What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-06-29 17:19:06 | Industry Experts Weigh in on McAfee\'s Proactive Cybersecurity (lien direct) | 
Recently Forbes shared an accurate depiction of McAfee in its article, McAfee Finally On The Right Path. Let me extend their innovation story and share with you the leadership path McAfee continues to blaze in cybersecurity. Imagine if organizations knew of high severity threats targeting their industry sector and geographies before they encountered such threats, with precise knowledge if their countermeasures could stop the threat? Also imagine if the countermeasures could not stop the threats, and they knew what they should do to improve those countermeasures so that the threat would be stopped? Doing all these […]
|
Threat Guideline | ||
|
2020-06-26 20:31:58 | McAfee Vision for SASE: Making Cloud Adoption Fast, Easy and Secure (lien direct) | 
While cloud services deliver on promised savings and convenience, keeping everything secure remains a moving target for many organizations. That's because the enterprise perimeter has not only expanded, it has pushed the service edge to anywhere business takes you-or employees choose to go. Consequently, many organizations must uplevel how they protect cloud-based apps, data and […]
|
|||
|
2020-06-25 15:00:15 | How McAfee Makes an Impact: 2019 CSR Report Launch (lien direct) | 
At McAfee, we defend the world from cyber threats. We live our values daily. But most importantly, we recognize the power of inclusion and diversity in helping to create a better world inside and outside of McAfee. Recently, we launched our 2019 corporate social responsibility report-our Impact Report. Last year, just our second year as […]
|
|||
|
2020-06-24 13:43:11 | Medical Care #FromHome: Telemedicine and Seniors (lien direct) | 
Medical Care From Home: Telemedicine and Seniors For weeks and even months now, millions of us have relied on the internet in ways we haven't before. We've worked remotely on it, our children have schooled from home on it, and we've pushed the limits of our household bandwidth as families have streamed, gamed, and conferenced […]
|
|||
|
2020-06-23 04:01:52 | Read Before You Binge-Watch: Here are the TV Shows & Movies to Look Out For (lien direct) | 
If you've been following recent stay-at-home orders, it's likely that you've been scavenging the internet for new content to help pass the time. In fact, according to Nielson, there was an 85% increase in American streaming rates in the first three weeks of March this year compared to March 2019 reports. But having multiple streaming subscriptions can quickly add up. Consequentially, users who are […]
|
|||
|
2019-11-08 12:00:53 | Spanish MSSP Targeted by BitPaymer Ransomware (lien direct) | 
Initial Discovery This week the news hit that several companies in Spain were hit by a ransomware attack. Ransomware attacks themselves are not new but, by interacting with one of the cases in Spain, we want to highlight in this blog how well prepared and targeted an attack can be and how it appears to […]
|
Ransomware | ||
|
2019-11-05 17:37:32 | Buran Ransomware; the Evolution of VegaLocker (lien direct) | 
McAfee's Advanced Threat Research Team observed how a new ransomware family named 'Buran' appeared in May 2019. Buran works as a RaaS model like other ransomware families such as REVil, GandCrab (now defunct), Phobos, etc. The author(s) take 25% of the income earned by affiliates, instead of the 30% – 40%, numbers from notorious malware […]
|
Ransomware Malware Threat | ||
|
2019-10-31 04:01:09 | Office 365 Users Targeted by Voicemail Scam Pages (lien direct) | 
Over the past few weeks McAfee Labs has been observing a new phishing campaign using a fake voicemail message to lure victims into entering their Office 365 email credentials. At first, we believed that only one phishing kit was being used to harvest the user's credentials. However, during our investigation, we found three different malicious […]
|
|||
|
2019-10-28 16:02:38 | Did You Check Your Quarantine?! (lien direct) | 
A cost-effective way to detect targeted attacks in your enterprise While it is easy to get caught up in the many waves of new and exciting protection strategies, we have recently discovered an interesting approach to detect a targeted attack and the related actor(s). Quite surprisingly, a big part of the solution already exists in […]
|
|||
|
2019-10-25 15:41:38 | Using Expert Rules in ENS 10.5.3 to Prevent Malicious Exploits (lien direct) | 
Expert Rules are text-based custom rules that can be created in the Exploit Prevention policy in ENS Threat Prevention 10.5.3+. Expert Rules provide additional parameters and allow much more flexibility than the custom rules that can be created in the Access Protection policy. It also allows system administration to control / monitor an endpoint system […]
|
Threat | ||
|
2019-10-21 04:01:24 | McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo (lien direct) | Episode 4: Crescendo This is the final installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to GandGrab, the most prolific Ransomware-as-a-Service (RaaS) Campaign of 2018 and mid 2019. In this final episode of our series we will zoom in on the operations, techniques and tools used by different affiliate […] | Threat | ||
|
2019-10-14 13:33:20 | McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money (lien direct) |
Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to GandCrab, the most prolific Ransomware-as-a-Service (RaaS) Campaign of 2018 and mid 2019. The Talking Heads once sang “We're on a road to nowhere.” This expresses how challenging it can be when […]
|
Threat | ||
|
2019-10-02 16:05:54 | McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – The All-Stars (lien direct) | 
Episode 2: The All-Stars Analyzing Affiliate Structures in Ransomware-as-a-Service Campaigns This is the second installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to GandGrab, the most prolific Ransomware-as-a-Service (RaaS) Campaign of 2018 and mid-2019. GandCrab announced its retirement at the end of May. Since then, a new RaaS family […]
|
Threat | ||
|
2019-10-02 16:05:20 | McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us (lien direct) |
Episode 1: What the Code Tells Us McAfee's Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil), at the end of April 2019. Around this same time, the GandCrab ransomware crew announced they would shut down their operations. Coincidence? Or is there more to the story? In […]
|
Ransomware Threat | ||
|
2019-09-10 19:27:03 | How Visiting a Trusted Site Could Infect Your Employees (lien direct) | 
The Artful and Dangerous Dynamics of Watering Hole Attacks A group of researchers recently published findings of an exploitation of multiple iPhone vulnerabilities using websites to infect final targets. The key concept behind this type of attack is the use of trusted websites as an intermediate platform to attack others, and it's defined as a watering hole […]
|
|||
|
2019-09-09 19:05:05 | Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study (lien direct) | 
Executive Summary Malware evasion techniques are widely used to circumvent detection as well as analysis and understanding. One of the dominant categories of evasion is anti-sandbox detection, simply because today's sandboxes are becoming the fastest and easiest way to have an overview of the threat. Many companies use these kinds of systems to detonate malicious […]
|
Malware | ||
|
2019-09-04 20:21:02 | Apple iOS Attack Underscores Importance of Threat Research (lien direct) | 
The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected, through the use of zero-day vulnerabilities. In this scenario, a threat actor or actors operated multiple compromised websites, using at least one or more zero-day vulnerabilities and numerous unique exploit chains and known vulnerabilities to […]
|
Threat | ||
|
2019-08-28 15:06:01 | Analyzing and Identifying Issues with the Microsoft Patch for CVE-2018-8423 (lien direct) |
Introduction As of July 2019, Microsoft has fixed around 43 bugs in the Jet Database Engine. McAfee has reported a couple of bugs and, so far, we have received 10 CVE's from Microsoft. In our previous post, we discussed the root cause of CVE-2018-8423. While analyzing this CVE and patch from Microsoft, we found that […]
|
|||
|
2019-08-13 14:01:03 | The Twin Journey, Part 3: I\'m Not a Twin, Can\'t You See my Whitespace at the End? (lien direct) |
In this series of 3 blogs (you can find part 1 here, and part 2 here), so far we have understood the implications of promoting files to “Evil Twins” where they can be created and remain in the system as different entities once case sensitiveness is enabled, and some issues that could be raised by […]
|
|||
|
2019-08-12 13:00:04 | McAfee AMSI Integration Protects Against Malicious Scripts (lien direct) |
Following on from the McAfee Protects against suspicious email attachments blog, this blog describes how the AMSI (Antimalware Scan Interface) is used within the various McAfee Endpoint products. The AMSI scanner within McAfee ENS 10.6 has already detected over 650,000 pieces of Malware since the start of 2019. This blog will help show you how […]
|
Malware | ||
|
2019-08-09 20:00:05 | From Building Control to Damage Control: A Case Study in Industrial Security Featuring Delta\'s enteliBUS Manager (lien direct) |
Management. Control. It seems that you can't stick five people in a room together without one of them trying to order the others around. This tendency towards centralized authority is not without reason, however – it is often more efficient to have one person, or thing, calling the shots. For an example of the latter, […]
|
|||
|
2019-08-09 20:00:00 | HVACking: Understanding the Delta Between Security and Reality (lien direct) | 
The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. We recently investigated an industrial control system (ICS) produced by Delta Controls. The product, called “enteliBUS Manager”, is used for several applications, including building management. Our research […]
|
Threat | ||
|
2019-08-08 20:00:02 | Avaya Deskphone: Decade-Old Vulnerability Found in Phone\'s Firmware (lien direct) |
Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies (source), with products targeting a wide spectrum of customers, from small business and midmarket, to large corporations. As part of the ongoing McAfee Advanced Threat Research effort into researching critical vulnerabilities in widely deployed software […]
|
Vulnerability Threat | ||
|
2019-08-07 16:10:05 | MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play (lien direct) |
The McAfee mobile research team has found a new type of Android malware for the MoqHao phishing campaign (a.k.a. XLoader and Roaming Mantis) targeting Korean and Japanese users. A series of attack campaigns are still active, mainly targeting Japanese users. The new spyware has very different payloads from the existing MoqHao samples. However, we found […]
|
Malware | ||
|
2019-08-06 16:04:03 | The Twin Journey, Part 2: Evil Twins in a Case In-sensitive Land (lien direct) | 
In the first of this 3-part blog series, we covered the implications of promoting files to “Evil Twins” where they can be created and remain in the system as different entities once case sensitiveness is enabled. In this 2nd post we try to abuse applications that do not work well with CS changes, abusing years […]
|
★★★★ | ||
|
2019-08-02 14:21:02 | DHCP Client Remote Code Execution Vulnerability Demystified (lien direct) |
CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for DHCP client services in a system, is vulnerable to malicious DHCP reply packets. This vulnerability allows remote code execution if the user tries to connect to a network with a rogue DHCP Server, hence making […]
|
Vulnerability | ||
|
2019-08-01 16:01:00 | Clop Ransomware (lien direct) |
This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This blog will explain the technical details and share information about how this new ransomware family is working. There are some variants of the Clop ransomware but in this report, we will focus on the main […]
|
Ransomware | ||
|
2019-07-31 16:39:04 | The Twin Journey, Part 1 (lien direct) | 
Summary and Introduction: The recent changes in Windows 10, aiming to add case sensitivity (CS) at directory level, have prompted our curiosity to investigate the potential to use CS as a mean of obfuscation or WYSINWYG (What You See is NOT What you Get). While CS was our entry point, we then ventured into other […]
|
|||
|
2019-07-30 15:53:03 | Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423 (lien direct) |
In September 2018, the Zero Day Initiative published a proof of concept for a vulnerability in Microsoft's Jet Database Engine. Microsoft released a patch in October 2018. We investigated this flaw at that time to protect our customers. We were able to find some issues with the patch and reported that to Microsoft, which resulted […]
|
Vulnerability | ||
|
2019-07-29 15:19:01 | What Is Mshta, How Can It Be Used and How to Protect Against It (lien direct) | 
The not-so Usual Suspects There is a growing trend for attackers to more heavily utilize tools that already exist on a system rather than relying totally on their own custom malware. Using .hta files or its partner in crime, mshta.exe, is an alternative to using macro enabled document for attacks and has been around a […]
|
|||
|
2019-07-26 14:14:04 | Examining the Link Between TLD Prices and Abuse (lien direct) | 
Briefing Over the years, McAfee researchers have observed that certain new top-level Domains (TLDs) are more likely to be abused by cyber criminals for malicious activities than others. Our investigations reveal a negative relationship between the likelihood for abuse and registration price of some TLDs, as reported by the McAfee URL and email intelligence team. […]
|
|||
|
2019-07-26 08:00:01 | No More Ransom Blows Out Three Birthday Candles Today (lien direct) | 
Collaborative Initiative Celebrates Helping More Than 200,000 Victims and Preventing More Than 100 million USD From Falling into Criminal Hands Three years ago, on this exact day, the public and private sectors drew a line in the sand against ransomware. At that time, ransomware was becoming one of the most prevalent cyber threats globally. We […]
|
Ransomware | ||
|
2019-07-23 16:10:05 | Demystifying Blockchain: Sifting Through Benefits, Examples and Choices (lien direct) |
You have likely heard that blockchain will disrupt everything from banking to retail to identity management and more. You may have seen commercials for IBM touting the supply chain tracking benefits of blockchain.[i] It appears nearly every industry is investing in, adopting, or implementing blockchain. Someone has probably told you that blockchain can completely transform […]
|
|||
|
2019-07-17 04:00:05 | McAfee ATR Aids Police in Arrest of the Rubella and Dryad Office Macro Builder Suspect (lien direct) | 
Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an invoice, a cybercriminal sender tries to entice a victim to open the document and enable the embedded macro. This macro then proceeds to pull in a whole array of nastiness and infect a victim's machine. […]
|
★★ | ||
|
2019-07-12 13:00:01 | 16Shop Now Targets Amazon (lien direct) | 
Since early November 2018 McAfee Labs have observed a phishing kit, dubbed 16Shop, being used by malicious actors to target Apple account holders in the United States and Japan. Typically, the victims receive an email with a pdf file attached. An example of the message within the email is shown below, with an accompanying translation: […]
|
|||
|
2019-06-24 16:50:00 | RDP Security Explained (lien direct) |
RDP on the Radar Recently, McAfee released a blog related to the wormable RDP vulnerability referred to as CVE-2019-0708 or “Bluekeep.” The blog highlights a particular vulnerability in RDP which was deemed critical by Microsoft due to the fact that it exploitable over a network connection without authentication. These attributes make it particularly 'wormable' – […]
|
Vulnerability | ||
|
2019-06-20 16:04:04 | Why Process Reimaging Matters (lien direct) |
As this blog goes live, Eoin Carroll will be stepping off the stage at Hack in Paris having detailed the latest McAfee Advanced Threat Research (ATR) findings on Process Reimaging. Admittedly, this technique probably lacks a catchy name, but be under no illusion the technique is significant and is worth paying very close attention to. […]
|
Hack Threat | ||
|
2019-06-20 16:00:01 | In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass (lien direct) |
Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR (Endpoint Detection and Response) Endpoint Security Solution's (such as Microsoft Defender Realtime Protection), ability to detect the correct binaries loaded in malicious processes. This inconsistency has led McAfee's Advanced Threat Research to develop a new […]
|
Threat | ||
|
2019-05-30 16:50:03 | Mr. Coffee with WeMo: Double Roast (lien direct) |
McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please refer to the earlier blog to catch up with the processes and techniques I used to investigate and ultimately compromise this smart coffee maker. While researching the device, there was always one attack vector that […]
|
Vulnerability Threat | ||
|
2019-05-22 14:57:04 | Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement (lien direct) | 
A much overlooked but essential part in financially motivated (cyber)crime is making sure that the origins of criminal funds are obfuscated or made to appear legitimate, a process known as money laundering. 'Cleaning' money in this way allows the criminal to spend their loot with less chance of being caught. In the physical world, for […]
|
|||
|
2019-05-21 21:09:03 | RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708 (lien direct) |
During Microsoft's May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol (RDP). What was unique in this particular patch cycle was that Microsoft produced a fix for Windows XP and several other operating systems, which have not been supported for security updates in years. So why the […]
|
Vulnerability | ||
|
2019-04-29 17:10:00 | LockerGoga Ransomware Family Used in Targeted Attacks (lien direct) |
Initial discovery Once again, we have seen a significant new ransomware family in the news. LockerGoga, which adds new features to the tried and true formula of encrypting victims' files and asking for payment to decrypt them, has gained notoriety for the targets it has affected. In this blog, we will look at the findings […]
|
Ransomware | ||
|
2019-04-18 20:14:02 | IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? (lien direct) |
Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we will explore a vulnerability submitted by McAfee Advanced Threat Research (ATR) and investigate a piece of malware that recently incorporated similar vulnerabilities. The takeaway from this blog is the increasing […]
|
Malware Vulnerability Threat | ||
|
2019-03-20 22:36:01 | Analysis of a Chrome Zero Day: CVE-2019-5786 (lien direct) | 
1. Introduction On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019-5786). Clement Lecigne from Google Threat Analysis Group reported the bug as being exploited in the wild and targeting Windows 7, 32-bit platforms. The exploit leads to code execution in the Renderer process, […]
|
Threat Guideline | ||
|
2019-03-14 19:00:05 | Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) (lien direct) |
Earlier this month Check Point Research reported discovery of a 19 year old code execution vulnerability in the wildly popular WinRAR compression tool. Rarlab reports that that are over 500 million users of this program. While a patched version, 5.70, was released on February 26, attackers are releasing exploits in an effort to reach vulnerable […]
|
Vulnerability | ||
|
2019-03-04 02:00:02 | McAfee Protects Against Suspicious Email Attachments (lien direct) | 
Email remains a top vector for attackers. Over the years, defenses have evolved, and policy-based protections have become standard for email clients such as Microsoft Outlook and Microsoft Mail. Such policies are highly effective, but only if they are maintained as attacker's keep changing their tactics to evade defenses. For this reason, McAfee endpoint products […]
|
★★★★★ | ||
|
2019-03-01 16:00:01 | JAVA-VBS Joint Exercise Delivers RAT (lien direct) | 
The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to occur, the user must typically execute the malware by double-clicking on the .jar file that usually arrives as an email attachment. Generally, infection begins if the user has the Java Runtime Environment installed. […]
|
Malware Tool | ||
|
2019-02-25 10:10:04 | Your Smart Coffee Maker is Brewing Up Trouble (lien direct) | IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster getting hacked and tweeting out your credit card number is, amazingly, no longer a joke. With that in mind, I began […] | ★★★★★ | ||
|
2019-02-25 10:09:05 | What\'s in the Box? (lien direct) | 2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have clearly made a statement that shopping online is their preferred method. Chart depicting growth of online, web-influenced and offline sales by year.1 In direct correlation […] | |||
|
2019-02-20 05:01:00 | Ryuk, Exploring the Human Connection (lien direct) |
In collaboration with Bill Siegel and Alex Holdtman from Coveware. At the beginning of 2019, McAfee ATR published an article describing how the hasty attribution of Ryuk ransomware to North Korea was missing the point. Since then, collective industry peers discovered additional technical details on Ryuk's inner workings, the overlap between Ryuk and Hermes2.1, […]
|
Ransomware |
To see everything:
Our RSS (filtrered)
