What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-12-21 21:32:24 | (Déjà vu) How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise (lien direct) | 
In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds's Orion IT monitoring and management software with a trojanized version of SoalrWinds.Orion.Core.BusinessLayer.dll delivered as part of a digitally-signed Windows Installer Patch. The trojanized file delivers a backdoor, dubbed SUNBURST by FireEye (and Solorigate by Microsoft), that communicates to third-party servers for […]
|
Threat Mobile | Solardwinds Solardwinds | |
|
2020-12-17 23:27:06 | Additional Analysis into the SUNBURST Backdoor (lien direct) | 
Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoCs associated with the Sunburst trojan, the focus within the Advanced Threat Research (ATR) team has been to determine the possibility of additional persistence measures. Our analysis […]
|
Threat Mobile | Solardwinds Solardwinds | |
|
2020-12-16 16:48:26 | SUNBURST Malware and SolarWinds Supply Chain Compromise (lien direct) | 
Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds's Orion IT monitoring and management software with a trojanized version of SoalrWinds.Orion.Core.BusinessLayer.dll. The trojanized file delivers the SUNBURST malware through a backdoor as part of a digitally-signed Windows Installer Patch. Use of a Compromised Software Supply […]
|
Malware Threat | Solardwinds | |
|
2020-12-08 16:00:26 | Energy Company Fights Back with MVISION EDR as Covid-19 Increases Threat Campaigns (lien direct) | 
Over the past 9 months, the world has grappled with the COVID-19 pandemic. With closing of borders, curfews and lockdowns, technology has become essential especially in the area of security. As we all have been spending more time at home, we are grateful for reliable energy as it provides our lights, air and heating. It […]
|
Threat | ||
|
2020-11-17 17:24:44 | McAfee MVISION Solutions Meet FedRAMP Cloud Security Requirements (lien direct) | 
Today's U.S. government is in a race to modernize its IT infrastructure to support ever more complicated missions, growing workloads and increasingly distributed teams-and do so facing a constantly evolving threat landscape. To support these efforts, McAfee has pursued and received a Federal Risk and Authorization Management Program (FedRAMP) Authorization designation for McAfee MVISION for […]
|
Threat | ||
|
2020-11-12 18:05:15 | Bridge the Gap Between the Security You Have and the Security You Need (lien direct) | 
Change happens – sometimes much faster than expected – like it has in 2020. When the threat landscape shifts suddenly, security professionals must quickly react and change their security posture. This not only means reconfiguring existing security investments but also adding new ones. But given the number of heterogenous security applications sold by multiple vendors, […]
|
Threat | ★★ | |
|
2020-11-05 16:00:16 | Operation North Star: Summary Of Our Latest Analysis (lien direct) | 
McAfee's Advanced Threat Research (ATR) today released research that uncovers previously undiscovered information on how Operation North Star evaluated its prospective victims and launched attacks on organizations in Australia, India, Israel and Russia, including defense contractors based in India and Russia. McAfee's initial research into Operation North Star revealed a campaign that used social media […]
|
Threat | ||
|
2020-11-05 16:00:01 | McAfee Labs Report Reveals Continuing Surge of COVID-19 Threats and Malware (lien direct) | 
The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: November 2020. In this edition, we follow our preceding McAfee Labs COVID-19 Threats Report with more research and data designed to help you better protect your enterprise's productivity and viability during challenging times. What a year so far! The first quarter of […]
|
Malware Threat | ★★★★ | |
|
2020-10-08 04:01:12 | Election 2020 – Keep Misinformation from Undermining the Vote (lien direct) | 
Election 2020 – Keep Misinformation from Undermining the Vote On September 22nd, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about the potential threat from foreign actors and cybercriminals attempting to spread false information. Their joint public service announcement makes a direct statement regarding how this […]
|
Threat | ★★ | |
|
2020-10-06 16:00:16 | Our Experiences Participating in Microsoft\'s Azure Sphere Bounty Program (lien direct) | 
From June to August, part of the McAfee Advanced Threat Research (ATR) team participated in Microsoft's Azure Sphere Research Challenge. Our research resulted in reporting multiple vulnerabilities classified by Microsoft as “important” or “critical” in the platform that, to date, have qualified for over $160,000 USD in bounty awards scheduled to be contributed to the ACLU ($100,000), St. Jude's Children's Research Hospital ($50,000) and PDX Hackerspace (approximately $20,000). With these contributions, we hope to support and give […]
|
Threat | ★★★★ | |
|
2020-10-01 04:01:56 | Securing Space 4.0 – One Small Step or a Giant Leap? Part 1 (lien direct) | 
McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and the National Space Center (NSC) in Cork, Ireland The essence of Space 4.0 is the introduction of smaller, cheaper, faster-to-the-market satellites in low-earth-orbit into the value chain and the exploitation of the data they provide. […]
|
Threat | ||
|
2020-10-01 04:01:49 | Securing Space 4.0 – One Small Step or a Giant Leap? Part 2 (lien direct) | 
McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and the National Space Center in Cork, Ireland In the first of this two-part blog series we introduced Space 4.0, its data value and how it looks set to become the next battleground in the defense […]
|
Threat | ||
|
2020-09-23 19:50:50 | ST22: Attivo Networks with Greg Vinson & Tushar Kothari (lien direct) | 
McAfee’s Global Business Development Manager, Greg Vinson and CEO of Attivo Networks, Tushar Kothari discuss the solutions to Threat Deception.
|
Threat | ★★★★ | |
|
2020-09-03 15:00:12 | What A Threat Analyst Really Thinks of Intelligence (lien direct) | 
When I was a threat analyst, too long ago for me to actually put in writing, I remember the thrill of discovery at the apex of the boredom of investigation. We all know that meme: And over the years, investigation leads became a little more substantial. It would begin in one of a few […]
|
Threat Guideline | ★★★★★ | |
|
2020-08-26 00:28:08 | Ransomware Could Be the New Data Breach: 5 Tips to Stay Secure (lien direct) | 
Cybercriminals tend to keep with the times, as they often leverage current events as a way to harvest user data or spread malicious content. McAfee COVID-19 Threat Report July 2020 points to a rather significant surge in attacks exploiting the current pandemic with COVID-19 themed malicious apps, phishing campaigns, malware, and ransomware. However, what many users don't realize is that ransomware attacks are a […]
|
Ransomware Threat | ★★★★ | |
|
2020-08-13 18:19:06 | On Drovorub: Linux Kernel Security Best Practices (lien direct) | 
Intro In a U.S. government cyber security advisory released today, the National Security Agency and Federal Bureau of Investigation warn of a previously undisclosed piece of Linux rootkit malware called Drovorub and attribute the threat to malicious actor APT28. The report is incredibly detailed and proposes several complementary detection techniques to effectively identify Drovorub malware […]
|
Malware Threat | APT 28 | |
|
2020-08-06 04:01:06 | Call an Exorcist! My Robot\'s Possessed! (lien direct) | 
Overview As part of our continued goal of helping developers provide safer products for businesses and consumers, we here at McAfee Advanced Threat Research (ATR) recently investigated temi, a teleconference robot produced by Robotemi Global Ltd. Our research led us to discover four separate vulnerabilities in the temi robot, which this paper will describe in […]
|
Threat | ||
|
2020-08-05 13:00:05 | Ripple20 Critical Vulnerabilities – Detection Logic and Signatures (lien direct) | 
This document has been prepared by McAfee Advanced Threat Research in collaboration with JSOF who discovered and responsibly disclosed the vulnerabilities. It is intended to serve as a joint research effort to produce valuable insights for network administrators and security personnel, looking to further understand these vulnerabilities to defend against exploitation. The signatures produced here […]
|
Threat | ||
|
2020-07-30 04:01:23 | McAfee Defender\'s Blog: Operation North Star Campaign (lien direct) |
Building Adaptable Security Architecture Against the Operation North Star Campaign Operation North Star Overview Over the last few months, we have seen attackers take advantage of the pandemic as a cover to launch cyberattacks. One such example is a campaign that McAfee Advanced Threat Research (ATR) observed as an increase in malicious cyber activity targeting […]
|
Threat | ||
|
2020-07-24 16:30:18 | Virtually Impossible to Miss McAfee at Black Hat 2020 (lien direct) | 
Black Hat 2020 is going virtual this year, providing attendees with the latest security research, development, and trends. Every year McAfee presents our latest security research and this year promises to be innovative and informative! You can expect insightful new findings from the McAfee Advanced Threat Research team. Also join us at the virtual booth […]
|
Threat | ||
|
2020-07-22 04:01:36 | McAfee COVID-19 Report Reveals Pandemic Threat Evolution (lien direct) |
The McAfee Advanced Threat Research team today published the McAfee® Labs COVID-19 Threats Report, July 2020. In this “Special Edition” threat report, we delve deep into the COVID-19 related attacks observed by our McAfee Advanced Threats Research and McAfee Labs teams in the first quarter of 2020 and the early months of the pandemic. What […]
|
Threat | ||
|
2020-07-13 18:38:50 | Time to Get Proactive About Threat Hunting (lien direct) | 
When I think about the many challenges that threat hunters face nowadays, trust me when I say that I feel their pain. Early in my career, I was a Security Engineer in a SOC who scrambled into action upon receiving the proverbial midnight call about an incident. The system I was part of wasn't perfect as we always were […]
|
Threat | ||
|
2020-06-29 21:43:52 | McAfee XDR: Taking Threat Detection and Response to a New Level (lien direct) | 
In the battle to protect digital data, the stakes have never been higher, and the outcome has never been more uncertain. Enterprises face ever-changing threats to their digital assets both inside and outside the traditional network perimeter from sophisticated threat actors, who use a changing assortment of techniques to find ways to skirt traditional security […]
|
Threat | ||
|
2020-06-29 18:16:04 | Meaningful Context for Your Endpoint Threat Investigations (lien direct) | 
Threat intelligence (TI) - the art of distilling down everything that is happening globally in the adversarial threatscape and TI Programs – reducing to what is necessary context for your company and your security team to know and take mitigation action against - is hard. Yet, many companies continue to try and create a threat intelligence capability from the ground up and find that their TI programs are not what they really want it to be. No wonder, then, […]
|
Threat | ||
|
2020-06-29 17:19:06 | Industry Experts Weigh in on McAfee\'s Proactive Cybersecurity (lien direct) | 
Recently Forbes shared an accurate depiction of McAfee in its article, McAfee Finally On The Right Path. Let me extend their innovation story and share with you the leadership path McAfee continues to blaze in cybersecurity. Imagine if organizations knew of high severity threats targeting their industry sector and geographies before they encountered such threats, with precise knowledge if their countermeasures could stop the threat? Also imagine if the countermeasures could not stop the threats, and they knew what they should do to improve those countermeasures so that the threat would be stopped? Doing all these […]
|
Threat Guideline | ||
|
2019-11-05 17:37:32 | Buran Ransomware; the Evolution of VegaLocker (lien direct) | 
McAfee's Advanced Threat Research Team observed how a new ransomware family named 'Buran' appeared in May 2019. Buran works as a RaaS model like other ransomware families such as REVil, GandCrab (now defunct), Phobos, etc. The author(s) take 25% of the income earned by affiliates, instead of the 30% – 40%, numbers from notorious malware […]
|
Ransomware Malware Threat | ||
|
2019-10-25 15:41:38 | Using Expert Rules in ENS 10.5.3 to Prevent Malicious Exploits (lien direct) | 
Expert Rules are text-based custom rules that can be created in the Exploit Prevention policy in ENS Threat Prevention 10.5.3+. Expert Rules provide additional parameters and allow much more flexibility than the custom rules that can be created in the Access Protection policy. It also allows system administration to control / monitor an endpoint system […]
|
Threat | ||
|
2019-10-21 04:01:24 | McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo (lien direct) | Episode 4: Crescendo This is the final installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to GandGrab, the most prolific Ransomware-as-a-Service (RaaS) Campaign of 2018 and mid 2019. In this final episode of our series we will zoom in on the operations, techniques and tools used by different affiliate […] | Threat | ||
|
2019-10-14 13:33:20 | McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money (lien direct) | 
Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to GandCrab, the most prolific Ransomware-as-a-Service (RaaS) Campaign of 2018 and mid 2019. The Talking Heads once sang “We're on a road to nowhere.” This expresses how challenging it can be when […]
|
Threat | ||
|
2019-10-02 16:05:54 | McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – The All-Stars (lien direct) | 
Episode 2: The All-Stars Analyzing Affiliate Structures in Ransomware-as-a-Service Campaigns This is the second installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to GandGrab, the most prolific Ransomware-as-a-Service (RaaS) Campaign of 2018 and mid-2019. GandCrab announced its retirement at the end of May. Since then, a new RaaS family […]
|
Threat | ||
|
2019-10-02 16:05:20 | McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us (lien direct) |
Episode 1: What the Code Tells Us McAfee's Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil), at the end of April 2019. Around this same time, the GandCrab ransomware crew announced they would shut down their operations. Coincidence? Or is there more to the story? In […]
|
Ransomware Threat | ||
|
2019-09-04 20:21:02 | Apple iOS Attack Underscores Importance of Threat Research (lien direct) | 
The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected, through the use of zero-day vulnerabilities. In this scenario, a threat actor or actors operated multiple compromised websites, using at least one or more zero-day vulnerabilities and numerous unique exploit chains and known vulnerabilities to […]
|
Threat | ||
|
2019-08-09 20:00:00 | HVACking: Understanding the Delta Between Security and Reality (lien direct) | 
The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. We recently investigated an industrial control system (ICS) produced by Delta Controls. The product, called “enteliBUS Manager”, is used for several applications, including building management. Our research […]
|
Threat | ||
|
2019-08-08 20:00:02 | Avaya Deskphone: Decade-Old Vulnerability Found in Phone\'s Firmware (lien direct) |
Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies (source), with products targeting a wide spectrum of customers, from small business and midmarket, to large corporations. As part of the ongoing McAfee Advanced Threat Research effort into researching critical vulnerabilities in widely deployed software […]
|
Vulnerability Threat | ||
|
2019-06-20 16:04:04 | Why Process Reimaging Matters (lien direct) | 
As this blog goes live, Eoin Carroll will be stepping off the stage at Hack in Paris having detailed the latest McAfee Advanced Threat Research (ATR) findings on Process Reimaging. Admittedly, this technique probably lacks a catchy name, but be under no illusion the technique is significant and is worth paying very close attention to. […]
|
Hack Threat | ||
|
2019-06-20 16:00:01 | In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass (lien direct) | 
Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR (Endpoint Detection and Response) Endpoint Security Solution's (such as Microsoft Defender Realtime Protection), ability to detect the correct binaries loaded in malicious processes. This inconsistency has led McAfee's Advanced Threat Research to develop a new […]
|
Threat | ||
|
2019-05-30 16:50:03 | Mr. Coffee with WeMo: Double Roast (lien direct) | 
McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please refer to the earlier blog to catch up with the processes and techniques I used to investigate and ultimately compromise this smart coffee maker. While researching the device, there was always one attack vector that […]
|
Vulnerability Threat | ||
|
2019-04-18 20:14:02 | IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? (lien direct) |
Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we will explore a vulnerability submitted by McAfee Advanced Threat Research (ATR) and investigate a piece of malware that recently incorporated similar vulnerabilities. The takeaway from this blog is the increasing […]
|
Malware Vulnerability Threat | ||
|
2019-03-20 22:36:01 | Analysis of a Chrome Zero Day: CVE-2019-5786 (lien direct) | 
1. Introduction On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019-5786). Clement Lecigne from Google Threat Analysis Group reported the bug as being exploited in the wild and targeting Windows 7, 32-bit platforms. The exploit leads to code execution in the Renderer process, […]
|
Threat Guideline | ||
|
2019-01-10 23:27:02 | IE Scripting Flaw Still a Threat to Unpatched Systems: Analyzing CVE-2018-8653 (lien direct) | 
Microsoft recently patched a critical flaw in Internet Explorer's scripting engine that could lead to remote code execution. The vulnerability is being exploited in the wild and was originally reported by a researcher from Google's Threat Analysis Group. Microsoft released an out-of-band patch to fix the vulnerability before the normal patch cycle. McAfee products received […]
|
Vulnerability Threat Guideline | ||
|
2018-12-19 21:45:01 | Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems (lien direct) |
Last week the McAfee Advanced Threat Research team posted an analysis of a new wave of Shamoon “wiper” malware attacks that struck several companies in the Middle East and Europe. In that analysis we discussed one difference to previous Shamoon campaigns. The latest version has a modular approach that allows the wiper to be used […]
|
Malware Tool Threat | ||
|
2018-12-19 05:01:01 | McAfee Labs Threats Report Examines Cybercriminal Underground, IoT Malware, Other Threats (lien direct) | 
The McAfee Advanced Threat Research team today published the McAfee® Labs Threats Report, December 2018. In this edition, we highlight the notable investigative research and trends in threats statistics and observations gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q3 of 2018. We are very excited to present to you new […]
|
Threat | ||
|
2018-12-12 11:01:00 | \'Operation Sharpshooter\' Targets Global Defense, Critical Infrastructure (lien direct) | 
This post was written with contributions from the McAfee Advanced Threat Research team. The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download […]
|
Malware Threat | ||
|
2018-11-08 23:45:02 | Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems (lien direct) | 
Malware that attacks industrial control systems (ICS), such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that manage large-scale industrial processes. An essential danger in this threat is that it moves from mere digital damage to risking human lives. In this …
|
Malware Threat | ||
|
2018-09-19 13:00:03 | Cyber Threat Alliance Releases Analysis of Illicit Cryptocurrency Mining (lien direct) | 
In response to the explosive increase in cryptomining campaigns in Q4 2017, the Cyber Threat Alliance has formed a cryptomining subcommittee to assess the threat. This committee comprises expert researchers from major cybersecurity companies, including McAfee. The committee has now released “The Illicit Cryptocurrency Joint Analysis,” an in-depth report on the current state of unlawful …
|
Threat | ||
|
2018-08-14 21:49:02 | McAfee ePO Platform Gains Insight Into Threat Research (lien direct) | 
The latest update to the McAfee® ePolicy Orchestrator® platform offers a new add-in to provide insight into the latest analysis carried out by McAfee Labs and the Advanced Threat Research team.
|
Threat | ||
|
2018-07-31 21:43:01 | GandCrab Ransomware Puts the Pinch on Victims (lien direct) | 
The GandCrab ransomware first appeared in January and has updated itself rapidly during its short life. It is the leading ransomware threat. The McAfee Advanced Threat Research team has reverse engineered Versions 4.0 through 4.2 of the malware. The first versions (1.0 and 1.1) of this malware had a bug that left the keys in …
|
Ransomware Malware Threat Guideline | ||
|
2018-07-26 13:00:03 | CactusTorch Fileless Threat Abuses .NET to Infect Victims (lien direct) | 
McAfee Labs has noticed a significant shift by some actors toward using trusted Windows executables, rather than external malware, to attack systems. One of the most popular techniques is a “fileless” attack. Because these attacks are launched through reputable executables, they are hard to detect. Both consumers and corporate users can fall victim to this …
|
Threat | ||
|
2018-07-13 22:52:00 | What Drives a Ransomware Criminal? CoinVault Developers Convicted in Dutch Court (lien direct) | 
How often do we get a chance to learn what goes on in the minds of cybercriminals? Two members of McAfee's Advanced Threat Research team recently did, as they attended a court case against two cybercriminal brothers. The brothers, Dennis and Melvin, faced a judge in Rotterdam, in the Netherlands. This case was one of …
|
Ransomware Threat | ||
|
2018-07-11 13:00:00 | Organizations Leave Backdoors Open to Cheap Remote Desktop Protocol Attacks (lien direct) | 
Thanks to my colleague Christiaan Beek for his advice and contributions. While researching underground hacker marketplaces, the McAfee Advanced Threat Research team has discovered that access linked to security and building automation systems of a major international airport could be bought for only US$10. The dark web contains RDP shops, online platforms selling remote desktop …
|
Threat |
To see everything:
Our RSS (filtrered)
