Clik here to view.
Knock, Knock – Who’s There?
A Windows Linux Subsystem Interop Analysis Following our research from Evil Twins and Windows Linux Subsystem, interoperability between different WSL versions was something that caught our attention....
View ArticleClik here to view.
CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I
For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat intelligence. During one of the classes we always talk about Lockard’s exchange...
View ArticleClik here to view.
Introduction and Application of Model Hacking
Catherine Huang, Ph.D., and Shivangee Trivedi contributed to this blog. The term “Adversarial Machine Learning” (AML) is a mouthful! The term describes a research field regarding the study and design...
View ArticleClik here to view.
Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles
The last several years have been fascinating for those of us who have been eagerly observing the steady move towards autonomous driving. While semi-autonomous vehicles have existed for many years, the...
View ArticleClik here to view.
CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II
In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often an info-stealer kind of malware used to gain credentials/access to...
View ArticleClik here to view.
Multi-tricks HiddenAds Malware
Thousands of HiddenAds Trojan Apps Masquerade as Google Play Apps The McAfee mobile research team has recently discovered a new variant of the HiddenAds Trojan. HiddenAds Trojan is an adware app used...
View ArticleClik here to view.
Android/LeifAccess.A is the Silent Fake Reviewer Trojan
The McAfee Mobile Research team has identified an Android malware family dubbed Android/LeifAccess.A that has been active since May 2019. This trojan was discovered globally with localized versions but...
View ArticleClik here to view.
SMBGhost – Analysis of CVE-2020-0796
The Vulnerability The latest vulnerability in SMBv3 is a “wormable” vulnerability given its potential ability to replicate or spread over network shares using the latest version of the protocol (SMB...
View ArticleClik here to view.
Staying Safe While Working Remotely
Special thanks to Tim Hux and Sorcha Healy for their assistance. The demand for remote working as a result of the COVID-19 pandemic will invariably place pressures on organizations to ensure the...
View ArticleClik here to view.
Ransomware Maze
EXECUTIVE SUMMARY The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura[1]. The main goal of the ransomware is to crypt all...
View ArticleClik here to view.
Nemty Ransomware – Learning by Doing
Executive Summary The McAfee Advanced Threat Research Team (ATR) observed a new ransomware family named ‘Nemty’ on 20 August 2019. We are in an era where ransomware developers face multiple struggles,...
View ArticleClik here to view.
COVID-19 Threat Update – now includes Blood for Sale
Although the use of global events as a vehicle to drive digital crime is hardly surprising, the current outbreak of COVID-19 has revealed a multitude of vectors, including one in particular that is...
View ArticleClik here to view.
Transitioning to a Mass Remote Workforce – We Must Verify Before Trusting
While not a new practice, the sheer volume of people required to adhere to social distancing best practices means we now have a mass workforce working remotely. Most enterprises and SMBs can support...
View ArticleClik here to view.
MalBus Actor Changed Market from Google Play to ONE Store
McAfee Mobile Research team has found another variant of MalBus on an education application, developed by a South Korean developer. In the previous Malbus case, the author distributed the malware...
View ArticleClik here to view.
Tales From the Trenches; a Lockbit Ransomware Story
In collaboration with Northwave As we highlighted previously across two blogs, targeted ransomware attacks have increased massively over the past months. In our first article, we discussed the growing...
View ArticleClik here to view.
COVID-19 – Malware Makes Hay During a Pandemic
Special thanks to Prajwala Rao, Oliver Devane, Shannon Cole, Ankit Goel and members of Malware Research for their contribution and monitoring of related threats As COVID-19 continues to spread across...
View ArticleClik here to view.
Cybercriminals Actively Exploiting RDP to Target Remote Organizations
The COVID-19 pandemic has prompted many companies to enable their employees to work remotely and, in a large number of cases, on a global scale. A key component of enabling remote work and allowing...
View ArticleClik here to view.
ENS 10.7 Rolls Back the Curtain on Ransomware
Ransomware protection and incident response is a constant battle for IT, security engineers and analysts under normal circumstances, but with the number of people working from home during the COVID-19...
View ArticleClik here to view.
How To Use McAfee ATP to Protect Against Emotet, LemonDuck and PowerMiner
Introduction This blog describes how McAfee ATP (Adaptive Threat Protection) rules are used within McAfee Endpoint Security products. It will help you understand how ATP Rules work and how you can...
View ArticleClik here to view.
OneDrive Phishing Awareness
There are number of ways scammers use to target personal information and, currently, one example is, they are taking advantage of the fear around the virus pandemic, sending phishing and scam emails to...
View Article