New Surveillance Malware “FruitFly” Is a Nearly Undetectable Mac Backdoor
Charles McFarland contributed to this blog Mac malware outbreaks used to be viewed as a rarity. However, the last few years have seen Mac-focused threats steadily on the rise. In fact, our McAfee Labs Quarterly Threats Report showed instances of Mac malware growing by a huge 744% in 2016. Fast forward to the summer of […] more…A Look at JS_POWMET, a Completely Fileless Malware
by Michael Villanueva As cybercriminals start to focus on pulling off attacks without leaving a trace, fileless malware, such as the recent SOREBRECT ransomware, will become a more common attack method. However, many of these malware are fileless only while entering a user’s system, as they eventually reveal themselves when they execute their payload. Attacks […] more…LeakerLocker Mobile Ransomware Threatens to Expose User Information
by Ford Qin While mobile ransomware such as the recent SLocker focuses on encrypting files on the victim’s devices, a new mobile ransomware named LeakerLocker taps into its victims’ worst fears by allegedly threatening to send personal data on a remote server and expose its contents to everyone on their contact lists. The LeakerLocker ransomware […] more…How HTML Attachments and Phishing Are Used In BEC Attacks
Traditionally, BEC attacks have used keyloggers to steal saved account information from target machines. However, using an executable file for the attachment usually flags a user not to click them as there is a high chance that the file is malicious. As a result, we’ve seen a trend wherein the attached files are no longer executable files […] more…Running from Ransomware: A Mobile User’s Guide
From the second my alarm goes off, my day goes 100 miles a minute. In addition to getting myself ready for work, I have to pack my kids some brag-worthy lunches, conquer the stack of unwashed dishes in the sink from the night before, and make sure that everyone is out the door on time. […] more…POS Malware Steals Payment Card and Personal Info from Food Kiosks
Point-of-sale malware can make its way into almost anything these days, from massive corporate systems to individual devices. The latest victim is Avanti Markets, a leading “micro market” vending company hit with malware that has stolen payment and possibly fingerprint data from self-service payment kiosks in various locations. The cybercriminals likely breached the kiosk provider’s […] more…Preventing the Next Petya: Block New Exploits by Defending Old Vulnerabilities
For ransomware enthusiasts, the April release of stolen NSA Windows exploits is a gift that will not stop giving. Just weeks after the Shadowbrokers’ “Lost in Translation” file drop, WannaCry brought havoc and destruction to networks worldwide. Now a new Petya variant is using the same EternalBlue exploit—plus some newly weaponized Windows admin tools—to ransack […] more…Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More
by Lenart Bermejo, Jordan Pan, and Cedric Pernet The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than we first thought—at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the […] more…Are Your Online Mainframes Exposing You to Business Process Compromise?
by Roel Reyes (Senior Threat Researcher) Legacy mainframes are still used by enterprises to handle big data transactions across a range of industries, from financial institutions, telecoms, and internet service providers (ISPs) to airlines and government agencies. Why are they still in use? As the saying goes: “if it ain’t broke, don’t fix it”. But […] more…Why Human-Machine Teaming Will Lead to Better Security Outcomes
Artificial intelligence and machine learning have never been more prominent in the public forum. CBS’s 60 Minutes recently featured a segment promising myriad benefits to humanity in fields ranging from medicine to manufacturing. World chess champion Garry Kasparov recently debuted a book on his historic chess game with IBM’s Deep Blue. Industry luminaries continue to opine about the […] more…SLocker Mobile Ransomware Starts Mimicking WannaCry
by Ford Qin Early last month, a new variant of mobile ransomware SLocker (detected by Trend Micro as ANDROIDOS_SLOCKER.OPST) was detected, copying the GUI of the now-infamous WannaCry. The SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their […] more…Petya More Effective at Destruction Than as Ransomware
At the beginning of the recent Petya malware campaign, the world was quick to exclaim this attack was ransomware. Now, with time to analyze the facts and make comparisons to other ransomware campaigns, this Petya attack does not look so much like ransomware. To back up this claim, let’s examine three other well-known ransomware campaigns: […] more…Cyberattacks and Financial Services: Good News, Bad News
As highlighted in the Verizon 2017 Data Breach Investigations Report, the financial services sector continues to be a target of cyberattacks. That said, the trend has also shifted to other verticals, such as healthcare with the recent WannaCry attack and other hospital data breaches. One hopes, as the report suggests, that banks’ significant investments have […] more…AdGholas Malvertising Campaign Employs Astrum Exploit Kit
At the end of April this year, we found Astrum exploit kit employing Diffie-Hellman key exchange to prevent monitoring tools and researchers from replaying their traffic. As AdGholas started to push the exploit, we saw another evolution: Astrum using HTTPS to further obscure their malicious traffic. We spotted a new AdGholas malvertising campaign using the […] more…With new dynamic capabilities, will whitelisting finally catch on?
Everybody knows and hates whitelisting. Employees are only allowed to install approved software on their desktops and laptops, so they’re always complaining and asking for exceptions. Management eventually gets fed up with it and stops the experiment. For mobile devices, enterprises have a number of tools at their disposal, including mobile device management. In addition, […] more…McAfee Discovers Pinkslipbot Exploiting Infected Machines as Control Servers; Releases Free Tool to Detect, Disable Trojan
McAfee Labs has discovered that banking malware Pinkslipbot (also known as QakBot/QBot) has used infected machines as control servers since April 2016, even after its capability to steal personal and financial data from the infected machine has been removed by a security product. These include home users whose computers are usually behind a network address […] more…More information
- Anatomy of a phish – how crooks hack legitimate websites to steal your details
- Microsoft Edge Chakra Scripting Engine CVE-2018-8510 Remote Memory Corruption Vulnerability
- Former Employee Accused of Being Behind Ubiquiti Hack
- HP adds Core i9 CPUs, Nvidia RTX graphics to elite Omen Obelisk desktop
- Die 100+ besten „Stolz auf meine Tochter“ Sprüche
- Q&A: Univ. of Phoenix CIO says chatbots could threaten innovation
- Office 365 Users Need Better Care of Sensitive Data: Report
- WallStreetsBets craze pushes dogecoin up 5x in 24 hours
- Thought Heartbleed was dead? Nope – hundreds of thousands of things still vulnerable to attack
- Authorities Probe Radio, Website Disruptions During Protests