Featured Blogs
How to Protect Against WannaCry Ransomware in a McAfee Environment
WannaCry is a ransomware family targeting Microsoft Windows. On Friday May 12, a large cyberattack based on this threat was launched. At this time, it is estimated that more than 250,000 computers in 150 countries have been infected, each demanding a ransom payment.
Misuse of DocuSign Email Addresses Leads to Phishing Campaign
DocuSign, which provides electronic signatures and digital transaction management, reported that email addresses were stolen by an unknown party on...
Adylkuzz CoinMiner Spreading Like WannaCry
The last few days have been very busy for security teams all around the globe due to the nasty ransomware...
Fake WannaCry ‘Protectors’ Emerge on Google Play
Are Android devices affected by the self-propagating ransomware WannaCry? No—because this threat exploits a vulnerability in Microsoft Windows. This malware...
McAfee Discovers Pinkslipbot Exploiting Infected Machines as Control Servers
This blog was written by Sanchit Karve. McAfee Labs has discovered that banking malware Pinkslipbot (also known as QakBot/QBot) has...
How to Protect Against Petya Ransomware in a McAfee Environment
A new variant of the ransomware Petya (also called Petrwrap) began spreading around the world on June 27. Petya is ransomware that exploits the vulnerability CVE-2017-0144 in Microsoft’s implementation of the Server Message Block protocol. This ransomware encrypts the master boot records of infected Windows computers, making the machines unusable.
LeakerLocker: Mobile Ransomware Acts Without Encryption
We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a...
Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution
Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using...
Darknet Markets Will Outlive AlphaBay and Hansa Takedowns
On June 20, law enforcement took over the Hansa marketplace after investigations that began in 2016. On July 5, police...
Analyzing CVE-2017-0190: WMF Flaws Can Lead to Data Theft, Code Execution
CVE-2017-0190 is a recently patched vulnerability related to Windows metafiles (WMFs), a portable image format mainly used by 16-bit Windows...
Smishing Campaign Steals Banking Credentials in U.S.
The McAfee Mobile Research team recently found an active smishing campaign, using SMS messages, that targets online banking users in...
DEFCON – Connected Car Security
Sometime in the distant past, that thing in your driveway was a car. However, the “connected car is already the...
Android Banking Trojan MoqHao Spreading via SMS Phishing in South Korea
Last month, a number of users started posting on South Korean sites screenshots of suspicious SMS messages phishing texts (also...
Android Click-Fraud Apps Briefly Return to Google Play
Click-fraud apps frequently appear on Google Play and third-party markets. They are sometimes hard to identify because the malicious behavior...
Emotet Trojan Acts as Loader, Spreads Automatically
Since the middle of July, McAfee has observed new updates of the Emotet, a Trojan that was first discovered in...
Android Click-Fraud App Repurposed as DDoS Botnet
The McAfee Mobile Research Team tracks the behavior of Android click-fraud apps. We have detected multiple implementations, including recent examples...
Microsoft Kills Potential Remote Code Execution Vulnerability in Office (CVE-2017-8630)
Recently the McAfee IPS Research Team informed Microsoft about a potential remote code execution vulnerability in Office 2016 that McAfee...
Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805
Apache Struts, an open-source web development framework, is prone to vulnerabilities. We wrote about CVE-2017-9791 in July. The latest is...
Linux Kernel Vulnerability Can Lead to Privilege Escalation: Analyzing CVE-2017-1000112
This blog was written by Krishs Patil. A memory corruption bug in UDP fragmentation offload (UFO) code inside the Linux...
Expiro Malware Is Back and Even Harder to Remove
File infector malware adds malicious code to current files. This makes removal tricky because deleting infections results in the loss...
McAfee Labs: Faceliker Surge Manipulates Facebook “Likes” to Promote News, Other Content
Criminals excel in manipulating the trust within human relationships, particularly as individuals project themselves into digital realms such as social...
Staying Anonymous on the Blockchain: Concerns and Techniques
With Bitcoin at one point valued at more than $5,000 per unit, cryptocurrencies have excited a lot of interest from...
Taiwan Bank Heist and the Role of Pseudo Ransomware
Widespread reports claim the Far Eastern International Bank in Taiwan has become a victim of hacking. The attacks demonstrate the global nature of cybercrime, with the cybercriminals attempting to wire US$60 million to destinations such as Sri Lanka, Cambodia, and the United States.
Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826
McAfee Labs has performed frequent analyses of Office-related threats over the years: In 2015, we presented research on the Office...
Tips for Effective Threat Hunting
This blog was co-written by Ramnath Venugopalan. In May, McAfee surveyed more than 700 IT and security professionals around the...
KRACKs Against Wi-Fi Serious But Not End of the World
This blog was written by Brook Schoenfield. On October 12, researcher Mathy Vanhoef announced a set of Wi-Fi attacks that...
ROCA: Which Key-Pair Attacks Are Credible?
This blog was co-written by Brook Schoenfield. In the past two weeks, we have seen two big encryption issues arise:...
