RSA Conference 2013: A Newcomer’s Perspective
A few weeks ago, a couple of colleagues and I attended the annual RSA Conference in in San Francisco. My colleagues have already offered their detailed descriptions of the event; instead I’ll discuss the broader themes I saw at the event. Contrasting atmopsheres The exhibit floors were cheery – almost festive, in fact – with […] more…Tax Season Email Scam Aims to Steal from Uncle Sam
Every year around tax season, we see a huge spike in tax-related social engineering attacks. Social engineering is a type of cyber attack that attempts to psychologically manipulate users, tricking them into downloading malicious software or divulging confidential information. Very often, these attacks take the form of a fraudulent email created to mimic an email […] more…Celebrity “Doxxing” Scandal Sheds Light on Cyber Risk
Recently, news broke that the private information of a few unlucky celebrities and politicians was leaked online. The data, which includes everything from bank statements to mortgage terms and car loans, was made available on a Russian website. It’s unfortunate that well-known performers like Jay-Z, Beyonce, Britney Spears, and Kim Kardashian have had their information […] more…Google Play: Potentially Unwanted
Google Play has a problem — and it isn’t malware. Depending on location, Potentially Unwanted Applications (PUA) can be rather difficult to avoid. Here’s a screenshot of User Reviews from a “weather widget” application: In English (both U.S. and U.K.), there are eight user reviews. Just eight. Even if you click on a link to […] more…The Android malware problem is not hyped, researchers say
Recent reports from antivirus companies seem to suggest that the number of Android malware threats is growing. However, there are still many skeptics who think that the extent of the problem is exaggerated. read more more…2012 Web Malware Trends Report Summary
Sucuri is a website security company focused on the detection and remediation of web malware. In 2012, via our SiteCheck scanner, we scanned 9,953,729 unique domains. This small report is based on the data we were able to compile from that platform and our analysis of that same data. The Foundation Healthy Website View We […] more…From the Phablet to GSMA’s Connected City, Was Mobile World Congress a Success?
For four days, the streets of Barcelona were flooded with mobile enthusiasts from every corner of the globe, looking to see what ground-breaking announcements would be coming out of Mobile World Congress 2013 (MWC). Held from February 25th to February 28th, more than 72,000 attendees from 200 countries passed through the MWC entrance doors to […] more…In-Depth Look: APT Attack Tools of the Trade
Recently, we shed some light on APT attack tools and how to identify them. Part of our daily tasks as threat researchers revolves around investigating APT actors, and the tools that they utilize to help better protect our customers. The purpose of this blog is to further investigate the tools that APT actors typically use […] more…Blackhole Exploit Kit Run Adopts Controversial Java Flaw
In our 2013 Security Predictions, we predicted that conventional malware will focus mainly on refining tools instead of creating new threats. A perfect example of this prediction is how Blackhole Exploit Kit continuously attempts to circumvent the efforts done by the security industry. True enough, we recently received reports of a Blackhole Exploit Kit (BHEK) […] more…How McAfee SECURE Services Can Help Enterprises
Whether you are a large-scale online business or a mom and pop storefront, all merchants can and must have a strong security strategy. With Retail now the number one most targeted industry, accounting for 48 percent of all data breach incidents in 2012 alone, it is crucial for organizations of any size to protect themselves […] more…The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor
(or, how many cool words can you fit into one title) On Feb 12th 2013, FireEye announced the discovery of an Adobe Reader 0-day exploit which is used to drop a previously unknown, advanced piece of malware. We called this new malware “ItaDuke” because it reminded us of Duqu and because of the ancient Italian […] more…PostgreSQL Denial of Service Vulnerability Found and Patched
PostgreSQL is a fully featured object-relational database management system. It supports a large part of the SQL standard and is designed to be extensible by users in many aspects. Graphical user interfaces and bindings for many programming languages are available as well. Earlier this month, I discovered a denial of service vulnerability in versions of PostgreSQL that caused a […] more…Your Data and the Business of Online Scams
Like any other businesses, scammers operate within a certain model to ensure the continuity of their schemes. In my previous post, I discussed in details about a typical scammer’s profile, trust model, and the strategies they use to get hold and sustain customers. This time around, we’ll look into the business model that they use […] more…Mitigating Targeted Attacks Requires an Integrated Solution
Over the course of the past few weeks, we’ve talked a lot Advanced Persistent Threats (APT), and how such threats require a different class of protection in order to be managed effectively. There can be no doubt that APT attacks are a real threat. Such threats are unpredictable in nature, could lead to devastating consequences, […] more…The Lowest Hanging Fruit: Java
By all measures, Java is the current title holder for the lowest hanging fruit in computer security. (And by Java, we mean JRE and its various browser plugins.) It wasn’t always so. How did it happen? Let’s review some highlights in the history of low hanging fruit. From 2004 to 2008: Attacks shifted from Windows […] more…Payday Loan Spam affecting Thousands of Sites
One of the most important metrics used by search engines to rank a site is the number of link backs that it has. The more links a site has for a specific keyword, the higher it will rank when someone searches for it. So if a site has a lot of links back for a […] more…More information
- Study: Bug bounty programs provide strong value for vendors
- 2022 iPad Pro review: Impressively, awkwardly fast and capable
- Intel to slash power consumption on Ivy Bridge chip
- Apple Safari crashes: Mystery bug floors browser on iOS and Macs
- This 16-Year-Old Wants To Make Email More Secure Than Ever
- PoS Malware Hits Avanti Payment Kiosks
- How do you feel about getting on a plane with no pilot?
- ‘Instagram for PC’ application is a marketing scam
- Update: TLT Services in Degraded State
- Analyst: Apple’s AR glasses will run Mac chips