What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-12-18 05:01:03 | McAfee Labs Reports All-Time Highs for Malware in Latest Count (lien direct) | 
In the third quarter of 2017, McAfee Labs reports all-time highs of new and total malware. What is causing the increasing numbers of malware that are submitted to us at an average rate of four new malware samples per second? One major trend that continues in Q3 is the abuse of Microsoft Office–related exploits and …
|
★★ | ||
|
2017-12-13 22:00:02 | Chinese Cybercriminals Develop Lucrative Hacking Services (lien direct) | 
Underground cybercrime profits in China have likely already exceeded US$15.1 billion (100 billion Chinese yuan); caused more than $13.8 billion (91.5 billion yuan) worth of damage relating to data loss, identity theft, and fraud; and will grow at an even faster pace as underground hackers expand international business operations to increasingly target foreign businesses, according …
|
★★★★★ | ||
|
2017-12-06 23:00:02 | Emotet Downloader Trojan Returns in Force (lien direct) | 
During the past couple of days, we have seen an increase in activity from Emotet. This Trojan downloader spreads by emails that lure victims into downloading a Word document, which contains macros that after executing employ PowerShell to download a malicious payload. We have observed Emotet downloading a variety of payloads, including ransomware, Dridex, Trickbot, …
|
★★ | ||
|
2017-11-29 08:01:05 | \'McAfee Labs 2018 Threats Predictions Report\' Previews Five Cybersecurity Trends (lien direct) | 
Welcome to the McAfee Labs 2018 Threats Predictions Report. We find ourselves in a highly volatile stage of cybersecurity, with new devices, new risks, and new threats appearing every day. In this edition, we have polled thought leaders from McAfee Labs and the Office of the CTO. They offer their views on a wide range of threats, including machine learning, ransomware, serverless apps, and privacy issues.
|
Guideline | ★★★★★ | |
|
2017-11-24 14:00:05 | Don\'t Substitute CVSS for Risk: Scoring System Inflates Importance of CVE-2017-3735 (lien direct) | 
I am a wry observer of vulnerability announcements. CVE-2017-3735-which can allow a small buffer overread in an X.509 certificate-presents an excellent example of the limitations of the Common Vulnerability Scoring System (CVSS). This scoring system is the de facto security industry standard for calculating and exchanging information about the severity of vulnerabilities. The problem is …
|
★★★★ | ||
|
2017-11-20 12:00:03 | Android Malware Appears Linked to Lazarus Cybercrime Group (lien direct) | 
The McAfee Mobile Research team recently examined a new threat, Android malware that contains a backdoor file in the executable and linkable format (ELF). The ELF file is similar to several executables that have been reported to belong to the Lazarus cybercrime group. (For more on Lazarus, read this post from our Advanced Threat Research …
|
APT 38 | ★★★★★ | |
|
2017-11-16 17:17:01 | IoT Devices: The Gift that Keeps on Giving… to Hackers (lien direct) | 
McAfee Advanced Threat Research on Most Hackable Gifts You've probably noticed the recent increase in Internet connected drones, digital assistants, toys, appliances and other devices hitting the market and maybe even showing up in your own home. The sale of these “Internet-of-Things” (IoT) devices is expected to reach 600 million units this year and, unfortunately, …
|
★★ | ||
|
2017-11-07 18:00:00 | Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack (lien direct) | 
This blog post was co-written by Michael Rea. During our monitoring of activities around the APT28 threat group, McAfee Advanced Threat Research analysts identified a malicious Word document that appears to leverage the Microsoft Office Dynamic Data Exchange (DDE) technique that has been previously reported by Advanced Threat Research. This document likely marks the first …
|
APT 28 | ★★★★ | |
|
2017-11-03 19:00:00 | Self-Signed Certificates Can Be Secure, So Why Ban Them? (lien direct) | 
This blog was co-written by Ramnath Venugopalan. In many organizations the use of self-signed certificates is forbidden by policy. Organizations may ban the use of self-signed certificates for several reasons: It is trivially easy to generate a certificate's key pair without reasonable entropy, to fail protect the private key of the key pair appropriately to …
|
★★★ | ||
|
2017-11-01 13:00:05 | Pirate Versions of Popular Apps Infiltrate Google Play via Virtualization (lien direct) | 
The McAfee Mobile Research team recently found pirated applications of popular apps distributed on the Google Play store. A pirated app is one distributed usually outside of the official store as a free version of a legitimate app. Paid legitimate applications are leading targets of pirated versions. In this case, however, we found pirated copies …
|
Guideline | ★★★ | |
|
2017-10-31 13:00:02 | Expiro Malware Is Back and Even Harder to Remove (lien direct) | 
File infector malware adds malicious code to current files. This makes removal tricky because deleting infections results in the loss of legitimate files. Although file infectors were more popular in the 1990s and early 2000s, they still pose a significant threat. The complex disinfection process is usually leveraged by malware authors to ensure systems stay …
|
★★★★ | ||
|
2017-10-27 13:00:04 | Configuring McAfee ENS and VSE to Prevent Macroless Code Execution in Office Apps (lien direct) | 
Microsoft Office macros are a popular method of distributing malware. Users can defend themselves against macro attacks by disabling macros. McAfee Labs has now seen a new attack technique using a feature of Office applications that help create dynamic reports. In this post we will explain this technique and offer a method to prevent the …
|
★★★★ | ||
|
2017-10-27 12:59:04 | Code Execution Technique Takes Advantage of Dynamic Data Exchange (lien direct) | 
Email phishing campaigns are a popular social engineering technique among hackers. The idea is simple: Craft an email that looks enticing to users and convince them to click on a malicious link or open a malicious attachment. Weight-loss and other health-related phishing emails are common. Package deliveries, bank notices and, in the case of spear …
|
★★★ | ||
|
2017-10-26 13:00:02 | Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826: Memory Corruption Vulnerability (lien direct) | 
McAfee Labs has performed frequent analyses of Office-related threats over the years: In 2015, we presented research on the Office OLE mechanism; in 2016 at the BlueHat conference, we looked at the high-level attack surface of Office; and this year at the SYSCAN360 Seattle conference, we presented deep research on the critical Office “Moniker” zero-day vulnerabilities. …
|
|||
|
2017-10-24 22:31:04 | \'BadRabbit\' Ransomware Burrows Into Russia, Ukraine (lien direct) | 
This post was researched and written by Christiaan Beek, Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani. McAfee is currently investigating a ransomware campaign known as BadRabbit, which initially infected targets in Russia and the Ukraine. We are also investigating reports of infected systems in Germany, Turkey, and Bulgaria and will provide updates …
|
|||
|
2017-10-23 15:53:02 | KRACKs: Five Observations on WPA Authentication Vulnerability (lien direct) | 
KRACKs are in the news. McAfee has already discussed these key reinstallation attacks that affect Wi-Fi setups in two posts: “KRACKs Against Wi-Fi Serious But Not End of the World” “How KRACK Threatens Wi-Fi's Security Underpinnings and What It Means for You” Here are five observations that offer an easy-to-digest summary: Don't panic! Remember this …
|
★★★ | ||
|
2017-10-18 16:01:04 | Tips for Effective Threat Hunting (lien direct) | 
This blog was co-written by Ramnath Venugopalan. In May, McAfee surveyed more than 700 IT and security professionals around the world to better understand how threat hunting is used in organizations and how they hope to enhance their threat hunting capabilities. You can read the full study: Disrupting the Disruptors, Art or Science? Understanding the …
|
|||
|
2017-10-12 21:34:02 | Taiwan Bank Heist and the Role of Pseudo Ransomware (lien direct) | 
Widespread reports claim the Far Eastern International Bank in Taiwan has become a victim of hacking. The attacks demonstrate the global nature of cybercrime, with the cybercriminals attempting to wire US$60 million to destinations such as Sri Lanka, Cambodia, and the United States.
|
|||
|
2017-10-11 13:00:02 | Staying Anonymous on the Blockchain: Concerns and Techniques (lien direct) | 
With Bitcoin at one point valued at more than $5,000 per unit, cryptocurrencies have excited a lot of interest from individuals, businesses, and hackers. One of the selling points of Bitcoin and others of its type is anonymity. Yet there are concerns that online currency transactions may not be as anonymous as many wish. In …
|
|||
|
2017-10-02 14:00:00 | Linux Kernel Vulnerability Can Lead to Privilege Escalation: Analyzing CVE-2017-1000112 (lien direct) | 
This blog was written by Krishs Patil. A memory corruption bug in UDP fragmentation offload (UFO) code inside the Linux kernel can lead to local privilege escalation. In this post we will examine this vulnerability and its accompanying exploit. Although this bug affects both IPv4 and IPv6 code paths, we analyzed only IPv4 code running …
|
Guideline | ||
|
2017-09-26 18:00:01 | McAfee Labs: Faceliker Surge Manipulates Facebook “Likes” to Promote News, Other Content (lien direct) | 
Criminals excel in manipulating the trust within human relationships, particularly as individuals project themselves into digital realms such as social media. We see it in phishing messages, which fool us into clicking on a malicious weblink from what appears to be a benign organization with which we do business. We also see it in the …
|
|||
|
2017-09-26 04:01:04 | McAfee Labs Threats Report Explores WannaCry/Petya, Threat Hunting, Script-Based Malware (lien direct) | 
Today we published the McAfee Labs Threats Report: September 2017. This quarter's report shows off a new design. We hope you will find it attractive as well as informative.
|
Wannacry | ||
|
2017-09-22 17:00:05 | Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805 (lien direct) | 
Apache Struts, an open-source web development framework, is prone to vulnerabilities. We wrote about CVE-2017-9791 in July. The latest is CVE-2017-9805, another remote code execution flaw actively being exploited, according to reports. This vulnerability affects the Struts plug-in Representational State Transfer (REST). Apache has updated Struts with Version 2.5.13 to fix this issue. In this post …
|
★★ | ||
|
2017-09-21 13:00:03 | Microsoft Kills Potential Remote Code Execution Vulnerability in Office (CVE-2017-8630) (lien direct) | 
Recently the McAfee IPS Research Team informed Microsoft about a potential remote code execution vulnerability in Office 2016 that McAfee discovered in March. Microsoft released a patch for this vulnerability this week with CVE-2017-8630. In this post, we will briefly discuss the vulnerability and its exploitability. The Problem While auditing PowerPoint, we came across an …
|
★★ | ||
|
2017-09-12 13:00:05 | Android Click-Fraud App Repurposed as DDoS Botnet (lien direct) | 
The McAfee Mobile Research Team tracks the behavior of Android click-fraud apps. We have detected multiple implementations, including recent examples on Google Play in 2016 and Clicker.BN last month. These threats are characterized by a common behavior: They appear innocuous but in the background they perform HTTP requests (simulating clicks) on paid “advertainment” to make …
|
★★★ | ||
|
2017-08-28 08:10:02 | Android Banking Trojan MoqHao Spreading via SMS Phishing in South Korea (lien direct) | 
Last month, a number of users started posting on South Korean sites screenshots of suspicious SMS messages phishing texts (also known as smishing) to lure them into clicking on shortened URLs. For example, the following message asks the user to click on the link to check if a private picture has been leaked: Figure 1: …
|
★★★★ | ||
|
2017-08-25 00:59:00 | Android Click-Fraud Apps Briefly Return to Google Play (lien direct) | 
Click-fraud apps frequently appear on Google Play and third-party markets. They are sometimes hard to identify because the malicious behavior that simulates clicks is similar to the behavior of many legitimate applications (using common API calls and permissions). Further, part of the malicious code does not reside in the original malware and comes from a …
|
★★★★★ | ||
|
2017-08-14 23:28:01 | Smishing Campaign Steals Banking Credentials in U.S. (lien direct) | 
The McAfee Mobile Research team recently found an active smishing campaign, using SMS messages, that targets online banking users in the United States. The messages attempt to scare victims with a notice that the bank account will be soon closed and that the user must immediately click a malicious URL: Figure 1: Phishing SMS message. …
|
★★★ | ||
|
2017-08-02 21:54:00 | DEFCON – Connected Car Security (lien direct) | 
Sometime in the distant past, that thing in your driveway was a car. However, the “connected car is already the third-fastest growing technological device after phones and tablets.” The days when a Haynes manual, a tool kit, and a free afternoon/week to work on the car are fast becoming a distant memory. Our connected cars …
|
★★★★★ | ||
|
2017-07-26 17:39:04 | Analyzing CVE-2017-0190: WMF Flaws Can Lead to Data Theft, Code Execution (lien direct) | 
CVE-2017-0190 is a recently patched vulnerability related to Windows metafiles (WMFs), a portable image format mainly used by 16-bit Windows applications. Recently we have seen an increase in the number of vulnerabilities related to WMFs and EMFs (enhanced metafiles) in the GDI32 library. Most often, these vulnerabilities lead to sensitive information disclosure from the process …
|
Guideline | ★★ | |
|
2017-07-25 14:20:00 | NoMoreRansom – One year on! (lien direct) | 
One year on. It is fair to say that the No More Ransom project not only exceeded our expectations, but simply blew these initial expectations out of the water. A collaboration between six partners (McAfee, EC3, Dutch Police, Kaspersky Lab, AWS and Barracuda) has now grown to include more than 100 partners across the public and private sector. We often hear people talk about Public-Private Partnerships, but here is a true example of that commitment in action.
|
★★★ | ||
|
2017-07-19 19:56:05 | Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution (lien direct) | 
Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using the technique of object-graph navigation language (OGNL) injection. OGNL is an expression language that allows the setting of object properties and execution of various methods of Java classes. OGNL can be used maliciously to perform …
|
★★★ | ||
|
2017-07-17 18:53:03 | Analyzing a Patch of a Virtual Machine Escape on VMware (lien direct) | 
This blog was written by Yakun Zhang. A virtual machine is a completely isolated guest operating system installation within a normal host operating system. Virtual machine escape is the process of breaking out of a virtual machine and interacting with the host operating system, which can lead to infections and malware execution. VMware escapes demonstrated …
|
Guideline | ★★★★★ | |
|
2017-07-07 18:02:05 | LeakerLocker: Mobile Ransomware Acts Without Encryption (lien direct) | 
We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from spreading a victim's private information. LeakerLocker claims to have made an unauthorized backup of a phone's sensitive information that could be leaked to a user's contacts unless it receives …
|
|||
|
2017-07-01 01:09:03 | Petya More Effective at Destruction Than as Ransomware (lien direct) | 
At the beginning of the recent Petya malware campaign, the world was quick to exclaim this attack was ransomware. Now, with time to analyze the facts and make comparisons to other ransomware campaigns, this Petya attack does not look so much like ransomware. To back up this claim, let's examine three other well-known ransomware campaigns: …
|
|||
|
2017-06-28 17:15:04 | How to Protect Against Petya Ransomware in a McAfee Environment (lien direct) | 
A new variant of the ransomware Petya (also called Petrwrap) began spreading around the world on June 27. Petya is ransomware that exploits the vulnerability CVE-2017-0144 in Microsoft's implementation of the Server Message Block protocol. This ransomware encrypts the master boot records of infected Windows computers, making the machines unusable.
|
|||
|
2017-06-27 19:44:02 | New Variant of Petya Ransomware Spreading Like Wildfire (lien direct) | 
The world woke up today to another ransomware outbreak wreaking havoc throughout companies' networks. This time, the family causing the fuss is Ransomware Petya, a nasty variant that encrypts files and the computer's master boot record (MBR), rendering the machine unusable.
|
★★★★ | ||
|
2017-06-20 04:01:02 | \'McAfee Labs Threats Report\' Explores Malware Evasion Techniques, Digital Steganography, Password-Stealer Fareit (lien direct) | 
This blog post was written by Vincent Weafer. We got a little carried away in the McAfee Labs Threats Report: June 2017, published today. This quarter's report has expanded to a rather hefty 83 pages! It contains three highly educational topics, in addition to the usual set of threats statistics: We broadly examine evasion techniques …
|
★★★ | ||
|
2017-06-16 19:11:02 | McAfee Discovers Pinkslipbot Exploiting Infected Machines as Control Servers; Releases Free Tool to Detect, Disable Trojan (lien direct) | 
This blog was written by Sanchit Karve. McAfee Labs has discovered that banking malware Pinkslipbot (also known as QakBot/QBot) has used infected machines as control servers since April 2016, even after its capability to steal personal and financial data from the infected machine has been removed by a security product. These include home users whose …
|
★★★★★ |
To see everything:
