first on Unit42.
Affecting Azure Container Instances, Azurescape is the first known cross-account container takeover in the public cloud.
The post Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances appeared first on Unit42.
Since the release of the advisory on CVE-2021-26084, mass scanning activity and in-the-wild exploitation have begun. Unit 42 recommends updating.
The post Threat Brief: CVE-2021-26084 appeared first on Unit42.
Benign append attacks hide malware by burying it within benign content. The “Innocent Until Proven Guilty” deep learning model can avoid being fooled.
The post The Innocent Until Proven Guilty Learning Framework Helps Overcome Benign Append Attacks appeared first on Unit42.
DNS rebinding allows attackers to take advantage of web-based consoles to exploit internal networks by abusing the domain name system.
The post DNS Rebinding Attack: How Malicious Websites Exploit Private Networks appeared first on Unit42.
We provide analysis of and mitigations for exploits in the wild for a command injection vulnerability, CVE-2021-32305, affecting WebSVN.
The post New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) appeared first on Unit42.
Phishing attacks are on the rise, and trends in our firewall traffic suggest that remote employees might be especially vulnerable to them.
The post Worldwide Phishing Attacks Ramped Up at the Peak of Working From Home appeared first on Unit42.
Emerging ransomware groups to watch, according to Unit 42 researchers: AvosLocker, Hive Ransomware, HelloKitty and LockBit 2.0.
The post Ransomware Groups to Watch: Emerging Threats appeared first on Unit42.
Authored by Anuradha M McAfee Labs have observed a new phishing campaign that utilizes macro capabilities available in Microsoft PowerPoint....
The post Malicious PowerPoint Documents on the Rise appeared first on McAfee Blogs.
Authored by ChanUng Pak McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The malware steals sensitive financial and private information via phishing by pretending...
The post Phishing Android Malware Targets Taxpayers in India appeared first on McAfee Blogs.
Co-written by Catherine Huang, Ph.D. and Abhishek Karnik Artificial Intelligence (AI) continues to evolve and has made huge progress over the last decade. AI shapes our daily lives. Deep learning is a subset of techniques in AI that...
The post The Rise of Deep Learning for Detection and Classification of Malware appeared first on McAfee Blogs.
Written by: Lakshya Mathur Excel-based malware has been around for decades and has been in the limelight in recent years. During the second half of 2020, we saw...
The post XLSM Malware with MacroSheets appeared first on McAfee Blogs.
Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating...
The post Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems? appeared first on McAfee Blogs.
In 2021 ransomware attacks have been dominant among the bigger cyber security stories. Hence, I was not surprised to see...
The post Fighting new Ransomware Techniques with McAfee’s Latest Innovations appeared first on McAfee Blogs.
The overarching threat facing cyber organizations today is a highly skilled asymmetric enemy, well-funded and resolute in his task and...
The post An Overall Philosophy on the Use of Critical Threat Intelligence appeared first on McAfee Blogs.
This blog was written byVaradharajan Krishnasamy, Karthickkumar, Sakshi Jaiswal Introduction Ransomware attacks are one of the most common cyber-attacks among...
The post REvil Ransomware Uses DLL Sideloading appeared first on McAfee Blogs.
This blog was written by Vallabh Chole & Oliver Devane Over the years, the cybersecurity industry has seen many threats...
The post Hancitor Making Use of Cookies to Prevent URL Scraping appeared first on McAfee Blogs.
This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware...
The post Zloader With a New Infection Technique appeared first on McAfee Blogs.
Executive Summary Ryuk is a ransomware that encrypts a victim’s files and requests payment in Bitcoin cryptocurrency to release the...
The post New Ryuk Ransomware Sample Targets Webservers appeared first on McAfee Blogs.
Introduction: ImageMagick is a hugely popular open source software that is used in lot of systems around the world. It...
The post Fuzzing ImageMagick and Digging Deeper into CVE-2020-27829 appeared first on McAfee Blogs.
Introduction Microsoft Windows Graphics Device Interface+, also known as GDI+, allows various applications to use different graphics functionality on video...
The post Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+ appeared first on McAfee Blogs.
The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: June 2021. In this edition we introduce...
The post McAfee Labs Report Highlights Ransomware Threats appeared first on McAfee Blogs.
Executive Summary The McAfee Advanced Threat Research team (ATR) is committed to uncovering security issues in both software and hardware to help developers...
The post A New Program for Your Peloton – Whether You Like It or Not appeared first on McAfee Blogs.
Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale...
The post Are Virtual Machines the New Gold for Cyber Criminals? appeared first on McAfee Blogs.
Summary points: Scammers are increasingly using Windows Push Notifications to impersonate legitimate alerts Recent campaigns pose as a Windows Defender...
The post Scammers Impersonating Windows Defender to Push Malicious Windows Apps appeared first on McAfee Blogs.
Over the past week we have seen a considerable body of work focusing on DarkSide, the ransomware responsible for the...
The post DarkSide Ransomware Victims Sold Short appeared first on McAfee Blogs.
Today, Microsoft released a highly critical vulnerability (CVE-2021-31166) in its web server http.sys. This product is a Windows-only HTTP server...
The post Major HTTP Vulnerability in Windows Could Lead to Wormable Exploit appeared first on McAfee Blogs.
Preface Countries all over the world are racing to achieve so-called herd immunity against COVID-19 by vaccinating their populations. From...
The post “Fool’s Gold”: Questionable Vaccines, Bogus Results, and Forged Cards appeared first on McAfee Blogs.
The Roaming Mantis smishing campaign has been impersonating a logistics company to steal SMS messages and contact lists from Asian...
The post Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware appeared first on McAfee Blogs.
McAfee is tracking an increase in the use of deceptive popups that mislead some users into taking action, while annoying...
The post How to Stop the Popups appeared first on McAfee Blogs.
Introduction Email is one of the primary ways of communication in the modern world. We use email to receive notifications...
The post Steps to Discover Hidden Threat from Phishing Email appeared first on McAfee Blogs.
Executive Summary Many malware attacks designed to inflict damage on a network are armed with lateral movement capabilities. Post initial...
The post Access Token Theft and Manipulation Attacks – A Door to Local Privilege Escalation appeared first on McAfee Blogs.
A new wave of fraudulent apps has made its way to the Google Play store, targeting Android users in Southwest...
The post Clever Billing Fraud Applications on Google Play: Etinu appeared first on McAfee Blogs.
The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: April 2021. In this edition, we present...
The post McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges appeared first on McAfee Blogs.
Recently, the McAfee Mobile Research Team uncovered several new variants of the Android malware family BRATA being distributed in Google...
The post BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain appeared first on McAfee Blogs.
Executive Summary Cuba ransomware is an older ransomware, that has recently undergone some development. The actors have incorporated the leaking of victim data to increase its impact...
The post McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware appeared first on McAfee Blogs.
Cuba Ransomware Overview Over the past year, we have seen ransomware attackers change the way they have responded to organizations...
The post McAfee Defender’s Blog: Cuba Ransomware Campaign appeared first on McAfee Blogs.
Welcome to reality Ever since I started working in IT Security more than 10 years ago, I wondered, what helps...
The post McAfee Defenders Blog: Reality Check for your Defenses appeared first on McAfee Blogs.
The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help...
The post Netop Vision Pro – Distance Learning Software is 20/20 in Hindsight appeared first on McAfee Blogs.
Operation Dianxun Overview In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign,...
The post McAfee Defender’s Blog: Operation Dianxun appeared first on McAfee Blogs.
In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed...
The post Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies appeared first on McAfee Blogs.
Overview For the March 2021 Patch Tuesday, Microsoft released a set of seven DNS vulnerabilities. Five of the vulnerabilities are...
The post Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates appeared first on McAfee Blogs.
0. Introduction John Lambert, a distinguished researcher specializing in threat intelligence at Microsoft, once said these words that changed perspectives:...
The post McAfee ATR Thinks in Graphs appeared first on McAfee Blogs.
Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises,...
The post Babuk Ransomware appeared first on McAfee Blogs.
On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora,...
The post Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use appeared first on McAfee Blogs.
The McAfee Advanced Threat Research (ATR) team is committed to uncovering security issues in both software and hardware to help...
The post Don’t Call Us We’ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK appeared first on McAfee Blogs.
The concept of a trail of breadcrumbs in the offensive security community is nothing new; for many years, researchers on...
The post Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows’ Network Stack appeared first on McAfee Blogs.
McAfee’s Advanced Threat Research team just completed its second annual capture the flag (CTF) contest for internal employees. Based on tremendous...
The post McAfee ATR Launches Education-Inspired Capture the Flag Contest! appeared first on McAfee Blogs.
Depending on your life experiences, the phrase (or country song by Eric Church) “two pink lines” may bring up a...
The post Two Pink Lines appeared first on McAfee Blogs.
As we gratefully move forward into the year 2021, we have to recognise that 2020 was as tumultuous in the...
The post A Year in Review: Threat Landscape for 2020 appeared first on McAfee Blogs.
The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector –...
The post 2021 Threat Predictions Report appeared first on McAfee Blogs.
In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s Orion IT monitoring and management...
The post How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise appeared first on McAfee Blogs.
Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the...
The post Additional Analysis into the SUNBURST Backdoor appeared first on McAfee Blogs.
Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s...
The post SUNBURST Malware and SolarWinds Supply Chain Compromise appeared first on McAfee Blogs.
CVSS Score: 9.8 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Overview Microsoft released a patch today for a critical vulnerability (CVE-2020-17051) in the Windows NFSv3 (Network File System) server. NFS is typically...
The post CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server appeared first on McAfee Blogs.
Executive Summary It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within...
The post Operation North Star: Behind The Scenes appeared first on McAfee Blogs.
McAfee’s Advanced Threat Research (ATR) today released research that uncovers previously undiscovered information on how Operation North Star evaluated its...
The post Operation North Star: Summary Of Our Latest Analysis appeared first on McAfee Blogs.
The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: November 2020. In this edition, we follow...
The post McAfee Labs Report Reveals Continuing Surge of COVID-19 Threats and Malware appeared first on McAfee Blogs.
CVE-2020-16898: “Bad Neighbor” CVSS Score: 8.8 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Overview Today, Microsoft announced a critical vulnerability in the Windows IPv6 stack,...
The post CVE-2020-16898: “Bad Neighbor” appeared first on McAfee Blogs.
From June to August, part of the McAfee Advanced Threat Research (ATR) team participated in Microsoft’s Azure Sphere Research Challenge. Our research resulted...
The post Our Experiences Participating in Microsoft’s Azure Sphere Bounty Program appeared first on McAfee Blogs.
McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and...
The post Securing Space 4.0 – One Small Step or a Giant Leap? Part 1 appeared first on McAfee Blogs.
McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and...
The post Securing Space 4.0 – One Small Step or a Giant Leap? Part 2 appeared first on McAfee Blogs.
Open Source projects are the building blocks of any software development process. As we indicated in our previous blog, as...
The post Vulnerability Discovery in Open Source Libraries: Analyzing CVE-2020-11863 appeared first on McAfee Blogs.
Intro In a U.S. government cyber security advisory released today, the National Security Agency and Federal Bureau of Investigation warn...
The post On Drovorub: Linux Kernel Security Best Practices appeared first on McAfee Blogs.
Executive Summary Open source has become the foundation for modern software development. Vendors use open source software to stay competitive...
The post Vulnerability Discovery in Open Source Libraries Part 1: Tools of the Trade appeared first on McAfee Blogs.
Retired Marine fighter pilot and Top Gun instructor Dave Berke said “Every single thing you do in your life, every...
The post Robot Character Analysis Reveals Trust Issues appeared first on McAfee Blogs.
Overview As part of our continued goal of helping developers provide safer products for businesses and consumers, we here at...
The post Call an Exorcist! My Robot’s Possessed! appeared first on McAfee Blogs.
Co-authored with Jesse Chick, OSU Senior and Former McAfee Intern, Primary Researcher. Special thanks to Dr. Catherine Huang, McAfee Advanced...
The post Dopple-ganging up on Facial Recognition Systems appeared first on McAfee Blogs.
This document has been prepared by McAfee Advanced Threat Research in collaboration with JSOF who discovered and responsibly disclosed the...
The post Ripple20 Critical Vulnerabilities – Detection Logic and Signatures appeared first on McAfee Blogs.
Building Adaptable Security Architecture Against NetWalker NetWalker Overview The NetWalker ransomware, initially known as Mailto, was first detected in August...
The post McAfee Defender’s Blog: NetWalker appeared first on McAfee Blogs.
Executive Summary The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were...
The post Take a “NetWalk” on the Wild Side appeared first on McAfee Blogs.
Executive Summary We are in the midst of an economic slump [1], with more candidates than there are jobs, something...
The post Operation (노스 스타) North Star A Job Offer That’s Too Good to be True? appeared first on McAfee Blogs.
Building Adaptable Security Architecture Against the Operation North Star Campaign Operation North Star Overview Over the last few months, we...
The post McAfee Defender’s Blog: Operation North Star Campaign appeared first on McAfee Blogs.
Happy Birthday! Today we mark the fourth anniversary of the NoMoreRansom initiative with over 4.2 million visitors, from 188 countries,...
The post Six Hundred Million Reasons to Celebrate: No More Ransom Turns FOUR!! appeared first on McAfee Blogs.
Windows Subsystem for Linux Plan 9 Protocol Research Overview This is the final blog in the McAfee research series trilogy...
The post Hunting for Blues – the WSL Plan 9 Protocol BSOD appeared first on McAfee Blogs.
The McAfee Advanced Threat Research team today published the McAfee® Labs COVID-19 Threats Report, July 2020. In this “Special Edition”...
The post McAfee COVID-19 Report Reveals Pandemic Threat Evolution appeared first on McAfee Blogs.
On June 16th, the Department of Homeland Security and CISA ICS-CERT issued a critical security advisory warning covering multiple newly discovered vulnerabilities affecting...
The post Ripple20 Vulnerability Mitigation Best Practices appeared first on McAfee Blogs.
In 2019, McAfee Advanced Threat Research (ATR) disclosed a vulnerability in a product called BoxLock. Sometime after this, the CEO...
The post My Adventures Hacking the iParcelBox appeared first on McAfee Blogs.
Package delivery is just one of those things we take for granted these days. This is especially true in the...
The post What’s in the Box? Part II: Hacking the iParcelBox appeared first on McAfee Blogs.
EXECUTIVE SUMMARY The RagnarLocker ransomware first appeared in the wild at the end of December 2019 as part of a...
The post RagnarLocker Ransomware Threatens to Release Confidential Information appeared first on McAfee Blogs.
There are number of ways scammers use to target personal information and, currently, one example is, they are taking advantage...
The post OneDrive Phishing Awareness appeared first on McAfee Blogs.
Introduction This blog describes how McAfee ATP (Adaptive Threat Protection) rules are used within McAfee Endpoint Security products. It will...
The post How To Use McAfee ATP to Protect Against Emotet, LemonDuck and PowerMiner appeared first on McAfee Blogs.
Ransomware protection and incident response is a constant battle for IT, security engineers and analysts under normal circumstances, but with...
The post ENS 10.7 Rolls Back the Curtain on Ransomware appeared first on McAfee Blogs.
The COVID-19 pandemic has prompted many companies to enable their employees to work remotely and, in a large number of...
The post Cybercriminals Actively Exploiting RDP to Target Remote Organizations appeared first on McAfee Blogs.
Special thanks to Prajwala Rao, Oliver Devane, Shannon Cole, Ankit Goel and members of Malware Research for their contribution and...
The post COVID-19 – Malware Makes Hay During a Pandemic appeared first on McAfee Blogs.
Co-authored by Marc RiveroLopez. In collaboration with Northwave As we highlighted previously across two blogs, targeted ransomware attacks have increased...
The post Tales From the Trenches; a Lockbit Ransomware Story appeared first on McAfee Blogs.
McAfee Mobile Research team has found another variant of MalBus on an education application, developed by a South Korean developer....
The post MalBus Actor Changed Market from Google Play to ONE Store appeared first on McAfee Blogs.
While not a new practice, the sheer volume of people required to adhere to social distancing best practices means we...
The post Transitioning to a Mass Remote Workforce – We Must Verify Before Trusting appeared first on McAfee Blogs.
Although the use of global events as a vehicle to drive digital crime is hardly surprising, the current outbreak of...
The post COVID-19 Threat Update – now includes Blood for Sale appeared first on McAfee Blogs.
Executive Summary The McAfee Advanced Threat Research Team (ATR) observed a new ransomware family named ‘Nemty’ on 20 August 2019....
The post Nemty Ransomware – Learning by Doing appeared first on McAfee Blogs.
EXECUTIVE SUMMARY The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019...
The post Ransomware Maze appeared first on McAfee Blogs.
Special thanks to Tim Hux and Sorcha Healy for their assistance. The demand for remote working as a result of...
The post Staying Safe While Working Remotely appeared first on McAfee Blogs.
The Vulnerability The latest vulnerability in SMBv3 is a “wormable” vulnerability given its potential ability to replicate or spread over...
The post SMBGhost – Analysis of CVE-2020-0796 appeared first on McAfee Blogs.
The McAfee Mobile Research team has identified an Android malware family dubbed Android/LeifAccess.A that has been active since May 2019....
The post Android/LeifAccess.A is the Silent Fake Reviewer Trojan appeared first on McAfee Blogs.
Thousands of HiddenAds Trojan Apps Masquerade as Google Play Apps The McAfee mobile research team has recently discovered a new...
The post Multi-tricks HiddenAds Malware appeared first on McAfee Blogs.
In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often...
The post CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II appeared first on McAfee Blogs.
The last several years have been fascinating for those of us who have been eagerly observing the steady move towards...
The post Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles appeared first on McAfee Blogs.
Catherine Huang, Ph.D., and Shivangee Trivedi contributed to this blog. The term “Adversarial Machine Learning” (AML) is a mouthful! The...
The post Introduction and Application of Model Hacking appeared first on McAfee Blogs.
For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat...
The post CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I appeared first on McAfee Blogs.
A Windows Linux Subsystem Interop Analysis Following our research from Evil Twins and Windows Linux Subsystem, interoperability between different WSL...
The post Knock, Knock – Who’s There? appeared first on McAfee Blogs.
Preface Because of its longevity and technical sophistication, the Russian cybercriminal underground has long been the benchmark for threat researchers...
The post How Chinese Cybercriminals Use Business Playbook to Revamp Underground appeared first on McAfee Blogs.
Intelligence became an integral military discipline centuries ago. More recently, this practice evolved into what is called Intelligence Preparation of the Battlefield,...
The post Intelligence in the Enterprise appeared first on McAfee Blogs.
Today McAfee released the results of a survey of county websites and county election administration websites in the 13 states...
The post U.S. Battleground County Website Security Survey appeared first on McAfee Blogs.
There has been a dramatic shift in the platforms targeted by attackers over the past few years. Up until 2016,...
The post An Inside Look into Microsoft Rich Text Format and OLE Exploits appeared first on McAfee Blogs.
Enterprise customers looking for information on defending against Curveball can find information here. 2020 came in with a bang this...
The post CurveBall – An Unimaginative Pun but a Devastating Bug appeared first on McAfee Blogs.
By: Jan Schnellbächer and Martin Stecher, McAfee Germany GmbH This week security researches around the world were very busy working...
The post What CVE-2020-0601 Teaches Us About Microsoft’s TLS Certificate Verification Process appeared first on McAfee Blogs.
Recent political tensions in the Middle East region have led to significant speculation of increased cyber-related activities. McAfee is on...
The post Iran Cyber Threat Update appeared first on McAfee Blogs.
The idea of controlling your garage door remotely and verifying that everything is secure at home, or having packages delivered...
The post We Be Jammin’ – Bypassing Chamberlain myQ Garage Doors appeared first on McAfee Blogs.
Steve Povolny contributed to this report. McAfee’s Advanced Threat Research team performs security analysis of products and technologies across nearly...
The post The Cloning of The Ring – Who Can Unlock Your Door? appeared first on McAfee Blogs.
This week McAfee Advanced Threat Research (ATR) published new findings, uncovering security flaws in two popular IoT devices: a connected...
The post The Tradeoff Between Convenience and Security – A Balancing Act for Consumers and Manufacturers appeared first on McAfee Blogs.
There are number of ways scammers use to target your money or personal details. These scams include support sites for...
The post Top Tips to Spot Tech Support Scams appeared first on McAfee Blogs.
Co-authored by Marc RiveroLopez. Initial Discovery This year seems to again be the year for ransomware. Notorious attacks were made...
The post Analysis of LooCipher, a New Ransomware Family Observed This Year appeared first on McAfee Blogs.
With 2019’s headlines of ransomware, malware, and RDP attacks almost behind us, we shift our focus to the cybercrime threats...
The post McAfee Labs 2020 Threats Predictions Report appeared first on McAfee Blogs.
Co-authored by Marc RiveroLopez Initial Discovery This week the news hit that several companies in Spain were hit by a...
The post Spanish MSSP Targeted by BitPaymer Ransomware appeared first on McAfee Blogs.
McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as...
The post Buran Ransomware; the Evolution of VegaLocker appeared first on McAfee Blogs.
Over the past few weeks McAfee Labs has been observing a new phishing campaign using a fake voicemail message to...
The post Office 365 Users Targeted by Voicemail Scam Pages appeared first on McAfee Blogs.
A cost-effective way to detect targeted attacks in your enterprise While it is easy to get caught up in the...
The post Did You Check Your Quarantine?! appeared first on McAfee Blogs.
Expert Rules are text-based custom rules that can be created in the Exploit Prevention policy in ENS Threat Prevention 10.5.3+....
The post Using Expert Rules in ENS to Prevent Malicious Exploits appeared first on McAfee Blogs.
Episode 4: Crescendo This is the final installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its...
The post McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo appeared first on McAfee Blogs.
Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi...
The post McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money appeared first on McAfee Blogs.
Episode 2: The All-Stars Analyzing Affiliate Structures in Ransomware-as-a-Service Campaigns This is the second installment of the McAfee Advanced Threat...
The post McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – The All-Stars appeared first on McAfee Blogs.
Episode 1: What the Code Tells Us McAfee’s Advanced Threat Research team (ATR) observed a new ransomware family in the...
The post McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us appeared first on McAfee Blogs.
The Artful and Dangerous Dynamics of Watering Hole Attacks A group of researchers recently published findings of an exploitation of multiple...
The post How Visiting a Trusted Site Could Infect Your Employees appeared first on McAfee Blogs.
Executive Summary Malware evasion techniques are widely used to circumvent detection as well as analysis and understanding. One of the...
The post Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study appeared first on McAfee Blogs.
The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected,...
The post Apple iOS Attack Underscores Importance of Threat Research appeared first on McAfee Blogs.
Introduction As of July 2019, Microsoft has fixed around 43 bugs in the Jet Database Engine. McAfee has reported a...
The post Analyzing and Identifying Issues with the Microsoft Patch for CVE-2018-8423 appeared first on McAfee Blogs.
In this series of 3 blogs (you can find part 1 here, and part 2 here), so far we have...
The post The Twin Journey, Part 3: I’m Not a Twin, Can’t You See my Whitespace at the End? appeared first on McAfee Blogs.
Following on from the McAfee Protects against suspicious email attachments blog, this blog describes how the AMSI (Antimalware Scan Interface)...
The post McAfee AMSI Integration Protects Against Malicious Scripts appeared first on McAfee Blogs.
Management. Control. It seems that you can’t stick five people in a room together without one of them trying to...
The post From Building Control to Damage Control: A Case Study in Industrial Security Featuring Delta’s enteliBUS Manager appeared first on McAfee Blogs.
The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help...
The post HVACking: Understanding the Delta Between Security and Reality appeared first on McAfee Blogs.
Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies...
The post Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware appeared first on McAfee Blogs.
The McAfee mobile research team has found a new type of Android malware for the MoqHao phishing campaign (a.k.a. XLoader...
The post MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play appeared first on McAfee Blogs.
In the first of this 3-part blog series, we covered the implications of promoting files to “Evil Twins” where they...
The post The Twin Journey, Part 2: Evil Twins in a Case In-sensitive Land appeared first on McAfee Blogs.
CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for...
The post DHCP Client Remote Code Execution Vulnerability Demystified appeared first on McAfee Blogs.
This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This...
The post Clop Ransomware appeared first on McAfee Blogs.
Summary and Introduction: The recent changes in Windows 10, aiming to add case sensitivity (CS) at directory level, have prompted...
The post The Twin Journey, Part 1 appeared first on McAfee Blogs.
In September 2018, the Zero Day Initiative published a proof of concept for a vulnerability in Microsoft’s Jet Database Engine....
The post Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423 appeared first on McAfee Blogs.
The not-so Usual Suspects There is a growing trend for attackers to more heavily utilize tools that already exist on...
The post What Is Mshta, How Can It Be Used and How to Protect Against It appeared first on McAfee Blogs.
This blog was written by Charlie Feng. Briefing Over the years, McAfee researchers have observed that certain new top-level Domains...
The post Examining the Link Between TLD Prices and Abuse appeared first on McAfee Blogs.
Collaborative Initiative Celebrates Helping More Than 200,000 Victims and Preventing More Than 100 million USD From Falling into Criminal Hands...
The post No More Ransom Blows Out Three Birthday Candles Today appeared first on McAfee Blogs.
You have likely heard that blockchain will disrupt everything from banking to retail to identity management and more. You may...
The post Demystifying Blockchain: Sifting Through Benefits, Examples and Choices appeared first on McAfee Blogs.
Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an...
The post McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder appeared first on McAfee Blogs.
Since early November 2018 McAfee Labs have observed a phishing kit, dubbed 16Shop, being used by malicious actors to target...
The post 16Shop Now Targets Amazon appeared first on McAfee Blogs.
RDP on the Radar Recently, McAfee released a blog related to the wormable RDP vulnerability referred to as CVE-2019-0708 or...
The post RDP Security Explained appeared first on McAfee Blogs.
As this blog goes live, Eoin Carroll will be stepping off the stage at Hack in Paris having detailed the...
The post Why Process Reimaging Matters appeared first on McAfee Blogs.
Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR...
The post In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass appeared first on McAfee Blogs.
McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please...
The post Mr. Coffee with WeMo: Double Roast appeared first on McAfee Blogs.
A much overlooked but essential part in financially motivated (cyber)crime is making sure that the origins of criminal funds are...
The post Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement appeared first on McAfee Blogs.
During Microsoft’s May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol (RDP)....
The post RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708 appeared first on McAfee Blogs.
Co-authored by Marc RiveroLopez. Initial discovery Once again, we have seen a significant new ransomware family in the news. LockerGoga,...
The post LockerGoga Ransomware Family Used in Targeted Attacks appeared first on McAfee Blogs.
Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary...
The post IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? appeared first on McAfee Blogs.
1. Introduction On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader...
The post Analysis of a Chrome Zero Day: CVE-2019-5786 appeared first on McAfee Blogs.
Earlier this month Check Point Research reported discovery of a 19 year old code execution vulnerability in the wildly popular...
The post Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) appeared first on McAfee Blogs.
Email remains a top vector for attackers. Over the years, defenses have evolved, and policy-based protections have become standard for...
The post McAfee Protects Against Suspicious Email Attachments appeared first on McAfee Blogs.
The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an...
The post JAVA-VBS Joint Exercise Delivers RAT appeared first on McAfee Blogs.
IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more...
The post Your Smart Coffee Maker is Brewing Up Trouble appeared first on McAfee Blogs.
2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency,...
The post What’s in the Box? appeared first on McAfee Blogs.
In collaboration with Bill Siegel and Alex Holdtman from Coveware. At the beginning of 2019, McAfee ATR published an...
The post Ryuk, Exploring the Human Connection appeared first on McAfee Blogs.