Clik here to view.
McAfee Defender’s Blog: Operation Dianxun
Operation Dianxun Overview In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign, targeting telecommunication companies, named...
View ArticleClik here to view.
Netop Vision Pro – Distance Learning Software is 20/20 in Hindsight
The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. We...
View ArticleClik here to view.
McAfee Defenders Blog: Reality Check for your Defenses
Welcome to reality Ever since I started working in IT Security more than 10 years ago, I wondered, what helps defend against malware the best? This simple question does not stand on its own, as there...
View ArticleClik here to view.
McAfee Defender’s Blog: Cuba Ransomware Campaign
Cuba Ransomware Overview Over the past year, we have seen ransomware attackers change the way they have responded to organizations that have either chosen to not pay the ransom or have recovered their...
View ArticleClik here to view.
McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware
Executive Summary Cuba ransomware is an older ransomware, that has recently undergone some development. The actors have incorporated the leaking of victim data to increase its impact and revenue, much...
View ArticleClik here to view.
BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain
Recently, the McAfee Mobile Research Team uncovered several new variants of the Android malware family BRATA being distributed in Google Play, ironically posing as app security scanners. These...
View ArticleClik here to view.
McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges
The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: April 2021. In this edition, we present new findings in our traditional threat statistical categories – as well...
View ArticleClik here to view.
Clever Billing Fraud Applications on Google Play: Etinu
A new wave of fraudulent apps has made its way to the Google Play store, targeting Android users in Southwest Asia and the Arabian Peninsula as well—to the tune of more than 700,000 downloads before...
View ArticleClik here to view.
Access Token Theft and Manipulation Attacks – A Door to Local Privilege...
Executive Summary Many malware attacks designed to inflict damage on a network are armed with lateral movement capabilities. Post initial infection, such malware would usually need to perform a higher...
View ArticleClik here to view.
How to Stop the Popups
McAfee is tracking an increase in the use of deceptive popups that mislead some users into taking action, while annoying many others. A significant portion is attributed to browser-based push...
View ArticleClik here to view.
Steps to Discover Hidden Threat from Phishing Email
Introduction Email is one of the primary ways of communication in the modern world. We use email to receive notifications about our online shopping, financial transaction, credit card e-statements,...
View ArticleClik here to view.
Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
The Roaming Mantis smishing campaign has been impersonating a logistics company to steal SMS messages and contact lists from Asian Android users since 2018. In the second half of 2020, the campaign...
View ArticleClik here to view.
“Fool’s Gold”: Questionable Vaccines, Bogus Results, and Forged Cards
Preface Countries all over the world are racing to achieve so-called herd immunity against COVID-19 by vaccinating their populations. From the initial lockdown to the cancellation of events and the...
View ArticleClik here to view.
Major HTTP Vulnerability in Windows Could Lead to Wormable Exploit
Today, Microsoft released a highly critical vulnerability (CVE-2021-31166) in its web server http.sys. This product is a Windows-only HTTP server which can be run standalone or in conjunction with IIS...
View ArticleClik here to view.
DarkSide Ransomware Victims Sold Short
Over the past week we have seen a considerable body of work focusing on DarkSide, the ransomware responsible for the recent gas pipeline shutdown. Many of the excellent technical write-ups will detail...
View ArticleClik here to view.
Scammers Impersonating Windows Defender to Push Malicious Windows Apps
Summary points: Scammers are increasingly using Windows Push Notifications to impersonate legitimate alerts Recent campaigns pose as a Windows Defender Update Victims end up allowing the installation...
View ArticleClik here to view.
Are Virtual Machines the New Gold for Cyber Criminals?
Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT systems in a heartbeat, allowing then to be...
View ArticleClik here to view.
A New Program for Your Peloton – Whether You Like It or Not
Executive Summary The McAfee Advanced Threat Research team (ATR) is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and...
View ArticleClik here to view.
McAfee Labs Report Highlights Ransomware Threats
The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: June 2021. In this edition we introduce additional context into the biggest stories dominating the year thus far...
View ArticleClik here to view.
Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+
Introduction Microsoft Windows Graphics Device Interface+, also known as GDI+, allows various applications to use different graphics functionality on video displays as well as printers. Windows...
View Article