What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-07-12 13:00:04 | Google Play Users Risk a Yellow Card With Android/FoulGoal.A (lien direct) | 
English soccer fans have enthusiastically enjoyed the team's current run in the World Cup, as the tune “Three Lions” plays in their heads, while hoping to end 52 years of hurt. Meanwhile a recent spyware campaign distributed on Google Play has hurt fans of the beautiful game for some time. Using major events as social …
|
|||
|
2018-07-11 13:00:00 | Organizations Leave Backdoors Open to Cheap Remote Desktop Protocol Attacks (lien direct) | 
Thanks to my colleague Christiaan Beek for his advice and contributions. While researching underground hacker marketplaces, the McAfee Advanced Threat Research team has discovered that access linked to security and building automation systems of a major international airport could be bought for only US$10. The dark web contains RDP shops, online platforms selling remote desktop …
|
Threat | ||
|
2018-07-03 18:28:03 | Cybercrime in the Spotlight: How Crooks Capitalize on Cultural Events (lien direct) | 
Every four years, everyone's head around the globe turns toward the television. The Olympics, the World Cup – world events like these have all eyes viewing friendly competition between nations. Operating under such a big spotlight, these events have been heavily guarded by physical security to ensure no participants or attendees are harmed. But what about …
|
|||
|
2018-06-28 01:32:01 | AsiaHitGroup Returns With New Billing-Fraud Campaign (lien direct) | 
Are you tired yet of the music track “Despacito”? If you downloaded this ringtone app from Google Play, chances are your answer is a resounding Yes. But it gets worse: The McAfee Mobile Research team recently found 15 apps on Google Play that were uploaded by the AsiaHitGroup Gang. The ringtone app was one of …
|
|||
|
2018-06-28 01:31:05 | AsiaHitGroup Gang Again Sneaks Billing-Fraud Apps Onto Google Play (lien direct) | 
The McAfee Mobile Research team has found a new billing-fraud campaign of at least 15 apps published in 2018 on Google Play. Toll fraud (which includes WAP billing fraud) is a leading category of potentially harmful apps on Google Play, according to the report Android Security 2017 Year in Review. This new campaign demonstrates that …
|
Guideline | ||
|
2018-06-27 04:01:00 | \'McAfee Labs Threats Report\' Spotlights Innovative Attack Techniques, Cryptocurrency Mining, Multisector Attacks (lien direct) | 
In the McAfee Labs Threats Report June 2018, published today, we share investigative research and threat statistics gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q1 of this year. We have observed that although overall new malware has declined by 31% since the previous quarter, bad actors are working relentlessly to …
|
Malware Threat | ||
|
2018-06-26 18:26:02 | Checking In Halfway: The McAfee Labs 2018 Threats Predictions (lien direct) | 
Time flies when you're fighting cybercrime. Now that's not exactly how the phrase goes, but for us at McAfee, it's hard to believe that we're already almost halfway through 2018. It seems like just yesterday we were predicting the types of cyberthreats we would see throughout this year with our McAfee Labs 2018 Threats Predictions …
|
|||
|
2018-06-19 04:01:02 | Apply MITRE\'s \'ATT&CK\' Model to Check Your Defenses (lien direct) | 
Every week we read about adversaries attacking their targets as part of online criminal campaigns. Information gathering, strategic advantage, and theft of intellectual property are some of the motivations. Besides these, we have seen during the past two years an increase in attacks in which adversaries are not shy of leaving a trail of destruction. …
|
|||
|
2018-06-14 21:34:01 | Unintended Clipboard Paste Function in Windows 10 Leads to Information Leak in RS1 (lien direct) | 
The McAfee Labs Advanced Threat Research team has been investigating the Windows 10 platform. We have submitted several vulnerabilities already and have disclosed our research to Microsoft. Please refer to our vulnerability disclosure policy for further details or the post from earlier this week on Windows 10 Cortana vulnerabilities. Early last year, a trivial “information leak” …
|
|||
|
2018-06-13 13:01:02 | Threat Report: Don\'t Join Blockchain Revolution Without Ensuring Security (lien direct) | 
On May 19 researchers discovered a series of vulnerabilities in the blockchain-based EOS platform that can lead to remote control over participating nodes. Just four days prior, a mining pool server for the IOT platform HDAC was compromised, impacting the vast majority of miners. In January the largest-ever theft of cryptocurrencies occurred against the exchange …
|
Guideline | ||
|
2018-06-12 17:15:02 | Want to Break Into a Locked Windows 10 Device? Ask Cortana (CVE-2018-8140) (lien direct) | 
June's “Patch Tuesday” (June 12) is here, but it is likely many Windows 10 users have not yet applied these updates.
|
|||
|
2018-06-06 15:42:02 | VPNFilter Malware Adds Capabilities to Exploit Endpoints (lien direct) | 
VPNFilter, a botnet-controlled malware that infects networking devices, was first documented by researchers from Cisco Talos. McAfee Labs also published a blog on May 23 with some initial information. In our last post we discussed the three stages of infection and the devices affected by the malware, and how it can maintain a persistent presence …
|
VPNFilter | ||
|
2018-05-23 21:28:02 | VPNFilter Botnet Targets Networking Devices (lien direct) | 
VPNFilter is a botnet with capabilities to support both intelligence collection and destructive cyberattack operations. The Cisco Talos team recently notified members of the Cyber Threat Alliance (CTA) of its findings and published this blog.
|
VPNFilter | ||
|
2018-05-21 22:00:02 | It\'s a Zoo Out There! Data Analysis of Alleged ZooPark Dump (lien direct) | 
In early May, researchers disclosed a Mobile malware campaign by a group focused on Middle Eastern targets. This actor was found to be an evolving and sophisticated group using fake Android apps, namely Telegram, to trick users into installing malicious software. They have been active since 2015 and evolved over several campaigns into 2018. On …
|
|||
|
2018-05-17 13:31:05 | Malware on Google Play Targets North Korean Defectors (lien direct) | 
Earlier this year, McAfee researchers predicted in the McAfee Mobile Threat Report that we expect the number of targeted attacks on mobile devices to increase due to their ubiquitous growth combined with the sophisticated tactics used by malware authors.
|
|||
|
2018-05-11 20:00:01 | Syn/Ack Unique Proactive Protection Technique (lien direct) | 
McAfee's Advanced Threat Research team has performed analysis on samples of Syn/Ack ransomware implementing Process Doppelgänging. For those who are concerned about the potential impact of this ransomware but are currently unable to implement McAfee product protections, we have found a simple but interesting alternative method. Prior to encryption and ransom, the malware first checks …
|
|||
|
2018-05-11 15:00:04 | McAfee Protects Against Doppelgänging Technique (lien direct) | 
That adversaries adopt new techniques is a known fact. However, the speed they include new innovative techniques to bypass end-point security and or evade sandboxing appears to be at an ever-increasing pace. Indeed, adversary adoption is often faster than the InfoSec industry can implement and test effective countermeasures. For example, in December 2017, a tool …
|
|||
|
2018-04-25 04:01:02 | (Déjà vu) Global Malware Campaign Pilfers Data from Critical Infrastructure, Entertainment, Finance, Health Care, and Other Industries (lien direct) | 
McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. This campaign, dubbed Operation GhostSecret, leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra. The infrastructure currently remains active. (For an extensive …
|
Medical | APT 38 | |
|
2018-04-25 04:01:02 | (Déjà vu) Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide (lien direct) | 
McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. This campaign, dubbed Operation GhostSecret, leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra. The infrastructure currently remains active. In this post, …
|
Medical | APT 38 | |
|
2018-04-17 13:00:00 | Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause Concern (lien direct) | 
This post was researched and written with the assistance of Tim Hux, Abhishek Karnik, Asheer Malhotra, and Steve Povolny McAfee Advanced Threat Research team analysts have studied Adobe Flash Player for years because it is a popular target for attacks. As always, we advise customers to remain current with McAfee's latest DAT versions. In this …
|
|||
|
2018-04-16 16:00:04 | Cloud Clustering Vulnerable to Attacks (lien direct) | 
The authors thank John Fokker and Marcelo CaroVargas for their contributions and insights. In our upcoming talk at the Cloud Security Alliance Summit at the RSA Conference, we will focus our attention on the insecurity of cloud deployments. We are interested in whether attackers can use compromised cloud infrastructure as viable backup resources as well …
|
|||
|
2018-04-11 16:00:01 | Parasitic Coin Mining Creates Wealth, Destroys Systems (lien direct) | 
The increasing popularity of cryptocurrencies has inspired some people to pursue coin mining, essentially making money online. (Mining is the processing of transactions in the digital currency system, in which new transactions are recorded in a digital ledger called the blockchain. Miners help to update the ledger to verify and collect new transactions to be …
|
|||
|
2018-03-27 19:30:03 | Today\'s Connected Cars Vulnerable to Hacking, Malware (lien direct) | 
The McAfee Advanced Threat Research team recently published an article about threats to automobiles on the French site JournalAuto.com. Connected cars are growing rapidly in number and represent the next big step in personal transportation.
|
★★★★ | ||
|
2018-03-19 20:29:01 | Ransomware Takes Open-Source Path, Encrypts With GNU Privacy Guard (lien direct) | 
McAfee Labs has recently observed a new variant of ransomware that relies on the open-source program GNU Privacy Guard (GnuPG) to encrypt data. GnuPG is a hybrid-encryption software program that uses a combination of conventional symmetric-key cryptography for speed and public-key cryptography to ease the secure key exchange. Although ransomware using GnuPG to encrypt files …
|
★★★★★ | ||
|
2018-03-12 04:03:03 | \'McAfee Labs Threats Report\' Examines Cryptocurrency Hijacking, Ransomware, Fileless Malware (lien direct) | 
Today McAfee published the McAfee Labs Threats Report: March 2018. The report looks into the growth and trends of new malware, ransomware, and other threats in Q4 2017. McAfee Labs saw on average eight new threat samples per second, and the increasing use of fileless malware attacks leveraging Microsoft PowerShell. The Q4 spike in Bitcoin value prompted cybercriminals to focus on cryptocurrency hijacking through a variety of methods, including malicious Android apps.
|
★★★ | ||
|
2018-03-12 04:02:02 | McAfee Researchers Find Poor Security Exposes Medical Data to Cybercriminals (lien direct) | 
Those who have successfully gained access to medical data have been well rewarded for their efforts. One seller stated in an interview that “someone wanted to buy all the … records specifically,” claiming that the effort had netted US$100,000.
|
★★ | ||
|
2018-03-12 04:01:05 | McAfee Researchers Analyze Dark Side of Cryptocurrency Craze: Its Effect on Cybercrime (lien direct) | 
In December 2017 Bitcoin values skyrocketed, peaking at the unprecedented amount of roughly US$19,000 per coin. Unsurprisingly, the market for cryptocurrencies exploded in response. Investors, companies, and even the public found a fresh interest in digital currencies. However, the exciting change in Bitcoin value did not just influence your average wealth seeker. It also influenced …
|
★★★★ | ||
|
2018-03-08 14:00:03 | Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant (lien direct) | 
This post was prepared with contributions from Asheer Malhotra, Charles Crawford, and Jessica Saavedra-Morales. On February 28, the McAfee Advanced Threat Research team discovered that the cybercrime group Hidden Cobra continues to target cryptocurrency and financial organizations. In this analysis, we observed the return of Hidden Cobra's Bankshot malware implant surfacing in the Turkish financial …
|
Medical | APT 38 | ★★★ |
|
2018-03-02 19:17:04 | How Hackers Bypassed an Adobe Flash Protection Mechanism (lien direct) | 
The number of Flash Player exploits has recently declined, due to Adobe's introduction of various measures to strengthen Flash's security. Occasionally, however, an exploit still arises. On January 31, Kr-Cert reported a zero-day vulnerability, identified as CVE-2018-4878, being exploited in the field. (Adobe has released an update to fix this flaw.) We analyzed this vulnerability …
|
★★★★ | ||
|
2018-03-02 13:00:01 | McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups (lien direct) | 
This post was written with contributions from Jessica Saavedra-Morales, Thomas Roccia, and Asheer Malhotra. McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as bait to lure victims into opening malicious Microsoft Word documents. Our analysts have named this Operation Honeybee, based on the …
|
★★ | ||
|
2018-02-22 20:00:01 | DDoS Attacks in the Netherlands Reveal Teen Gamers on Troublesome Path (lien direct) | 
At the end of January, the Netherlands was plagued by distributed denial of service (DDoS) attacks targeting various financial institutions, tech sites, and the Dutch tax authorities. At the time of the attacks it was unclear who was responsible, and this led to speculation among security experts. Coincidentally, the attacks started a few days after …
|
★★★ | ||
|
2018-02-16 19:31:01 | Free Ransomware Available on Dark Web (lien direct) | 
The McAfee Advanced Threat Research team recently analyzed a ransomware-as-a-service threat that is available for free and without registration. This malware was first seen in July 2017 with the extension .shifr. It has now appeared in recent detections with the extension .cypher. Ransomware-as-a-Service Ransomware-as-a-service is a cybercrime economic model that allows malware developers to earn money …
|
★★★★ | ||
|
2018-01-06 17:00:03 | Malicious Document Targets Pyeongchang Olympics (lien direct) | 
McAfee Advanced Threat Research analysts have discovered a campaign targeting organizations involved with the Pyeongchang Olympics. Attached in an email was a malicious Microsoft Word document with the original file name 농식품부, 평창 동계올림픽 대비 축산악취 방지대책 관련기관 회의 개최.doc (“Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics”). The primary target of …
|
★★★★ | ||
|
2017-12-20 12:00:03 | McAfee Labs Advanced Threat Research Aids Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker (lien direct) | 
In our recent research, we interviewed the actors behind ransomware campaigns. One of the interesting findings was cybercriminals seemed to have a sense of absolute safety when conducting criminal operations. Cybercrime is an area of crime like no other, perceived as low-risk with high returns, which contributes greatly to its rapid growth.
|
★★★ | ||
|
2017-12-18 05:02:03 | Looking Into the World of Ransomware Actors Reveals Some Surprises (lien direct) | 
During the preparations for our keynotes at McAfee's recent MPOWER conference, we brainstormed a few topics we wanted to share with the audience. Ransomware was definitely on our agenda, but so much has already been said and written on the subject. What could we add that would be interesting? We hit on the angle: to …
|
★★★★ | ||
|
2017-12-18 05:01:03 | McAfee Labs Reports All-Time Highs for Malware in Latest Count (lien direct) | 
In the third quarter of 2017, McAfee Labs reports all-time highs of new and total malware. What is causing the increasing numbers of malware that are submitted to us at an average rate of four new malware samples per second? One major trend that continues in Q3 is the abuse of Microsoft Office–related exploits and …
|
★★ | ||
|
2017-12-13 22:00:02 | Chinese Cybercriminals Develop Lucrative Hacking Services (lien direct) | 
Underground cybercrime profits in China have likely already exceeded US$15.1 billion (100 billion Chinese yuan); caused more than $13.8 billion (91.5 billion yuan) worth of damage relating to data loss, identity theft, and fraud; and will grow at an even faster pace as underground hackers expand international business operations to increasingly target foreign businesses, according …
|
★★★★★ | ||
|
2017-12-06 23:00:02 | Emotet Downloader Trojan Returns in Force (lien direct) | 
During the past couple of days, we have seen an increase in activity from Emotet. This Trojan downloader spreads by emails that lure victims into downloading a Word document, which contains macros that after executing employ PowerShell to download a malicious payload. We have observed Emotet downloading a variety of payloads, including ransomware, Dridex, Trickbot, …
|
★★ | ||
|
2017-11-29 08:01:05 | \'McAfee Labs 2018 Threats Predictions Report\' Previews Five Cybersecurity Trends (lien direct) | 
Welcome to the McAfee Labs 2018 Threats Predictions Report. We find ourselves in a highly volatile stage of cybersecurity, with new devices, new risks, and new threats appearing every day. In this edition, we have polled thought leaders from McAfee Labs and the Office of the CTO. They offer their views on a wide range of threats, including machine learning, ransomware, serverless apps, and privacy issues.
|
Guideline | ★★★★★ | |
|
2017-11-24 14:00:05 | Don\'t Substitute CVSS for Risk: Scoring System Inflates Importance of CVE-2017-3735 (lien direct) | 
I am a wry observer of vulnerability announcements. CVE-2017-3735-which can allow a small buffer overread in an X.509 certificate-presents an excellent example of the limitations of the Common Vulnerability Scoring System (CVSS). This scoring system is the de facto security industry standard for calculating and exchanging information about the severity of vulnerabilities. The problem is …
|
★★★★ | ||
|
2017-11-20 12:00:03 | Android Malware Appears Linked to Lazarus Cybercrime Group (lien direct) | 
The McAfee Mobile Research team recently examined a new threat, Android malware that contains a backdoor file in the executable and linkable format (ELF). The ELF file is similar to several executables that have been reported to belong to the Lazarus cybercrime group. (For more on Lazarus, read this post from our Advanced Threat Research …
|
APT 38 | ★★★★★ | |
|
2017-11-16 17:17:01 | IoT Devices: The Gift that Keeps on Giving… to Hackers (lien direct) | 
McAfee Advanced Threat Research on Most Hackable Gifts You've probably noticed the recent increase in Internet connected drones, digital assistants, toys, appliances and other devices hitting the market and maybe even showing up in your own home. The sale of these “Internet-of-Things” (IoT) devices is expected to reach 600 million units this year and, unfortunately, …
|
★★ | ||
|
2017-11-07 18:00:00 | Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack (lien direct) | 
This blog post was co-written by Michael Rea. During our monitoring of activities around the APT28 threat group, McAfee Advanced Threat Research analysts identified a malicious Word document that appears to leverage the Microsoft Office Dynamic Data Exchange (DDE) technique that has been previously reported by Advanced Threat Research. This document likely marks the first …
|
APT 28 | ★★★★ | |
|
2017-11-03 19:00:00 | Self-Signed Certificates Can Be Secure, So Why Ban Them? (lien direct) | 
This blog was co-written by Ramnath Venugopalan. In many organizations the use of self-signed certificates is forbidden by policy. Organizations may ban the use of self-signed certificates for several reasons: It is trivially easy to generate a certificate's key pair without reasonable entropy, to fail protect the private key of the key pair appropriately to …
|
★★★ | ||
|
2017-11-01 13:00:05 | Pirate Versions of Popular Apps Infiltrate Google Play via Virtualization (lien direct) | 
The McAfee Mobile Research team recently found pirated applications of popular apps distributed on the Google Play store. A pirated app is one distributed usually outside of the official store as a free version of a legitimate app. Paid legitimate applications are leading targets of pirated versions. In this case, however, we found pirated copies …
|
Guideline | ★★★ | |
|
2017-10-31 13:00:02 | Expiro Malware Is Back and Even Harder to Remove (lien direct) | 
File infector malware adds malicious code to current files. This makes removal tricky because deleting infections results in the loss of legitimate files. Although file infectors were more popular in the 1990s and early 2000s, they still pose a significant threat. The complex disinfection process is usually leveraged by malware authors to ensure systems stay …
|
★★★★ | ||
|
2017-10-27 13:00:04 | Configuring McAfee ENS and VSE to Prevent Macroless Code Execution in Office Apps (lien direct) | 
Microsoft Office macros are a popular method of distributing malware. Users can defend themselves against macro attacks by disabling macros. McAfee Labs has now seen a new attack technique using a feature of Office applications that help create dynamic reports. In this post we will explain this technique and offer a method to prevent the …
|
★★★★ | ||
|
2017-10-27 12:59:04 | Code Execution Technique Takes Advantage of Dynamic Data Exchange (lien direct) | 
Email phishing campaigns are a popular social engineering technique among hackers. The idea is simple: Craft an email that looks enticing to users and convince them to click on a malicious link or open a malicious attachment. Weight-loss and other health-related phishing emails are common. Package deliveries, bank notices and, in the case of spear …
|
★★★ | ||
|
2017-10-26 13:00:02 | Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826: Memory Corruption Vulnerability (lien direct) | 
McAfee Labs has performed frequent analyses of Office-related threats over the years: In 2015, we presented research on the Office OLE mechanism; in 2016 at the BlueHat conference, we looked at the high-level attack surface of Office; and this year at the SYSCAN360 Seattle conference, we presented deep research on the critical Office “Moniker” zero-day vulnerabilities. …
|
|||
|
2017-10-24 22:31:04 | \'BadRabbit\' Ransomware Burrows Into Russia, Ukraine (lien direct) | 
This post was researched and written by Christiaan Beek, Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani. McAfee is currently investigating a ransomware campaign known as BadRabbit, which initially infected targets in Russia and the Ukraine. We are also investigating reports of infected systems in Germany, Turkey, and Bulgaria and will provide updates …
|
To see everything:
Our RSS (filtrered)
