Untangling the Patchwork Cyberespionage Group
by Daniel Lunghi, Jaromir Horejsi, and Cedric Pernet Patchwork (also known as Dropping Elephant) is a cyberespionage group known for targeting diplomatic and government agencies that has since added businesses to their list of targets. Patchwork’s moniker is from its notoriety for rehashing off-the-rack tools and malware for its own campaigns. The attack vectors they […] more…Don’t Substitute CVSS for Risk: Scoring System Inflates Importance of CVE-2017-3735
I am a wry observer of vulnerability announcements. CVE-2017-3735—which can allow a small buffer overread in an X.509 certificate—presents an excellent example of the limitations of the Common Vulnerability Scoring System (CVSS). This scoring system is the de facto security industry standard for calculating and exchanging information about the severity of vulnerabilities. The problem is […] more…What I’m Thankful for This Year: Combining Passion & Career
By Philip, Program Manager, People First Office Back in April, I started my new role at McAfee as the Program Manager of our newly-created PeopleFirst Office. It was an exciting yet daunting time as we had launched McAfee as an independent cybersecurity company, just a week prior to my first day. In the office, the […] more…qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
by Jaromir Horejsi (Threat Researcher) We encountered a few interesting samples of a file-encoding ransomware variant implemented entirely in VBA macros called qkG (detected by Trend Micro as RANSOM_CRYPTOQKG.A). It’s a classic macro malware infecting Microsoft Word’s Normal template (normal.dot template) upon which all new, blank Word documents are based. Further scrutiny into qkG also […] more…The Uber Data Breach: What Consumers Need to Know
Ride-sharing apps are one of the most successful innovations of the modern digital age. Practically everyone who has a smart phone uses them. When it was discovered today that Uber, the leader in the ride-sharing space, was hit with a massive data breach back in 2016, all of our ears perked up. Let’s look at […] more…How Cybercriminals Are Shopping for Personal Data This Black Friday
Thanksgiving is here, which means it’s time to stuff our bellies and prep our bank accounts for lots of bargain shopping. Black Friday and Cyber Monday have practically become holidays themselves, as each year they immediately shift our attention from stuffing and turkey toward holiday shopping. They also get quite a bit attention from cybercriminals, […] more…Out Innovating the Adversary, Part 1
Deep down, if I think about who I am, I’m a scientist who loves to solve problems. If you think about cybersecurity, its problems are unique in that we are not only competing against industry competitors, we are also competing against the adversaries behind the cyber-attacks. My recent keynote at MPOWER17 Las Vegas focused on […] more…Pay what you want for these 6 top cybersecurity tools – Deal Alert
With each passing day, hackers invent more ways to breach networks and steal valuable information from innocent online users. That’s why it’s important to stay ahead of the curve with today’s best cybersecurity tools, but you won’t have to shell out an arm and a leg to protect yourself online. With the Pay What You Want […] more…Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks
by Ronnie Giagone, Lenart Bermejo, and Fyodor Yarochkin The waves of backdoor-laden spam emails we observed during June and July that targeted Russian-speaking businesses were part of bigger campaigns. The culprit appears to be the Cobalt group, based on the techniques used. In their recent campaigns, Cobalt used two different infection chains, with social engineering […] more…The Clock Is Ticking: Can You Find and Kill Advanced Malware Before it Kills Your Endpoints?
Your company’s computer system has been compromised by disguised malware. There is no greater feeling of dread for a security professional. This may put your mind at ease: Through automation, McAfee’s endpoint and sandbox tools can round up the malware, detonate it in a safe place, identify any compromised areas, and prepare them for you […] more…REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography
by Joey Chen and MingYen Hsieh (Threat Analysts) REDBALDKNIGHT, also known as BRONZE BUTLER and Tick, is a cyberespionage group known to target Japanese organizations such as government agencies (including defense) as well as those in biotechnology, electronics manufacturing, and industrial chemistry. Their campaigns employ the Daserf backdoor (detected by Trend Micro as BKDR_DASERF, otherwise […] more…10 Ways to Bring your Incident Response Back from the Grave
It’s Día de Los Muertos—but that’s no excuse for your security threat processes to move like the walking dead. As hundreds of thousands of people around the globe take time to remember their ancestors today, we urge you to look back through your incident history. But don’t stop there, think about how you can improve […] more…Expiro Malware Is Back and Even Harder to Remove
File infector malware adds malicious code to current files. This makes removal tricky because deleting infections results in the loss of legitimate files. Although file infectors were more popular in the 1990s and early 2000s, they still pose a significant threat. The complex disinfection process is usually leveraged by malware authors to ensure systems stay […] more…Bad Rabbit Ransomware Spreads via Network, Hits Ukraine and Russia
A ransomware campaign is currently ongoing, hitting Eastern European countries with what seems to be a variant of the Petya ransomware dubbed Bad Rabbit (which we detect as RANSOM_BADRABBIT.A). Trend Micro products with XGen™ security detect this ransomware as TROJ.Win32.TRX.XXPE002FF019. The attack comes a few months after the previous Petya outbreak, which struck European countries back […] more…Ransomware Decryption Framework – Now Available
This blog details the availability of the McAfee Ransomware Recover (Mr 2). We would like to credit Kunal Mehta and Charles McFarland in the work required to develop this framework. How do I get my files back? This is probably the first question asked when ransomware strikes. Of course, the answer will depend on whether there […] more…MPOWER: A New Kind of Cybersecurity Conference
Today we are kicking off a different kind of conference here in Las Vegas hosted by a different kind of McAfee than you knew in years past. In my keynote this morning I spoke to MPOWER attendees surrounding a central stage, and it felt a little like I was in a boxing ring. I also […] more…More information
- Google’s Gmail controversy is everything people hate about Silicon Valley
- Microsoft OneNote Starts Blocking Dangerous File Extensions
- Renowned Apple hacker Charlie Miller hired by Twitter
- Pentagon Adopts New Ethical Principles for Using AI in War
- Cool Exploit Kit is Related to Blackhole
- What Are Tailgating Attacks and How to Protect Yourself From Them
- SonicWall Updates SMA 100 Appliances to Remove Overstep Malware
- Resolved: eDDS down for emergency maintenance
- In Other News: Cybersecurity Funding Rebounds, Cloud Threats, BeyondTrust Vulnerability
- Beware! DHL Express malware attack appearing in inboxes