Combatting the Transformation of Cybercrime
The volume of cyberattacks is growing at an unprecedented rate, increasing as much as nearly 80% for some organizations during the final quarter of 2017. One reason for this acceleration in the attack cycle is that in order for malware to succeed today it needs to spread further and faster than even before. This allows […] more…Microsoft Releases More Patches for Meltdown, Spectre
Microsoft informed users on Tuesday that it released additional patches for the CPU vulnerabilities known as Meltdown and Spectre, and removed antivirus compatibility checks in Windows 10. Meltdown and Spectre allow malicious applications to bypass memory isolation and access sensitive data. Meltdown attacks are possible due to CVE-2017-5754, while Spectre attacks are possible due to […] more…Tropic Trooper’s New Strategy
by Jaromir Horejsi, Joey Chen, and Joseph C. Chen Tropic Trooper (also known as KeyBoy) levels its campaigns against Taiwanese, Philippine, and Hong Kong targets, focusing on their government, healthcare, transportation, and high-tech industries. Its operators are believed to be very organized and develop their own cyberespionage tools that they fine-tuned in their recent campaigns. […] more…Woe is the Life of a Security Analyst in March
The IRS issued a warning last month about an updated version of the old wire transfer phishing scam, where fake emails are sent to accounting supposedly from a company executive, requesting a wire transfer to a provided account. In the updated version cautioned by the IRS, the request is to payroll or human resources requesting […] more…Critical Vulnerabilities Addressed in SecurEnvoy SecurMail
Multiple critical vulnerabilities impacting SecurEnvoy SecurMail could result in an attacker being able to read encrypted emails and even delete or overwrite messages in an inbox. SecurEnvoy SecurMail was meant to provide businesses with secure email communications and claims to be offering organizations the full advantages of encryption without the hassle of deployment or management […] more…SOC Performance Improves, But Remains Short of Optimum: Report
The good news is that security operations centers (SOCs) are becoming more efficient. The not-so-good news is that there is still considerable scope for improvement. This is the conclusion of the fifth annual Micro Focus State of Security Operations Report for 2018 (PDF), which draws on the experience of 200 assessments of 144 discreet SOC […] more…Firefox 63 to Distrust All Symantec Root Certificates
Mozilla this week detailed its plans to completely distrust Symantec root certificates in Firefox 63, set to arrive in October 2018. Over the past couple of years, numerous problems have emerged regarding the wrongful issuance of certificates issued by the Certification Authority (CA) run by Symantec, one of the oldest and largest CAs. These issues […] more…DDoS explained: How distributed denial of service attacks are evolving
What is a DDoS attack? A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything: servers, devices, services, networks, applications, and even specific transactions within applications. In a DoS attack, it’s […] more…McAfee Researchers Find Poor Security Exposes Medical Data to Cybercriminals
The nonperishable nature of medical data makes an irresistible target for cybercriminals. The art of hacking requires significant time and effort, encouraging experienced cybercriminals to plot their attacks based on the return they will see from their investment. Those who have successfully gained access to medical data have been well rewarded for their efforts. One […] more…McAfee Researchers Analyze Dark Side of Cryptocurrency Craze: Its Effect on Cybercrime
In December 2017 Bitcoin values skyrocketed, peaking at the unprecedented amount of roughly US$19,000 per coin. Unsurprisingly, the market for cryptocurrencies exploded in response. Investors, companies, and even the public found a fresh interest in digital currencies. However, the exciting change in Bitcoin value did not just influence your average wealth seeker. It also influenced […] more…Why is the Technology Industry Shirking its Security Responsibilities?
No sooner have we had time to recover from the post-CES jet-lag in January than Mobile World Congress 2018 rolls around. These two events have cemented themselves into the mobile and consumer technology industries’ calendars as key opportunities to showcase the latest hardware and software products and services, amidst a flurry of media hype and […] more…The Many Forms of IP Theft Add Up to Big Losses
U.S. military drone technology surfaces on the black market and is bought by arms dealers. A pharmaceutical company based in Eastern Europe obtains trade secrets divulging the recipe for a popular prescription medication. A business that rejected an architect’s bid nevertheless uses part of that plan in construction. An advance copy of a much-anticipated “Game […] more…Free Ransomware Available on Dark Web
The McAfee Advanced Threat Research team recently analyzed a ransomware-as-a-service threat that is available for free and without registration. This malware was first seen in July 2017 with the extension .shifr. It has now appeared in recent detections with the extension .cypher. Ransomware-as-a-Service Ransomware-as-a-service is a cybercrime economic model that allows malware developers to earn money […] more…Vulnerabilities in Apache CouchDB Open the Door to Monero Miners
by Hubert Lin Attacks abusing cryptocurrency miners have been on an upswing — in large part due to the growing popularity of digital currencies. Based on data from our sensors that we deployed worldwide, we have observed a new attack that exploits two vulnerabilities in a popular database system to deliver miners (detected by Trend […] more…Share Your Heart, Not Your Identity: Here’s How You Can Stay Safe on Valentine’s Day
I love Valentine’s day, it’s the one day of the year exclusively dedicated to sharing: we share our feelings, our affection, and special gifts with our loved ones. It’s a great time to show the people in our lives just how much they mean to us. Thanks to social media and mobile friendly retailers, giving […] more…A New Standard for Security at New Standard Corporation
From the latches on the toolbox in your garage to componentry in gigantic earth movers, New Standard Corporation provides Original Equipment Manufacturer components, assemblies, and related services for products used in the agriculture, construction, mining, industrial, and power generation industries. As at companies everywhere, New Standard has seen information security move from the back shelf […] more…More information
- The gaping hole in Obama’s plan to stop Chinese hacking
- AirDrop Bug Could Let Hackers Silently Plant Malware on Your iPhone or Mac
- Atlassian Patches Critical Vulnerabilities in Confluence, Crowd
- Microsoft Edge will soon allow users to disable the ‘reveal password’ option
- Security Startup SlashNext Taps Cognitive Computing to Detect Attacks
- Data Loss Prevention: From Hero to Goat and Back Again
- Cybersecurity’s Marketing Dilemma
- Half a million Huawei Android phones hit by Joker malware
- Analyzing CVE-2017-3731: Truncated Packets Can Cause Denial of Service in OpenSSL
- New rumor points to fingerprint sensor, NFC e-wallet in Apple’s next iPhone