What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-06-20 16:04:04 | Why Process Reimaging Matters (lien direct) | 
As this blog goes live, Eoin Carroll will be stepping off the stage at Hack in Paris having detailed the latest McAfee Advanced Threat Research (ATR) findings on Process Reimaging. Admittedly, this technique probably lacks a catchy name, but be under no illusion the technique is significant and is worth paying very close attention to. […]
|
Hack Threat | ||
|
2019-06-20 16:00:01 | In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass (lien direct) | 
Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR (Endpoint Detection and Response) Endpoint Security Solution's (such as Microsoft Defender Realtime Protection), ability to detect the correct binaries loaded in malicious processes. This inconsistency has led McAfee's Advanced Threat Research to develop a new […]
|
Threat | ||
|
2019-05-30 16:50:03 | Mr. Coffee with WeMo: Double Roast (lien direct) | 
McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please refer to the earlier blog to catch up with the processes and techniques I used to investigate and ultimately compromise this smart coffee maker. While researching the device, there was always one attack vector that […]
|
Vulnerability Threat | ||
|
2019-05-22 14:57:04 | Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement (lien direct) | 
A much overlooked but essential part in financially motivated (cyber)crime is making sure that the origins of criminal funds are obfuscated or made to appear legitimate, a process known as money laundering. 'Cleaning' money in this way allows the criminal to spend their loot with less chance of being caught. In the physical world, for […]
|
|||
|
2019-05-21 21:09:03 | RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708 (lien direct) | 
During Microsoft's May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol (RDP). What was unique in this particular patch cycle was that Microsoft produced a fix for Windows XP and several other operating systems, which have not been supported for security updates in years. So why the […]
|
Vulnerability | ||
|
2019-04-29 17:10:00 | LockerGoga Ransomware Family Used in Targeted Attacks (lien direct) |
Initial discovery Once again, we have seen a significant new ransomware family in the news. LockerGoga, which adds new features to the tried and true formula of encrypting victims' files and asking for payment to decrypt them, has gained notoriety for the targets it has affected. In this blog, we will look at the findings […]
|
Ransomware | ||
|
2019-04-18 20:14:02 | IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? (lien direct) |
Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we will explore a vulnerability submitted by McAfee Advanced Threat Research (ATR) and investigate a piece of malware that recently incorporated similar vulnerabilities. The takeaway from this blog is the increasing […]
|
Malware Vulnerability Threat | ||
|
2019-03-20 22:36:01 | Analysis of a Chrome Zero Day: CVE-2019-5786 (lien direct) | 
1. Introduction On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019-5786). Clement Lecigne from Google Threat Analysis Group reported the bug as being exploited in the wild and targeting Windows 7, 32-bit platforms. The exploit leads to code execution in the Renderer process, […]
|
Threat Guideline | ||
|
2019-03-14 19:00:05 | Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) (lien direct) |
Earlier this month Check Point Research reported discovery of a 19 year old code execution vulnerability in the wildly popular WinRAR compression tool. Rarlab reports that that are over 500 million users of this program. While a patched version, 5.70, was released on February 26, attackers are releasing exploits in an effort to reach vulnerable […]
|
Vulnerability | ||
|
2019-03-04 02:00:02 | McAfee Protects Against Suspicious Email Attachments (lien direct) | 
Email remains a top vector for attackers. Over the years, defenses have evolved, and policy-based protections have become standard for email clients such as Microsoft Outlook and Microsoft Mail. Such policies are highly effective, but only if they are maintained as attacker's keep changing their tactics to evade defenses. For this reason, McAfee endpoint products […]
|
★★★★★ | ||
|
2019-03-01 16:00:01 | JAVA-VBS Joint Exercise Delivers RAT (lien direct) | 
The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to occur, the user must typically execute the malware by double-clicking on the .jar file that usually arrives as an email attachment. Generally, infection begins if the user has the Java Runtime Environment installed. […]
|
Malware Tool | ||
|
2019-02-25 10:10:04 | Your Smart Coffee Maker is Brewing Up Trouble (lien direct) | IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster getting hacked and tweeting out your credit card number is, amazingly, no longer a joke. With that in mind, I began […] | ★★★★★ | ||
|
2019-02-25 10:09:05 | What\'s in the Box? (lien direct) | 2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have clearly made a statement that shopping online is their preferred method. Chart depicting growth of online, web-influenced and offline sales by year.1 In direct correlation […] | |||
|
2019-02-20 05:01:00 | Ryuk, Exploring the Human Connection (lien direct) |
In collaboration with Bill Siegel and Alex Holdtman from Coveware. At the beginning of 2019, McAfee ATR published an article describing how the hasty attribution of Ryuk ransomware to North Korea was missing the point. Since then, collective industry peers discovered additional technical details on Ryuk's inner workings, the overlap between Ryuk and Hermes2.1, […]
|
Ransomware | ||
|
2019-02-04 18:00:01 | MalBus: Popular South Korean Bus App Series in Google Play Found Dropping Malware After 5 Years of Development (lien direct) | 
McAfee's Mobile Research team recently learned of a new malicious Android application masquerading as a plugin for a transportation application series developed by a South Korean developer. The series provides a range of information for each region of South Korea, such as bus stop locations, bus arrival times and so on. There are a total […]
|
Malware | ||
|
2019-01-22 20:43:05 | Happy New Year 2019! Anatova is here! (lien direct) |
During our continuous hunt for new threats, we discovered a new ransomware family we call Anatova (based on the name of the ransom note). Anatova was discovered in a private peer-to-peer (p2p) network. After initial analysis, and making sure that our customers are protected, we decided to make this discovery public. Our telemetry showed that […]
|
Ransomware | ||
|
2019-01-10 23:27:02 | IE Scripting Flaw Still a Threat to Unpatched Systems: Analyzing CVE-2018-8653 (lien direct) | 
Microsoft recently patched a critical flaw in Internet Explorer's scripting engine that could lead to remote code execution. The vulnerability is being exploited in the wild and was originally reported by a researcher from Google's Threat Analysis Group. Microsoft released an out-of-band patch to fix the vulnerability before the normal patch cycle. McAfee products received […]
|
Vulnerability Threat Guideline | ||
|
2019-01-07 23:59:01 | Ryuk Ransomware Attack: Rush to Attribution Misses the Point (lien direct) |
Senior analyst Ryan Sherstobitoff contributed to this report. During the past week, an outbreak of Ryuk ransomware shutting down newspaper printing services in the United States has garnered a lot of attention. To determine who was behind the attack many have cited past research that compares code from Ryuk with the older ransomware Hermes to […]
|
Ransomware | ||
|
2018-12-19 21:45:01 | Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems (lien direct) |
Last week the McAfee Advanced Threat Research team posted an analysis of a new wave of Shamoon “wiper” malware attacks that struck several companies in the Middle East and Europe. In that analysis we discussed one difference to previous Shamoon campaigns. The latest version has a modular approach that allows the wiper to be used […]
|
Malware Tool Threat | ||
|
2018-12-19 05:01:01 | McAfee Labs Threats Report Examines Cybercriminal Underground, IoT Malware, Other Threats (lien direct) |
The McAfee Advanced Threat Research team today published the McAfee® Labs Threats Report, December 2018. In this edition, we highlight the notable investigative research and trends in threats statistics and observations gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q3 of 2018. We are very excited to present to you new […]
|
Threat | ||
|
2018-12-14 20:32:04 | Shamoon Returns to Wipe Systems in Middle East, Europe (lien direct) |
Destructive malware has been employed by adversaries for years. Usually such attacks are carefully targeted and can be motivated by ideology, politics, or even financial aims. Destructive attacks have a critical impact on businesses, causing the loss of data or crippling business operations. When a company is impacted, the damage can be significant. Restoration can […]
|
Malware | ||
|
2018-12-12 11:01:00 | \'Operation Sharpshooter\' Targets Global Defense, Critical Infrastructure (lien direct) | 
This post was written with contributions from the McAfee Advanced Threat Research team. The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download […]
|
Malware Threat | ||
|
2018-12-04 05:01:00 | Pay-Per-Install Company Deceptively Floods Market with Unwanted Programs (lien direct) | 
For the past 18 months, McAfee Labs has been investigating a pay-per-install developer, WakeNet AB, responsible for spreading prevalent adware such as Adware-Wajam and Linkury. This developer has been active for almost 20 years and recently has used increasingly deceptive techniques to convince users to execute its installers. Our report is now available online. During […]
|
|||
|
2018-11-29 09:00:01 | McAfee Labs 2019 Threats Predictions Report (lien direct) | These predictions were written by Eoin Carroll, Taylor Dunton, John Fokker, German Lancioni, Lee Munson, Yukihiro Okutomi, Thomas Roccia, Raj Samani, Sekhar Sarukkai, Dan Sommer, and Carl Woodward. As 2018 draws to a close, we should perhaps be grateful that the year has not been entirely dominated by ransomware, although the rise of the GandCrab […] | |||
|
2018-11-13 05:01:01 | WebCobra Malware Uses Victims\' Computers to Mine Cryptocurrency (lien direct) | The authors thank their colleagues Oliver Devane and Deepak Setty for their help with this analysis. McAfee Labs researchers have discovered new Russian malware, dubbed WebCobra, which harnesses victims' computing power to mine for cryptocurrencies. Coin mining malware is difficult to detect. Once a machine is compromised, a malicious app runs silently in the background […] | Malware | ||
|
2018-11-08 23:45:02 | Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems (lien direct) | 
Malware that attacks industrial control systems (ICS), such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that manage large-scale industrial processes. An essential danger in this threat is that it moves from mere digital damage to risking human lives. In this …
|
Malware Threat | ||
|
2018-10-30 21:00:03 | Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims (lien direct) | 
Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In mid-September it was reported that the malware developer had placed the ransomware, …
|
Ransomware Malware | ||
|
2018-10-24 13:00:02 | Android/TimpDoor Turns Mobile Devices Into Hidden Proxies (lien direct) | 
The McAfee Mobile Research team recently found an active phishing campaign using text messages (SMS) that tricks users into downloading and installing a fake voice-message app which allows cybercriminals to use infected devices as network proxies without users' knowledge. If the fake application is installed, a background service starts a Socks proxy that redirects all …
|
|||
|
2018-10-18 04:01:00 | \'Operation Oceansalt\' Delivers Wave After Wave (lien direct) | 
A wall eight feet high with three strands of barbed wire is considered sufficient to deter a determined intruder, at least according to the advice offered by the CISSP professional certification. Although physical controls can be part of a multifaceted defense, an electronic attack affords the adversary time to develop the necessary tools to bypass …
|
APT 32 | ||
|
2018-10-10 23:29:01 | Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation (lien direct) | 
The GandCrab ransomware, which first appeared in January, has been updated rapidly during its short life, with Version 5.0.2 appearing this month. In this post we will examine the latest version and how the authors have improved the code (and in some cases have made mistakes). McAfee gateway and endpoint products are able to protect …
|
Ransomware | ||
|
2018-10-09 15:00:01 | When the Digital Impacts the Physical (lien direct) | 
Cyberattacks have always been, well, cyber. Their immediate effects were on our data, our digital information, and our devices…until they weren't. The interconnected nature of the world and the way it's built in 2018 has brought us exciting and revolutionary innovations, but it has also been leveraged by hackers to extend the impact of a …
|
|||
|
2018-09-25 04:00:04 | \'McAfee Labs Threats Report\' Highlights Cryptojacking, Blockchain, Mobile Security Issues (lien direct) | 
As we look over some of the key issues from the newly released McAfee Labs Threats Report, we read terms such as voice assistant, blockchain, billing fraud, and cryptojacking. Although voice assistants fall in a different category, the other three are closely linked and driven by the goal of fast, profitable attacks that result in …
|
|||
|
2018-09-19 13:00:03 | Cyber Threat Alliance Releases Analysis of Illicit Cryptocurrency Mining (lien direct) | 
In response to the explosive increase in cryptomining campaigns in Q4 2017, the Cyber Threat Alliance has formed a cryptomining subcommittee to assess the threat. This committee comprises expert researchers from major cybersecurity companies, including McAfee. The committee has now released “The Illicit Cryptocurrency Joint Analysis,” an in-depth report on the current state of unlawful …
|
Threat | ||
|
2018-09-18 04:01:03 | Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns (lien direct) | 
Politics and ransomware. No, it's not a lost single from the Oasis back catalogue, but in fact a relatively recent tactic by ransomware developers looking to exploit the profiles of major politicians to install ransomware on victims' computers. Donald Trump, Angela Merkel, and now Barack Obama all serve as lures for the unsuspecting. Despite its …
|
Ransomware | ||
|
2018-09-15 14:00:03 | Fortnite: Why Kids Love It and What Parents Need to Know (lien direct) | 
Fortnite: Battle Royale is the hottest video game for kids right now. More than 125 million people have downloaded the game and it’s estimated that 3.4 million play it monthly. But while the last-man-standing battle game is a blast to play, it also has parents asking a lot of questions as their kids spend …
|
|||
|
2018-08-22 17:00:05 | McAfee Opens State-of-the-Art Security Research Lab in Oregon (lien direct) | 
Today we are pleased to announce the grand opening of our dedicated research lab in the Hillsboro, Oregon, office near Portland.
|
|||
|
2018-08-21 04:01:03 | \'Insight\' into Home Automation Reveals Vulnerability in Simple IoT Product (lien direct) | 
Eoin Carroll, Charles McFarland, Kevin McGrath, and Mark Bereza contributed to this report. The Internet of Things promises to make our lives easier. Want to remotely turn lights and appliances on and off and monitor them online? A “smart plug,” a Wi-Fi–connected electric outlet, is one simple method. But IoT devices can turn into attack …
|
Vulnerability | ||
|
2018-08-14 21:49:02 | McAfee ePO Platform Gains Insight Into Threat Research (lien direct) | 
The latest update to the McAfee® ePolicy Orchestrator® platform offers a new add-in to provide insight into the latest analysis carried out by McAfee Labs and the Advanced Threat Research team.
|
Threat | ||
|
2018-08-14 17:31:04 | Microsoft Cortana Allows Browser Navigation Without Login: CVE-2018-8253 (lien direct) | 
A locked Windows 10 device with Cortana enabled on the lock screen allows an attacker with physical access to the device to do two kinds of unauthorized browsing.
|
|||
|
2018-08-09 13:00:01 | Examining Code Reuse Reveals Undiscovered Links Among North Korea\'s Malware Families (lien direct) | 
This research is a joint effort by Jay Rosenberg, senior security researcher at Intezer, and Christiaan Beek, lead scientist and senior principal engineer at McAfee. Intezer has also posted this story. Attacks from the online groups Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, and 10 Days of Rain are believed to …
|
Malware Guideline Medical Cloud | APT 38 APT 37 | |
|
2018-07-31 21:43:01 | GandCrab Ransomware Puts the Pinch on Victims (lien direct) | 
The GandCrab ransomware first appeared in January and has updated itself rapidly during its short life. It is the leading ransomware threat. The McAfee Advanced Threat Research team has reverse engineered Versions 4.0 through 4.2 of the malware. The first versions (1.0 and 1.1) of this malware had a bug that left the keys in …
|
Ransomware Malware Threat Guideline | ||
|
2018-07-26 13:00:03 | CactusTorch Fileless Threat Abuses .NET to Infect Victims (lien direct) | 
McAfee Labs has noticed a significant shift by some actors toward using trusted Windows executables, rather than external malware, to attack systems. One of the most popular techniques is a “fileless” attack. Because these attacks are launched through reputable executables, they are hard to detect. Both consumers and corporate users can fall victim to this …
|
Threat | ||
|
2018-07-13 22:52:00 | What Drives a Ransomware Criminal? CoinVault Developers Convicted in Dutch Court (lien direct) | 
How often do we get a chance to learn what goes on in the minds of cybercriminals? Two members of McAfee's Advanced Threat Research team recently did, as they attended a court case against two cybercriminal brothers. The brothers, Dennis and Melvin, faced a judge in Rotterdam, in the Netherlands. This case was one of …
|
Ransomware Threat | ||
|
2018-07-12 13:00:04 | Google Play Users Risk a Yellow Card With Android/FoulGoal.A (lien direct) | 
English soccer fans have enthusiastically enjoyed the team's current run in the World Cup, as the tune “Three Lions” plays in their heads, while hoping to end 52 years of hurt. Meanwhile a recent spyware campaign distributed on Google Play has hurt fans of the beautiful game for some time. Using major events as social …
|
|||
|
2018-07-11 13:00:00 | Organizations Leave Backdoors Open to Cheap Remote Desktop Protocol Attacks (lien direct) | 
Thanks to my colleague Christiaan Beek for his advice and contributions. While researching underground hacker marketplaces, the McAfee Advanced Threat Research team has discovered that access linked to security and building automation systems of a major international airport could be bought for only US$10. The dark web contains RDP shops, online platforms selling remote desktop …
|
Threat | ||
|
2018-07-03 18:28:03 | Cybercrime in the Spotlight: How Crooks Capitalize on Cultural Events (lien direct) | 
Every four years, everyone's head around the globe turns toward the television. The Olympics, the World Cup – world events like these have all eyes viewing friendly competition between nations. Operating under such a big spotlight, these events have been heavily guarded by physical security to ensure no participants or attendees are harmed. But what about …
|
|||
|
2018-06-28 01:32:01 | AsiaHitGroup Returns With New Billing-Fraud Campaign (lien direct) | 
Are you tired yet of the music track “Despacito”? If you downloaded this ringtone app from Google Play, chances are your answer is a resounding Yes. But it gets worse: The McAfee Mobile Research team recently found 15 apps on Google Play that were uploaded by the AsiaHitGroup Gang. The ringtone app was one of …
|
|||
|
2018-06-28 01:31:05 | AsiaHitGroup Gang Again Sneaks Billing-Fraud Apps Onto Google Play (lien direct) | 
The McAfee Mobile Research team has found a new billing-fraud campaign of at least 15 apps published in 2018 on Google Play. Toll fraud (which includes WAP billing fraud) is a leading category of potentially harmful apps on Google Play, according to the report Android Security 2017 Year in Review. This new campaign demonstrates that …
|
Guideline | ||
|
2018-06-27 04:01:00 | \'McAfee Labs Threats Report\' Spotlights Innovative Attack Techniques, Cryptocurrency Mining, Multisector Attacks (lien direct) | 
In the McAfee Labs Threats Report June 2018, published today, we share investigative research and threat statistics gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q1 of this year. We have observed that although overall new malware has declined by 31% since the previous quarter, bad actors are working relentlessly to …
|
Malware Threat | ||
|
2018-06-26 18:26:02 | Checking In Halfway: The McAfee Labs 2018 Threats Predictions (lien direct) | 
Time flies when you're fighting cybercrime. Now that's not exactly how the phrase goes, but for us at McAfee, it's hard to believe that we're already almost halfway through 2018. It seems like just yesterday we were predicting the types of cyberthreats we would see throughout this year with our McAfee Labs 2018 Threats Predictions …
|
To see everything:
Our RSS (filtrered)
