What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-10-18 16:01:04 | Tips for Effective Threat Hunting (lien direct) | 
This blog was co-written by Ramnath Venugopalan. In May, McAfee surveyed more than 700 IT and security professionals around the world to better understand how threat hunting is used in organizations and how they hope to enhance their threat hunting capabilities. You can read the full study: Disrupting the Disruptors, Art or Science? Understanding the …
|
|||
|
2017-10-12 21:34:02 | Taiwan Bank Heist and the Role of Pseudo Ransomware (lien direct) | 
Widespread reports claim the Far Eastern International Bank in Taiwan has become a victim of hacking. The attacks demonstrate the global nature of cybercrime, with the cybercriminals attempting to wire US$60 million to destinations such as Sri Lanka, Cambodia, and the United States.
|
|||
|
2017-10-11 13:00:02 | Staying Anonymous on the Blockchain: Concerns and Techniques (lien direct) | 
With Bitcoin at one point valued at more than $5,000 per unit, cryptocurrencies have excited a lot of interest from individuals, businesses, and hackers. One of the selling points of Bitcoin and others of its type is anonymity. Yet there are concerns that online currency transactions may not be as anonymous as many wish. In …
|
|||
|
2017-10-02 14:00:00 | Linux Kernel Vulnerability Can Lead to Privilege Escalation: Analyzing CVE-2017-1000112 (lien direct) | 
This blog was written by Krishs Patil. A memory corruption bug in UDP fragmentation offload (UFO) code inside the Linux kernel can lead to local privilege escalation. In this post we will examine this vulnerability and its accompanying exploit. Although this bug affects both IPv4 and IPv6 code paths, we analyzed only IPv4 code running …
|
Guideline | ||
|
2017-09-26 18:00:01 | McAfee Labs: Faceliker Surge Manipulates Facebook “Likes” to Promote News, Other Content (lien direct) | 
Criminals excel in manipulating the trust within human relationships, particularly as individuals project themselves into digital realms such as social media. We see it in phishing messages, which fool us into clicking on a malicious weblink from what appears to be a benign organization with which we do business. We also see it in the …
|
|||
|
2017-09-26 04:01:04 | McAfee Labs Threats Report Explores WannaCry/Petya, Threat Hunting, Script-Based Malware (lien direct) | 
Today we published the McAfee Labs Threats Report: September 2017. This quarter's report shows off a new design. We hope you will find it attractive as well as informative.
|
Wannacry | ||
|
2017-09-22 17:00:05 | Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805 (lien direct) | 
Apache Struts, an open-source web development framework, is prone to vulnerabilities. We wrote about CVE-2017-9791 in July. The latest is CVE-2017-9805, another remote code execution flaw actively being exploited, according to reports. This vulnerability affects the Struts plug-in Representational State Transfer (REST). Apache has updated Struts with Version 2.5.13 to fix this issue. In this post …
|
★★ | ||
|
2017-09-21 13:00:03 | Microsoft Kills Potential Remote Code Execution Vulnerability in Office (CVE-2017-8630) (lien direct) | 
Recently the McAfee IPS Research Team informed Microsoft about a potential remote code execution vulnerability in Office 2016 that McAfee discovered in March. Microsoft released a patch for this vulnerability this week with CVE-2017-8630. In this post, we will briefly discuss the vulnerability and its exploitability. The Problem While auditing PowerPoint, we came across an …
|
★★ | ||
|
2017-09-12 13:00:05 | Android Click-Fraud App Repurposed as DDoS Botnet (lien direct) | 
The McAfee Mobile Research Team tracks the behavior of Android click-fraud apps. We have detected multiple implementations, including recent examples on Google Play in 2016 and Clicker.BN last month. These threats are characterized by a common behavior: They appear innocuous but in the background they perform HTTP requests (simulating clicks) on paid “advertainment” to make …
|
★★★ | ||
|
2017-08-28 08:10:02 | Android Banking Trojan MoqHao Spreading via SMS Phishing in South Korea (lien direct) | 
Last month, a number of users started posting on South Korean sites screenshots of suspicious SMS messages phishing texts (also known as smishing) to lure them into clicking on shortened URLs. For example, the following message asks the user to click on the link to check if a private picture has been leaked: Figure 1: …
|
★★★★ | ||
|
2017-08-25 00:59:00 | Android Click-Fraud Apps Briefly Return to Google Play (lien direct) | 
Click-fraud apps frequently appear on Google Play and third-party markets. They are sometimes hard to identify because the malicious behavior that simulates clicks is similar to the behavior of many legitimate applications (using common API calls and permissions). Further, part of the malicious code does not reside in the original malware and comes from a …
|
★★★★★ | ||
|
2017-08-14 23:28:01 | Smishing Campaign Steals Banking Credentials in U.S. (lien direct) | 
The McAfee Mobile Research team recently found an active smishing campaign, using SMS messages, that targets online banking users in the United States. The messages attempt to scare victims with a notice that the bank account will be soon closed and that the user must immediately click a malicious URL: Figure 1: Phishing SMS message. …
|
★★★ | ||
|
2017-08-02 21:54:00 | DEFCON – Connected Car Security (lien direct) | 
Sometime in the distant past, that thing in your driveway was a car. However, the “connected car is already the third-fastest growing technological device after phones and tablets.” The days when a Haynes manual, a tool kit, and a free afternoon/week to work on the car are fast becoming a distant memory. Our connected cars …
|
★★★★★ | ||
|
2017-07-26 17:39:04 | Analyzing CVE-2017-0190: WMF Flaws Can Lead to Data Theft, Code Execution (lien direct) | 
CVE-2017-0190 is a recently patched vulnerability related to Windows metafiles (WMFs), a portable image format mainly used by 16-bit Windows applications. Recently we have seen an increase in the number of vulnerabilities related to WMFs and EMFs (enhanced metafiles) in the GDI32 library. Most often, these vulnerabilities lead to sensitive information disclosure from the process …
|
Guideline | ★★ | |
|
2017-07-25 14:20:00 | NoMoreRansom – One year on! (lien direct) | 
One year on. It is fair to say that the No More Ransom project not only exceeded our expectations, but simply blew these initial expectations out of the water. A collaboration between six partners (McAfee, EC3, Dutch Police, Kaspersky Lab, AWS and Barracuda) has now grown to include more than 100 partners across the public and private sector. We often hear people talk about Public-Private Partnerships, but here is a true example of that commitment in action.
|
★★★ | ||
|
2017-07-19 19:56:05 | Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution (lien direct) | 
Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using the technique of object-graph navigation language (OGNL) injection. OGNL is an expression language that allows the setting of object properties and execution of various methods of Java classes. OGNL can be used maliciously to perform …
|
★★★ | ||
|
2017-07-17 18:53:03 | Analyzing a Patch of a Virtual Machine Escape on VMware (lien direct) | 
This blog was written by Yakun Zhang. A virtual machine is a completely isolated guest operating system installation within a normal host operating system. Virtual machine escape is the process of breaking out of a virtual machine and interacting with the host operating system, which can lead to infections and malware execution. VMware escapes demonstrated …
|
Guideline | ★★★★★ | |
|
2017-07-07 18:02:05 | LeakerLocker: Mobile Ransomware Acts Without Encryption (lien direct) | 
We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from spreading a victim's private information. LeakerLocker claims to have made an unauthorized backup of a phone's sensitive information that could be leaked to a user's contacts unless it receives …
|
|||
|
2017-07-01 01:09:03 | Petya More Effective at Destruction Than as Ransomware (lien direct) | 
At the beginning of the recent Petya malware campaign, the world was quick to exclaim this attack was ransomware. Now, with time to analyze the facts and make comparisons to other ransomware campaigns, this Petya attack does not look so much like ransomware. To back up this claim, let's examine three other well-known ransomware campaigns: …
|
|||
|
2017-06-28 17:15:04 | How to Protect Against Petya Ransomware in a McAfee Environment (lien direct) | 
A new variant of the ransomware Petya (also called Petrwrap) began spreading around the world on June 27. Petya is ransomware that exploits the vulnerability CVE-2017-0144 in Microsoft's implementation of the Server Message Block protocol. This ransomware encrypts the master boot records of infected Windows computers, making the machines unusable.
|
|||
|
2017-06-27 19:44:02 | New Variant of Petya Ransomware Spreading Like Wildfire (lien direct) | 
The world woke up today to another ransomware outbreak wreaking havoc throughout companies' networks. This time, the family causing the fuss is Ransomware Petya, a nasty variant that encrypts files and the computer's master boot record (MBR), rendering the machine unusable.
|
★★★★ | ||
|
2017-06-20 04:01:02 | \'McAfee Labs Threats Report\' Explores Malware Evasion Techniques, Digital Steganography, Password-Stealer Fareit (lien direct) | 
This blog post was written by Vincent Weafer. We got a little carried away in the McAfee Labs Threats Report: June 2017, published today. This quarter's report has expanded to a rather hefty 83 pages! It contains three highly educational topics, in addition to the usual set of threats statistics: We broadly examine evasion techniques …
|
★★★ | ||
|
2017-06-16 19:11:02 | McAfee Discovers Pinkslipbot Exploiting Infected Machines as Control Servers; Releases Free Tool to Detect, Disable Trojan (lien direct) | 
This blog was written by Sanchit Karve. McAfee Labs has discovered that banking malware Pinkslipbot (also known as QakBot/QBot) has used infected machines as control servers since April 2016, even after its capability to steal personal and financial data from the infected machine has been removed by a security product. These include home users whose …
|
★★★★★ |
To see everything:
Our RSS (filtrered)
