Multi-vector attacks target cloud-hosted technologies
The push to move everything into the cloud over the past several years has generated a large number of misconfigured and exposed deployments of various software stacks. This has attracted sophisticated attacks that destroy data or abuse server resources for cryptocurrency mining. [ Learn which interview questions to ask cloud security candidates. | Get the […] more…What is spear phishing? Why targeted email attacks are so difficult to stop
Spear phishing definition Spear phishing is the act of sending and emails to specific and well-researched targets while purporting to be a trusted sender. The aim is to either infect devices with malware or convince victims to hand over information or money. [ Check out these 11 phishing prevention tips for best technology practices, employee […] more…Top 4 enterprise tech trends to watch in 2019
If 2018 was the year of the data breach, the thinking among IT pros is that this will be the year companies take concrete steps to prevent future breaches. That was the sentiment among tech professionals who took part in a recent @IDGTechTalk Twitter chat about enterprise tech trends for 2019. In fact, a recent […] more…Cybercriminals Disguised as Apple Are After Users’ Personal Data: Insights on This Threat
With the holidays rapidly approaching, many consumers are receiving order confirmation emails updating them on their online purchases for friends and family. What they don’t expect to see is an email that appears to be a purchase confirmation from the Apple App Store containing a PDF attachment of a receipt for a $30 app. This is […] more…Huawei Rejects Western Security Fears, Says ‘No Evidence’
Huawei defended its global ambitions and network security on Tuesday in the face of Western fears that the Chinese telecom giant could serve as a Trojan horse for Beijing’s security apparatus. read more more…‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure
This post was written with contributions from the McAfee Advanced Threat Research team. The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download […] more…New Exploit Kit “Novidade” Found Targeting Home and SOHO Routers
We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of […] more…New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools
MuddyWater is a well-known threat actor group that has been active since 2017. They target groups across Middle East and Central Asia, primarily using spear phishing emails with malicious attachments. Most recently they were connected to a campaign in March that targeted organizations in Turkey, Pakistan, and Tajikistan. The group has been quite visible since the […] more…Get 90% Off Your First Year of RemotePC, Up To 50 Computers for $6.95
iDrive has activated a significant discount on their Remote access software RemotePC in these days leading into Black Friday. RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work, home or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is […] more…Perl-Based Shellbot Looks to Target Organizations via C&C
We uncovered an operation of a hacking group, which we’re naming “Outlaw” (translation derived from the Romanian word haiduc, the hacking tool the group primarily uses), involving the use of an IRC bot built with the help of Perl Shellbot. The group distributes the bot by exploiting a common command injection vulnerability on internet of […] more…92% of External Web Apps Have Exploitable Security Flaws or Weaknesses: Report
According to new research, 98% of leading companies across the U.S. and Europe are vulnerable to cybercriminals through their web applications. While this figure may seem high, it will surprise neither the companies themselves nor independent security experts. read more more…Ghouls of the Internet: Protecting Your Family from Scareware and Ransomware
It’s the middle of a workday. While researching a project, a random ad pops up on your computer screen alerting you of a virus. The scary-looking, flashing warning tells you to download an “anti-virus software” immediately. Impulsively, you do just that and download either the free or the $9.99 to get the critical download. But […] more…Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
by Byron Gelera and Donald Castillo We recently found a malware that abuses two legitimate Windows files — the command line utility wmic.exe and certutil.exe, a program that manages certificates for Windows — to download its payload onto the victim’s device. What’s notable about these files is that they are also used to download other […] more…State County Authorities Fail at Midterm Election Internet Security
One of the things we at McAfee have been looking at this midterm election season is the security of election infrastructure at the individual county and state levels. A lot of media and cybersecurity research focus has been placed on whether a major national attack could disrupt the entire U.S. voting infrastructure. Headlines and security […] more…Working Together to Ensure Better Cybersecurity
For many, it’s hard to picture a work environment that doesn’t revolve around the use of technology. Digital, cloud-based services coupled with access through mobile and IoT devices have completely reshaped organizations by streamlining business processes and enabling people to work anywhere, anytime. Thanks to these advances, there have also been a variety of recent […] more…Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
The GandCrab ransomware, which first appeared in January, has been updated rapidly during its short life, with Version 5.0.2 appearing this month. In this post we will examine the latest version and how the authors have improved the code (and in some cases have made mistakes). McAfee gateway and endpoint products are able to protect […] more…More information
- The 7 best productivity improvements Apple introduced in 2022
- AIS VPN Firmware Upgrade – August 7
- Hacked 3D printers could commit industrial sabotage
- Hacking is Sexy, But Defending is the Grown-up Thing To Do
- S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]
- German Police Shut Down Major ‘Darknet’ Illegal Trading Site
- In Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring
- Quantum crypto still not proven, claim Cambridge experts
- All Work and No Play? Not at McAfee!
- Facebook flags thousands of kids as interested in gambling, booze