IE Scripting Flaw Still a Threat to Unpatched Systems: Analyzing CVE-2018-8653
Microsoft recently patched a critical flaw in Internet Explorer’s scripting engine that could lead to remote code execution. The vulnerability is being exploited in the wild and was originally reported by a researcher from Google’s Threat Analysis Group. Microsoft released an out-of-band patch to fix the vulnerability before the normal patch cycle. McAfee products received […] more…80 to 0 in Under 5 Seconds: Falsifying a Medical Patient’s Vitals
The author thanks Shaun Nordeck, MD, for his assistance with this report. With the explosion of growth in technology and its influence on our lives, we have become increasingly dependent on it. The medical field is no exception: Medical professionals trust technology to provide them with accurate information and base life-changing decisions on this data. McAfee’s […] more…How Machine Learning Techniques Helped Us Find Massive Certificate Abuse by BrowseFox
By employing machine learning algorithms, we were able to discover an enormous certificate signing abuse by BrowseFox, a potentially unwanted application (PUA) detected by Trend Micro as PUA_BROWSEFOX.SMC. BrowseFox is a marketing adware plugin that illicitly injects pop-up ads and discount deals. While it uses a legitimate software process, the adware plugin may be exploited […] more…Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users
By Ecular Xu and Grey Guo We discovered a malware family called Maikspy — a multi-platform spyware that can steal users’ private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of […] more…Facebook Announces New Steps to Protect Users’ Privacy
Facebook Revamps Privacy Settings Amid Data Breach Outcry Facebook on Wednesday unveiled new privacy settings aiming to give its users more control over how their data is shared, following an outcry over hijacking of personal information at the giant social network. The updates include easier access to Facebook’s user settings and tools to easily search […] more…Stefan’s Tale: A 17-Year Journey to McAfee
By Stefan, Senior Security Consultant in Melbourne, Australia. When I was younger, I wanted to be a policeman and help stop bad guys. As I got older, my dream career evolved into wearing a different kind of shield to stop a different type of bad guy. And in a 17-year tale spanning continents, I finally […] more…Penquin’s Moonlit Maze
Download full report (PDF) Download Appendix B (PDF) Download YARA rules Back to the Future – SAS 2016 As Thomas Rid left the SAS 2016 stage, he left us with a claim that turned the heads of the elite researchers who filled the detective-themed Tenerife conference hall. His investigation had turned up multiple sources involved […] more…Kaspersky Lab Black Friday Threat Overview 2016
Download the PDF Introduction The Internet has changed forever how people shop. By 2018, around one in five of the world’s population will shop online; with ever more people doing so on a mobile device rather than a computer. In fact, it is estimated that by the end of 2017, 60% of e-commerce will come […] more…App Store Flooded with Phony Retail Apps to Kick Off Holiday Season
The holiday season has officially kicked off, which means a number of things for many of us: seasonal cheer, quality time with loved ones, and admittedly for many, lots and lots of shopping. And these days, many of holiday retail sales are happening online. Unfortunately, that also means now more than ever, there’s more holiday-related […] more…Why Ransomware Works: Tactics and Routines Beyond Encryption
By Rhena Inocencio, Anthony Melgarejo, and Jon Oliver How do companies regardless of size and industry prepare for ransomware attacks? A recent study revealed that businesses are considering saving up Bitcoins, just in case they get hit by these threats and can recover their confidential files in a short span of time. While we don’t […] more…Who’s Really Spreading through the Bright Star?
Security researchers recently announced that that the official website for the Korean Central News Agency of the Democratic People’s Republic of Korea has been serving malware disguised as a Flash Player update. The immediately conspicuous code is still active on the KCNA front page. The javascript variables at the top of the front page source […] more…Who’s Behind Operation Huyao?
As previously discussed Operation Huyao is a well-designed phishing scheme that relys on relay/proxy sites that pull content directly from their target sites to make their phishing sites appear to be more realistic and believable. Only one such attack, targeting a well-known Japanese site, has been documented. No other sites have been targeted by this attack.Publicly available information suggests that […] more…Root Cause Analysis of CVE-2014-1772 – An Internet Explorer Use After Free Vulnerability
We see many kinds of vulnerabilities on a regular basis. These range from user-after-free (UAF) vulnerabilities, to type confusion, to buffer overflows, to cross-site scripting (XSS) attacks. It’s rather interesting to understand the root cause of each of these vulnerability types, so we looked at the root cause of an Internet Explorer vulnerability – CVE-2014-1772. We’d […] more…Isolated Heap for Internet Explorer Helps Mitigate UAF Exploits
In the recent Microsoft security bulletin for Internet Explorer, we found an interesting improvement for mitigating UAF (User After Free) vulnerability exploits. The improvement, which we will name as “isolated heap”, is designed to prepare an isolated heap for many objects which often suffers from UAF vulnerabilities. Let’s use Internet Explorer 11 as an example. Before it […] more…Sunsets and Cats Can Be Hazardous to Your Online Bank Account
It’s been said that a picture is worth a thousand words. Unfortunately, there’s one that’s worth your bank accounts. We came across malware that uses steganography to hide configuration files within images. However unique this technique might seem, it is hardly new—we previously featured targeted attacks that use the same technique. The ZBOT malware, detected as […] more…From the Phablet to GSMA’s Connected City, Was Mobile World Congress a Success?
For four days, the streets of Barcelona were flooded with mobile enthusiasts from every corner of the globe, looking to see what ground-breaking announcements would be coming out of Mobile World Congress 2013 (MWC). Held from February 25th to February 28th, more than 72,000 attendees from 200 countries passed through the MWC entrance doors to […] more…More information
- Pointless 1Malaysia email project to continue despite delisting
- Impacted Vendors Release Advisories for FragAttacks Vulnerabilities
- Microsoft Windows CVE-2016-3333 Local Privilege Escalation Vulnerability
- Microsoft Windows Kernel CVE-2015-2550 Local Privilege Escalation Vulnerability
- Analog OPSEC 101 – operational security in the physical world
- In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit
- Self-Healing Cybersecurity Systems: A Pipe Dream or Reality?
- Known Error impacting ENCS Service Inquiry/Request Form – Investigation Underway
- Schumannfrequenz – Bedeutung der „Pulsation der Erde“
- Industrial Cybersecurity Firm Claroty Raises $60 Million