Facebook: turn off SMS 2FA if you don’t want your number used for ads
Facebook has been adding phone numbers registered for 2FA to the other data it uses to target people with advertising. more…You gave your number to Facebook for security and it used it for ads
Facebook has been adding phone numbers registered for 2FA to the other data it uses to target people with advertising. more…Roaming Mantis part III: iOS crypto-mining and spreading via malicious content delivery system
In Q2 2018, Kaspersky Lab published two blogposts about Roaming Mantis sharing details of this new cybercriminal campaign. In the beginning, the criminals used DNS hijacking in vulnerable routers to spread malicious Android applications of Roaming Mantis (aka MoqHao and XLoader), spoofing legitimate applications such as Facebook and Chrome. During our research, it became clear […] more…5 Simple But Powerful Career Tips
Getting ahead in your career doesn’t happen by accident. It requires planning and constant pursuit. That’s why working for a company that invests in you, truly wants you to succeed and enables you to grow personally and professionally makes a big difference in your career progression. This week McAfee hosted our first-ever CMO Development Forum […] more…USB threats from malware to miners
Introduction In 2016, researchers from the University of Illinois left 297 unlabelled USB flash drives around the university campus to see what would happen. 98% of the dropped drives were picked up by staff and students, and at least half were plugged into a computer in order to view the content. For a hacker trying […] more…‘McAfee Labs Threats Report’ Highlights Cryptojacking, Blockchain, Mobile Security Issues
As we look over some of the key issues from the newly released McAfee Labs Threats Report, we read terms such as voice assistant, blockchain, billing fraud, and cryptojacking. Although voice assistants fall in a different category, the other three are closely linked and driven by the goal of fast, profitable attacks that result in […] more…Virobot Ransomware with Botnet Capability Breaks Through
We’ve predicted that ransomware attacks will plateau in 2017 but will diversify in terms of attack methods as time progresses. Ransomware activity in the first half of 2018 proved this to be true, with more innovative methods to raise the ante. Case in point: we have recently observed Virobot (detected by Trend Micro as RANSOM_VIBOROT.THIAHAH), […] more…Viro Botnet Ransomware Breaks Through
We’ve predicted that ransomware attacks will plateau in 2017 but will diversify in terms of attack methods as time progresses. Ransomware activity in the first half of 2018 proved this to be true, with more innovative methods to raise the ante. Case in point: we have recently observed Virobot (detected by Trend Micro as RANSOM_VIBOROT.THIAHAH), […] more…Threats posed by using RATs in ICS
While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools (RAT) for PCs installed on operational technology (OT) networks of industrial enterprises. In a number of incidents that we have investigated, threat actors had used RATs to attack industrial organizations. In some cases, the attackers had stealthily installed […] more…Mobile and Digital Payments: Worth the Risk?
Thanks in part to the convenience that our mobile devices provide for us, much of the world operates now on instant gratification. From accessing information on the web to doing work –and now sending and receiving digital payments– our devices and applications support us while we’re on the go. Whether we’re paying a friend for […] more…New trends in the world of IoT threats
Cybercriminals’ interest in IoT devices continues to grow: in H1 2018 we picked up three times as many malware samples attacking smart devices as in the whole of 2017. And in 2017 there were ten times more than in 2016. That doesn’t bode well for the years ahead. We decided to study what attack vectors […] more…How Apple’s Safari Browser Will Try to Thwart Data Tracking
New privacy features in Apple’s Safari browser seek to make it tougher for companies such as Facebook to track you. Companies have long used cookies to remember your past visits. This can be helpful for saving sign-in details and preferences. But now they’re also being used to profile you in order to fine-tune advertising to […] more…Professionalizing Cybersecurity Practitioners
The formation of a professional body to provide standards of excellence within cybersecurity practitioners has been mooted for many years. Now the UK government has proposed the development of an institution for “developing the cybersecurity profession, including through achieving Royal Chartered status by 2020.” read more more…LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company
What happened? Since March 2018 we have discovered several infections where a previously unknown Trojan was injected into the lsass.exe system process memory. These implants were injected by the digitally signed 32- and 64-bit network filtering driver NDISProxy. Interestingly, this driver is signed with a digital certificate that belongs to Chinese company LeagSoft, a developer […] more…Stolen Data from Chinese Hotel Chain and Other Illicit Products Sold in Deep Web Forum
by Fyodor Yarochkin (Senior Threat Researcher) We uncovered personally identifiable information (PII) stolen from a China-based hotel chain being sold on a deep web forum we were monitoring. Further analysis revealed that the stolen data was not only the PII of Chinese customers, but also included the hotel chain’s customers from Western and East Asian […] more…Trending: IoT Malware Attacks of 2018
Since January 1st of 2018, a barrage of cyberattacks and data breaches have hit almost every industry, targeting businesses large and small, many of which are now from IoT devices. By 2025, it is estimated that there will be approximately 75 billion connected devices around the world. With more IoT devices –from wearables and pacemakers […] more…More information
- Heads roll at Intel after 7nm delay
- Earn money for your exploits, this time on mobile pwns, sorry, phones
- Silent Circle quietly throttles warrant canary
- Windows 8’s built-in AV to be security of last resort
- Sift Raises $50M at ‘Unicorn’ Valuation
- Porn Video Interrupts US Court Hearing for Accused Twitter Hacker
- Telemetry Report Shows Patch Status of High-Profile Vulnerabilities
- Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks
- Resolved: Resolved: smtp.psu.edu degraded service
- Industrial robots are security weak link