Securing Tomorrow. Today.

The Tradeoff Between Convenience and Security – A Balancing Act for Consumers and Manufacturers

This week McAfee Advanced Threat Research (ATR) published new findings, uncovering security flaws in two popular IoT devices: a connected garage door opener and a “smart” ring, which, amongst many uses, utilizes near field communication (NFC) to open door locks.

Read Blog
Family Safety

Dangerous Digital Rituals: Could Your Child be Sleep Deprived?

You’re not wrong if you suspect your kids are spending far more time online than they admit. Where you may be in the dark, however, is that a lot of kids (maybe even yours) are scrolling at night instead of sleeping, a digital ritual that puts their physical and mental ...

McAfee Labs

CurveBall – An Unimaginative Pun but a Devastating Bug

2020 came in with a bang this year, and it wasn’t from the record-setting number of fireworks on display around the world to celebrate the new year. Instead, just over two weeks into the decade, the security world was rocked by a fix for CVE-2020-0601 introduced in Microsoft’s first patch ...

McAfee Labs

What CVE-2020-0601 Teaches Us About Microsoft’s TLS Certificate Verification Process

By: Jan Schnellbächer and Martin Stecher, McAfee Germany GmbH This week security researches around the world were very busy working on Microsoft’s major crypto-spoofing vulnerability (CVE-2020-0601) otherwise known as Curveball. The majority of research went into attacks with malicious binaries that are signed with a spoofed Certificate Authority (CA) which ...

Endpoint Security

McAfee’s Defenses Against Microsoft’s CryptoAPI Vulnerability

Microsoft made news this week with the widely reported vulnerability known as CVE-2020-0601, which impacts the Windows CryptoAPI. This highly critical vulnerability allows an attacker to fake both signatures and digital certificates. The attacker would use spoofed Elliptic-curve cryptography (ECC) certificates for signing malicious files to evade detection or target specific hostnames ...

Consumer

What Is the CurveBall Bug? Here’s What You Need to Know 

Today, it was announced that researchers published proof of concept code (essentially, an exercise to determine if an idea is a reality) that exploits a recently patched vulnerability in the Microsoft Windows operating system (OS). The vulnerability, named CurveBall, impacts the components that handle the encryption and decryption mechanisms in the Windows OS, which inherently help protect sensitive information. How It Works  So how does this vulnerability work, exactly? For starters, unsafe sites or files can disguise themselves as legitimate ...

Enterprise

How Frankfurt Stopped Emotet In Its Tracks

During a time when ransomware continues to bring governments around the world to a halt, one city has turned the tables, by bringing their government to a halt pre-emptively to prevent ransomware. According to ZDNet, in late December, Frankfurt, Germany—one of the world’s biggest financial hubs—reportedly shut down its IT ...

Endpoint Security

MITRE ATT&CK™, What’s the Big Idea?

MITRE describes ATT&CK™ as “a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.”  While this is a fine definition, it helps to understand the significance this framework enables. The tactics, techniques, and procedures (TTPs) represented in ATT&CK allow organizations to understand how adversaries operate.  Once you ...

Consumer

The Top Technology Takeaways From CES 2020

Another Consumer Electronics Show (CES) has come and gone. Every year, this trade show joins practically everyone in the consumer electronics industry to show off the latest and greatest cutting-edge innovations in technology. From bendable tablets to 8k TVs and futuristic cars inspired by the movie “Avatar,” CES 2020 did ...

Family Safety

Less is More: 5 Ways to Jumpstart a ‘Digital Minimalist’ Mindset  

Editor’s Note: This is part II of a series on Digital Minimalism in 2020. Is this the year you rethink and rebuild your relationship with technology? If so, embracing digital minimalism may be the most powerful way to achieve that goal. We learned last week in our first post on ...

Consumer

McAfee Research Reveals Americans’ Perceptions of Device Security Amidst CES 2020

From the Lifx Switch smart switch to the Charmin RollBot to Kohler Setra Alexa-connected faucets, CES 2020 has introduced new devices aimed at making consumers lives easier. With so much excitement and hype around these new gadgets, however, it can be challenging to make security a top priority. That’s why ...

Subscribe to McAfee Securing Tomorrow Blogs