SANS

Old posts >>

Keeping Track of Time: Network Time Protocol and a GPSD Bug, (Wed, Sep 29th)

29 Sep 2021

The Network Time Protocol (NTP) has been critical in ensuring time is accurately kept for various systems businesses and organizations rely on. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time. As such, should there be a severe mismatch in time, users would not be able to authenticate and gain access to systems. From the perspective of incident handling and incident response, well-synchronized time across systems facilitates log analysis, forensic activities and correlation of events. Depending on operational requirements, organizations may choose to utilize public NTP servers for their time synchronization needs. For organizations that require higher time accuracy, they could opt for Global Positioning Systems (GPS) appliances and use daemons such as GPSD [1] to extract time information from these GPS appliances.

TLS 1.3 and SSL - the current state of affairs, (Tue, Sep 28th)

28 Sep 2021

It has been over 3 years since the specification for TLS 1.3 was published[1], and although the protocol has some minor drawbacks, it is undoubtedly the most secure TLS version so far. One would therefore hope that the adoption of TLS 1.3 and its use on web servers around the globe would steadily increase over time (ideally hand in hand with a slow disappearance of older cryptographic protocols, especially the historic SSL 2.0 and SSL 3.0).


Video: Strings Analysis: VBA & Excel4 Maldoc, (Sat, Sep 25th)

25 Sep 2021

I did record a video for my diary entry "Strings Analysis: VBA & Excel4 Maldoc", showing how to use CyberChef to analyze a maldoc.


Strings Analysis: VBA & Excel4 Maldoc, (Sat, Sep 25th)

25 Sep 2021

Malware analysis is difficult.


Sophos

Gift card fraud: four suspects hit with money laundering charges

01 Oct 2021

Gift card fraud may sound like small beer against ransomware - but it's personal, it hurts, and it's still a multi-million dollar problem.

Old posts >>

S3 Ep52: Let’s Encrypt, Outlook leak, and VMware exploit [Podcast]

30 Sep 2021

Latest episode - listen now!

How to steal money via Apple Pay using the “Express Transit” feature

30 Sep 2021

Could a rogue vendor with a dodgy payment terminal rip you off via Apple Pay? Maybe. Here's what to do about it.

Serious Security: Let’s Encrypt gets ready to go it alone (in a good way!)

28 Sep 2021

Let's Encrypt is set to become a mainstream, self-certifying web certificate authority - here's why it took so many years.

S3 Ep51: OMIGOD a gaping hole, waybill scams, and Face ID hacked [Podcast]

24 Sep 2021

Latest episode - listen now!

STILL ALIVE! iOS 12 gets 3 zero-day security patches – update now

23 Sep 2021

It wasn't dead, just resting.

How Outlook “autodiscover” could leak your passwords – and how to stop it

23 Sep 2021

The Microsoft Autodiscover "Great Leak" explained - and how to prevent it

VMware patch bulletin warns: “This needs your immediate attention.”

22 Sep 2021

"It is a matter of time before working exploits are available," warns VMware.

iOS 15 launches with 22 documented security patches – including a Face ID bypass using a “3D model”

21 Sep 2021

Fake heads! (Cue dystopian scifi music.)

“Back to basics” as courier scammers skip fake fees and missed deliveries

20 Sep 2021

"Stop. Think. Connect." Say those words aloud - and please pronounce the pauses prescribed by the periods!


TrendMicro

Old posts >>

Mac Users Targeted by Trojanized iTerm2 App

30 Sep 2021

We go into more detail about a fake version of the iTerm2 app that downloads and runs malware, detected by Trend Micro as TrojanSpy.Python.ZURU.A, which collects private data from a victim’s machine.

FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal

29 Sep 2021

Trend Micro detected a new campaign using a recent version of the known FormBook infostealer. Newer FormBook variants used the recent Office 365 zero-day vulnerability, CVE-2021-40444.

IoT and Zero Trust Are Incompatible? Just the Opposite

27 Sep 2021

IoT is a big security headache for a lot of reasons. So how can these be part of a Zero Trust architecture?

Fake Installers Drop Malware and Open Doors for Opportunistic Attackers

27 Sep 2021

We recently spotted fake installers of popular software being used to deliver bundles of malware onto victims’ devices. These installers are widely used lures that trick users into opening malicious documents or installing unwanted applications.

This Week in Security News - September 24, 1021

24 Sep 2021

Water Basilik Uses New HCrypt Variant to Flood Victims With RAT Payloads & Biden Administration Issues Sanctions To Counter Ransomware

Examining the Cring Ransomware Techniques

24 Sep 2021

In this entry, we look at the techniques typically employed by the Cring ransomware, as well as the most affected regions and industries.

CISA Reports Top Vulnerabilities From Remote Work

21 Sep 2021

Trend Micro’s Next-Generation IPS protects organizations from threats as attackers now target remote work-related vulnerabilities.

Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage

21 Sep 2021

Recently, we discovered that the cryptomining trojan z0Miner has been taking advantage of the Atlassian’s Confluence remote code execution (RCE) vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August.

Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads

20 Sep 2021

In this blog entry we look into a fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans (RATs) in victim systems. This new variant also uses an updated obfuscation mechanism which we detail.

This Week in Security News - September 17, 2021

17 Sep 2021

2021 Midyear Cybersecurity Report and Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware

Analyzing The ForcedEntry Zero-Click iPhone Exploit Used By Pegasus

15 Sep 2021

Citizen Lab has released a report on a new iPhone threat dubbed ForcedEntry. This zero-click exploit seems to be able to circumvent Apple's BlastDoor security, and allow attackers access to a device without user interaction.

1H’2021 Security Review Shows Active Cloud Attacks

14 Sep 2021

Trend Micro’s midyear report highlights the growing importance of cloud security as attacks increase in frequency and complexity.

September Patch Tuesday: 66 Bulletins, Only 3 Critical

14 Sep 2021

The September 2021 Patch Tuesday cycle is relatively good news for system administrators with only 66 total bulletins. Perhaps more significantly, only three of these were Critical bulletins.

APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs

13 Sep 2021

We have continued tracking APT-C-36, also known as Blind Eagle, since our research on this threat actor in 2019. We share new findings of APT-C-36’s ongoing spam campaign targeting South American entities.

This Week in Security News - September 10, 2021

10 Sep 2021

Biden announces cybersecurity initiative partnership, US Government seeks public feedback on draft federal zero trust strategy and more.

Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs

9 Sep 2021

Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger.

Biden Announces Cybersecurity Initiative Partnership

8 Sep 2021

The announcement marks the US’s extensive collaboration with various private and education sector leaders to address the rising cyber threats in the country.

AT&T, GM Make 5G Connected Car Deal

7 Sep 2021

The collaboration aims to enhance various features on GM’s connected cars, with the hope of having millions of vehicles with 5G connectivity on the road by 2024.

This Week in Security News - September 3, 2021

3 Sep 2021

Proxytoken vulnerability can modify Exchange server configs and Lockbit jumps its own countdown, publishes Bangkok Air files

Analyzing SSL/TLS Certificates Used by Malware

3 Sep 2021

We take a closer look at the SSL/TLS certificates used by malware.

The Evolution of Connected Cars as Defined by Threat Modeling UN R155-Listed Attack Vectors

2 Sep 2021

The United Nations Regulation No. 155 sets requirements for cybersecurity in vehicles. We conducted a threat modelling exercise on its defined attack vectors as a form of risk assessment in order to help organizations comply with this regulation and identify what to prioritize.

API Releases New Standard for Pipeline Control Systems

30 Aug 2021

The latest version comes weeks after US President Biden announced a memo, calling on the improvement of control systems cybersecurity. It also expands the coverage of previous editions, covering all control systems.

This Week in Security News - August 27, 2021

27 Aug 2021

Key takeaways from H1’ 2021 Linux threat report and Google removes fake crypto-mining apps and more.

Scan Your Microsoft Azure Blob Storage for Risks

27 Aug 2021

New on the Trend Micro Cloud One security platform: Learn how easy it is to monitor, identify, and quarantine malicious file entering your Azure Blobs.

What the Norton-Avast Merger Means for Cybersecurity

25 Aug 2021

Recently two consumer cybersecurity vendors merged their respective businesses, what will the impact be on customers, and the cybersecurity industry?

New Campaign Sees LokiBot Delivered Via Multiple Methods

25 Aug 2021

We recently detected an aggressive malware distribution campaign delivering LokiBot via multiple techniques, including the exploitation of older vulnerabilities.

APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign

24 Aug 2021

Our research paper provides an in-depth analysis of Earth Baku's new cyberespionage campaign, particularly the group's use of advanced malware tools and multiple attack vectors.

Key Takeaways from the Linux Threat Report

23 Aug 2021

As the popularity of Linux continues to increase, so does its attack surface. This brings to light a pressing question for organizations: who is responsible for the security of all the Linux instances running your cloud environment?

TippingPoint Threat Protection System Certified by NetSecOPEN

23 Aug 2021

Independent lab results prove the high performance of TippingPoint Threat Protection System.

This Week in Security News - August 20, 2021

20 Aug 2021

This Week in Security News: Tokyo Olympics Leveraged in Cybercrime Attack and T-Mobile Confirms Hack

Empowering T-Mobile Consumers

20 Aug 2021

Here's how the T-Mobile breach may affect you, and what you can do to protect your data.

Level 4 Autonomous Cars Allowed on German Roads

20 Aug 2021

The country is set to take a pioneering role with its latest autonomous vehicle law, temporarily bridging gaps until more concise international and European legal frameworks are set.

Tokyo Olympics Leveraged in Cybercrime Attack

18 Aug 2021

Just before the opening of the Tokyo Olympics, we confirmed an attack that directed users from a fake TV broadcast schedule page to browser notification spam.

Fake Cryptocurrency Mining Apps Trick Victims Into Watching Ads, Paying for Subscription Service

18 Aug 2021

We recently discovered eight deceptive mobile apps that masquerade as cryptocurrency cloud mining applications where users can earn cryptocurrency by investing money into a cloud-mining operation.

Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military

17 Aug 2021

While investigating the Confucius threat actor, we found a recent spear phishing campaign that utilizes Pegasus spyware-related lures to entice victims into opening a malicious document downloading a file stealer.

LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK

16 Aug 2021

The ransomware group LockBit resurfaced in June with LockBit 2.0, with reports indicating an increased number of targeted companies and the incorporation of double extortion features. Our detections followed attack attempts in Chile, Italy, Taiwan, and the UK from July to August.

This Week in Security News - August 13, 2021

13 Aug 2021

This Week in Security News: Hackers Steal $600 million in Largest Ever Cryptocurrency Heist and Cybersecurity is the New ‘Great Game’

#LetsTalkSecurity - Security at the Speed of Change

13 Aug 2021

Let's Talk Security: Season 02 // Episode 05: Host, Rik Ferguson, interviews Vice President and Chief Information Security Officer for Carrier, Nicole Darden Ford. Together they discuss the changing cybersecurity landscape.

Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One

12 Aug 2021

We look into the different implementations of PrintNightmare and include recommendations on how security teams can safeguard their workloads.

Most supply chain attacks target supplier’s code—ENISA

12 Aug 2021

The agency also reported that attacks on the supply chain have grown in number and become more sophisticated. Sixty-two percent of the attacks were also done using malware, requiring enterprises to future-proof their security.

Biden Releases Memo on Critical Cybersecurity Infrastructure Bill

11 Aug 2021

The US president announces the creation of a new cybersecurity initiative, aiming to improve the security of critical infrastructure control systems. New performance goals will also be made, ensuring a consistent baseline for cybersecurity.

ENISA says System Failure is on the Rise

11 Aug 2021

The agency’s latest reports said that system failure comprises more than half of telecom incidents for 2020. Sixty-nine percent of incidents also affected the qualified trust services during the same year.

August Patch Tuesday: A Quiet Month for Microsoft

11 Aug 2021

August proves to be a quieter month for Microsoft, after an eventful July. This month, there were only 44 security bulletins, part of which are three Print Spooler flaws and a further fix for PetitPotam.

Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications

10 Aug 2021

Since June 2021, we’ve been monitoring an in-development ransomware builder called Chaos, which is being offered for testing on an underground forum.

Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising

9 Aug 2021

We found a new social engineering-based malvertising campaign targeting Japan that delivered a malicious application. The malicious application abused sideloading vulnerabilities to load and start the Cinobi banking trojan.

This Week in Security News - August 6, 2021

6 Aug 2021

This week, learn how false advertisers use spam browser notifications to gain ad revenue. Also, read about the results from Trend Micro’s first half 2021 biannual Cyber Risk Index report.

Supply Chain Attacks from a Managed Detection and Response Perspective

4 Aug 2021

In this blog entry, we will take a look at two examples of supply chain attacks that our Managed Detection and Response (MDR) team encountered in the past couple of months.

Homeland Security Releases New Cybersecurity Rules

3 Aug 2021

DHS's second issue requires pipeline operators to implement various cybersecurity measures to protect their operations from cyber attacks. This directive also builds upon the department's May directive following the Colonial Pipeline attack.

The First Half of 2021 Cyber Risk Index

3 Aug 2021

Learn about the current state of cyber risk organizations are facing today based on the Cyber Risk Index results for the first half of 2021.

Browser Notification Spam Tricks Clicks for Ad Revenue

2 Aug 2021

As many countries reintroduced lockdowns and restrictions, more people are once again stuck at home. Not only are people possibly bored at home, but many major sporting events are taking place. This brings fans to streaming sites to watch the games and inadvertently becoming victims of a major click fraud campaign.

This Week in Security News - July 30, 2021

30 Jul 2021

Threat Actors Exploit Apache Hadoop YARN and BlackMatter Ransomware Claims to Be Best of REvil, Darkside.

#LetsTalkSecurity: What Could Possibly Go Wrong?

30 Jul 2021

Let's Talk Security: Season 02 // Episode 04: Host, Rik Ferguson, interviews the Head of Cyber Security for Moonpig, Tash Norris. Together they question, what could go wrong in the world of cyber security?

Risks in Telecommunications IT

29 Jul 2021

We summarize the characteristics, threats, and recommendations to improve the security posture of enterprises' and telecommunications companies' IT infrastructure.

Newark Releases Latest Global IoT Trends Report

27 Jul 2021

The latest trend report also said that security concerns negatively impact the adoption of IoT technologies and the growth of Industry 4.0

New Collaboration with Adobe and MAPP

27 Jul 2021

Collaboration with industry partners is helping secure the digital world by distributing Trend Micro vulnerability information to security vendors more quickly so they can enhance protection for their customers.

Threat Actors Exploit Misconfigured Apache Hadoop YARN

27 Jul 2021

We look into how threat actors are exploiting Apache Hadoop YARN, a part of the Hadoop framework that is responsible for executing tasks on the cluster. This analysis covers the payloads deployed, the tactics used in the attacks, and basic recommendations for strengthening cloud security.

#LetsTalkSecurity: The New Digital Normal

26 Jul 2021

Let's Talk Security: Season 02 // Episode 03: Host, Rik Ferguson, interviews Founder & CEO of MyConnectedHealth, Tyler Cohen Wood. Together they discuss the new digital normal.

5GAA & Global Certification Forum Connect on New Cert.

26 Jul 2021

The Global Certification Forum (GCF) and the 5G Automotive Association (5GAA) announced their collaboration on a new program that will support the drive for interoperability, reliability, and safety of up and coming C-V2X systems.

A Cloud Migration Strategy with Security Embedded

26 Jul 2021

Learn how to build a cloud migration strategy that keeps security in mind.

This Week in Security News - July 23, 2021

23 Jul 2021

StrongPity APT Group Deploys Android Malware for the First Time and STIX Cyberthreat Sharing Standards Approved

Updated XCSSET Malware Targets Telegram, Other Apps

22 Jul 2021

In our last update on the XCSSET campaign, we updated some of its features targeting latest macOS 11 (Big Sur). Since then, the campaign added more features to its toolset, which we have continually monitored. We have also discovered the mechanism used to steal information from various apps, a behavior that has been present since we first discussed XCSSET.

Respect in Security: Anti-Harrassment Initiative

22 Jul 2021

Respect in Security aims to make a concrete difference to the levels of abuse and harassment that are unfortunately all too common in our industry.

Reduce Instances of Covid-19 Phishing Email Attacks

21 Jul 2021

The Covid-19 pandemic has created an unlimited supply of news and topics for cybercriminals to utilize in their attacks, as well as major organizations to spoof. Learn what your organization can do to combat these timely threats.

StrongPity APT Group Deploys Android Malware for the First Time

21 Jul 2021

We recently conducted an investigation into a malicious Android malware sample, which we believe can be attributed to the StrongPity APT group, that was posted on the Syrian e-Gov website. To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks.

Prevent Cyber Risk as a Managed Service Provider (MSP)

20 Jul 2021

MSPs – Say no to the next Ransomware! Protect your Business 24x7 with Trend Micro’s security analysts

TeamTNT Campaigns Emphasize Importance of Addressing Cloud Security Gaps

20 Jul 2021

Having covered TeamTNT in several of our blog entries over the past couple of years, we embarked on a research that encompasses the malicious actor group’s campaigns, tools, and techniques in 2020 and early 2021.

This Week in Security News - July 16, 2021

16 Jul 2021

Trends and Shifts in the Underground N-Day Exploit Market and Scams Make Getting Verified on Social Media a Minefield.

Main Considerations for Securing Enterprise 5G Networks

15 Jul 2021

5G brings countless benefits to enterprises through its scalability, speed, and connectivity. However, these very same features might actually amplify the damage caused by threats if they do infiltrate systems. Security should be a prime concern for enterprises that use 5G networks.

Tesla “Recalls” Vehicles in China due to Safety Glitch

14 Jul 2021

The recall affects over 200,000 Models 3 and Y vehicles

With 5G coming, it’s time to plug security gaps

14 Jul 2021

With 5G introducing new risks, many are finding they don’t have the visibility, tooling or resources to manage such networks securely.

July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems

13 Jul 2021

After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle.

The Underground Exploit Market and the Importance of Virtual Patching

13 Jul 2021

Over the past two calendar years, we conducted research on the underground exploit market to learn more about the life cycle of exploits, the kinds of buyers and sellers who transact, and the business models that are in effect in the underground.

Survey: Phishing & Ransomware Attacks are Top Concerns

12 Jul 2021

Ransomware and phishing attacks will continue to be utilized and will likely see increases in their usage by malicious actors in targeting their victims. Learnings and recommendations from report to improve your prevention and response to these threats.

ETSI Publishes IoT Testing Specs for MQTT, COAP

12 Jul 2021

On June 25, 2021, ETSI released its new IoT Testing Specifications completed by the organization’s committee on Methods for Testing and Specifications. The documents contain seven standards addressing the testing of the IoT MQ Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP) protocols and the foundational security IoT-Profile.

#NoFilter: Exposing the Tactics of Instagram Account Hackers

12 Jul 2021

What tactics do Instagram account hackers use? What do these cybercriminals do with stolen accounts? How can users protect their accounts? We look into Instagram account hacking incidents from a security researcher’s perspective and share recommendations for users of Instagram and other social media platforms.

Summer of Cybercrime Continues: What To Do

9 Jul 2021

We recently coined this as the Summer of Cybercrime. Major ransomware attacks continue to hit companies globally. The attacks can cause significant damage, from a financial, reputation and productivity standpoint.

This Week in Security News - July 9, 2021

9 Jul 2021

Kaseya hit with ransomware attack and top 3 mobile threat takeaways from MWC

BIOPASS RAT: New Malware Sniffs Victims via Live Streaming

9 Jul 2021

We discovered a new malware that targets online gambling companies in China via a watering hole attack, in which visitors are tricked into downloading a malware loader disguised as a legitimate installer for well-known apps such as Adobe Flash Player or Microsoft Silverlight.

Threats Ride on the Covid-19 Vaccination Wave

8 Jul 2021

We continue monitoring cybercriminals and threats that abuse the pandemic. In this update, we detail trends in malicious activities and deployments that exploit vaccination developments and processes worldwide.

How to navigate open source licensing risks

8 Jul 2021

Vulnerabilities aren't the only risk that comes with open source software use. Learn how you can best mitigate licensing risks to ensure your team is meeting all legal requirements while building with open source code.

Tracking Cobalt Strike: A Trend Micro Vision One Investigation

5 Jul 2021

Cobalt Strike is a well-known beacon or post-exploitation tool that has been linked to several ransomware campaigns. This report focuses on the process of uncovering its tracks in order to fully contain and remove a malware infection.

IT Management Platform Kaseya Hit With Sodinokibi/REvil Ransomware Attack

4 Jul 2021

Kaseya has been hit with a REvil (aka Sodinokibi) ransomware attack at the dawn of the Fourth of July weekend. The attack was geared toward their on-premises VSA product.

This Week in Security News July 2, 2021

2 Jul 2021

Nefilim ransomware attack through a MITRE Att&ck lens and PoC exploit circulating for critical Windows Print Spooler bug, and more.

PurpleFox Using WPAD to Target Indonesian Users

1 Jul 2021

The PurpleFox Exploit Kit is now being distributed via WPAD attacks targeting Indonesian users.

Top Countries With ICS Endpoint Malware Detections

30 Jun 2021

The Trend Micro research paper, "2020 Report on Threats Affecting ICS Endpoints,” presents findings on ICS endpoints and the threats that plague them. From these findings, we rounded up the list of the top ten countries with the most malware and grayware detections.

Best Practices for Social Media Security

29 Jun 2021

Social media is a double-edged sword, and as we celebrate #SocialMediaDay, let’s remember to use best security practices to keep us safe from malicious actors who abuse the platforms.

Still Leading In Endpoint And Cloud Workload Security

29 Jun 2021

Cloud workload security and endpoint protection are key to managing security risk. Two new independent IDC reports help CISOs consider their strategic partner options.

Secure Secrets: Managing Authentication Credentials

29 Jun 2021

Secret management plays an important role in keeping essential information secure and out of threat actors’ reach. We discuss what secrets are and how to store them securely.

#LetsTalkSecurity: Adapt or Die

28 Jun 2021

Let's Talk Security: Season 02 // Episode 02: Host, Rik Ferguson, interviews Forrester Analyst, Allie Mellen. Together they discuss to adapt or die.

Nefilim Ransomware Attack Through a MITRE Att&ck Lens

28 Jun 2021

Follow the story of Company X as they suffer an attack from the notorious modern ransomware family, Nefilim, and their affiliates, to learn how you can better mitigate against the common tactic and techniques used in these attacks.

This Week in Security News June 25, 2021

25 Jun 2021

Fake DarkSide campaign targets energy and food sectors and Tulsa police-citation data leaked by Conti Gang

Build a Complete Cloud Visibility Strategy

25 Jun 2021

Trend Micro Cloud One + New Relic come together to offer complete cloud visibility

Are Tax Breaks Encouraging Ransom Payments?

24 Jun 2021

Why tax deductions for ransom payments send the wrong signals to threat actors and their victims

Consolidate For A Secure Digital Transformation

22 Jun 2021

The expedited move to digital transformation has been a lifeline for organizations during the pandemic. Now that these investments have been made, what’s next to continue to drive operational improvements?

NukeSped Copies Fileless Code From Bundlore, Leaves It Unused

22 Jun 2021

While investigating samples of NukeSped, a remote access trojan (RAT), Trend Micro came across several Bundlore adware samples using the same fileless routine that was spotted in NukeSped.

Security Resources Now on AWS CloudFormation Templates

21 Jun 2021

Trend Micro is helping customers natively deploy Infrastructure as Code (IaC) resources for security the same way as cloud native infrastructure in collaboration with AWS CloudFormation.

This Week in Security News June 18, 2021

18 Jun 2021

Bash ransomware targets Linux Distributions and Trend Micro touts zero trust risk insights

Fake DarkSide Campaign Targets Energy and Food Sectors

18 Jun 2021

Threat actors behind a recent campaign pose as DarkSide in a bid to deceive targets into paying ransom.

Employee Excellence within Trend Micro

17 Jun 2021

The team behind a company is the reason for its success. At Trend Micro, we are proud to have a team filled with intelligent individuals who foster innovation to solve tomorrow's challenges to secure our digital world today.

Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions

17 Jun 2021

We investigate how certain hacking tools are used to move laterally on victims’ networks to deploy ransomware. These tools contain reconnaissance/spreader scripts, exploits for Red Hat and CentOS, binary injectors, and more. In this blog, we focus on analyzing the worm and ransomware script.


Kaspersky

Old posts >>

GhostEmperor: From ProxyLogon to kernel mode

30 Sep 2021

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

DarkHalo after SolarWinds: the Tomiris connection

29 Sep 2021

We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar.

FinSpy: unseen findings

28 Sep 2021

FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset, we has been tracking deployments of this spyware since 2011. In the report we decided to share some of our unseen findings about the actual state of FinSpy implants.

BloodyStealer and gaming assets for sale

27 Sep 2021

We take a closer look at threats linked to loss of accounts with popular video game digital distribution services, such as Steam and Origin. We also explore the kind of game-related data that ends up on the black market.

Wake me up till SAS summit ends

23 Sep 2021

What do cyberthreats, Kubernetes and donuts have in common – except that all three end in “ts”, that is? All these topics will be mentioned during the new SAS@Home online conference, scheduled for September 28th-29th, 2021.

Detection evasion in CLR and tips on how to detect such attacks

21 Sep 2021

In this article we demonstrate a detection evasion technique using CLR that may be useful for penetration testing as well as a couple of tips for SOCs to help detect such attacks.

Exploitation of the CVE-2021-40444 vulnerability in MSHTML

16 Sep 2021

Last week, Microsoft reported the RCE vulnerability CVE-2021-40444 in the MSHTML browser engine. Kaspersky is aware of targeted attacks using this vulnerability, and our products protect against attacks leveraging it.

Summer 2021: Friday Night Funkin’, Måneskin and pop it

16 Sep 2021

This report discusses the statistics gathered by Kaspersky Safe Kids on the websites and apps children use, and on children’s YouTube search queries in summer 2021.

Incident response analyst report 2020

13 Sep 2021

We deliver a range of services: incident response, digital forensics and malware analysis. Data in the report comes from our daily practices with organizations seeking assistance with full-blown incident response or complementary expert activities for their internal incident response teams.

Threat landscape for industrial automation systems in H1 2021

09 Sep 2021

Statistics on industrial automation system threats in the first half of 2021: by Kaspersky ICS CERT: share of attacked ICS computers, detected malware etc.


ThreatPost

MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed

01 Oct 2021

Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.

3.1M Neiman Marcus Customer Card Details Breached

01 Oct 2021

Experts say the detection delay of 17 months is a colossal security blunder by the retailer.

Flubot Malware Targets Androids With Fake Security Updates

01 Oct 2021

The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients.

New APT ChamelGang Targets Russian Energy, Aviation Orgs

01 Oct 2021

First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks.

Old posts >>

Google Emergency Update Fixes Two Chrome Zero Days

30 Sep 2021

This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild.

Military’s RFID Tracking of Guns May Endanger Troops

30 Sep 2021

RFID gun tags leave the military exposed to tracking, sniffing and spoofing attacks, experts say.

Tips & Tricks for Unmasking Ghoulish API Behavior

30 Sep 2021

Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity.

Baby’s Death Alleged to Be Linked to Ransomware

30 Sep 2021

Access to heart monitors disabled by the attack allegedly kept staff from spotting blood & oxygen deprivation that led to the baby's death.

Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts

30 Sep 2021

The group uses millions of password combos at the rate of nearly 2,700 login attempts per minute with new techniques that push the ATO envelope.

Apple Pay with Visa Hacked to Make Payments via Locked iPhones

30 Sep 2021

Researchers have demonstrated that someone could use a stolen, locked iPhone to pay for thousands of dollars of goods or services, no authentication needed.


PaloAlto

Wireshark Tutorial: Wireshark Workshop Videos Now Available

01 Oct 2021

Our new Wireshark Workshop videos can help security professionals build their skills in analyzing malicious traffic caused by Windows-based malware.

The post Wireshark Tutorial: Wireshark Workshop Videos Now Available appeared first on Unit42.

Old posts >>

Credential Harvesting at Scale Without Malware

30 Sep 2021

Email credential harvesting can lead to business email compromise and ransomware. Often, attackers simply ask for victims’ credentials.

The post Credential Harvesting at Scale Without Malware appeared first on Unit42.

Highlights From the Unit 42 Cloud Threat Report, 2H 2021

28 Sep 2021

The Unit 42 Cloud Threat Report, 2H 2021, covers supply chain attacks in the cloud and provides actionable recommendations to help prevent them.

The post Highlights From the Unit 42 Cloud Threat Report, 2H 2021 appeared first on Unit42.

Network Security Trends: May-July 2021

17 Sep 2021

Network security trends, May-July 2021: We analyze how vulnerabilities are being exploited in the wild and rank the most common types of attacks.

The post Network Security Trends: May-July 2021 appeared first on Unit42.

Threat Brief: OMI Vulnerabilities (CVE-2021-38645, CVE-2021-38647, CVE-2021-38648 and CVE-2021-38649)

16 Sep 2021

Four critical OMI vulnerabilities – one unauthorized RCE and three privilege escalation – were recently disclosed. Here’s how to remediate them.

The post Threat Brief: OMI Vulnerabilities (CVE-2021-38645, CVE-2021-38647, CVE-2021-38648 and CVE-2021-38649) appeared first on Unit42.

Dangling Domains: Security Threats, Detection and Prevalence

16 Sep 2021

Dangling domains are a largely overlooked threat in DNS, but they can be exploited for domain hijacking and are important to detect.

The post Dangling Domains: Security Threats, Detection and Prevalence appeared first on Unit42.

Phishing Eager Travelers

15 Sep 2021

Travel-themed phishing URLs are on the rise as attackers take aim at people cooped up at home due to the pandemic who are eager to travel.

The post Phishing Eager Travelers appeared first on Unit42.

PhishingJS: A Deep Learning Model for JavaScript-Based Phishing Detection

10 Sep 2021

JavaScript-based phishing is used by some attackers to evade phishing detection systems. We trained a deep learning model to catch it.

The post PhishingJS: A Deep Learning Model for JavaScript-Based Phishing Detection appeared first on Unit42.

Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances

09 Sep 2021

Affecting Azure Container Instances, Azurescape is the first known cross-account container takeover in the public cloud.

The post Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances appeared first on Unit42.

Threat Brief: CVE-2021-26084

03 Sep 2021

Since the release of the advisory on CVE-2021-26084, mass scanning activity and in-the-wild exploitation have begun. Unit 42 recommends updating.

The post Threat Brief: CVE-2021-26084 appeared first on Unit42.

The Innocent Until Proven Guilty Learning Framework Helps Overcome Benign Append Attacks

01 Sep 2021

Benign append attacks hide malware by burying it within benign content. The “Innocent Until Proven Guilty” deep learning model can avoid being fooled.

The post The Innocent Until Proven Guilty Learning Framework Helps Overcome Benign Append Attacks appeared first on Unit42.

DNS Rebinding Attack: How Malicious Websites Exploit Private Networks

31 Aug 2021

DNS rebinding allows attackers to take advantage of web-based consoles to exploit internal networks by abusing the domain name system.

The post DNS Rebinding Attack: How Malicious Websites Exploit Private Networks appeared first on Unit42.

New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305)

30 Aug 2021

We provide analysis of and mitigations for exploits in the wild for a command injection vulnerability, CVE-2021-32305, affecting WebSVN.

The post New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) appeared first on Unit42.

Worldwide Phishing Attacks Ramped Up at the Peak of Working From Home

25 Aug 2021

Phishing attacks are on the rise, and trends in our firewall traffic suggest that remote employees might be especially vulnerable to them.

The post Worldwide Phishing Attacks Ramped Up at the Peak of Working From Home appeared first on Unit42.

Ransomware Groups to Watch: Emerging Threats

24 Aug 2021

Emerging ransomware groups to watch, according to Unit 42 researchers: AvosLocker, Hive Ransomware, HelloKitty and LockBit 2.0.

The post Ransomware Groups to Watch: Emerging Threats appeared first on Unit42.


F-Secure

Old posts >>


McAfee

Old posts >>

Malicious PowerPoint Documents on the Rise

22 Sep 2021

Authored by Anuradha M McAfee Labs have observed a new phishing campaign that utilizes macro capabilities available in Microsoft PowerPoint....

The post Malicious PowerPoint Documents on the Rise appeared first on McAfee Blogs.

Phishing Android Malware Targets Taxpayers in India

03 Sep 2021

Authored by ChanUng Pak   McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The malware steals sensitive financial and private information via phishing by pretending...

The post Phishing Android Malware Targets Taxpayers in India appeared first on McAfee Blogs.

The Rise of Deep Learning for Detection and Classification of Malware

13 Aug 2021

Co-written by Catherine Huang, Ph.D. and Abhishek Karnik  Artificial Intelligence (AI) continues to evolve and has made huge progress over the last decade. AI shapes our daily lives. Deep learning is a subset of techniques in AI that...

The post The Rise of Deep Learning for Detection and Classification of Malware appeared first on McAfee Blogs.

XLSM Malware with MacroSheets

06 Aug 2021

Written by: Lakshya Mathur Excel-based malware has been around for decades and has been in the limelight in recent years. During the second half of 2020, we saw...

The post XLSM Malware with MacroSheets appeared first on McAfee Blogs.

Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems?

29 Jul 2021

Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating...

The post Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems? appeared first on McAfee Blogs.

Fighting new Ransomware Techniques with McAfee’s Latest Innovations

20 Jul 2021

In 2021 ransomware attacks have been dominant among the bigger cyber security stories. Hence, I was not surprised to see...

The post Fighting new Ransomware Techniques with McAfee’s Latest Innovations appeared first on McAfee Blogs.

An Overall Philosophy on the Use of Critical Threat Intelligence

16 Jul 2021

The overarching threat facing cyber organizations today is a highly skilled asymmetric enemy, well-funded and resolute in his task and...

The post An Overall Philosophy on the Use of Critical Threat Intelligence appeared first on McAfee Blogs.

REvil Ransomware Uses DLL Sideloading

16 Jul 2021

This blog was written byVaradharajan Krishnasamy, Karthickkumar, Sakshi Jaiswal Introduction Ransomware attacks are one of the most common cyber-attacks among...

The post REvil Ransomware Uses DLL Sideloading appeared first on McAfee Blogs.

Hancitor Making Use of Cookies to Prevent URL Scraping

08 Jul 2021

Consejos para protegerte de quienes intentan hackear tus correos electrónicos

This blog was written by Vallabh Chole & Oliver Devane Over the years, the cybersecurity industry has seen many threats...

The post Hancitor Making Use of Cookies to Prevent URL Scraping appeared first on McAfee Blogs.

Zloader With a New Infection Technique

08 Jul 2021

This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware...

The post Zloader With a New Infection Technique appeared first on McAfee Blogs.

New Ryuk Ransomware Sample Targets Webservers

07 Jul 2021

Executive Summary Ryuk is a ransomware that encrypts a victim’s files and requests payment in Bitcoin cryptocurrency to release the...

The post New Ryuk Ransomware Sample Targets Webservers appeared first on McAfee Blogs.

Fuzzing ImageMagick and Digging Deeper into CVE-2020-27829

30 Jun 2021

Introduction: ImageMagick is a hugely popular open source software that is used in lot of systems around the world. It...

The post Fuzzing ImageMagick and Digging Deeper into CVE-2020-27829 appeared first on McAfee Blogs.

Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+

28 Jun 2021

Consejos para protegerte de quienes intentan hackear tus correos electrónicos

Introduction Microsoft Windows Graphics Device Interface+, also known as GDI+, allows various applications to use different graphics functionality on video...

The post Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+ appeared first on McAfee Blogs.

McAfee Labs Report Highlights Ransomware Threats

24 Jun 2021

The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: June 2021. In this edition we introduce...

The post McAfee Labs Report Highlights Ransomware Threats appeared first on McAfee Blogs.

A New Program for Your Peloton – Whether You Like It or Not

16 Jun 2021

Connected Fitness

Executive Summary  The McAfee Advanced Threat Research team (ATR) is committed to uncovering security issues in both software and hardware to help developers...

The post A New Program for Your Peloton – Whether You Like It or Not appeared first on McAfee Blogs.

Are Virtual Machines the New Gold for Cyber Criminals?

10 Jun 2021

AI Cyber Security

Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale...

The post Are Virtual Machines the New Gold for Cyber Criminals? appeared first on McAfee Blogs.

Scammers Impersonating Windows Defender to Push Malicious Windows Apps

17 May 2021

Summary points: Scammers are increasingly using Windows Push Notifications to impersonate legitimate alerts Recent campaigns pose as a Windows Defender...

The post Scammers Impersonating Windows Defender to Push Malicious Windows Apps appeared first on McAfee Blogs.

DarkSide Ransomware Victims Sold Short

14 May 2021

How to check for viruses

Over the past week we have seen a considerable body of work focusing on DarkSide, the ransomware responsible for the...

The post DarkSide Ransomware Victims Sold Short appeared first on McAfee Blogs.

Major HTTP Vulnerability in Windows Could Lead to Wormable Exploit

12 May 2021

AI Cyber Security

Today, Microsoft released a highly critical vulnerability (CVE-2021-31166) in its web server http.sys. This product is a Windows-only HTTP server...

The post Major HTTP Vulnerability in Windows Could Lead to Wormable Exploit appeared first on McAfee Blogs.

“Fool’s Gold”: Questionable Vaccines, Bogus Results, and Forged Cards

11 May 2021

Preface Countries all over the world are racing to achieve so-called herd immunity against COVID-19 by vaccinating their populations. From...

The post “Fool’s Gold”: Questionable Vaccines, Bogus Results, and Forged Cards appeared first on McAfee Blogs.

Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware

05 May 2021

Quel antivirus choisir ?

The Roaming Mantis smishing campaign has been impersonating a logistics company to steal SMS messages and contact lists from Asian...

The post Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware appeared first on McAfee Blogs.

How to Stop the Popups

05 May 2021

McAfee is tracking an increase in the use of deceptive popups that mislead some users into taking action, while annoying...

The post How to Stop the Popups appeared first on McAfee Blogs.

Steps to Discover Hidden Threat from Phishing Email

05 May 2021

coin miners

Introduction Email is one of the primary ways of communication in the modern world. We use email to receive notifications...

The post Steps to Discover Hidden Threat from Phishing Email appeared first on McAfee Blogs.

Access Token Theft and Manipulation Attacks – A Door to Local Privilege Escalation

20 Apr 2021

how to run a virus scan

Executive Summary Many malware attacks designed to inflict damage on a network are armed with lateral movement capabilities. Post initial...

The post Access Token Theft and Manipulation Attacks – A Door to Local Privilege Escalation appeared first on McAfee Blogs.

Clever Billing Fraud Applications on Google Play: Etinu

19 Apr 2021

Saibāsekyuriti

A new wave of fraudulent apps has made its way to the Google Play store, targeting Android users in Southwest...

The post Clever Billing Fraud Applications on Google Play: Etinu appeared first on McAfee Blogs.

McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges

13 Apr 2021

The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: April 2021. In this edition, we present...

The post McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges appeared first on McAfee Blogs.

BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain

12 Apr 2021

How to check for viruses

Recently, the McAfee Mobile Research Team uncovered several new variants of the Android malware family BRATA being distributed in Google...

The post BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain appeared first on McAfee Blogs.

McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware

06 Apr 2021

Executive Summary  Cuba ransomware is an older ransomware, that has recently undergone some development. The actors have incorporated the leaking of victim data to increase its impact...

The post McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware appeared first on McAfee Blogs.

McAfee Defender’s Blog: Cuba Ransomware Campaign

06 Apr 2021

Cuba Ransomware Overview Over the past year, we have seen ransomware attackers change the way they have responded to organizations...

The post McAfee Defender’s Blog: Cuba Ransomware Campaign appeared first on McAfee Blogs.

McAfee Defenders Blog: Reality Check for your Defenses

31 Mar 2021

How to check for viruses

Welcome to reality Ever since I started working in IT Security more than 10 years ago, I wondered, what helps...

The post McAfee Defenders Blog: Reality Check for your Defenses appeared first on McAfee Blogs.

Netop Vision Pro – Distance Learning Software is 20/20 in Hindsight

22 Mar 2021

The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help...

The post Netop Vision Pro – Distance Learning Software is 20/20 in Hindsight appeared first on McAfee Blogs.

McAfee Defender’s Blog: Operation Dianxun

16 Mar 2021

Operation Dianxun Overview In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign,...

The post McAfee Defender’s Blog: Operation Dianxun appeared first on McAfee Blogs.

Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies

16 Mar 2021

how to run a virus scan

In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed...

The post Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies appeared first on McAfee Blogs.

Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates

09 Mar 2021

how to run a virus scan

Overview For the March 2021 Patch Tuesday, Microsoft released a set of seven DNS vulnerabilities. Five of the vulnerabilities are...

The post Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates appeared first on McAfee Blogs.

McAfee ATR Thinks in Graphs

08 Mar 2021

0. Introduction John Lambert, a distinguished researcher specializing in threat intelligence at Microsoft, once said these words that changed perspectives:...

The post McAfee ATR Thinks in Graphs appeared first on McAfee Blogs.

Babuk Ransomware

24 Feb 2021

Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises,...

The post Babuk Ransomware appeared first on McAfee Blogs.

Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use

19 Feb 2021

Mobile Conferencing Apps Carry Risks

On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora,...

The post Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use appeared first on McAfee Blogs.

Don’t Call Us We’ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK

17 Feb 2021

texting slang

The McAfee Advanced Threat Research (ATR) team is committed to uncovering security issues in both software and hardware to help...

The post Don’t Call Us We’ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK appeared first on McAfee Blogs.

Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows’ Network Stack

09 Feb 2021

data breach

The concept of a trail of breadcrumbs in the offensive security community is nothing new; for many years, researchers on...

The post Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows’ Network Stack appeared first on McAfee Blogs.

McAfee ATR Launches Education-Inspired Capture the Flag Contest!

27 Jan 2021

McAfee’s Advanced Threat Research team just completed its second annual capture the flag (CTF) contest for internal employees. Based on tremendous...

The post McAfee ATR Launches Education-Inspired Capture the Flag Contest! appeared first on McAfee Blogs.

Two Pink Lines

15 Jan 2021

Depending on your life experiences, the phrase (or country song by Eric Church) “two pink lines” may bring up a...

The post Two Pink Lines appeared first on McAfee Blogs.

A Year in Review: Threat Landscape for 2020

14 Jan 2021

As we gratefully move forward into the year 2021, we have to recognise that 2020 was as tumultuous in the...

The post A Year in Review: Threat Landscape for 2020 appeared first on McAfee Blogs.

2021 Threat Predictions Report

13 Jan 2021

The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector –...

The post 2021 Threat Predictions Report appeared first on McAfee Blogs.

How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise

21 Dec 2020

In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s Orion IT monitoring and management...

The post How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise appeared first on McAfee Blogs.

Additional Analysis into the SUNBURST Backdoor

17 Dec 2020

Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the...

The post Additional Analysis into the SUNBURST Backdoor appeared first on McAfee Blogs.

SUNBURST Malware and SolarWinds Supply Chain Compromise

16 Dec 2020

Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s...

The post SUNBURST Malware and SolarWinds Supply Chain Compromise appeared first on McAfee Blogs.

CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server

10 Nov 2020

CVSS Score: 9.8  Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C  Overview  Microsoft released a patch today for a critical vulnerability (CVE-2020-17051) in the Windows NFSv3 (Network File System) server. NFS is typically...

The post CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server appeared first on McAfee Blogs.

Operation North Star: Behind The Scenes

05 Nov 2020

Executive Summary It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within...

The post Operation North Star: Behind The Scenes appeared first on McAfee Blogs.

Operation North Star: Summary Of Our Latest Analysis

05 Nov 2020

McAfee’s Advanced Threat Research (ATR) today released research that uncovers previously undiscovered information on how Operation North Star evaluated its...

The post Operation North Star: Summary Of Our Latest Analysis appeared first on McAfee Blogs.

McAfee Labs Report Reveals Continuing Surge of COVID-19 Threats and Malware

05 Nov 2020

The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: November 2020. In this edition, we follow...

The post McAfee Labs Report Reveals Continuing Surge of COVID-19 Threats and Malware appeared first on McAfee Blogs.

CVE-2020-16898: “Bad Neighbor”

13 Oct 2020

CVE-2020-16898: “Bad Neighbor” CVSS Score: 8.8 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Overview Today, Microsoft announced a critical vulnerability in the Windows IPv6 stack,...

The post CVE-2020-16898: “Bad Neighbor” appeared first on McAfee Blogs.

Our Experiences Participating in Microsoft’s Azure Sphere Bounty Program

06 Oct 2020

From June to August, part of the McAfee Advanced Threat Research (ATR) team participated in Microsoft’s Azure Sphere Research Challenge.  Our research resulted...

The post Our Experiences Participating in Microsoft’s Azure Sphere Bounty Program appeared first on McAfee Blogs.

Securing Space 4.0 – One Small Step or a Giant Leap? Part 1

01 Oct 2020

McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and...

The post Securing Space 4.0 – One Small Step or a Giant Leap? Part 1 appeared first on McAfee Blogs.

Securing Space 4.0 – One Small Step or a Giant Leap? Part 2

01 Oct 2020

McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and...

The post Securing Space 4.0 – One Small Step or a Giant Leap? Part 2 appeared first on McAfee Blogs.

Vulnerability Discovery in Open Source Libraries: Analyzing CVE-2020-11863

01 Sep 2020

Open Source projects are the building blocks of any software development process. As we indicated in our previous blog, as...

The post Vulnerability Discovery in Open Source Libraries: Analyzing CVE-2020-11863 appeared first on McAfee Blogs.

On Drovorub: Linux Kernel Security Best Practices

13 Aug 2020

Intro In a U.S. government cyber security advisory released today, the National Security Agency and Federal Bureau of Investigation warn...

The post On Drovorub: Linux Kernel Security Best Practices appeared first on McAfee Blogs.

Vulnerability Discovery in Open Source Libraries Part 1: Tools of the Trade

12 Aug 2020

Executive Summary Open source has become the foundation for modern software development. Vendors use open source software to stay competitive...

The post Vulnerability Discovery in Open Source Libraries Part 1: Tools of the Trade appeared first on McAfee Blogs.

Robot Character Analysis Reveals Trust Issues

06 Aug 2020

Retired Marine fighter pilot and Top Gun instructor Dave Berke said “Every single thing you do in your life, every...

The post Robot Character Analysis Reveals Trust Issues appeared first on McAfee Blogs.

Call an Exorcist! My Robot’s Possessed!

06 Aug 2020

Overview As part of our continued goal of helping developers provide safer products for businesses and consumers, we here at...

The post Call an Exorcist! My Robot’s Possessed! appeared first on McAfee Blogs.

Dopple-ganging up on Facial Recognition Systems

05 Aug 2020

Co-authored with Jesse Chick, OSU Senior and Former McAfee Intern, Primary Researcher. Special thanks to Dr. Catherine Huang, McAfee Advanced...

The post Dopple-ganging up on Facial Recognition Systems appeared first on McAfee Blogs.

Ripple20 Critical Vulnerabilities – Detection Logic and Signatures

05 Aug 2020

This document has been prepared by McAfee Advanced Threat Research in collaboration with JSOF who discovered and responsibly disclosed the...

The post Ripple20 Critical Vulnerabilities – Detection Logic and Signatures appeared first on McAfee Blogs.

McAfee Defender’s Blog: NetWalker

03 Aug 2020

Building Adaptable Security Architecture Against NetWalker NetWalker Overview The NetWalker ransomware, initially known as Mailto, was first detected in August...

The post McAfee Defender’s Blog: NetWalker appeared first on McAfee Blogs.

Take a “NetWalk” on the Wild Side

03 Aug 2020

How to check for viruses

Executive Summary The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were...

The post Take a “NetWalk” on the Wild Side appeared first on McAfee Blogs.

Operation (노스 스타) North Star A Job Offer That’s Too Good to be True?

30 Jul 2020

Executive Summary We are in the midst of an economic slump [1], with more candidates than there are jobs, something...

The post Operation (노스 스타) North Star A Job Offer That’s Too Good to be True? appeared first on McAfee Blogs.

McAfee Defender’s Blog: Operation North Star Campaign

30 Jul 2020

Building Adaptable Security Architecture Against the Operation North Star Campaign Operation North Star Overview Over the last few months, we...

The post McAfee Defender’s Blog: Operation North Star Campaign appeared first on McAfee Blogs.

Six Hundred Million Reasons to Celebrate: No More Ransom Turns FOUR!!

27 Jul 2020

Happy Birthday! Today we mark the fourth anniversary of the NoMoreRansom initiative with over 4.2 million visitors, from 188 countries,...

The post Six Hundred Million Reasons to Celebrate: No More Ransom Turns FOUR!! appeared first on McAfee Blogs.

Hunting for Blues – the WSL Plan 9 Protocol BSOD

23 Jul 2020

Windows Subsystem for Linux Plan 9 Protocol Research Overview This is the final blog in the McAfee research series trilogy...

The post Hunting for Blues – the WSL Plan 9 Protocol BSOD appeared first on McAfee Blogs.

McAfee COVID-19 Report Reveals Pandemic Threat Evolution

22 Jul 2020

The McAfee Advanced Threat Research team today published the McAfee® Labs COVID-19 Threats Report, July 2020. In this “Special Edition”...

The post McAfee COVID-19 Report Reveals Pandemic Threat Evolution appeared first on McAfee Blogs.

Ripple20 Vulnerability Mitigation Best Practices

22 Jun 2020

On June 16th, the Department of Homeland Security and CISA ICS-CERT issued a critical security advisory warning covering multiple newly discovered vulnerabilities affecting...

The post Ripple20 Vulnerability Mitigation Best Practices appeared first on McAfee Blogs.

My Adventures Hacking the iParcelBox

18 Jun 2020

In 2019, McAfee Advanced Threat Research (ATR) disclosed a vulnerability in a product called BoxLock. Sometime after this, the CEO...

The post My Adventures Hacking the iParcelBox appeared first on McAfee Blogs.

What’s in the Box? Part II: Hacking the iParcelBox

18 Jun 2020

Package delivery is just one of those things we take for granted these days. This is especially true in the...

The post What’s in the Box? Part II: Hacking the iParcelBox appeared first on McAfee Blogs.

RagnarLocker Ransomware Threatens to Release Confidential Information

09 Jun 2020

Ransomware

EXECUTIVE SUMMARY The RagnarLocker ransomware first appeared in the wild at the end of December 2019 as part of a...

The post RagnarLocker Ransomware Threatens to Release Confidential Information appeared first on McAfee Blogs.

OneDrive Phishing Awareness

08 Jun 2020

There are number of ways scammers use to target personal information and, currently, one example is, they are taking advantage...

The post OneDrive Phishing Awareness appeared first on McAfee Blogs.

How To Use McAfee ATP to Protect Against Emotet, LemonDuck and PowerMiner

19 May 2020

Introduction This blog describes how McAfee ATP (Adaptive Threat Protection) rules are used within McAfee Endpoint Security products. It will...

The post How To Use McAfee ATP to Protect Against Emotet, LemonDuck and PowerMiner appeared first on McAfee Blogs.

ENS 10.7 Rolls Back the Curtain on Ransomware

07 May 2020

Ransomware protection and incident response is a constant battle for IT, security engineers and analysts under normal circumstances, but with...

The post ENS 10.7 Rolls Back the Curtain on Ransomware appeared first on McAfee Blogs.

Cybercriminals Actively Exploiting RDP to Target Remote Organizations

07 May 2020

The COVID-19 pandemic has prompted many companies to enable their employees to work remotely and, in a large number of...

The post Cybercriminals Actively Exploiting RDP to Target Remote Organizations appeared first on McAfee Blogs.

COVID-19 – Malware Makes Hay During a Pandemic

07 May 2020

Special thanks to Prajwala Rao, Oliver Devane, Shannon Cole, Ankit Goel and members of Malware Research for their contribution and...

The post COVID-19 – Malware Makes Hay During a Pandemic appeared first on McAfee Blogs.

Tales From the Trenches; a Lockbit Ransomware Story

01 May 2020

Co-authored by Marc RiveroLopez. In collaboration with Northwave As we highlighted previously across two blogs, targeted ransomware attacks have increased...

The post Tales From the Trenches; a Lockbit Ransomware Story appeared first on McAfee Blogs.

MalBus Actor Changed Market from Google Play to ONE Store

09 Apr 2020

McAfee Mobile Research team has found another variant of MalBus on an education application, developed by a South Korean developer....

The post MalBus Actor Changed Market from Google Play to ONE Store appeared first on McAfee Blogs.

Transitioning to a Mass Remote Workforce – We Must Verify Before Trusting

07 Apr 2020

While not a new practice, the sheer volume of people required to adhere to social distancing best practices means we...

The post Transitioning to a Mass Remote Workforce – We Must Verify Before Trusting appeared first on McAfee Blogs.

COVID-19 Threat Update – now includes Blood for Sale

07 Apr 2020

Although the use of global events as a vehicle to drive digital crime is hardly surprising, the current outbreak of...

The post COVID-19 Threat Update – now includes Blood for Sale appeared first on McAfee Blogs.

Nemty Ransomware – Learning by Doing

02 Apr 2020

Executive Summary The McAfee Advanced Threat Research Team (ATR) observed a new ransomware family named ‘Nemty’ on 20 August 2019....

The post Nemty Ransomware – Learning by Doing appeared first on McAfee Blogs.

Ransomware Maze

26 Mar 2020

EXECUTIVE SUMMARY The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019...

The post Ransomware Maze appeared first on McAfee Blogs.

Staying Safe While Working Remotely

18 Mar 2020

Special thanks to Tim Hux and Sorcha Healy for their assistance. The demand for remote working as a result of...

The post Staying Safe While Working Remotely appeared first on McAfee Blogs.

SMBGhost – Analysis of CVE-2020-0796

13 Mar 2020

The Vulnerability The latest vulnerability in SMBv3 is a “wormable” vulnerability given its potential ability to replicate or spread over...

The post SMBGhost – Analysis of CVE-2020-0796 appeared first on McAfee Blogs.

Android/LeifAccess.A is the Silent Fake Reviewer Trojan

04 Mar 2020

The McAfee Mobile Research team has identified an Android malware family dubbed Android/LeifAccess.A that has been active since May 2019....

The post Android/LeifAccess.A is the Silent Fake Reviewer Trojan appeared first on McAfee Blogs.

Multi-tricks HiddenAds Malware

04 Mar 2020

Thousands of HiddenAds Trojan Apps Masquerade as Google Play Apps The McAfee mobile research team has recently discovered a new...

The post Multi-tricks HiddenAds Malware appeared first on McAfee Blogs.

CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II

20 Feb 2020

In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often...

The post CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II appeared first on McAfee Blogs.

Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles

19 Feb 2020

The last several years have been fascinating for those of us who have been eagerly observing the steady move towards...

The post Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles appeared first on McAfee Blogs.

Introduction and Application of Model Hacking

19 Feb 2020

Catherine Huang, Ph.D., and Shivangee Trivedi contributed to this blog. The term “Adversarial Machine Learning” (AML) is a mouthful!  The...

The post Introduction and Application of Model Hacking appeared first on McAfee Blogs.

CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I

12 Feb 2020

malware

For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat...

The post CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I appeared first on McAfee Blogs.

Knock, Knock – Who’s There?

11 Feb 2020

A Windows Linux Subsystem Interop Analysis Following our research from Evil Twins and Windows Linux Subsystem, interoperability between different WSL...

The post Knock, Knock – Who’s There? appeared first on McAfee Blogs.

How Chinese Cybercriminals Use Business Playbook to Revamp Underground

11 Feb 2020

Preface Because of its longevity and technical sophistication, the Russian cybercriminal underground has long been the benchmark for threat researchers...

The post How Chinese Cybercriminals Use Business Playbook to Revamp Underground appeared first on McAfee Blogs.

Intelligence in the Enterprise

11 Feb 2020

Intelligence became an integral military discipline centuries ago. More recently, this practice evolved into what is called Intelligence Preparation of the Battlefield,...

The post Intelligence in the Enterprise appeared first on McAfee Blogs.

U.S. Battleground County Website Security Survey

04 Feb 2020

Today McAfee released the results of a survey of county websites and county election administration websites in the 13 states...

The post U.S. Battleground County Website Security Survey appeared first on McAfee Blogs.

An Inside Look into Microsoft Rich Text Format and OLE Exploits

24 Jan 2020

There has been a dramatic shift in the platforms targeted by attackers over the past few years. Up until 2016,...

The post An Inside Look into Microsoft Rich Text Format and OLE Exploits appeared first on McAfee Blogs.

CurveBall – An Unimaginative Pun but a Devastating Bug

18 Jan 2020

Enterprise customers looking for information on defending against Curveball can find information here. 2020 came in with a bang this...

The post CurveBall – An Unimaginative Pun but a Devastating Bug appeared first on McAfee Blogs.

What CVE-2020-0601 Teaches Us About Microsoft’s TLS Certificate Verification Process

17 Jan 2020

By: Jan Schnellbächer and Martin Stecher, McAfee Germany GmbH This week security researches around the world were very busy working...

The post What CVE-2020-0601 Teaches Us About Microsoft’s TLS Certificate Verification Process appeared first on McAfee Blogs.

Iran Cyber Threat Update

08 Jan 2020

Recent political tensions in the Middle East region have led to significant speculation of increased cyber-related activities. McAfee is on...

The post Iran Cyber Threat Update appeared first on McAfee Blogs.

We Be Jammin’ – Bypassing Chamberlain myQ Garage Doors

07 Jan 2020

The idea of controlling your garage door remotely and verifying that everything is secure at home, or having packages delivered...

The post We Be Jammin’ – Bypassing Chamberlain myQ Garage Doors appeared first on McAfee Blogs.

The Cloning of The Ring – Who Can Unlock Your Door?

07 Jan 2020

Steve Povolny contributed to this report. McAfee’s Advanced Threat Research team performs security analysis of products and technologies across nearly...

The post The Cloning of The Ring – Who Can Unlock Your Door? appeared first on McAfee Blogs.

The Tradeoff Between Convenience and Security – A Balancing Act for Consumers and Manufacturers

07 Jan 2020

This week McAfee Advanced Threat Research (ATR) published new findings, uncovering security flaws in two popular IoT devices: a connected...

The post The Tradeoff Between Convenience and Security – A Balancing Act for Consumers and Manufacturers appeared first on McAfee Blogs.

Top Tips to Spot Tech Support Scams

12 Dec 2019

There are number of ways scammers use to target your money or personal details.  These scams include support sites for...

The post Top Tips to Spot Tech Support Scams appeared first on McAfee Blogs.

Analysis of LooCipher, a New Ransomware Family Observed This Year

05 Dec 2019

Co-authored by Marc RiveroLopez. Initial Discovery This year seems to again be the year for ransomware. Notorious attacks were made...

The post Analysis of LooCipher, a New Ransomware Family Observed This Year appeared first on McAfee Blogs.

McAfee Labs 2020 Threats Predictions Report

05 Dec 2019

With 2019’s headlines of ransomware, malware, and RDP attacks almost behind us, we shift our focus to the cybercrime threats...

The post McAfee Labs 2020 Threats Predictions Report appeared first on McAfee Blogs.

Spanish MSSP Targeted by BitPaymer Ransomware

08 Nov 2019

Co-authored by Marc RiveroLopez Initial Discovery This week the news hit that several companies in Spain were hit by a...

The post Spanish MSSP Targeted by BitPaymer Ransomware appeared first on McAfee Blogs.

Buran Ransomware; the Evolution of VegaLocker

05 Nov 2019

McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as...

The post Buran Ransomware; the Evolution of VegaLocker appeared first on McAfee Blogs.

Office 365 Users Targeted by Voicemail Scam Pages

31 Oct 2019

Over the past few weeks McAfee Labs has been observing a new phishing campaign using a fake voicemail message to...

The post Office 365 Users Targeted by Voicemail Scam Pages appeared first on McAfee Blogs.

Did You Check Your Quarantine?!

28 Oct 2019

A cost-effective way to detect targeted attacks in your enterprise While it is easy to get caught up in the...

The post Did You Check Your Quarantine?! appeared first on McAfee Blogs.

Using Expert Rules in ENS to Prevent Malicious Exploits

25 Oct 2019

Expert Rules are text-based custom rules that can be created in the Exploit Prevention policy in ENS Threat Prevention 10.5.3+....

The post Using Expert Rules in ENS to Prevent Malicious Exploits appeared first on McAfee Blogs.

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo

21 Oct 2019

Episode 4: Crescendo This is the final installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its...

The post McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo appeared first on McAfee Blogs.

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money

14 Oct 2019

Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi...

The post McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money appeared first on McAfee Blogs.

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – The All-Stars

02 Oct 2019

Episode 2: The All-Stars Analyzing Affiliate Structures in Ransomware-as-a-Service Campaigns This is the second installment of the McAfee Advanced Threat...

The post McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – The All-Stars appeared first on McAfee Blogs.

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us

02 Oct 2019

Episode 1: What the Code Tells Us McAfee’s Advanced Threat Research team (ATR) observed a new ransomware family in the...

The post McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us appeared first on McAfee Blogs.

How Visiting a Trusted Site Could Infect Your Employees

10 Sep 2019

The Artful and Dangerous Dynamics of Watering Hole Attacks A group of researchers recently published findings of an exploitation of multiple...

The post How Visiting a Trusted Site Could Infect Your Employees appeared first on McAfee Blogs.

Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study

09 Sep 2019

Executive Summary Malware evasion techniques are widely used to circumvent detection as well as analysis and understanding. One of the...

The post Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study appeared first on McAfee Blogs.

Apple iOS Attack Underscores Importance of Threat Research

04 Sep 2019

The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected,...

The post Apple iOS Attack Underscores Importance of Threat Research appeared first on McAfee Blogs.

Analyzing and Identifying Issues with the Microsoft Patch for CVE-2018-8423

28 Aug 2019

Introduction As of July 2019, Microsoft has fixed around 43 bugs in the Jet Database Engine. McAfee has reported a...

The post Analyzing and Identifying Issues with the Microsoft Patch for CVE-2018-8423 appeared first on McAfee Blogs.

The Twin Journey, Part 3: I’m Not a Twin, Can’t You See my Whitespace at the End?

13 Aug 2019

In this series of 3 blogs (you can find part 1 here, and part 2 here), so far we have...

The post The Twin Journey, Part 3: I’m Not a Twin, Can’t You See my Whitespace at the End? appeared first on McAfee Blogs.

McAfee AMSI Integration Protects Against Malicious Scripts

12 Aug 2019

Following on from the McAfee Protects against suspicious email attachments blog, this blog describes how the AMSI (Antimalware Scan Interface)...

The post McAfee AMSI Integration Protects Against Malicious Scripts appeared first on McAfee Blogs.

From Building Control to Damage Control: A Case Study in Industrial Security Featuring Delta’s enteliBUS Manager

09 Aug 2019

Management. Control. It seems that you can’t stick five people in a room together without one of them trying to...

The post From Building Control to Damage Control: A Case Study in Industrial Security Featuring Delta’s enteliBUS Manager appeared first on McAfee Blogs.

HVACking: Understanding the Delta Between Security and Reality

09 Aug 2019

The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help...

The post HVACking: Understanding the Delta Between Security and Reality appeared first on McAfee Blogs.

Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware

08 Aug 2019

Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies...

The post Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware appeared first on McAfee Blogs.

MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play

07 Aug 2019

The McAfee mobile research team has found a new type of Android malware for the MoqHao phishing campaign (a.k.a. XLoader...

The post MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play appeared first on McAfee Blogs.

The Twin Journey, Part 2: Evil Twins in a Case In-sensitive Land

06 Aug 2019

In the first of this 3-part blog series, we covered the implications of promoting files to “Evil Twins” where they...

The post The Twin Journey, Part 2: Evil Twins in a Case In-sensitive Land appeared first on McAfee Blogs.

DHCP Client Remote Code Execution Vulnerability Demystified

02 Aug 2019

CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for...

The post DHCP Client Remote Code Execution Vulnerability Demystified appeared first on McAfee Blogs.

Clop Ransomware

01 Aug 2019

This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This...

The post Clop Ransomware appeared first on McAfee Blogs.

The Twin Journey, Part 1

31 Jul 2019

Summary and Introduction: The recent changes in Windows 10, aiming to add case sensitivity (CS) at directory level, have prompted...

The post The Twin Journey, Part 1 appeared first on McAfee Blogs.

Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423

30 Jul 2019

In September 2018, the Zero Day Initiative published a proof of concept for a vulnerability in Microsoft’s Jet Database Engine....

The post Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423 appeared first on McAfee Blogs.

What Is Mshta, How Can It Be Used and How to Protect Against It

29 Jul 2019

The not-so Usual Suspects There is a growing trend for attackers to more heavily utilize tools that already exist on...

The post What Is Mshta, How Can It Be Used and How to Protect Against It appeared first on McAfee Blogs.

Examining the Link Between TLD Prices and Abuse

26 Jul 2019

This blog was written by Charlie Feng. Briefing Over the years, McAfee researchers have observed that certain new top-level Domains...

The post Examining the Link Between TLD Prices and Abuse appeared first on McAfee Blogs.

No More Ransom Blows Out Three Birthday Candles Today

26 Jul 2019

Collaborative Initiative Celebrates Helping More Than 200,000 Victims and Preventing More Than 100 million USD From Falling into Criminal Hands...

The post No More Ransom Blows Out Three Birthday Candles Today appeared first on McAfee Blogs.

Demystifying Blockchain: Sifting Through Benefits, Examples and Choices

23 Jul 2019

You have likely heard that blockchain will disrupt everything from banking to retail to identity management and more. You may...

The post Demystifying Blockchain: Sifting Through Benefits, Examples and Choices appeared first on McAfee Blogs.

McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder

17 Jul 2019

Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an...

The post McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder appeared first on McAfee Blogs.

16Shop Now Targets Amazon

12 Jul 2019

Since early November 2018 McAfee Labs have observed a phishing kit, dubbed 16Shop, being used by malicious actors to target...

The post 16Shop Now Targets Amazon appeared first on McAfee Blogs.

RDP Security Explained

24 Jun 2019

RDP on the Radar Recently, McAfee released a blog related to the wormable RDP vulnerability referred to as CVE-2019-0708 or...

The post RDP Security Explained appeared first on McAfee Blogs.

Why Process Reimaging Matters

20 Jun 2019

As this blog goes live, Eoin Carroll will be stepping off the stage at Hack in Paris having detailed the...

The post Why Process Reimaging Matters appeared first on McAfee Blogs.

In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass

20 Jun 2019

Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR...

The post In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass appeared first on McAfee Blogs.

Mr. Coffee with WeMo: Double Roast

30 May 2019

McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please...

The post Mr. Coffee with WeMo: Double Roast appeared first on McAfee Blogs.

Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement

22 May 2019

A much overlooked but essential part in financially motivated (cyber)crime is making sure that the origins of criminal funds are...

The post Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement appeared first on McAfee Blogs.

RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708

21 May 2019

During Microsoft’s May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol (RDP)....

The post RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708 appeared first on McAfee Blogs.

LockerGoga Ransomware Family Used in Targeted Attacks

29 Apr 2019

Co-authored by Marc RiveroLopez. Initial discovery Once again, we have seen a significant new ransomware family in the news. LockerGoga,...

The post LockerGoga Ransomware Family Used in Targeted Attacks appeared first on McAfee Blogs.

IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?

18 Apr 2019

Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary...

The post IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? appeared first on McAfee Blogs.

Analysis of a Chrome Zero Day: CVE-2019-5786

20 Mar 2019

1. Introduction On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader...

The post Analysis of a Chrome Zero Day: CVE-2019-5786 appeared first on McAfee Blogs.

Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250)

14 Mar 2019

Earlier this month Check Point Research reported discovery of a 19 year old code execution vulnerability in the wildly popular...

The post Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) appeared first on McAfee Blogs.

McAfee Protects Against Suspicious Email Attachments

04 Mar 2019

Email remains a top vector for attackers.  Over the years, defenses have evolved, and policy-based protections have become standard for...

The post McAfee Protects Against Suspicious Email Attachments appeared first on McAfee Blogs.

JAVA-VBS Joint Exercise Delivers RAT

01 Mar 2019

The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an...

The post JAVA-VBS Joint Exercise Delivers RAT appeared first on McAfee Blogs.

Your Smart Coffee Maker is Brewing Up Trouble

25 Feb 2019

IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more...

The post Your Smart Coffee Maker is Brewing Up Trouble appeared first on McAfee Blogs.

What’s in the Box?

25 Feb 2019

2018 was another record-setting year in the continuing trend for consumer online shopping.  With an increase in technology and efficiency,...

The post What’s in the Box? appeared first on McAfee Blogs.

Ryuk, Exploring the Human Connection

20 Feb 2019

In collaboration with Bill Siegel and Alex Holdtman from Coveware.   At the beginning of 2019, McAfee ATR published an...

The post Ryuk, Exploring the Human Connection appeared first on McAfee Blogs.