Blog Profile / McAfee Avert Labs


URL :http://www.avertlabs.com/research/blog/
Filed Under:Technology / Security
Posts on Regator:812
Posts / Week:2
Archived Since:February 25, 2010

Blog Post Archive

Chinese Cybercriminals Develop Lucrative Hacking Services

Underground cybercrime profits in China have likely already exceeded US$15.1 billion (100 billion Chinese yuan); caused more than $13.8 billion (91.5 billion yuan) worth of damage relating to data loss, identity theft, and fraud; and...Show More Summary

Emotet Downloader Trojan Returns in Force

During the past couple of days, we have seen an increase in activity from Emotet. This Trojan downloader spreads by emails that lure victims into downloading a Word document, which contains macros that after executing employ PowerShell to download a malicious payload. Show More Summary

‘McAfee Labs 2018 Threats Predictions Report’ Previews Five Cybersecurity Trends

This report was written by members of McAfee Labs and the Office of the CTO. Welcome to the McAfee Labs 2018 Threats Predictions Report. We find ourselves in a highly volatile stage of cybersecurity, with new devices, new risks, and new threats appearing every day. Show More Summary

Should I Worry About AVGater, Which Exploits Some Security Products?

On November 10, a researcher reported the vulnerability AVGater, which affects some antimalware products. The vulnerability allows a user without administrative privileges to restore a quarantined file in a user’s defined location. After...Show More Summary

Don’t Substitute CVSS for Risk: Scoring System Inflates Importance of CVE-2017-3735

I am a wry observer of vulnerability announcements. CVE-2017-3735—which can allow a small buffer overread in an X.509 certificate—presents an excellent example of the limitations of the Common Vulnerability Scoring System (CVSS). This...Show More Summary

Malware Mines, Steals Cryptocurrencies From Victims

How’s your Bitcoin balance? Interested in earning more? The value of cybercurrency is going up. One way to increase your holdings is by “mining,” which is legal as long as it is done with the proper permissions. Using your own mining equipment or establishing a formal agreement for outsourcing are two methods. Show More Summary

Lazarus Cybercrime Group Moves to Mobile Platform

When it comes to describing cyberattacks, the word sophisticated is used a lot. Whether to explain yet another “advanced” campaign by a threat actor group hoping to steal information or disrupt computer systems, it seems the precursor to any analysis is to call it sophisticated. Show More Summary

Android Malware Appears Linked to Lazarus Cybercrime Group

The McAfee Mobile Research team recently examined a new threat, Android malware that contains a backdoor file in the executable and linkable format (ELF). The ELF file is similar to several executables that have been reported to belong to the Lazarus cybercrime group. Show More Summary

IoT Devices: The Gift that Keeps on Giving… to Hackers

McAfee Advanced Threat Research on Most Hackable Gifts You’ve probably noticed the recent increase in Internet connected drones, digital assistants, toys, appliances and other devices hitting the market and maybe even showing up in your own home. Show More Summary

New Android Malware Found in 144 GooglePlay Apps

McAfee’s Mobile Research team has found a new Android malware in 144 “Trojanized” applications on Google Play. We named this threat Grabos because we found this string in several elements of the code, including variable and method names. Show More Summary

Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack

During our monitoring of activities around the APT28 threat group, McAfee Advanced Threat Research analysts identified a malicious Word document that appears to leverage the Microsoft Office Dynamic Data Exchange (DDE) technique that has been previously reported by Advanced Threat Research. Show More Summary

Self-Signed Certificates Can Be Secure, So Why Ban Them?

In many organizations the use of self-signed certificates is forbidden by policy. Organizations may ban the use of self-signed certificates for several reasons: It is trivially easy to generate a certificate’s key pair without reasonable...Show More Summary

Code Execution Technique Takes Advantage of Dynamic Data Exchange

Email phishing campaigns are a popular social engineering technique among hackers. The idea is simple: Craft an email that looks enticing to users and convince them to click on a malicious link or open a malicious attachment. Weight-loss and other health-related phishing emails are common. Show More Summary

Configuring McAfee ENS and VSE to Prevent Macroless Code Execution in Office Apps

Microsoft Office macros are a popular method of distributing malware. Users can defend themselves against macro attacks by disabling macros. McAfee Labs has now seen a new attack technique using a feature of Office applications that help create dynamic reports. Show More Summary

Pirate Versions of Popular Apps Infiltrate Google Play via Virtualization

The McAfee Mobile Research team recently found pirated applications of popular apps distributed on the Google Play store. A pirated app is one distributed usually outside of the official store as a free version of a legitimate app. Paid legitimate applications are leading targets of pirated versions. Show More Summary

Expiro Malware Is Back and Even Harder to Remove

File infector malware adds malicious code to current files. This makes removal tricky because deleting infections results in the loss of legitimate files. Although file infectors were more popular in the 1990s and early 2000s, they still pose a significant threat. Show More Summary

Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826: Memory Corruption Vulnerability

McAfee Labs has performed frequent analyses of Office-related threats over the years: In 2015, we presented research on the Office OLE mechanism; in 2016 at the BlueHat conference, we looked at the high-level attack surface of Office;...Show More Summary

‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine

This post was researched and written by Christiaan Beek, Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani. McAfee is currently investigating a ransomware campaign known as BadRabbit, which initially infected targets in Russia and the Ukraine. Show More Summary

KRACKs: Five Observations on WPA Authentication Vulnerability

KRACKs are in the news. McAfee has already discussed these key reinstallation attacks that affect Wi-Fi setups in two posts: “KRACKs Against Wi-Fi Serious But Not End of the World” “How KRACK Threatens Wi-Fi’s Security UnderpinningsShow More Summary

ROCA: Which Key-Pair Attacks Are Credible?

In the past two weeks, we have seen two big encryption issues arise: key reinstallation attacks, called KRACKs; and “Return of Coppersmith’s Attack,” called ROCA. Many CEOs, CIOs, and CISO/CSOs are asking, as they must, “Are we protected?”...Show More Summary

Copyright © 2015 Regator, LLC