Google asks Chrome users for help in spotting deceptive sites
Google this week asked for help in identifying suspicious websites, offering users of its Chrome browser an add-on that lets them rat out URLs. The Suspicious Site Reporter, which can be added to desktop Chrome, places a new flag-style icon on the top bar of the browser. “By clicking the icon, you’re now able to […] more…Expanding Our Vision to Expand the Cybersecurity Workforce
I recently had the opportunity to testify before Congress on how the United States can grow and diversify the cyber talent pipeline. It’s great that members of Congress have this issue on their radar, but at the same time, it’s concerning that we’re still having these discussions. A recent (ISC) Study puts the global cybersecurity […] more…IT threat evolution Q1 2019
Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor’s past behaviour, we predicted last […] more…Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada
We uncovered a recent activity involving the notorious online credit card skimming attack known as Magecart. The attack, facilitated by a new cybercrime group, impacted 201 online campus stores in the United States and Canada. We started detecting the attacks against multiple campus store websites on April 14, during which the sites were injected with […] more…Game of Threats
Introduction While the way we consume TV content is rapidly changing, the content itself remains in high demand, and users resort to any means available to get at it – including illegal and non-ethical ones like the use of pirated stuff. The world is embracing the idea of paying for entertainment more and more with […] more…New Magecart Attack Delivered Through Compromised Advertising Supply Chain
by Chaoying Liu and Joseph C. Chen On January 1, we detected a significant increase in activity from one of the web skimmer groups we’ve been tracking. During this time, we found their malicious skimming code (detected by Trend Micro as JS_OBFUS.C.) loaded on 277 e-commerce websites providing ticketing, touring, and flight booking services as […] more…APT review of the year
What were the most interesting developments in terms of APT activity throughout the year and what can we learn from them? Not an easy question to answer; everybody has partial visibility and it’s never possible to really understand the motivations of some attacks or the developments behind them. Still, with the benefit of hindsight, let’s […] more…Firefox adds in-browser notification of breached sites
Mozilla has added a data breach notification to Firefox that warns the browser’s users when their email address and credentials may have been obtained by hackers. Dubbed Firefox Monitor, the free breach notification service debuted in September after some testing during the summer. Anyone — not only Firefox users — can steer to the service […] more…Transforming Students into Professionals to Close the Skills Gap: A Million Dollar Investment
Innovation. It’s at the core of any security breakthrough. Just ask an expert in the crowd gathered at MPOWER, McAfee’s Annual Security Summit. And if you ask me, as McAfee’s SVP and chief human resource officer, innovation is not just how our industry can defend against the growing number of cyberthreats, but also how we […] more…How the McAfee Rotation Program is Providing Opportunities
By: Darius, Sales & Marketing Rotation Engineer “The sky is the limit.” It’s a phrase I heard frequently growing up, in school, college and university. To me, the phrase means there are endless opportunities. So, my nine-year-old self desired to be a racecar driver, my freshman year ambition was to be a developer and then […] more…Trojan watch
We continue to research how proliferation of IoT devices affects the daily lives of users and their information security. In our previous study, we touched upon ways of intercepting authentication data using single-board microcomputers. This time, we turned out attention to wearable devices: smartwatches and fitness trackers. Or more precisely, the accelerometers and gyroscopes inside […] more…WannaCry One Year Later: Looking Back at a Milestone
Has it been a year? It seems longer. When the WannaCry ransomware attack hit tens of thousands of individuals and business around the world on May 12, 2017, it wasn’t the first time we had seen ransomware, but its impact was unique and lasting. We’ve all known for decades about hackers, information thefts, computer viruses […] more…International Women’s Day in the Channel
I have had the privilege of working with many exceptional people over the course of my career. For International Women’s Day this year, I wanted to feature some of the dedicated and talented women I have the opportunity to work with in the Channel. The following individuals have great advice and stories that we all […] more…Ready for a Love Affair with Your Job?
Five Questions to Ask Yourself this Valentine’s Day This week, people around the world are exchanging cards, heart-shaped candy or flowers with loved ones to celebrate Valentine’s Day. This holiday centers on seeking happiness in relationships and finding love, but just as important, is how we find happiness in our careers and passion for the […] more…Supporting Our Military Veterans at McAfee
By Dawson McPherson, Talent & Communications Coordinator Over the past week, McAfee employees around the world paused to recognize and honor all the brave military men and women who have served their countries. From a veterans appreciation ceremony at our Plano, Texas office, to a display of red poppies in observation of Remembrance Day at […] more…Why Social Engineering is a Scammer’s Secret Weapon
Criminals and scammers love to trick, deceive and manipulate their victims into handing over sensitive information, and money. This kind of exploitation is often referred to as social engineering, and it’s worth knowing about because although the scams change, the methods remain the same. Social engineering can happen online, over the phone, or even in […] more…More information
- Google Releases Tool to Block USB Keystroke Injection Attacks
- The 2017 Ars Technica gadget gift guide: Power-user edition
- What’s in the latest Edge update? Rollbacks and new browser telemetry policies
- Bug filed: Close the Internet
- How to blunt spear phishing attacks
- Microsoft Windows Journal CVE-2015-2513 Remote Code Execution Vulnerability
- Patch Tuesday January 2014 – Microsoft, Adobe and Oracle
- What happens when your sex toy gets hacked?
- Microsoft Internet Explorer CVE-2014-2761 Remote Memory Corruption Vulnerability
- RDP Increasingly Abused in Attacks: FBI