Clik here to view.
Macro Malware Adds Tricks, Uses MaxMind to Avoid Detection
Macro malware continues to evolve and use new tricks to evade detection. This threat is responsible for downloading malicious Trojans such as Dridex and ransomware such as Locky. Recently McAfee Labs...
View ArticleClik here to view.
Security Best Practices for Azure App Service Web Apps, Part 4
Microsoft’s Azure App Service is a fully managed Platform as a Service for developers that provides features and frameworks to quickly and easily build apps for any platform and any device. In spite of...
View ArticleJune #SecChat Recap: Findings from the 2016 Verizon DBIR
This year’s highly anticipated Verizon 2016 Data Breach Investigations Report (Verizon DBIR) analyzed cybersecurity findings from 100,000 incidents and 2,260 confirmed breaches, taking a deep dive into...
View ArticleClik here to view.
How Valuable is Your Healthcare Data?
Health care is a hot topic in security right now. A quick search for “hospital ransomware” returns a laundry list of news reports on hospitals as targets of cyberattacks. However, it is not just...
View ArticleClik here to view.
The Latest IoT Device I Do Not Want Hacked
What if someone hacked this remotely controlled semiautonomous tractor? I am a cybersecurity guy and a huge fan of technology. One of the challenges we face in the security industry is the growth of...
View ArticleClik here to view.
Top 5 Things to Know About Recent IoT Attacks
Recent Internet attacks have resulted in several popular sites becoming unreachable. The list includes Twitter, Etsy, Spotify, Airbnb, Github, and The New York Times. These incidents have brought to...
View ArticleClik here to view.
Cerber Ransomware Now Hunts for Databases
Cerber is one of the most popular ransomware packages. It has upgraded itself to also target databases. It is available for purchase as a service (ransomware as a service) on the “dark net” as part of...
View ArticleClik here to view.
Talking About Cyber Risks Educates the Community
In the last 12 months, we have seen an unprecedented number of cyberattacks occur or come to light. Sophisticated attacks against governments, businesses, consumers, and the pillars of the Internet...
View ArticleClik here to view.
More Capable IoT Botnets to Emerge as the ‘Pros’ Enter the Fray
On the heels of severe distributed denial of service (DDoS) attacks, we see new botnets emerging that are powered by the Internet of Things (IoT). There are already hundreds of such botnets in the...
View ArticleClik here to view.
Worms Could Spread Like Zombies via Internet of Things
Security researchers recently created a proof-of-concept attack against Internet-connected lightbulbs, causing breached devices to infect their neighbors. The propagation continues and spreads itself...
View ArticleClik here to view.
Welcome to the Wild West, Again!
Threats, Regulations, and Vendor Responses to Risks in the Internet of Things The Wild West, a place of exaggerated lawlessness in the United States during the 1800s, has returned once again as a...
View ArticleClik here to view.
You Can Outsource the Work, but You Cannot Outsource the Risk
Threats, Regulations, and Vendor Responses to Risks in the Cloud As more companies get comfortable with cloud services, trust and usage will go up, and that will inevitably attract the attention of...
View ArticleClik here to view.
‘McAfee Labs 2017 Threats Predictions’ Report Zeroes In on Cloud and IoT Threats
This blog post was written by Vincent Weafer. In the McAfee Labs 2017 Threats Predictions report, published today, we cover a lot of ground but focus particularly on two areas that will impact IT...
View ArticleClik here to view.
Big, Hard-to-Solve Problems
Improving the Lifecycle of Threat Defense Effectiveness When a new security tool or technique is released, Version 1.0 is usually pretty effective, and successive versions get even better with...
View ArticleClik here to view.
Shamoon Rebooted?
We have recently received notifications and samples from impacted organizations in the Middle East that have hallmarks of the Shamoon campaign from 2012. The main component of these attacks was the...
View ArticleClik here to view.
Farewell to the SHA-1 Hash Algorithm
Rest in peace SHA-1. Like all security controls, they are valuable only for a certain time. SHA-1, a legacy hashing algorithm once used heavily in secure web browsing, has outlived its usefulness; it...
View ArticleClik here to view.
Shamoon Rebooted in Middle East, Part 2
Last week we provided some initial analysis on recent attacks targeting organizations in the Middle East. The attack has hallmarks of the Shamoon campaign of 2012. We now have additional data related...
View ArticleClik here to view.
How to Protect Against OpenSSL 1.1.0a Vulnerability CVE-2016-6309
Recently the OpenSSL security library gained a fix for a critical security issue (CVE-2016-6309) that affects OpenSSL Version 1.1.0a. The remote attackers can cause the OpenSSL server to crash, or...
View ArticleClik here to view.
2016: A Year at Ransom
This week’s McAfee Labs Threats Report: December 2016 provides an overview of how ransomware has evolved over the course of 2016, and how the industry has responded. Through the end of Q3, the number...
View ArticleClik here to view.
McAfee Labs December Threats Report Explores Many Facets of Deception
This blog post was written by Vincent Weafer. In the McAfee Labs Threats Report: December 2016 published today, we write about three seemingly disparate topics. However, on closer inspection, they have...
View Article