Securing Tomorrow. Today.

RSA 2020 – See You There!

There’s a lot to look forward to at RSA 2020, so be sure to stop by booth #N-5745 in the North Hall for demos, theater sessions, and more.

Read Blog
McAfee Labs

An Inside Look into Microsoft Rich Text Format and OLE Exploits

There has been a dramatic shift in the platforms targeted by attackers over the past few years. Up until 2016, browsers tended to be the most common attack vector to exploit and infect machines but now Microsoft Office applications are preferred, according to a report published here during March 2019. ...

Enterprise

RSA 2020 – See You There!

It’s that time of year again—security companies are starting to gear up for the RSA Conference in San Francisco’s Moscone Center. Known as one of the world’s largest security conferences, RSA attracts around 42,000 attendees, including 700 speakers, and hosts more than 550 sessions. This year, RSA organizers are adding ...

Life at McAfee

You Bring the Yoga Mat, McAfee Brings the Goats

Yogis are likely familiar with the term vinyasa, but have you heard of caprine vinyasa? Caprine vinyasa elevates your standard yoga practice to a whole new level – with goats! At McAfee, we recognize how beneficial stepping away from our desk can be for both our bodies and minds. Taking ...

Family Safety

Dangerous Digital Rituals: Could Your Child be Sleep Deprived?

You’re not wrong if you suspect your kids are spending far more time online than they admit. Where you may be in the dark, however, is that a lot of kids (maybe even yours) are scrolling at night instead of sleeping, a digital ritual that puts their physical and mental ...

McAfee Labs

CurveBall – An Unimaginative Pun but a Devastating Bug

Enterprise customers looking for information on defending against Curveball can find information here. 2020 came in with a bang this year, and it wasn’t from the record-setting number of fireworks on display around the world to celebrate the new year. Instead, just over two weeks into the decade, the security ...

McAfee Labs

What CVE-2020-0601 Teaches Us About Microsoft’s TLS Certificate Verification Process

By: Jan Schnellbächer and Martin Stecher, McAfee Germany GmbH This week security researches around the world were very busy working on Microsoft’s major crypto-spoofing vulnerability (CVE-2020-0601) otherwise known as Curveball. The majority of research went into attacks with malicious binaries that are signed with a spoofed Certificate Authority (CA) which ...

Endpoint Security

McAfee’s Defenses Against Microsoft’s CryptoAPI Vulnerability

Microsoft made news this week with the widely reported vulnerability known as CVE-2020-0601, which impacts the Windows CryptoAPI. This highly critical vulnerability allows an attacker to fake both signatures and digital certificates. The attacker would use spoofed Elliptic-curve cryptography (ECC) certificates for signing malicious files to evade detection or target specific hostnames ...

Consumer

What Is the CurveBall Bug? Here’s What You Need to Know 

Today, it was announced that researchers published proof of concept code (essentially, an exercise to determine if an idea is a reality) that exploits a recently patched vulnerability in the Microsoft Windows operating system (OS). The vulnerability, named CurveBall, impacts the components that handle the encryption and decryption mechanisms in the Windows OS, which inherently help protect sensitive information. How It Works  So how does this vulnerability work, exactly? For starters, unsafe sites or files can disguise themselves as legitimate ...

Enterprise

How Frankfurt Stopped Emotet In Its Tracks

During a time when ransomware continues to bring governments around the world to a halt, one city has turned the tables, by bringing their government to a halt pre-emptively to prevent ransomware. According to ZDNet, in late December, Frankfurt, Germany—one of the world’s biggest financial hubs—reportedly shut down its IT ...

Endpoint Security

MITRE ATT&CK™, What’s the Big Idea?

MITRE describes ATT&CK™ as “a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.”  While this is a fine definition, it helps to understand the significance this framework enables. The tactics, techniques, and procedures (TTPs) represented in ATT&CK allow organizations to understand how adversaries operate.  Once you ...

Subscribe to McAfee Securing Tomorrow Blogs