What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-12-16 16:48:26 | SUNBURST Malware and SolarWinds Supply Chain Compromise (lien direct) | 
Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds's Orion IT monitoring and management software with a trojanized version of SoalrWinds.Orion.Core.BusinessLayer.dll. The trojanized file delivers the SUNBURST malware through a backdoor as part of a digitally-signed Windows Installer Patch. Use of a Compromised Software Supply […]
|
Malware Threat | Solardwinds | |
|
2020-11-05 16:00:20 | Operation North Star: Behind The Scenes (lien direct) | 
Executive Summary It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within the digital realm. The only transparency afforded is a limited view of victims, a malware sample, and perhaps the IP addresses of historical command and control (C2) infrastructure. The Operation North Star campaign we detailed […]
|
Malware | ||
|
2020-11-05 16:00:01 | McAfee Labs Report Reveals Continuing Surge of COVID-19 Threats and Malware (lien direct) | 
The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: November 2020. In this edition, we follow our preceding McAfee Labs COVID-19 Threats Report with more research and data designed to help you better protect your enterprise's productivity and viability during challenging times. What a year so far! The first quarter of […]
|
Malware Threat | ★★★★ | |
|
2020-08-13 18:19:06 | On Drovorub: Linux Kernel Security Best Practices (lien direct) | 
Intro In a U.S. government cyber security advisory released today, the National Security Agency and Federal Bureau of Investigation warn of a previously undisclosed piece of Linux rootkit malware called Drovorub and attribute the threat to malicious actor APT28. The report is incredibly detailed and proposes several complementary detection techniques to effectively identify Drovorub malware […]
|
Malware Threat | APT 28 | |
|
2020-07-23 00:17:12 | Speed or Security? We Say Speed AND Security (lien direct) | 
“Security software slows down my PC.” We often hear this sentiment when users talk about malware protection. While people recognize the value of computer security, most get frustrated if the software bogs down their device. I mean, I myself become frustrated when I'm trying to crunch numbers and I'm suddenly greeted with an hourglass! While […]
|
Malware | ||
|
2020-07-22 04:30:56 | Staying Home? McAfee Report Shows Malware May Come Knocking (lien direct) | 
It’s no secret that COVID-19 continues to reshape the way we live our everyday lives. With each passing day, we become more reliant on our devices to stay connected with friends and family, move our professional work forward, participate in distance learning, or keep ourselves entertained. Unfortunately, hackers are all too aware of these habits. […]
|
Malware | ||
|
2019-11-05 17:37:32 | Buran Ransomware; the Evolution of VegaLocker (lien direct) | 
McAfee's Advanced Threat Research Team observed how a new ransomware family named 'Buran' appeared in May 2019. Buran works as a RaaS model like other ransomware families such as REVil, GandCrab (now defunct), Phobos, etc. The author(s) take 25% of the income earned by affiliates, instead of the 30% – 40%, numbers from notorious malware […]
|
Ransomware Malware Threat | ||
|
2019-09-09 19:05:05 | Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study (lien direct) | 
Executive Summary Malware evasion techniques are widely used to circumvent detection as well as analysis and understanding. One of the dominant categories of evasion is anti-sandbox detection, simply because today's sandboxes are becoming the fastest and easiest way to have an overview of the threat. Many companies use these kinds of systems to detonate malicious […]
|
Malware | ||
|
2019-08-12 13:00:04 | McAfee AMSI Integration Protects Against Malicious Scripts (lien direct) |
Following on from the McAfee Protects against suspicious email attachments blog, this blog describes how the AMSI (Antimalware Scan Interface) is used within the various McAfee Endpoint products. The AMSI scanner within McAfee ENS 10.6 has already detected over 650,000 pieces of Malware since the start of 2019. This blog will help show you how […]
|
Malware | ||
|
2019-08-07 16:10:05 | MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play (lien direct) | 
The McAfee mobile research team has found a new type of Android malware for the MoqHao phishing campaign (a.k.a. XLoader and Roaming Mantis) targeting Korean and Japanese users. A series of attack campaigns are still active, mainly targeting Japanese users. The new spyware has very different payloads from the existing MoqHao samples. However, we found […]
|
Malware | ||
|
2019-04-18 20:14:02 | IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? (lien direct) | 
Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we will explore a vulnerability submitted by McAfee Advanced Threat Research (ATR) and investigate a piece of malware that recently incorporated similar vulnerabilities. The takeaway from this blog is the increasing […]
|
Malware Vulnerability Threat | ||
|
2019-03-01 16:00:01 | JAVA-VBS Joint Exercise Delivers RAT (lien direct) | 
The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to occur, the user must typically execute the malware by double-clicking on the .jar file that usually arrives as an email attachment. Generally, infection begins if the user has the Java Runtime Environment installed. […]
|
Malware Tool | ||
|
2019-02-04 18:00:01 | MalBus: Popular South Korean Bus App Series in Google Play Found Dropping Malware After 5 Years of Development (lien direct) | 
McAfee's Mobile Research team recently learned of a new malicious Android application masquerading as a plugin for a transportation application series developed by a South Korean developer. The series provides a range of information for each region of South Korea, such as bus stop locations, bus arrival times and so on. There are a total […]
|
Malware | ||
|
2018-12-19 21:45:01 | Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems (lien direct) |
Last week the McAfee Advanced Threat Research team posted an analysis of a new wave of Shamoon “wiper” malware attacks that struck several companies in the Middle East and Europe. In that analysis we discussed one difference to previous Shamoon campaigns. The latest version has a modular approach that allows the wiper to be used […]
|
Malware Tool Threat | ||
|
2018-12-14 20:32:04 | Shamoon Returns to Wipe Systems in Middle East, Europe (lien direct) |
Destructive malware has been employed by adversaries for years. Usually such attacks are carefully targeted and can be motivated by ideology, politics, or even financial aims. Destructive attacks have a critical impact on businesses, causing the loss of data or crippling business operations. When a company is impacted, the damage can be significant. Restoration can […]
|
Malware | ||
|
2018-12-12 11:01:00 | \'Operation Sharpshooter\' Targets Global Defense, Critical Infrastructure (lien direct) | 
This post was written with contributions from the McAfee Advanced Threat Research team. The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download […]
|
Malware Threat | ||
|
2018-11-13 05:01:01 | WebCobra Malware Uses Victims\' Computers to Mine Cryptocurrency (lien direct) | The authors thank their colleagues Oliver Devane and Deepak Setty for their help with this analysis. McAfee Labs researchers have discovered new Russian malware, dubbed WebCobra, which harnesses victims' computing power to mine for cryptocurrencies. Coin mining malware is difficult to detect. Once a machine is compromised, a malicious app runs silently in the background […] | Malware | ||
|
2018-11-08 23:45:02 | Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems (lien direct) | 
Malware that attacks industrial control systems (ICS), such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that manage large-scale industrial processes. An essential danger in this threat is that it moves from mere digital damage to risking human lives. In this …
|
Malware Threat | ||
|
2018-10-30 21:00:03 | Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims (lien direct) | 
Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In mid-September it was reported that the malware developer had placed the ransomware, …
|
Ransomware Malware | ||
|
2018-08-09 13:00:01 | Examining Code Reuse Reveals Undiscovered Links Among North Korea\'s Malware Families (lien direct) | 
This research is a joint effort by Jay Rosenberg, senior security researcher at Intezer, and Christiaan Beek, lead scientist and senior principal engineer at McAfee. Intezer has also posted this story. Attacks from the online groups Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, and 10 Days of Rain are believed to …
|
Malware Guideline Medical Cloud | APT 38 APT 37 | |
|
2018-07-31 21:43:01 | GandCrab Ransomware Puts the Pinch on Victims (lien direct) | 
The GandCrab ransomware first appeared in January and has updated itself rapidly during its short life. It is the leading ransomware threat. The McAfee Advanced Threat Research team has reverse engineered Versions 4.0 through 4.2 of the malware. The first versions (1.0 and 1.1) of this malware had a bug that left the keys in …
|
Ransomware Malware Threat Guideline | ||
|
2018-06-27 04:01:00 | \'McAfee Labs Threats Report\' Spotlights Innovative Attack Techniques, Cryptocurrency Mining, Multisector Attacks (lien direct) | 
In the McAfee Labs Threats Report June 2018, published today, we share investigative research and threat statistics gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q1 of this year. We have observed that although overall new malware has declined by 31% since the previous quarter, bad actors are working relentlessly to …
|
Malware Threat |
To see everything:
Our RSS (filtrered)
