McAfee Labs – McAfee Blogs Securing Tomorrow. Today.
Ripple20 Vulnerability Mitigation Best Practices
by Kevin McGrath on June 22, 2020 at 10:32 pm
On June 16th, the Department of Homeland Security and CISA ICS-CERT issued a critical security advisory warning covering multiple newly discovered vulnerabilities affecting Internet-connected devices manufactured by multiple vendors. This set of 19 vulnerabilities in a low-level TCP/IP software library developed by Treck has been dubbed “Ripple20” by researchers from JSOF. A networking stack is a software component The post Ripple20 Vulnerability Mitigation Best Practices appeared first on McAfee Blogs.
My Adventures Hacking the iParcelBox
by Sam Quinn on June 18, 2020 at 7:01 am
In 2019, McAfee Advanced Threat Research (ATR) disclosed a vulnerability in a product called BoxLock. Sometime after this, the CEO of iParcelBox, a U.K. company, reached out to us and offered to send a few of their products to test. While this isn’t the typical M.O. for our research we applaud the company for being The post My Adventures Hacking the iParcelBox appeared first on McAfee Blogs.
What’s in the Box? Part II: Hacking the iParcelBox
by Steve Povolny on June 18, 2020 at 7:01 am
Package delivery is just one of those things we take for granted these days. This is especially true in the age of Coronavirus, where e-commerce and at-home deliveries make up a growing portion of consumer buying habits. In 2019, McAfee Advanced Threat Research (ATR) conducted a vulnerability research project on a secure home package delivery The post What’s in the Box? Part II: Hacking the iParcelBox appeared first on McAfee Blogs.
RagnarLocker Ransomware Threatens to Release Confidential Information
by Alexandre Mundo on June 9, 2020 at 4:21 pm
EXECUTIVE SUMMARY The RagnarLocker ransomware first appeared in the wild at the end of December 2019 as part of a campaign against compromised networks targeted by its operators. The ransomware code is small (only 48kb after the protection in its custom packer is removed) and coded in a high programming language (C/C++). Like all ransomware, The post RagnarLocker Ransomware Threatens to Release Confidential Information appeared first on McAfee Blogs.
OneDrive Phishing Awareness
by Joy Olowo on June 8, 2020 at 4:37 pm
There are number of ways scammers use to target personal information and, currently, one example is, they are taking advantage of the fear around the virus pandemic, sending phishing and scam emails to Microsoft OneDrive users, trying to profit from Coronavirus/COVID-19. They will pretend to be emailing from government, consulting, or charitable organizations to steal The post OneDrive Phishing Awareness appeared first on McAfee Blogs.
How To Use McAfee ATP to Protect Against Emotet, LemonDuck and PowerMiner
by Ankit Goel on May 19, 2020 at 4:30 pm
Introduction This blog describes how McAfee ATP (Adaptive Threat Protection) rules are used within McAfee Endpoint Security products. It will help you understand how ATP Rules work and how you can utilize them to prevent infections from prevalent malware families such as Emotet, LemonDuck and PowerMiner. Please read through the recommendation section to effectively utilize The post How To Use McAfee ATP to Protect Against Emotet, LemonDuck and PowerMiner appeared first on McAfee Blogs.
ENS 10.7 Rolls Back the Curtain on Ransomware
by Martin Ohl on May 7, 2020 at 4:02 am
Ransomware protection and incident response is a constant battle for IT, security engineers and analysts under normal circumstances, but with the number of people working from home during the COVID-19 pandemic that challenge reaches new heights. How do you ensure an equivalent level of adaptable malware protection on or off the corporate network? How do The post ENS 10.7 Rolls Back the Curtain on Ransomware appeared first on McAfee Blogs.
Cybercriminals Actively Exploiting RDP to Target Remote Organizations
by Thomas Roccia on May 7, 2020 at 4:01 am
The COVID-19 pandemic has prompted many companies to enable their employees to work remotely and, in a large number of cases, on a global scale. A key component of enabling remote work and allowing employees to access internal corporate resources remotely is Remote Desktop Protocol (RDP), which allows communication with a remote system. In order The post Cybercriminals Actively Exploiting RDP to Target Remote Organizations appeared first on McAfee Blogs.
COVID-19 – Malware Makes Hay During a Pandemic
by Sriram P on May 7, 2020 at 4:01 am
Special thanks to Prajwala Rao, Oliver Devane, Shannon Cole, Ankit Goel and members of Malware Research for their contribution and monitoring of related threats As COVID-19 continues to spread across the world, it is no surprise that malware authors are exploiting the pandemic. McAfee recently released blogs around Covid-19 related threats – Staying safe while The post COVID-19 – Malware Makes Hay During a Pandemic appeared first on McAfee Blogs.
Tales From the Trenches; a Lockbit Ransomware Story
by Marc Rivero Lopez on May 1, 2020 at 4:01 am
In collaboration with Northwave As we highlighted previously across two blogs, targeted ransomware attacks have increased massively over the past months. In our first article, we discussed the growing pattern of targeted ransomware attacks where the primary infection stage is often an info-stealer kind of malware used to gain credentials/access to determine if the target would The post Tales From the Trenches; a Lockbit Ransomware Story appeared first on McAfee Blogs.
MalBus Actor Changed Market from Google Play to ONE Store
by Chanung Pak on April 9, 2020 at 5:38 pm
McAfee Mobile Research team has found another variant of MalBus on an education application, developed by a South Korean developer. In the previous Malbus case, the author distributed the malware through Google Play, but new variants are distributed via the ONE Store in much the same way. ONE Store is a joint venture by the The post MalBus Actor Changed Market from Google Play to ONE Store appeared first on McAfee Blogs.
Transitioning to a Mass Remote Workforce – We Must Verify Before Trusting
by Eoin Carroll on April 7, 2020 at 1:01 pm
While not a new practice, the sheer volume of people required to adhere to social distancing best practices means we now have a mass workforce working remotely. Most enterprises and SMBs can support working remotely today but many IT departments are not equipped to scale to the numbers currently required. In this blog we discuss The post Transitioning to a Mass Remote Workforce – We Must Verify Before Trusting appeared first on McAfee Blogs.
COVID-19 Threat Update – now includes Blood for Sale
by Christiaan Beek on April 7, 2020 at 1:01 pm
Although the use of global events as a vehicle to drive digital crime is hardly surprising, the current outbreak of COVID-19 has revealed a multitude of vectors, including one in particular that is somewhat out of the ordinary. In a sea of offers for face masks, a recent posting on a dark web forum reveals The post COVID-19 Threat Update – now includes Blood for Sale appeared first on McAfee Blogs.
Nemty Ransomware – Learning by Doing
by Alexandre Mundo on April 2, 2020 at 6:21 pm
Executive Summary The McAfee Advanced Threat Research Team (ATR) observed a new ransomware family named ‘Nemty’ on 20 August 2019. We are in an era where ransomware developers face multiple struggles, from the great work done by the security community to protect against their malware, to initiatives such as the No More Ransom project that The post Nemty Ransomware – Learning by Doing appeared first on McAfee Blogs.
by Alexandre Mundo on March 26, 2020 at 4:26 pm
EXECUTIVE SUMMARY The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura. The main goal of the ransomware is to crypt all files that it can in an infected system and then demand a ransom to recover the files. However, the most important characteristic The post Ransomware Maze appeared first on McAfee Blogs.
Staying Safe While Working Remotely
by Raj Samani on March 18, 2020 at 1:51 pm
Special thanks to Tim Hux and Sorcha Healy for their assistance. The demand for remote working as a result of the COVID-19 pandemic will invariably place pressures on organizations to ensure the availability of corporate resources in geographic locations outside of corporate control. Such demands go beyond the provision of additional capacity, with potentially remote The post Staying Safe While Working Remotely appeared first on McAfee Blogs.
SMBGhost – Analysis of CVE-2020-0796
by Eoin Carroll on March 13, 2020 at 2:44 am
The Vulnerability The latest vulnerability in SMBv3 is a “wormable” vulnerability given its potential ability to replicate or spread over network shares using the latest version of the protocol (SMB 3.1.1). As of this writing, Microsoft have just released a patch for CVE-2020-0796 on the morning of March 12th. The bug was introduced very recently, The post SMBGhost – Analysis of CVE-2020-0796 appeared first on McAfee Blogs.
Android/LeifAccess.A is the Silent Fake Reviewer Trojan
by Fernando Ruiz on March 4, 2020 at 5:01 am
The McAfee Mobile Research team has identified an Android malware family dubbed Android/LeifAccess.A that has been active since May 2019. This trojan was discovered globally with localized versions but has a much higher prevalence in the USA and Brazil. As part of the payload, this trojan can abuse OAuth leveraging accessibility services to automatically create The post Android/LeifAccess.A is the Silent Fake Reviewer Trojan appeared first on McAfee Blogs.
Multi-tricks HiddenAds Malware
by ZePeng Chen on March 4, 2020 at 5:01 am
Thousands of HiddenAds Trojan Apps Masquerade as Google Play Apps The McAfee mobile research team has recently discovered a new variant of the HiddenAds Trojan. HiddenAds Trojan is an adware app used to display advertising and collect user data for marketing. The goal of such apps is to generate revenue by redirecting users to advertisements. The post Multi-tricks HiddenAds Malware appeared first on McAfee Blogs.
CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II
by Christiaan Beek on February 20, 2020 at 3:00 pm
In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often an info-stealer kind of malware used to gain credentials/access to determine if the target would be valuable for a ransomware attack. In this second part we will pick up where we left off: the attacker The post CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II appeared first on McAfee Blogs.
Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles
by Steve Povolny on February 19, 2020 at 9:01 am
The last several years have been fascinating for those of us who have been eagerly observing the steady move towards autonomous driving. While semi-autonomous vehicles have existed for many years, the vision of fleets of fully autonomous vehicles operating as a single connected entity is very much still a thing of the future. However, the The post Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles appeared first on McAfee Blogs.
Introduction and Application of Model Hacking
by Steve Povolny on February 19, 2020 at 9:01 am
Catherine Huang, Ph.D., and Shivangee Trivedi contributed to this blog. The term “Adversarial Machine Learning” (AML) is a mouthful! The term describes a research field regarding the study and design of adversarial attacks targeting Artificial Intelligence (AI) models and features. Even this simple definition can send the most knowledgeable security practitioner running! We’ve coined the The post Introduction and Application of Model Hacking appeared first on McAfee Blogs.
CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I
by Christiaan Beek on February 12, 2020 at 3:54 pm
For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat intelligence. During one of the classes we always talk about Lockard’s exchange principle: “with contact between two items, there will be an exchange”. If we translate that to the digital world: “when an adversary breaches The post CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I appeared first on McAfee Blogs.
Knock, Knock – Who’s There?
by Leandro Costantino on February 11, 2020 at 3:40 pm
A Windows Linux Subsystem Interop Analysis Following our research from Evil Twins and Windows Linux Subsystem, interoperability between different WSL versions was something that caught our attention. The protocol and mechanism to do file management from/to WSL is a must for Blue and Red Teams whose research will provide new ways to execute known techniques The post Knock, Knock – Who’s There? appeared first on McAfee Blogs.
How Chinese Cybercriminals Use Business Playbook to Revamp Underground
by Anne An on February 11, 2020 at 5:01 am
Preface Because of its longevity and technical sophistication, the Russian cybercriminal underground has long been the benchmark for threat researchers focused on studying cybercrime tactics and techniques; there is a plethora of publications dedicated to analyzing its economy and hacking forums. However, only a handful of studies have centered on the emerging threats and trends The post How Chinese Cybercriminals Use Business Playbook to Revamp Underground appeared first on McAfee Blogs.
Intelligence in the Enterprise
by Patrick Flynn on February 11, 2020 at 5:01 am
Intelligence became an integral military discipline centuries ago. More recently, this practice evolved into what is called Intelligence Preparation of the Battlefield, or IPB. In both military and civilian agencies, the discipline uses information collection followed by analysis to provide guidance and direction to operators making tactical or organizational decisions. Used strategically, this type of intelligence puts an organization in The post Intelligence in the Enterprise appeared first on McAfee Blogs.
U.S. Battleground County Website Security Survey
by McAfee Enterprise on February 4, 2020 at 5:00 am
Today McAfee released the results of a survey of county websites and county election administration websites in the 13 states projected as battleground states in the 2020 U.S. presidential elections. We found that significant majorities of these websites lacked the official government .GOV website validation and HTTPS website security measures to prevent malicious actors from The post U.S. Battleground County Website Security Survey appeared first on McAfee Blogs.
An Inside Look into Microsoft Rich Text Format and OLE Exploits
by Chintan Shah on January 24, 2020 at 6:09 pm
There has been a dramatic shift in the platforms targeted by attackers over the past few years. Up until 2016, browsers tended to be the most common attack vector to exploit and infect machines but now Microsoft Office applications are preferred, according to a report published here during March 2019. Increasing use of Microsoft Office The post An Inside Look into Microsoft Rich Text Format and OLE Exploits appeared first on McAfee Blogs.
CurveBall – An Unimaginative Pun but a Devastating Bug
by Steve Povolny on January 18, 2020 at 5:49 am
Enterprise customers looking for information on defending against Curveball can find information here. 2020 came in with a bang this year, and it wasn’t from the record-setting number of fireworks on display around the world to celebrate the new year. Instead, just over two weeks into the decade, the security world was rocked by a The post CurveBall – An Unimaginative Pun but a Devastating Bug appeared first on McAfee Blogs.
What CVE-2020-0601 Teaches Us About Microsoft’s TLS Certificate Verification Process
by McAfee Labs on January 17, 2020 at 9:25 pm
By: Jan Schnellbächer and Martin Stecher, McAfee Germany GmbH This week security researches around the world were very busy working on Microsoft’s major crypto-spoofing vulnerability (CVE-2020-0601) otherwise known as Curveball. The majority of research went into attacks with malicious binaries that are signed with a spoofed Certificate Authority (CA) which unpatched Win10 systems would in The post What CVE-2020-0601 Teaches Us About Microsoft’s TLS Certificate Verification Process appeared first on McAfee Blogs.