Featured Blogs
A New Program for Your Peloton – Whether You Like It or Not
Executive Summary The McAfee Advanced Threat Research team (ATR) is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. As security researchers, something that we always try to establish before looking at a target is what our scope should be. More specifically, we often assume well-vetted ...
Are Virtual Machines the New Gold for Cyber Criminals?
Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT systems in a heartbeat, allowing then to be more agile as opposed to investing into dedicated “bare-metal” hardware. To the outside untrained eye, it might seem that there ...
Scammers Impersonating Windows Defender to Push Malicious Windows Apps
Summary points: Scammers are increasingly using Windows Push Notifications to impersonate legitimate alerts Recent campaigns pose as a Windows Defender Update Victims end up allowing the installation of a malicious Windows Application that targets user and system information Browser push notifications can highly resemble Windows system notifications. As recently discussed, ...
DarkSide Ransomware Victims Sold Short
Over the past week we have seen a considerable body of work focusing on DarkSide, the ransomware responsible for the recent gas pipeline shutdown. Many of the excellent technical write-ups will detail how it operates an affiliate model that supports others to be involved within the ransomware business model (in ...
Major HTTP Vulnerability in Windows Could Lead to Wormable Exploit
Today, Microsoft released a highly critical vulnerability (CVE-2021-31166) in its web server http.sys. This product is a Windows-only HTTP server which can be run standalone or in conjunction with IIS (Internet Information Services) and is used to broker internet traffic via HTTP network requests. The vulnerability is very similar to ...
“Fool’s Gold”: Questionable Vaccines, Bogus Results, and Forged Cards
Preface Countries all over the world are racing to achieve so-called herd immunity against COVID-19 by vaccinating their populations. From the initial lockdown to the cancellation of events and the prohibition of business travel, to the reopening of restaurants, and relaxation of COVID restrictions on outdoor gatherings, the vaccine rollout ...
Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
The Roaming Mantis smishing campaign has been impersonating a logistics company to steal SMS messages and contact lists from Asian Android users since 2018. In the second half of 2020, the campaign improved its effectiveness by adopting dynamic DNS services and spreading messages with phishing URLs that infected victims with ...
How to Stop the Popups
McAfee is tracking an increase in the use of deceptive popups that mislead some users into taking action, while annoying many others. A significant portion is attributed to browser-based push notifications, and while there are a couple of simple steps users can take to prevent and remediate the situation, there ...
Steps to Discover Hidden Threat from Phishing Email
Introduction Email is one of the primary ways of communication in the modern world. We use email to receive notifications about our online shopping, financial transaction, credit card e-statements, one-time passwords to authenticate registration processes, application for jobs, auditions, school admissions and many other purposes. Since many people around the ...
Access Token Theft and Manipulation Attacks – A Door to Local Privilege Escalation
Executive Summary Many malware attacks designed to inflict damage on a network are armed with lateral movement capabilities. Post initial infection, such malware would usually need to perform a higher privileged task or execute a privileged command on the compromised system to be able to further enumerate the infection targets ...
