What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-09-10 19:27:03 | How Visiting a Trusted Site Could Infect Your Employees (lien direct) | 
The Artful and Dangerous Dynamics of Watering Hole Attacks A group of researchers recently published findings of an exploitation of multiple iPhone vulnerabilities using websites to infect final targets. The key concept behind this type of attack is the use of trusted websites as an intermediate platform to attack others, and it's defined as a watering hole […]
|
|||
|
2019-09-09 19:05:05 | Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study (lien direct) | 
Executive Summary Malware evasion techniques are widely used to circumvent detection as well as analysis and understanding. One of the dominant categories of evasion is anti-sandbox detection, simply because today's sandboxes are becoming the fastest and easiest way to have an overview of the threat. Many companies use these kinds of systems to detonate malicious […]
|
Malware | ||
|
2019-09-04 20:21:02 | Apple iOS Attack Underscores Importance of Threat Research (lien direct) | 
The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected, through the use of zero-day vulnerabilities. In this scenario, a threat actor or actors operated multiple compromised websites, using at least one or more zero-day vulnerabilities and numerous unique exploit chains and known vulnerabilities to […]
|
Threat | ||
|
2019-08-28 15:06:01 | Analyzing and Identifying Issues with the Microsoft Patch for CVE-2018-8423 (lien direct) | 
Introduction As of July 2019, Microsoft has fixed around 43 bugs in the Jet Database Engine. McAfee has reported a couple of bugs and, so far, we have received 10 CVE's from Microsoft. In our previous post, we discussed the root cause of CVE-2018-8423. While analyzing this CVE and patch from Microsoft, we found that […]
|
|||
|
2019-08-13 14:01:03 | The Twin Journey, Part 3: I\'m Not a Twin, Can\'t You See my Whitespace at the End? (lien direct) | 
In this series of 3 blogs (you can find part 1 here, and part 2 here), so far we have understood the implications of promoting files to “Evil Twins” where they can be created and remain in the system as different entities once case sensitiveness is enabled, and some issues that could be raised by […]
|
|||
|
2019-08-12 13:00:04 | McAfee AMSI Integration Protects Against Malicious Scripts (lien direct) |
Following on from the McAfee Protects against suspicious email attachments blog, this blog describes how the AMSI (Antimalware Scan Interface) is used within the various McAfee Endpoint products. The AMSI scanner within McAfee ENS 10.6 has already detected over 650,000 pieces of Malware since the start of 2019. This blog will help show you how […]
|
Malware | ||
|
2019-08-09 20:00:05 | From Building Control to Damage Control: A Case Study in Industrial Security Featuring Delta\'s enteliBUS Manager (lien direct) | 
Management. Control. It seems that you can't stick five people in a room together without one of them trying to order the others around. This tendency towards centralized authority is not without reason, however – it is often more efficient to have one person, or thing, calling the shots. For an example of the latter, […]
|
|||
|
2019-08-09 20:00:00 | HVACking: Understanding the Delta Between Security and Reality (lien direct) | 
The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. We recently investigated an industrial control system (ICS) produced by Delta Controls. The product, called “enteliBUS Manager”, is used for several applications, including building management. Our research […]
|
Threat | ||
|
2019-08-08 20:00:02 | Avaya Deskphone: Decade-Old Vulnerability Found in Phone\'s Firmware (lien direct) |
Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies (source), with products targeting a wide spectrum of customers, from small business and midmarket, to large corporations. As part of the ongoing McAfee Advanced Threat Research effort into researching critical vulnerabilities in widely deployed software […]
|
Vulnerability Threat | ||
|
2019-08-07 16:10:05 | MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play (lien direct) | 
The McAfee mobile research team has found a new type of Android malware for the MoqHao phishing campaign (a.k.a. XLoader and Roaming Mantis) targeting Korean and Japanese users. A series of attack campaigns are still active, mainly targeting Japanese users. The new spyware has very different payloads from the existing MoqHao samples. However, we found […]
|
Malware | ||
|
2019-08-06 16:04:03 | The Twin Journey, Part 2: Evil Twins in a Case In-sensitive Land (lien direct) | 
In the first of this 3-part blog series, we covered the implications of promoting files to “Evil Twins” where they can be created and remain in the system as different entities once case sensitiveness is enabled. In this 2nd post we try to abuse applications that do not work well with CS changes, abusing years […]
|
★★★★ | ||
|
2019-08-02 14:21:02 | DHCP Client Remote Code Execution Vulnerability Demystified (lien direct) |
CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for DHCP client services in a system, is vulnerable to malicious DHCP reply packets. This vulnerability allows remote code execution if the user tries to connect to a network with a rogue DHCP Server, hence making […]
|
Vulnerability | ||
|
2019-08-01 16:01:00 | Clop Ransomware (lien direct) |
This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This blog will explain the technical details and share information about how this new ransomware family is working. There are some variants of the Clop ransomware but in this report, we will focus on the main […]
|
Ransomware | ||
|
2019-07-31 16:39:04 | The Twin Journey, Part 1 (lien direct) | 
Summary and Introduction: The recent changes in Windows 10, aiming to add case sensitivity (CS) at directory level, have prompted our curiosity to investigate the potential to use CS as a mean of obfuscation or WYSINWYG (What You See is NOT What you Get). While CS was our entry point, we then ventured into other […]
|
|||
|
2019-07-30 15:53:03 | Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423 (lien direct) |
In September 2018, the Zero Day Initiative published a proof of concept for a vulnerability in Microsoft's Jet Database Engine. Microsoft released a patch in October 2018. We investigated this flaw at that time to protect our customers. We were able to find some issues with the patch and reported that to Microsoft, which resulted […]
|
Vulnerability | ||
|
2019-07-29 15:19:01 | What Is Mshta, How Can It Be Used and How to Protect Against It (lien direct) | 
The not-so Usual Suspects There is a growing trend for attackers to more heavily utilize tools that already exist on a system rather than relying totally on their own custom malware. Using .hta files or its partner in crime, mshta.exe, is an alternative to using macro enabled document for attacks and has been around a […]
|
|||
|
2019-07-26 14:14:04 | Examining the Link Between TLD Prices and Abuse (lien direct) | 
Briefing Over the years, McAfee researchers have observed that certain new top-level Domains (TLDs) are more likely to be abused by cyber criminals for malicious activities than others. Our investigations reveal a negative relationship between the likelihood for abuse and registration price of some TLDs, as reported by the McAfee URL and email intelligence team. […]
|
|||
|
2019-07-26 08:00:01 | No More Ransom Blows Out Three Birthday Candles Today (lien direct) | 
Collaborative Initiative Celebrates Helping More Than 200,000 Victims and Preventing More Than 100 million USD From Falling into Criminal Hands Three years ago, on this exact day, the public and private sectors drew a line in the sand against ransomware. At that time, ransomware was becoming one of the most prevalent cyber threats globally. We […]
|
Ransomware | ||
|
2019-07-23 16:10:05 | Demystifying Blockchain: Sifting Through Benefits, Examples and Choices (lien direct) |
You have likely heard that blockchain will disrupt everything from banking to retail to identity management and more. You may have seen commercials for IBM touting the supply chain tracking benefits of blockchain.[i] It appears nearly every industry is investing in, adopting, or implementing blockchain. Someone has probably told you that blockchain can completely transform […]
|
|||
|
2019-07-17 04:00:05 | McAfee ATR Aids Police in Arrest of the Rubella and Dryad Office Macro Builder Suspect (lien direct) | 
Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an invoice, a cybercriminal sender tries to entice a victim to open the document and enable the embedded macro. This macro then proceeds to pull in a whole array of nastiness and infect a victim's machine. […]
|
★★ | ||
|
2019-07-12 13:00:01 | 16Shop Now Targets Amazon (lien direct) | 
Since early November 2018 McAfee Labs have observed a phishing kit, dubbed 16Shop, being used by malicious actors to target Apple account holders in the United States and Japan. Typically, the victims receive an email with a pdf file attached. An example of the message within the email is shown below, with an accompanying translation: […]
|
|||
|
2019-06-24 16:50:00 | RDP Security Explained (lien direct) |
RDP on the Radar Recently, McAfee released a blog related to the wormable RDP vulnerability referred to as CVE-2019-0708 or “Bluekeep.” The blog highlights a particular vulnerability in RDP which was deemed critical by Microsoft due to the fact that it exploitable over a network connection without authentication. These attributes make it particularly 'wormable' – […]
|
Vulnerability | ||
|
2019-06-20 16:04:04 | Why Process Reimaging Matters (lien direct) |
As this blog goes live, Eoin Carroll will be stepping off the stage at Hack in Paris having detailed the latest McAfee Advanced Threat Research (ATR) findings on Process Reimaging. Admittedly, this technique probably lacks a catchy name, but be under no illusion the technique is significant and is worth paying very close attention to. […]
|
Hack Threat | ||
|
2019-06-20 16:00:01 | In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass (lien direct) |
Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR (Endpoint Detection and Response) Endpoint Security Solution's (such as Microsoft Defender Realtime Protection), ability to detect the correct binaries loaded in malicious processes. This inconsistency has led McAfee's Advanced Threat Research to develop a new […]
|
Threat | ||
|
2019-05-30 16:50:03 | Mr. Coffee with WeMo: Double Roast (lien direct) |
McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please refer to the earlier blog to catch up with the processes and techniques I used to investigate and ultimately compromise this smart coffee maker. While researching the device, there was always one attack vector that […]
|
Vulnerability Threat | ||
|
2019-05-22 14:57:04 | Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement (lien direct) | 
A much overlooked but essential part in financially motivated (cyber)crime is making sure that the origins of criminal funds are obfuscated or made to appear legitimate, a process known as money laundering. 'Cleaning' money in this way allows the criminal to spend their loot with less chance of being caught. In the physical world, for […]
|
|||
|
2019-05-21 21:09:03 | RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708 (lien direct) |
During Microsoft's May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol (RDP). What was unique in this particular patch cycle was that Microsoft produced a fix for Windows XP and several other operating systems, which have not been supported for security updates in years. So why the […]
|
Vulnerability | ||
|
2019-04-29 17:10:00 | LockerGoga Ransomware Family Used in Targeted Attacks (lien direct) |
Initial discovery Once again, we have seen a significant new ransomware family in the news. LockerGoga, which adds new features to the tried and true formula of encrypting victims' files and asking for payment to decrypt them, has gained notoriety for the targets it has affected. In this blog, we will look at the findings […]
|
Ransomware | ||
|
2019-04-18 20:14:02 | IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? (lien direct) |
Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we will explore a vulnerability submitted by McAfee Advanced Threat Research (ATR) and investigate a piece of malware that recently incorporated similar vulnerabilities. The takeaway from this blog is the increasing […]
|
Malware Vulnerability Threat | ||
|
2019-03-20 22:36:01 | Analysis of a Chrome Zero Day: CVE-2019-5786 (lien direct) | 
1. Introduction On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019-5786). Clement Lecigne from Google Threat Analysis Group reported the bug as being exploited in the wild and targeting Windows 7, 32-bit platforms. The exploit leads to code execution in the Renderer process, […]
|
Threat Guideline | ||
|
2019-03-14 19:00:05 | Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) (lien direct) |
Earlier this month Check Point Research reported discovery of a 19 year old code execution vulnerability in the wildly popular WinRAR compression tool. Rarlab reports that that are over 500 million users of this program. While a patched version, 5.70, was released on February 26, attackers are releasing exploits in an effort to reach vulnerable […]
|
Vulnerability | ||
|
2019-03-04 02:00:02 | McAfee Protects Against Suspicious Email Attachments (lien direct) | 
Email remains a top vector for attackers. Over the years, defenses have evolved, and policy-based protections have become standard for email clients such as Microsoft Outlook and Microsoft Mail. Such policies are highly effective, but only if they are maintained as attacker's keep changing their tactics to evade defenses. For this reason, McAfee endpoint products […]
|
★★★★★ | ||
|
2019-03-01 16:00:01 | JAVA-VBS Joint Exercise Delivers RAT (lien direct) | 
The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to occur, the user must typically execute the malware by double-clicking on the .jar file that usually arrives as an email attachment. Generally, infection begins if the user has the Java Runtime Environment installed. […]
|
Malware Tool | ||
|
2019-02-25 10:10:04 | Your Smart Coffee Maker is Brewing Up Trouble (lien direct) | IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster getting hacked and tweeting out your credit card number is, amazingly, no longer a joke. With that in mind, I began […] | ★★★★★ | ||
|
2019-02-25 10:09:05 | What\'s in the Box? (lien direct) | 2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have clearly made a statement that shopping online is their preferred method. Chart depicting growth of online, web-influenced and offline sales by year.1 In direct correlation […] | |||
|
2019-02-20 05:01:00 | Ryuk, Exploring the Human Connection (lien direct) |
In collaboration with Bill Siegel and Alex Holdtman from Coveware. At the beginning of 2019, McAfee ATR published an article describing how the hasty attribution of Ryuk ransomware to North Korea was missing the point. Since then, collective industry peers discovered additional technical details on Ryuk's inner workings, the overlap between Ryuk and Hermes2.1, […]
|
Ransomware | ||
|
2019-02-04 18:00:01 | MalBus: Popular South Korean Bus App Series in Google Play Found Dropping Malware After 5 Years of Development (lien direct) | 
McAfee's Mobile Research team recently learned of a new malicious Android application masquerading as a plugin for a transportation application series developed by a South Korean developer. The series provides a range of information for each region of South Korea, such as bus stop locations, bus arrival times and so on. There are a total […]
|
Malware | ||
|
2019-01-22 20:43:05 | Happy New Year 2019! Anatova is here! (lien direct) |
During our continuous hunt for new threats, we discovered a new ransomware family we call Anatova (based on the name of the ransom note). Anatova was discovered in a private peer-to-peer (p2p) network. After initial analysis, and making sure that our customers are protected, we decided to make this discovery public. Our telemetry showed that […]
|
Ransomware | ||
|
2019-01-10 23:27:02 | IE Scripting Flaw Still a Threat to Unpatched Systems: Analyzing CVE-2018-8653 (lien direct) | 
Microsoft recently patched a critical flaw in Internet Explorer's scripting engine that could lead to remote code execution. The vulnerability is being exploited in the wild and was originally reported by a researcher from Google's Threat Analysis Group. Microsoft released an out-of-band patch to fix the vulnerability before the normal patch cycle. McAfee products received […]
|
Vulnerability Threat Guideline | ||
|
2019-01-07 23:59:01 | Ryuk Ransomware Attack: Rush to Attribution Misses the Point (lien direct) |
Senior analyst Ryan Sherstobitoff contributed to this report. During the past week, an outbreak of Ryuk ransomware shutting down newspaper printing services in the United States has garnered a lot of attention. To determine who was behind the attack many have cited past research that compares code from Ryuk with the older ransomware Hermes to […]
|
Ransomware | ||
|
2018-12-19 21:45:01 | Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems (lien direct) |
Last week the McAfee Advanced Threat Research team posted an analysis of a new wave of Shamoon “wiper” malware attacks that struck several companies in the Middle East and Europe. In that analysis we discussed one difference to previous Shamoon campaigns. The latest version has a modular approach that allows the wiper to be used […]
|
Malware Tool Threat | ||
|
2018-12-19 05:01:01 | McAfee Labs Threats Report Examines Cybercriminal Underground, IoT Malware, Other Threats (lien direct) |
The McAfee Advanced Threat Research team today published the McAfee® Labs Threats Report, December 2018. In this edition, we highlight the notable investigative research and trends in threats statistics and observations gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q3 of 2018. We are very excited to present to you new […]
|
Threat | ||
|
2018-12-14 20:32:04 | Shamoon Returns to Wipe Systems in Middle East, Europe (lien direct) |
Destructive malware has been employed by adversaries for years. Usually such attacks are carefully targeted and can be motivated by ideology, politics, or even financial aims. Destructive attacks have a critical impact on businesses, causing the loss of data or crippling business operations. When a company is impacted, the damage can be significant. Restoration can […]
|
Malware | ||
|
2018-12-12 11:01:00 | \'Operation Sharpshooter\' Targets Global Defense, Critical Infrastructure (lien direct) | 
This post was written with contributions from the McAfee Advanced Threat Research team. The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download […]
|
Malware Threat | ||
|
2018-12-04 05:01:00 | Pay-Per-Install Company Deceptively Floods Market with Unwanted Programs (lien direct) | 
For the past 18 months, McAfee Labs has been investigating a pay-per-install developer, WakeNet AB, responsible for spreading prevalent adware such as Adware-Wajam and Linkury. This developer has been active for almost 20 years and recently has used increasingly deceptive techniques to convince users to execute its installers. Our report is now available online. During […]
|
|||
|
2018-11-29 09:00:01 | McAfee Labs 2019 Threats Predictions Report (lien direct) | These predictions were written by Eoin Carroll, Taylor Dunton, John Fokker, German Lancioni, Lee Munson, Yukihiro Okutomi, Thomas Roccia, Raj Samani, Sekhar Sarukkai, Dan Sommer, and Carl Woodward. As 2018 draws to a close, we should perhaps be grateful that the year has not been entirely dominated by ransomware, although the rise of the GandCrab […] | |||
|
2018-11-13 05:01:01 | WebCobra Malware Uses Victims\' Computers to Mine Cryptocurrency (lien direct) | The authors thank their colleagues Oliver Devane and Deepak Setty for their help with this analysis. McAfee Labs researchers have discovered new Russian malware, dubbed WebCobra, which harnesses victims' computing power to mine for cryptocurrencies. Coin mining malware is difficult to detect. Once a machine is compromised, a malicious app runs silently in the background […] | Malware | ||
|
2018-11-08 23:45:02 | Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems (lien direct) | 
Malware that attacks industrial control systems (ICS), such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that manage large-scale industrial processes. An essential danger in this threat is that it moves from mere digital damage to risking human lives. In this …
|
Malware Threat | ||
|
2018-10-30 21:00:03 | Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims (lien direct) | 
Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In mid-September it was reported that the malware developer had placed the ransomware, …
|
Ransomware Malware | ||
|
2018-10-24 13:00:02 | Android/TimpDoor Turns Mobile Devices Into Hidden Proxies (lien direct) | 
The McAfee Mobile Research team recently found an active phishing campaign using text messages (SMS) that tricks users into downloading and installing a fake voice-message app which allows cybercriminals to use infected devices as network proxies without users' knowledge. If the fake application is installed, a background service starts a Socks proxy that redirects all …
|
To see everything:
Our RSS (filtrered)
