What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-10-18 04:01:00 | \'Operation Oceansalt\' Delivers Wave After Wave (lien direct) | 
A wall eight feet high with three strands of barbed wire is considered sufficient to deter a determined intruder, at least according to the advice offered by the CISSP professional certification. Although physical controls can be part of a multifaceted defense, an electronic attack affords the adversary time to develop the necessary tools to bypass …
|
APT 32 | ||
|
2018-10-10 23:29:01 | Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation (lien direct) | 
The GandCrab ransomware, which first appeared in January, has been updated rapidly during its short life, with Version 5.0.2 appearing this month. In this post we will examine the latest version and how the authors have improved the code (and in some cases have made mistakes). McAfee gateway and endpoint products are able to protect …
|
Ransomware | ||
|
2018-10-09 15:00:01 | When the Digital Impacts the Physical (lien direct) | 
Cyberattacks have always been, well, cyber. Their immediate effects were on our data, our digital information, and our devices…until they weren't. The interconnected nature of the world and the way it's built in 2018 has brought us exciting and revolutionary innovations, but it has also been leveraged by hackers to extend the impact of a …
|
|||
|
2018-09-25 04:00:04 | \'McAfee Labs Threats Report\' Highlights Cryptojacking, Blockchain, Mobile Security Issues (lien direct) | 
As we look over some of the key issues from the newly released McAfee Labs Threats Report, we read terms such as voice assistant, blockchain, billing fraud, and cryptojacking. Although voice assistants fall in a different category, the other three are closely linked and driven by the goal of fast, profitable attacks that result in …
|
|||
|
2018-09-19 13:00:03 | Cyber Threat Alliance Releases Analysis of Illicit Cryptocurrency Mining (lien direct) | 
In response to the explosive increase in cryptomining campaigns in Q4 2017, the Cyber Threat Alliance has formed a cryptomining subcommittee to assess the threat. This committee comprises expert researchers from major cybersecurity companies, including McAfee. The committee has now released “The Illicit Cryptocurrency Joint Analysis,” an in-depth report on the current state of unlawful …
|
Threat | ||
|
2018-09-18 04:01:03 | Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns (lien direct) | 
Politics and ransomware. No, it's not a lost single from the Oasis back catalogue, but in fact a relatively recent tactic by ransomware developers looking to exploit the profiles of major politicians to install ransomware on victims' computers. Donald Trump, Angela Merkel, and now Barack Obama all serve as lures for the unsuspecting. Despite its …
|
Ransomware | ||
|
2018-09-15 14:00:03 | Fortnite: Why Kids Love It and What Parents Need to Know (lien direct) | 
Fortnite: Battle Royale is the hottest video game for kids right now. More than 125 million people have downloaded the game and it’s estimated that 3.4 million play it monthly. But while the last-man-standing battle game is a blast to play, it also has parents asking a lot of questions as their kids spend …
|
|||
|
2018-08-22 17:00:05 | McAfee Opens State-of-the-Art Security Research Lab in Oregon (lien direct) | 
Today we are pleased to announce the grand opening of our dedicated research lab in the Hillsboro, Oregon, office near Portland.
|
|||
|
2018-08-21 04:01:03 | \'Insight\' into Home Automation Reveals Vulnerability in Simple IoT Product (lien direct) | 
Eoin Carroll, Charles McFarland, Kevin McGrath, and Mark Bereza contributed to this report. The Internet of Things promises to make our lives easier. Want to remotely turn lights and appliances on and off and monitor them online? A “smart plug,” a Wi-Fi–connected electric outlet, is one simple method. But IoT devices can turn into attack …
|
Vulnerability | ||
|
2018-08-14 21:49:02 | McAfee ePO Platform Gains Insight Into Threat Research (lien direct) | 
The latest update to the McAfee® ePolicy Orchestrator® platform offers a new add-in to provide insight into the latest analysis carried out by McAfee Labs and the Advanced Threat Research team.
|
Threat | ||
|
2018-08-14 17:31:04 | Microsoft Cortana Allows Browser Navigation Without Login: CVE-2018-8253 (lien direct) | 
A locked Windows 10 device with Cortana enabled on the lock screen allows an attacker with physical access to the device to do two kinds of unauthorized browsing.
|
|||
|
2018-08-09 13:00:01 | Examining Code Reuse Reveals Undiscovered Links Among North Korea\'s Malware Families (lien direct) | 
This research is a joint effort by Jay Rosenberg, senior security researcher at Intezer, and Christiaan Beek, lead scientist and senior principal engineer at McAfee. Intezer has also posted this story. Attacks from the online groups Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, and 10 Days of Rain are believed to …
|
Malware Guideline Medical Cloud | APT 38 APT 37 | |
|
2018-07-31 21:43:01 | GandCrab Ransomware Puts the Pinch on Victims (lien direct) | 
The GandCrab ransomware first appeared in January and has updated itself rapidly during its short life. It is the leading ransomware threat. The McAfee Advanced Threat Research team has reverse engineered Versions 4.0 through 4.2 of the malware. The first versions (1.0 and 1.1) of this malware had a bug that left the keys in …
|
Ransomware Malware Threat Guideline | ||
|
2018-07-26 13:00:03 | CactusTorch Fileless Threat Abuses .NET to Infect Victims (lien direct) | 
McAfee Labs has noticed a significant shift by some actors toward using trusted Windows executables, rather than external malware, to attack systems. One of the most popular techniques is a “fileless” attack. Because these attacks are launched through reputable executables, they are hard to detect. Both consumers and corporate users can fall victim to this …
|
Threat | ||
|
2018-07-13 22:52:00 | What Drives a Ransomware Criminal? CoinVault Developers Convicted in Dutch Court (lien direct) | 
How often do we get a chance to learn what goes on in the minds of cybercriminals? Two members of McAfee's Advanced Threat Research team recently did, as they attended a court case against two cybercriminal brothers. The brothers, Dennis and Melvin, faced a judge in Rotterdam, in the Netherlands. This case was one of …
|
Ransomware Threat | ||
|
2018-07-12 13:00:04 | Google Play Users Risk a Yellow Card With Android/FoulGoal.A (lien direct) | 
English soccer fans have enthusiastically enjoyed the team's current run in the World Cup, as the tune “Three Lions” plays in their heads, while hoping to end 52 years of hurt. Meanwhile a recent spyware campaign distributed on Google Play has hurt fans of the beautiful game for some time. Using major events as social …
|
|||
|
2018-07-11 13:00:00 | Organizations Leave Backdoors Open to Cheap Remote Desktop Protocol Attacks (lien direct) | 
Thanks to my colleague Christiaan Beek for his advice and contributions. While researching underground hacker marketplaces, the McAfee Advanced Threat Research team has discovered that access linked to security and building automation systems of a major international airport could be bought for only US$10. The dark web contains RDP shops, online platforms selling remote desktop …
|
Threat | ||
|
2018-07-03 18:28:03 | Cybercrime in the Spotlight: How Crooks Capitalize on Cultural Events (lien direct) | 
Every four years, everyone's head around the globe turns toward the television. The Olympics, the World Cup – world events like these have all eyes viewing friendly competition between nations. Operating under such a big spotlight, these events have been heavily guarded by physical security to ensure no participants or attendees are harmed. But what about …
|
|||
|
2018-06-28 01:32:01 | AsiaHitGroup Returns With New Billing-Fraud Campaign (lien direct) | 
Are you tired yet of the music track “Despacito”? If you downloaded this ringtone app from Google Play, chances are your answer is a resounding Yes. But it gets worse: The McAfee Mobile Research team recently found 15 apps on Google Play that were uploaded by the AsiaHitGroup Gang. The ringtone app was one of …
|
|||
|
2018-06-28 01:31:05 | AsiaHitGroup Gang Again Sneaks Billing-Fraud Apps Onto Google Play (lien direct) | 
The McAfee Mobile Research team has found a new billing-fraud campaign of at least 15 apps published in 2018 on Google Play. Toll fraud (which includes WAP billing fraud) is a leading category of potentially harmful apps on Google Play, according to the report Android Security 2017 Year in Review. This new campaign demonstrates that …
|
Guideline | ||
|
2018-06-27 04:01:00 | \'McAfee Labs Threats Report\' Spotlights Innovative Attack Techniques, Cryptocurrency Mining, Multisector Attacks (lien direct) | 
In the McAfee Labs Threats Report June 2018, published today, we share investigative research and threat statistics gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q1 of this year. We have observed that although overall new malware has declined by 31% since the previous quarter, bad actors are working relentlessly to …
|
Malware Threat | ||
|
2018-06-26 18:26:02 | Checking In Halfway: The McAfee Labs 2018 Threats Predictions (lien direct) | 
Time flies when you're fighting cybercrime. Now that's not exactly how the phrase goes, but for us at McAfee, it's hard to believe that we're already almost halfway through 2018. It seems like just yesterday we were predicting the types of cyberthreats we would see throughout this year with our McAfee Labs 2018 Threats Predictions …
|
|||
|
2018-06-19 04:01:02 | Apply MITRE\'s \'ATT&CK\' Model to Check Your Defenses (lien direct) | 
Every week we read about adversaries attacking their targets as part of online criminal campaigns. Information gathering, strategic advantage, and theft of intellectual property are some of the motivations. Besides these, we have seen during the past two years an increase in attacks in which adversaries are not shy of leaving a trail of destruction. …
|
|||
|
2018-06-14 21:34:01 | Unintended Clipboard Paste Function in Windows 10 Leads to Information Leak in RS1 (lien direct) | 
The McAfee Labs Advanced Threat Research team has been investigating the Windows 10 platform. We have submitted several vulnerabilities already and have disclosed our research to Microsoft. Please refer to our vulnerability disclosure policy for further details or the post from earlier this week on Windows 10 Cortana vulnerabilities. Early last year, a trivial “information leak” …
|
|||
|
2018-06-13 13:01:02 | Threat Report: Don\'t Join Blockchain Revolution Without Ensuring Security (lien direct) | 
On May 19 researchers discovered a series of vulnerabilities in the blockchain-based EOS platform that can lead to remote control over participating nodes. Just four days prior, a mining pool server for the IOT platform HDAC was compromised, impacting the vast majority of miners. In January the largest-ever theft of cryptocurrencies occurred against the exchange …
|
Guideline | ||
|
2018-06-12 17:15:02 | Want to Break Into a Locked Windows 10 Device? Ask Cortana (CVE-2018-8140) (lien direct) | 
June's “Patch Tuesday” (June 12) is here, but it is likely many Windows 10 users have not yet applied these updates.
|
|||
|
2018-06-06 15:42:02 | VPNFilter Malware Adds Capabilities to Exploit Endpoints (lien direct) | 
VPNFilter, a botnet-controlled malware that infects networking devices, was first documented by researchers from Cisco Talos. McAfee Labs also published a blog on May 23 with some initial information. In our last post we discussed the three stages of infection and the devices affected by the malware, and how it can maintain a persistent presence …
|
VPNFilter | ||
|
2018-05-23 21:28:02 | VPNFilter Botnet Targets Networking Devices (lien direct) | 
VPNFilter is a botnet with capabilities to support both intelligence collection and destructive cyberattack operations. The Cisco Talos team recently notified members of the Cyber Threat Alliance (CTA) of its findings and published this blog.
|
VPNFilter | ||
|
2018-05-21 22:00:02 | It\'s a Zoo Out There! Data Analysis of Alleged ZooPark Dump (lien direct) | 
In early May, researchers disclosed a Mobile malware campaign by a group focused on Middle Eastern targets. This actor was found to be an evolving and sophisticated group using fake Android apps, namely Telegram, to trick users into installing malicious software. They have been active since 2015 and evolved over several campaigns into 2018. On …
|
|||
|
2018-05-17 13:31:05 | Malware on Google Play Targets North Korean Defectors (lien direct) | 
Earlier this year, McAfee researchers predicted in the McAfee Mobile Threat Report that we expect the number of targeted attacks on mobile devices to increase due to their ubiquitous growth combined with the sophisticated tactics used by malware authors.
|
|||
|
2018-05-11 20:00:01 | Syn/Ack Unique Proactive Protection Technique (lien direct) | 
McAfee's Advanced Threat Research team has performed analysis on samples of Syn/Ack ransomware implementing Process Doppelgänging. For those who are concerned about the potential impact of this ransomware but are currently unable to implement McAfee product protections, we have found a simple but interesting alternative method. Prior to encryption and ransom, the malware first checks …
|
|||
|
2018-05-11 15:00:04 | McAfee Protects Against Doppelgänging Technique (lien direct) | 
That adversaries adopt new techniques is a known fact. However, the speed they include new innovative techniques to bypass end-point security and or evade sandboxing appears to be at an ever-increasing pace. Indeed, adversary adoption is often faster than the InfoSec industry can implement and test effective countermeasures. For example, in December 2017, a tool …
|
|||
|
2018-04-25 04:01:02 | (Déjà vu) Global Malware Campaign Pilfers Data from Critical Infrastructure, Entertainment, Finance, Health Care, and Other Industries (lien direct) | 
McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. This campaign, dubbed Operation GhostSecret, leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra. The infrastructure currently remains active. (For an extensive …
|
Medical | APT 38 | |
|
2018-04-25 04:01:02 | (Déjà vu) Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide (lien direct) | 
McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. This campaign, dubbed Operation GhostSecret, leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra. The infrastructure currently remains active. In this post, …
|
Medical | APT 38 | |
|
2018-04-17 13:00:00 | Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause Concern (lien direct) | 
This post was researched and written with the assistance of Tim Hux, Abhishek Karnik, Asheer Malhotra, and Steve Povolny McAfee Advanced Threat Research team analysts have studied Adobe Flash Player for years because it is a popular target for attacks. As always, we advise customers to remain current with McAfee's latest DAT versions. In this …
|
|||
|
2018-04-16 16:00:04 | Cloud Clustering Vulnerable to Attacks (lien direct) | 
The authors thank John Fokker and Marcelo CaroVargas for their contributions and insights. In our upcoming talk at the Cloud Security Alliance Summit at the RSA Conference, we will focus our attention on the insecurity of cloud deployments. We are interested in whether attackers can use compromised cloud infrastructure as viable backup resources as well …
|
|||
|
2018-04-11 16:00:01 | Parasitic Coin Mining Creates Wealth, Destroys Systems (lien direct) | 
The increasing popularity of cryptocurrencies has inspired some people to pursue coin mining, essentially making money online. (Mining is the processing of transactions in the digital currency system, in which new transactions are recorded in a digital ledger called the blockchain. Miners help to update the ledger to verify and collect new transactions to be …
|
|||
|
2018-03-27 19:30:03 | Today\'s Connected Cars Vulnerable to Hacking, Malware (lien direct) | 
The McAfee Advanced Threat Research team recently published an article about threats to automobiles on the French site JournalAuto.com. Connected cars are growing rapidly in number and represent the next big step in personal transportation.
|
★★★★ | ||
|
2018-03-19 20:29:01 | Ransomware Takes Open-Source Path, Encrypts With GNU Privacy Guard (lien direct) | 
McAfee Labs has recently observed a new variant of ransomware that relies on the open-source program GNU Privacy Guard (GnuPG) to encrypt data. GnuPG is a hybrid-encryption software program that uses a combination of conventional symmetric-key cryptography for speed and public-key cryptography to ease the secure key exchange. Although ransomware using GnuPG to encrypt files …
|
★★★★★ | ||
|
2018-03-12 04:03:03 | \'McAfee Labs Threats Report\' Examines Cryptocurrency Hijacking, Ransomware, Fileless Malware (lien direct) | 
Today McAfee published the McAfee Labs Threats Report: March 2018. The report looks into the growth and trends of new malware, ransomware, and other threats in Q4 2017. McAfee Labs saw on average eight new threat samples per second, and the increasing use of fileless malware attacks leveraging Microsoft PowerShell. The Q4 spike in Bitcoin value prompted cybercriminals to focus on cryptocurrency hijacking through a variety of methods, including malicious Android apps.
|
★★★ | ||
|
2018-03-12 04:02:02 | McAfee Researchers Find Poor Security Exposes Medical Data to Cybercriminals (lien direct) | 
Those who have successfully gained access to medical data have been well rewarded for their efforts. One seller stated in an interview that “someone wanted to buy all the … records specifically,” claiming that the effort had netted US$100,000.
|
★★ | ||
|
2018-03-12 04:01:05 | McAfee Researchers Analyze Dark Side of Cryptocurrency Craze: Its Effect on Cybercrime (lien direct) | 
In December 2017 Bitcoin values skyrocketed, peaking at the unprecedented amount of roughly US$19,000 per coin. Unsurprisingly, the market for cryptocurrencies exploded in response. Investors, companies, and even the public found a fresh interest in digital currencies. However, the exciting change in Bitcoin value did not just influence your average wealth seeker. It also influenced …
|
★★★★ | ||
|
2018-03-08 14:00:03 | Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant (lien direct) | 
This post was prepared with contributions from Asheer Malhotra, Charles Crawford, and Jessica Saavedra-Morales. On February 28, the McAfee Advanced Threat Research team discovered that the cybercrime group Hidden Cobra continues to target cryptocurrency and financial organizations. In this analysis, we observed the return of Hidden Cobra's Bankshot malware implant surfacing in the Turkish financial …
|
Medical | APT 38 | ★★★ |
|
2018-03-02 19:17:04 | How Hackers Bypassed an Adobe Flash Protection Mechanism (lien direct) | 
The number of Flash Player exploits has recently declined, due to Adobe's introduction of various measures to strengthen Flash's security. Occasionally, however, an exploit still arises. On January 31, Kr-Cert reported a zero-day vulnerability, identified as CVE-2018-4878, being exploited in the field. (Adobe has released an update to fix this flaw.) We analyzed this vulnerability …
|
★★★★ | ||
|
2018-03-02 13:00:01 | McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups (lien direct) | 
This post was written with contributions from Jessica Saavedra-Morales, Thomas Roccia, and Asheer Malhotra. McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as bait to lure victims into opening malicious Microsoft Word documents. Our analysts have named this Operation Honeybee, based on the …
|
★★ | ||
|
2018-02-22 20:00:01 | DDoS Attacks in the Netherlands Reveal Teen Gamers on Troublesome Path (lien direct) | 
At the end of January, the Netherlands was plagued by distributed denial of service (DDoS) attacks targeting various financial institutions, tech sites, and the Dutch tax authorities. At the time of the attacks it was unclear who was responsible, and this led to speculation among security experts. Coincidentally, the attacks started a few days after …
|
★★★ | ||
|
2018-02-16 19:31:01 | Free Ransomware Available on Dark Web (lien direct) | 
The McAfee Advanced Threat Research team recently analyzed a ransomware-as-a-service threat that is available for free and without registration. This malware was first seen in July 2017 with the extension .shifr. It has now appeared in recent detections with the extension .cypher. Ransomware-as-a-Service Ransomware-as-a-service is a cybercrime economic model that allows malware developers to earn money …
|
★★★★ | ||
|
2018-01-06 17:00:03 | Malicious Document Targets Pyeongchang Olympics (lien direct) | 
McAfee Advanced Threat Research analysts have discovered a campaign targeting organizations involved with the Pyeongchang Olympics. Attached in an email was a malicious Microsoft Word document with the original file name 농식품부, 평창 동계올림픽 대비 축산악취 방지대책 관련기관 회의 개최.doc (“Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics”). The primary target of …
|
★★★★ | ||
|
2017-12-20 12:00:03 | McAfee Labs Advanced Threat Research Aids Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker (lien direct) | 
In our recent research, we interviewed the actors behind ransomware campaigns. One of the interesting findings was cybercriminals seemed to have a sense of absolute safety when conducting criminal operations. Cybercrime is an area of crime like no other, perceived as low-risk with high returns, which contributes greatly to its rapid growth.
|
★★★ | ||
|
2017-12-18 05:02:03 | Looking Into the World of Ransomware Actors Reveals Some Surprises (lien direct) | 
During the preparations for our keynotes at McAfee's recent MPOWER conference, we brainstormed a few topics we wanted to share with the audience. Ransomware was definitely on our agenda, but so much has already been said and written on the subject. What could we add that would be interesting? We hit on the angle: to …
|
★★★★ |
To see everything:
Our RSS (filtrered)
