Joni Moore – McAfee Blogs https://www.mcafee.com/blogs Securing Tomorrow. Today. Fri, 17 May 2019 17:58:10 +0000 en-US hourly 1 https://wordpress.org/?v=5.4.2 https://www.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png Joni Moore – McAfee Blogs https://www.mcafee.com/blogs 32 32 How MVISION Mobile can combat the WhatsApp Buffer Overflow Vulnerability https://www.mcafee.com/blogs/enterprise/endpoint-security/how-mvision-mobile-can-combat-the-whatsapp-buffer-overflow-vulnerability/ https://www.mcafee.com/blogs/enterprise/endpoint-security/how-mvision-mobile-can-combat-the-whatsapp-buffer-overflow-vulnerability/#respond Fri, 17 May 2019 16:36:27 +0000 https://securingtomorrow.mcafee.com/?p=95285

A new WhatsApp vulnerability has attracted the attention of the press and security professionals around the world. We wanted to provide some information and a quick summary. This post will cover vulnerability analysis and how McAfee MVISION Mobile can help. Background On May 13th, Facebook announced a vulnerability associated with all of its WhatsApp products. […]

The post How MVISION Mobile can combat the WhatsApp Buffer Overflow Vulnerability appeared first on McAfee Blogs.

]]>

A new WhatsApp vulnerability has attracted the attention of the press and security professionals around the world. We wanted to provide some information and a quick summary.

This post will cover vulnerability analysis and how McAfee MVISION Mobile can help.

Background

On May 13th, Facebook announced a vulnerability associated with all of its WhatsApp products. This vulnerability was reportedly exploited in the wild, and it was designated as CVE-2019-3568.

WhatsApp told the BBC its security team was the first to identify the flaw. It shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.

The CVE-2019-3568 Vulnerability Explained

WhatsApp suffers from a buffer overflow weakness, meaning an attacker can leverage it to run malicious code on the device. Data packets can be manipulated during the start of a voice call, leading to the overflow being triggered and the attacker commandeering the application. Attackers can then deploy surveillance tools to the device to use against the target.

A buffer overflow vulnerability in WhatsApp VOIP (voice over internet protocol) stack allows remote code execution via a specially-crafted series of SRTP (secure real-time transport protocol) packets sent to a target phone number.

Affected Versions:

  • WhatsApp for Android prior to v2.19.134
  • WhatsApp Business for Android prior to v2.19.44
  • WhatsApp for iOS prior to v2.19.51
  • WhatsApp Business for iOS prior to v2.19.51
  • WhatsApp for Windows Phone prior to v2.18.348
  • WhatsApp for Tizen prior to v2.18.15.

The Alleged Exploit

An exploit of the vulnerability was used in an attempted attack on the phone of a UK-based attorney on 12 May, the  Financial Times reported. The reported attack involved using WhatsApp’s voice calling function to ring a target’s device. Even if the call was not picked up, the surveillance software could be installed.

How MVISION Mobile can combat CVE-2019-3568 Attacks

To date, the detection technology inside MVISION Mobile has detected 100 percent of zero-day device exploits without requiring an update.

MVISION Mobile helps protect customers by identifying at-risk iOS and Android devices and active threats trying to leverage the vulnerability. It leverages Advanced App Analysis capabilities to help administrators find all devices that are exposed to the WhatsApp vulnerability by identifying all devices that have the vulnerable versions of WhatsApp on them and establish custom policies to address the risk. If the exploit attempts to elevate privileges and compromise the device, MVISION Mobile would detect the attack on the device.

For more information about MVISION Mobile, download our datasheet or visit our web site.

The post How MVISION Mobile can combat the WhatsApp Buffer Overflow Vulnerability appeared first on McAfee Blogs.

]]>
https://www.mcafee.com/blogs/enterprise/endpoint-security/how-mvision-mobile-can-combat-the-whatsapp-buffer-overflow-vulnerability/feed/ 0
Mobile Threat Report Commentary: Mobile Malware is Not Going Away https://www.mcafee.com/blogs/enterprise/endpoint-security/mobile-threat-report-commentary-mobile-malware-is-not-going-away/ https://www.mcafee.com/blogs/enterprise/endpoint-security/mobile-threat-report-commentary-mobile-malware-is-not-going-away/#respond Thu, 28 Feb 2019 15:00:19 +0000 https://securingtomorrow.mcafee.com/?p=94346

Employees use their mobile devices to be proactive and stay connected in both their personal and work lives. The movement to the cloud has allowed employees to check email, download documents, and share information that may contain sensitive information, even when they’re not on an enterprise network. Businesses must protect their enterprise environments and combat […]

The post Mobile Threat Report Commentary: Mobile Malware is Not Going Away appeared first on McAfee Blogs.

]]>

Employees use their mobile devices to be proactive and stay connected in both their personal and work lives. The movement to the cloud has allowed employees to check email, download documents, and share information that may contain sensitive information, even when they’re not on an enterprise network. Businesses must protect their enterprise environments and combat threats that target their employees as average consumers.

McAfee research shows that every mobile-enabled device is subject to some type of malicious exploit. In 2018, McAfee researchers discovered mobile malware named TimpDoor, which turned Android devices into hidden proxies. But in 2019, businesses should be prepared for malware that goes beyond mobile devices too.

Detections of backdoors, cryptomining, fake apps, and banking Trojans all increased substantially in the second half of 2018 and attacks on other connected household devices gained momentum as well. While hidden apps like Adware remain by far the most common form of mobile malware, others are growing and learning how to infect other devices.

Mobile devices are becoming a hub for ransomware and malware developers. One common thread through much of the mobile attack landscape is the quest for illicit profits. Criminals are looking for ways to maximize their income and shift tactics in response to changes in the market.

“75% rise in banking Trojans, enabling cybercriminals to steal financial credentials from mobile devices”

“550% increase in mobile malware realized by the end of 2018”

Weak to non-existent security controls from manufacturers and a lack of simple evasion techniques, such as changing the default username and password, make connected devices in the home and workplace targets for cybercriminals.

Although mobile devices have become key enablers for business productivity and connectivity, they’re still the greatest risk to enterprises today. This changes how enterprises need to secure the mobile devices that connect to their environment. Enterprises must invest in endpoint security solutions to protect themselves from the evolving threat landscape. Mobile is one of the fastest growing endpoints and needs to be protected just as much as laptops and desktop computers.

McAfee has addressed the growing need by introducing the MVISION portfolio family, which provides IT administrators with comprehension and control through one single management console. McAfee MVISION Mobile provides on-device detection, local (end user) threat remediation, visual mapping of nearby dangerous networks, customizable on-device user notifications, and advanced threat detection. This provides the enterprise-class threat defense that businesses today need to be secure.

Read the McAfee Mobile Threat Report to learn more about protecting your employees’ mobile devices from malware and other cyberthreats.

The post Mobile Threat Report Commentary: Mobile Malware is Not Going Away appeared first on McAfee Blogs.

]]>
https://www.mcafee.com/blogs/enterprise/endpoint-security/mobile-threat-report-commentary-mobile-malware-is-not-going-away/feed/ 0
When You Can’t Unplug on Vacation https://www.mcafee.com/blogs/enterprise/endpoint-security/when-you-cant-unplug-on-vacation/ https://www.mcafee.com/blogs/enterprise/endpoint-security/when-you-cant-unplug-on-vacation/#respond Mon, 13 Aug 2018 13:00:09 +0000 https://securingtomorrow.mcafee.com/?p=90720 We all need to take a vacation to energize our personal batteries. However, many of us find it hard not to check email or look at the latest update from our executive team.  Until I started working on MVISION Mobile, an enterprise security product which McAfee announced on July 17th, I will admit I didn’t […]

The post When You Can’t Unplug on Vacation appeared first on McAfee Blogs.

]]>
We all need to take a vacation to energize our personal batteries. However, many of us find it hard not to check email or look at the latest update from our executive team.  Until I started working on MVISION Mobile, an enterprise security product which McAfee announced on July 17th, I will admit I didn’t think about my compulsive behavior as a menace to our company.  I hear the flight attendant say, “It’s now safe to turn on electronics and put your phone in airplane mode.”  I immediately hope to check email and maybe go to our internal expense reporting system to see if my Boss received my latest report.  However, mobile devices like our phones, iPads and laptops are the latest and favorite target for attackers.

Mobile devices have all the organizational information that traditional endpoints have.  Let’s take a little divergence from my flight story and talk about why these endpoints are the latest attack target.  It’s rather obvious: they are the path of least resistance.  Billions of dollars have been invested protecting our network infrastructure with various forms of security.  Firewalls, IPS, IDS, WAFs, etc.  But very little has been invested in protecting our mobile devices, and they have the exact same access to data and other valuable information as other devices.  So, if you were a bad guy, what path would you take?

Now back to our story.  As we reach the right altitude on our flight to friends, family or simply a favorite chill out spot, we must think about how important it is to protect mobile devices from attacks.  Attacks happen at machine speed and you need to detect and respond at machine speed.  In other words, you need to protect the device where the attack is happening and not rely on data that may (or may not) be sitting in a cloud.

The good news is there is a solution. McAfee© MVISION Mobile offers protection on device, at the time of attack, without the assistance of signatures or reliance on a network connection. Lab-trained machine learning-based technology has the capability to deliver this type of protection.  In addition to its proven efficacy against zero-day device, network, phishing and application attacks, MVISION Mobile’s machine learning-based engine is capable of detecting previously unknown mobile malware on-device without requiring updates and without the risks of cloud-based lookups.

The only right way to do mobile device security is on the device. Lab-trained with billions of data points and millions of devices, MVISION Mobile delivers unparalleled on-device protection. Also, enterprise solutions must be adaptable to the environment and not force the enterprise to adapt to the solution.  MVISION Mobile is available for any cloud platform, integration with any MDM/EMM solution, has on-premises deployment options and unmatched incident forensics.

For those of you that want to unplug but still maybe check in, McAfee MVISION Mobile provides visibility and mobile threat defense for iOS and Android-based devices to ensure they are safeguarded just like any other device. Unlike cloud-based mobile security solutions that rely on app sandboxing or traffic tunneling, McAfee MVISION Mobile sits directly on mobile devices to provide always-on protection no matter how a device is connected (corporate network, public AP, cellular carrier or even offline).

McAfee MVISION Mobile also analyzes deviations to device behavior and make determinations about indicators of compromise to accurately identify advanced device, application, and network-based attacks. Plus, it extends its visibility and control of mobile assets to McAfee MVISION ePO to round out enterprises single console security management.  New mobile device security capabilities include:

  • Centralized Management: Complements existing endpoint, server and IoT device coverage via a cloud service with visibility and control through McAfee ePO.
  • On-Device Protection: Machine learning-based detection of mobile threats protects users while offline and even during network attacks. Proven zero-day protection.
  • Flexible Deployment: Simple and flexible SaaS or on-premises deployment in any cloud environment.

So no matter what kind of mobile device or where you go online, MVISION Mobile is there to keep you, and the valuable information you access, secure.

The post When You Can’t Unplug on Vacation appeared first on McAfee Blogs.

]]>
https://www.mcafee.com/blogs/enterprise/endpoint-security/when-you-cant-unplug-on-vacation/feed/ 0