Clik here to view.
MalBus: Popular South Korean Bus App Series in Google Play Found Dropping...
McAfee’s Mobile Research team recently learned of a new malicious Android application masquerading as a plugin for a transportation application series developed by a South Korean developer. The series...
View ArticleClik here to view.
Ryuk, Exploring the Human Connection
In collaboration with Bill Siegel and Alex Holdtman from Coveware. At the beginning of 2019, McAfee ATR published an article describing how the hasty attribution of Ryuk ransomware to North Korea was...
View ArticleClik here to view.
What’s in the Box?
2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have...
View ArticleClik here to view.
Your Smart Coffee Maker is Brewing Up Trouble
IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled...
View ArticleClik here to view.
JAVA-VBS Joint Exercise Delivers RAT
The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to occur, the user must typically execute the malware...
View ArticleClik here to view.
McAfee Protects Against Suspicious Email Attachments
Email remains a top vector for attackers. Over the years, defenses have evolved, and policy-based protections have become standard for email clients such as Microsoft Outlook and Microsoft Mail. Such...
View ArticleClik here to view.
Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250)
Earlier this month Check Point Research reported discovery of a 19 year old code execution vulnerability in the wildly popular WinRAR compression tool. Rarlab reports that that are over 500 million...
View ArticleClik here to view.
Analysis of a Chrome Zero Day: CVE-2019-5786
1. Introduction On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019-5786). Clement Lecigne from Google Threat Analysis Group...
View ArticleClik here to view.
IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?
Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we will explore a...
View ArticleClik here to view.
LockerGoga Ransomware Family Used in Targeted Attacks
Initial discovery Once again, we have seen a significant new ransomware family in the news. LockerGoga, which adds new features to the tried and true formula of encrypting victims’ files and asking for...
View ArticleClik here to view.
RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP...
During Microsoft’s May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol (RDP). What was unique in this particular patch cycle was that Microsoft...
View ArticleClik here to view.
Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement
A much overlooked but essential part in financially motivated (cyber)crime is making sure that the origins of criminal funds are obfuscated or made to appear legitimate, a process known as money...
View ArticleClik here to view.
Mr. Coffee with WeMo: Double Roast
McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please refer to the earlier blog to catch up with the processes and...
View ArticleClik here to view.
In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass
Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR (Endpoint Detection and Response) Endpoint...
View ArticleClik here to view.
Why Process Reimaging Matters
As this blog goes live, Eoin Carroll will be stepping off the stage at Hack in Paris having detailed the latest McAfee Advanced Threat Research (ATR) findings on Process Reimaging. Admittedly, this...
View ArticleClik here to view.
RDP Security Explained
RDP on the Radar Recently, McAfee released a blog related to the wormable RDP vulnerability referred to as CVE-2019-0708 or “Bluekeep.” The blog highlights a particular vulnerability in RDP which was...
View ArticleClik here to view.
16Shop Now Targets Amazon
Since early November 2018 McAfee Labs have observed a phishing kit, dubbed 16Shop, being used by malicious actors to target Apple account holders in the United States and Japan. Typically, the victims...
View ArticleClik here to view.
McAfee ATR Aids Police in Arrest of the Rubella and Dryad Office Macro...
Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an invoice, a cybercriminal sender tries to entice a victim to open the...
View ArticleClik here to view.
Demystifying Blockchain: Sifting Through Benefits, Examples and Choices
You have likely heard that blockchain will disrupt everything from banking to retail to identity management and more. You may have seen commercials for IBM touting the supply chain tracking benefits of...
View ArticleClik here to view.
No More Ransom Blows Out Three Birthday Candles Today
Collaborative Initiative Celebrates Helping More Than 200,000 Victims and Preventing More Than 100 million USD From Falling into Criminal Hands Three years ago, on this exact day, the public and...
View Article