What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-07-30 15:53:03 | Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423 (lien direct) | 
In September 2018, the Zero Day Initiative published a proof of concept for a vulnerability in Microsoft's Jet Database Engine. Microsoft released a patch in October 2018. We investigated this flaw at that time to protect our customers. We were able to find some issues with the patch and reported that to Microsoft, which resulted […]
|
Vulnerability | ||
|
2019-07-29 15:19:01 | What Is Mshta, How Can It Be Used and How to Protect Against It (lien direct) | 
The not-so Usual Suspects There is a growing trend for attackers to more heavily utilize tools that already exist on a system rather than relying totally on their own custom malware. Using .hta files or its partner in crime, mshta.exe, is an alternative to using macro enabled document for attacks and has been around a […]
|
|||
|
2019-07-26 14:14:04 | Examining the Link Between TLD Prices and Abuse (lien direct) | 
Briefing Over the years, McAfee researchers have observed that certain new top-level Domains (TLDs) are more likely to be abused by cyber criminals for malicious activities than others. Our investigations reveal a negative relationship between the likelihood for abuse and registration price of some TLDs, as reported by the McAfee URL and email intelligence team. […]
|
|||
|
2019-07-26 08:00:01 | No More Ransom Blows Out Three Birthday Candles Today (lien direct) | 
Collaborative Initiative Celebrates Helping More Than 200,000 Victims and Preventing More Than 100 million USD From Falling into Criminal Hands Three years ago, on this exact day, the public and private sectors drew a line in the sand against ransomware. At that time, ransomware was becoming one of the most prevalent cyber threats globally. We […]
|
Ransomware | ||
|
2019-07-23 16:10:05 | Demystifying Blockchain: Sifting Through Benefits, Examples and Choices (lien direct) |
You have likely heard that blockchain will disrupt everything from banking to retail to identity management and more. You may have seen commercials for IBM touting the supply chain tracking benefits of blockchain.[i] It appears nearly every industry is investing in, adopting, or implementing blockchain. Someone has probably told you that blockchain can completely transform […]
|
|||
|
2019-07-17 04:00:05 | McAfee ATR Aids Police in Arrest of the Rubella and Dryad Office Macro Builder Suspect (lien direct) | 
Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an invoice, a cybercriminal sender tries to entice a victim to open the document and enable the embedded macro. This macro then proceeds to pull in a whole array of nastiness and infect a victim's machine. […]
|
★★ | ||
|
2019-07-12 13:00:01 | 16Shop Now Targets Amazon (lien direct) | 
Since early November 2018 McAfee Labs have observed a phishing kit, dubbed 16Shop, being used by malicious actors to target Apple account holders in the United States and Japan. Typically, the victims receive an email with a pdf file attached. An example of the message within the email is shown below, with an accompanying translation: […]
|
|||
|
2019-06-24 16:50:00 | RDP Security Explained (lien direct) |
RDP on the Radar Recently, McAfee released a blog related to the wormable RDP vulnerability referred to as CVE-2019-0708 or “Bluekeep.” The blog highlights a particular vulnerability in RDP which was deemed critical by Microsoft due to the fact that it exploitable over a network connection without authentication. These attributes make it particularly 'wormable' – […]
|
Vulnerability | ||
|
2019-06-20 16:04:04 | Why Process Reimaging Matters (lien direct) |
As this blog goes live, Eoin Carroll will be stepping off the stage at Hack in Paris having detailed the latest McAfee Advanced Threat Research (ATR) findings on Process Reimaging. Admittedly, this technique probably lacks a catchy name, but be under no illusion the technique is significant and is worth paying very close attention to. […]
|
Hack Threat | ||
|
2019-06-20 16:00:01 | In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass (lien direct) |
Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR (Endpoint Detection and Response) Endpoint Security Solution's (such as Microsoft Defender Realtime Protection), ability to detect the correct binaries loaded in malicious processes. This inconsistency has led McAfee's Advanced Threat Research to develop a new […]
|
Threat | ||
|
2019-05-30 16:50:03 | Mr. Coffee with WeMo: Double Roast (lien direct) | 
McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please refer to the earlier blog to catch up with the processes and techniques I used to investigate and ultimately compromise this smart coffee maker. While researching the device, there was always one attack vector that […]
|
Vulnerability Threat | ||
|
2019-05-22 14:57:04 | Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement (lien direct) | 
A much overlooked but essential part in financially motivated (cyber)crime is making sure that the origins of criminal funds are obfuscated or made to appear legitimate, a process known as money laundering. 'Cleaning' money in this way allows the criminal to spend their loot with less chance of being caught. In the physical world, for […]
|
|||
|
2019-05-21 21:09:03 | RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708 (lien direct) |
During Microsoft's May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol (RDP). What was unique in this particular patch cycle was that Microsoft produced a fix for Windows XP and several other operating systems, which have not been supported for security updates in years. So why the […]
|
Vulnerability | ||
|
2019-04-29 17:10:00 | LockerGoga Ransomware Family Used in Targeted Attacks (lien direct) |
Initial discovery Once again, we have seen a significant new ransomware family in the news. LockerGoga, which adds new features to the tried and true formula of encrypting victims' files and asking for payment to decrypt them, has gained notoriety for the targets it has affected. In this blog, we will look at the findings […]
|
Ransomware | ||
|
2019-04-18 20:14:02 | IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? (lien direct) |
Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we will explore a vulnerability submitted by McAfee Advanced Threat Research (ATR) and investigate a piece of malware that recently incorporated similar vulnerabilities. The takeaway from this blog is the increasing […]
|
Malware Vulnerability Threat | ||
|
2019-03-20 22:36:01 | Analysis of a Chrome Zero Day: CVE-2019-5786 (lien direct) | 
1. Introduction On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019-5786). Clement Lecigne from Google Threat Analysis Group reported the bug as being exploited in the wild and targeting Windows 7, 32-bit platforms. The exploit leads to code execution in the Renderer process, […]
|
Threat Guideline | ||
|
2019-03-14 19:00:05 | Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) (lien direct) |
Earlier this month Check Point Research reported discovery of a 19 year old code execution vulnerability in the wildly popular WinRAR compression tool. Rarlab reports that that are over 500 million users of this program. While a patched version, 5.70, was released on February 26, attackers are releasing exploits in an effort to reach vulnerable […]
|
Vulnerability | ||
|
2019-03-04 02:00:02 | McAfee Protects Against Suspicious Email Attachments (lien direct) | 
Email remains a top vector for attackers. Over the years, defenses have evolved, and policy-based protections have become standard for email clients such as Microsoft Outlook and Microsoft Mail. Such policies are highly effective, but only if they are maintained as attacker's keep changing their tactics to evade defenses. For this reason, McAfee endpoint products […]
|
★★★★★ | ||
|
2019-03-01 16:00:01 | JAVA-VBS Joint Exercise Delivers RAT (lien direct) | 
The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to occur, the user must typically execute the malware by double-clicking on the .jar file that usually arrives as an email attachment. Generally, infection begins if the user has the Java Runtime Environment installed. […]
|
Malware Tool | ||
|
2019-02-25 10:10:04 | Your Smart Coffee Maker is Brewing Up Trouble (lien direct) | IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster getting hacked and tweeting out your credit card number is, amazingly, no longer a joke. With that in mind, I began […] | ★★★★★ | ||
|
2019-02-25 10:09:05 | What\'s in the Box? (lien direct) | 2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have clearly made a statement that shopping online is their preferred method. Chart depicting growth of online, web-influenced and offline sales by year.1 In direct correlation […] | |||
|
2019-02-20 05:01:00 | Ryuk, Exploring the Human Connection (lien direct) |
In collaboration with Bill Siegel and Alex Holdtman from Coveware. At the beginning of 2019, McAfee ATR published an article describing how the hasty attribution of Ryuk ransomware to North Korea was missing the point. Since then, collective industry peers discovered additional technical details on Ryuk's inner workings, the overlap between Ryuk and Hermes2.1, […]
|
Ransomware | ||
|
2019-02-04 18:00:01 | MalBus: Popular South Korean Bus App Series in Google Play Found Dropping Malware After 5 Years of Development (lien direct) | 
McAfee's Mobile Research team recently learned of a new malicious Android application masquerading as a plugin for a transportation application series developed by a South Korean developer. The series provides a range of information for each region of South Korea, such as bus stop locations, bus arrival times and so on. There are a total […]
|
Malware | ||
|
2019-01-22 20:43:05 | Happy New Year 2019! Anatova is here! (lien direct) |
During our continuous hunt for new threats, we discovered a new ransomware family we call Anatova (based on the name of the ransom note). Anatova was discovered in a private peer-to-peer (p2p) network. After initial analysis, and making sure that our customers are protected, we decided to make this discovery public. Our telemetry showed that […]
|
Ransomware | ||
|
2019-01-10 23:27:02 | IE Scripting Flaw Still a Threat to Unpatched Systems: Analyzing CVE-2018-8653 (lien direct) | 
Microsoft recently patched a critical flaw in Internet Explorer's scripting engine that could lead to remote code execution. The vulnerability is being exploited in the wild and was originally reported by a researcher from Google's Threat Analysis Group. Microsoft released an out-of-band patch to fix the vulnerability before the normal patch cycle. McAfee products received […]
|
Vulnerability Threat Guideline | ||
|
2019-01-07 23:59:01 | Ryuk Ransomware Attack: Rush to Attribution Misses the Point (lien direct) |
Senior analyst Ryan Sherstobitoff contributed to this report. During the past week, an outbreak of Ryuk ransomware shutting down newspaper printing services in the United States has garnered a lot of attention. To determine who was behind the attack many have cited past research that compares code from Ryuk with the older ransomware Hermes to […]
|
Ransomware | ||
|
2018-12-19 21:45:01 | Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems (lien direct) |
Last week the McAfee Advanced Threat Research team posted an analysis of a new wave of Shamoon “wiper” malware attacks that struck several companies in the Middle East and Europe. In that analysis we discussed one difference to previous Shamoon campaigns. The latest version has a modular approach that allows the wiper to be used […]
|
Malware Tool Threat | ||
|
2018-12-19 05:01:01 | McAfee Labs Threats Report Examines Cybercriminal Underground, IoT Malware, Other Threats (lien direct) |
The McAfee Advanced Threat Research team today published the McAfee® Labs Threats Report, December 2018. In this edition, we highlight the notable investigative research and trends in threats statistics and observations gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q3 of 2018. We are very excited to present to you new […]
|
Threat | ||
|
2018-12-14 20:32:04 | Shamoon Returns to Wipe Systems in Middle East, Europe (lien direct) |
Destructive malware has been employed by adversaries for years. Usually such attacks are carefully targeted and can be motivated by ideology, politics, or even financial aims. Destructive attacks have a critical impact on businesses, causing the loss of data or crippling business operations. When a company is impacted, the damage can be significant. Restoration can […]
|
Malware | ||
|
2018-12-12 11:01:00 | \'Operation Sharpshooter\' Targets Global Defense, Critical Infrastructure (lien direct) | 
This post was written with contributions from the McAfee Advanced Threat Research team. The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download […]
|
Malware Threat | ||
|
2018-12-04 05:01:00 | Pay-Per-Install Company Deceptively Floods Market with Unwanted Programs (lien direct) | 
For the past 18 months, McAfee Labs has been investigating a pay-per-install developer, WakeNet AB, responsible for spreading prevalent adware such as Adware-Wajam and Linkury. This developer has been active for almost 20 years and recently has used increasingly deceptive techniques to convince users to execute its installers. Our report is now available online. During […]
|
|||
|
2018-11-29 09:00:01 | McAfee Labs 2019 Threats Predictions Report (lien direct) | These predictions were written by Eoin Carroll, Taylor Dunton, John Fokker, German Lancioni, Lee Munson, Yukihiro Okutomi, Thomas Roccia, Raj Samani, Sekhar Sarukkai, Dan Sommer, and Carl Woodward. As 2018 draws to a close, we should perhaps be grateful that the year has not been entirely dominated by ransomware, although the rise of the GandCrab […] | |||
|
2018-11-13 05:01:01 | WebCobra Malware Uses Victims\' Computers to Mine Cryptocurrency (lien direct) | The authors thank their colleagues Oliver Devane and Deepak Setty for their help with this analysis. McAfee Labs researchers have discovered new Russian malware, dubbed WebCobra, which harnesses victims' computing power to mine for cryptocurrencies. Coin mining malware is difficult to detect. Once a machine is compromised, a malicious app runs silently in the background […] | Malware | ||
|
2018-11-08 23:45:02 | Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems (lien direct) | 
Malware that attacks industrial control systems (ICS), such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that manage large-scale industrial processes. An essential danger in this threat is that it moves from mere digital damage to risking human lives. In this …
|
Malware Threat | ||
|
2018-10-30 21:00:03 | Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims (lien direct) | 
Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In mid-September it was reported that the malware developer had placed the ransomware, …
|
Ransomware Malware | ||
|
2018-10-24 13:00:02 | Android/TimpDoor Turns Mobile Devices Into Hidden Proxies (lien direct) | 
The McAfee Mobile Research team recently found an active phishing campaign using text messages (SMS) that tricks users into downloading and installing a fake voice-message app which allows cybercriminals to use infected devices as network proxies without users' knowledge. If the fake application is installed, a background service starts a Socks proxy that redirects all …
|
|||
|
2018-10-18 04:01:00 | \'Operation Oceansalt\' Delivers Wave After Wave (lien direct) | 
A wall eight feet high with three strands of barbed wire is considered sufficient to deter a determined intruder, at least according to the advice offered by the CISSP professional certification. Although physical controls can be part of a multifaceted defense, an electronic attack affords the adversary time to develop the necessary tools to bypass …
|
APT 32 | ||
|
2018-10-10 23:29:01 | Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation (lien direct) | 
The GandCrab ransomware, which first appeared in January, has been updated rapidly during its short life, with Version 5.0.2 appearing this month. In this post we will examine the latest version and how the authors have improved the code (and in some cases have made mistakes). McAfee gateway and endpoint products are able to protect …
|
Ransomware | ||
|
2018-10-09 15:00:01 | When the Digital Impacts the Physical (lien direct) | 
Cyberattacks have always been, well, cyber. Their immediate effects were on our data, our digital information, and our devices…until they weren't. The interconnected nature of the world and the way it's built in 2018 has brought us exciting and revolutionary innovations, but it has also been leveraged by hackers to extend the impact of a …
|
|||
|
2018-09-25 04:00:04 | \'McAfee Labs Threats Report\' Highlights Cryptojacking, Blockchain, Mobile Security Issues (lien direct) | 
As we look over some of the key issues from the newly released McAfee Labs Threats Report, we read terms such as voice assistant, blockchain, billing fraud, and cryptojacking. Although voice assistants fall in a different category, the other three are closely linked and driven by the goal of fast, profitable attacks that result in …
|
|||
|
2018-09-19 13:00:03 | Cyber Threat Alliance Releases Analysis of Illicit Cryptocurrency Mining (lien direct) | 
In response to the explosive increase in cryptomining campaigns in Q4 2017, the Cyber Threat Alliance has formed a cryptomining subcommittee to assess the threat. This committee comprises expert researchers from major cybersecurity companies, including McAfee. The committee has now released “The Illicit Cryptocurrency Joint Analysis,” an in-depth report on the current state of unlawful …
|
Threat | ||
|
2018-09-18 04:01:03 | Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns (lien direct) | 
Politics and ransomware. No, it's not a lost single from the Oasis back catalogue, but in fact a relatively recent tactic by ransomware developers looking to exploit the profiles of major politicians to install ransomware on victims' computers. Donald Trump, Angela Merkel, and now Barack Obama all serve as lures for the unsuspecting. Despite its …
|
Ransomware | ||
|
2018-09-15 14:00:03 | Fortnite: Why Kids Love It and What Parents Need to Know (lien direct) | 
Fortnite: Battle Royale is the hottest video game for kids right now. More than 125 million people have downloaded the game and it’s estimated that 3.4 million play it monthly. But while the last-man-standing battle game is a blast to play, it also has parents asking a lot of questions as their kids spend …
|
|||
|
2018-08-22 17:00:05 | McAfee Opens State-of-the-Art Security Research Lab in Oregon (lien direct) | 
Today we are pleased to announce the grand opening of our dedicated research lab in the Hillsboro, Oregon, office near Portland.
|
|||
|
2018-08-21 04:01:03 | \'Insight\' into Home Automation Reveals Vulnerability in Simple IoT Product (lien direct) | 
Eoin Carroll, Charles McFarland, Kevin McGrath, and Mark Bereza contributed to this report. The Internet of Things promises to make our lives easier. Want to remotely turn lights and appliances on and off and monitor them online? A “smart plug,” a Wi-Fi–connected electric outlet, is one simple method. But IoT devices can turn into attack …
|
Vulnerability | ||
|
2018-08-14 21:49:02 | McAfee ePO Platform Gains Insight Into Threat Research (lien direct) | 
The latest update to the McAfee® ePolicy Orchestrator® platform offers a new add-in to provide insight into the latest analysis carried out by McAfee Labs and the Advanced Threat Research team.
|
Threat | ||
|
2018-08-14 17:31:04 | Microsoft Cortana Allows Browser Navigation Without Login: CVE-2018-8253 (lien direct) | 
A locked Windows 10 device with Cortana enabled on the lock screen allows an attacker with physical access to the device to do two kinds of unauthorized browsing.
|
|||
|
2018-08-09 13:00:01 | Examining Code Reuse Reveals Undiscovered Links Among North Korea\'s Malware Families (lien direct) | 
This research is a joint effort by Jay Rosenberg, senior security researcher at Intezer, and Christiaan Beek, lead scientist and senior principal engineer at McAfee. Intezer has also posted this story. Attacks from the online groups Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, and 10 Days of Rain are believed to …
|
Malware Guideline Medical Cloud | APT 38 APT 37 | |
|
2018-07-31 21:43:01 | GandCrab Ransomware Puts the Pinch on Victims (lien direct) | 
The GandCrab ransomware first appeared in January and has updated itself rapidly during its short life. It is the leading ransomware threat. The McAfee Advanced Threat Research team has reverse engineered Versions 4.0 through 4.2 of the malware. The first versions (1.0 and 1.1) of this malware had a bug that left the keys in …
|
Ransomware Malware Threat Guideline | ||
|
2018-07-26 13:00:03 | CactusTorch Fileless Threat Abuses .NET to Infect Victims (lien direct) | 
McAfee Labs has noticed a significant shift by some actors toward using trusted Windows executables, rather than external malware, to attack systems. One of the most popular techniques is a “fileless” attack. Because these attacks are launched through reputable executables, they are hard to detect. Both consumers and corporate users can fall victim to this …
|
Threat |
To see everything:
Our RSS (filtrered)
