Featured Blogs
June #SecChat Recap: Findings from the 2016 Verizon DBIR
This year’s highly anticipated Verizon 2016 Data Breach Investigations Report (Verizon DBIR) analyzed cybersecurity findings from 100,000 incidents and 2,260...
Macro Malware Adds Tricks, Uses MaxMind to Avoid Detection
Macro malware continues to evolve and use new tricks to evade detection. This threat is responsible for downloading malicious Trojans...
JavaScript-PHP Joint Exercise Delivers Nemucod Ransomware
The ransomware Nemucod has been very prevalent in the last few months. Nemucod’s habit of frequently changing its delivery mechanism...
Microsoft’s June Patch Kills Potential CFG Bypass
After applying Microsoft’s June patch, we noticed some interesting changes that prevent a security bypass of Windows’ Control Flow Guard...
‘Thrones’ Jon Snow Appears to Employ Neutrino Exploit Kit
This blog post was written by Kalpesh Mantri. You read that right. Jon Snow appears to be back from the...
Experts Discuss the 2016 Verizon DBIR: June #SecChat
Cybersecurity in 2016 has been full of sensational headlines. Ransomware has shut down multiple hospitals, millions of credentials have been...
Zcrypt Expands Reach as ‘Virus Ransomware’
McAfee has recently seen a new kind of ransomware–Zcrypt—that can self-replicate. This “virus ransomware” arrives via email in a malicious...
Threat Actors Employ COM Technology in Shellcode to Evade Detection
COM (Component Object Model) is a technology in Microsoft Windows that enables software components to communicate with each other; it...
Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript
This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks,...
Trillium Exploit Kit Update Offers ‘Security Tips’
McAfee Labs has previously blogged about the Trillium Exploit Kit Version 3.0, which is commonly used to create and distribute malware....
Android Spyware Targets Security Job Seekers in Saudi Arabia
The Middle East is the new Wild West of mobile malware, especially for targeted attacks and intelligence gathering campaigns. During...
Seeing Through Darkleech Obfuscation: a Quick Hack to Iframes
This blog post was written by Kalpesh Mantri. Darkleech is an Apache module on the dark web that distributes malware....
Android Banking Trojan ‘SpyLocker’ Targets More Banks in Europe
Since the discovery of the Android banking Trojan SpyLocker, McAfee has closely monitored this threat. SpyLocker first appeared disguised as...
Which Cybersecurity Data Should You Trust?
Limitations of security data We are constantly battered by cybersecurity data, reports, and marketing collateral—and we shouldn’t treat all of this...
Malware Mystery: JS/Nemucod Downloads Legitimate Installer
JS/Nemucod is the detection name given to a family of malicious JavaScript downloaders that have appeared in spam campaigns since last year....
Attacks on SWIFT Banking System Benefit From Insider Knowledge
In recent months, we’ve seen headlines about the compromise of a bank in Bangladesh from which cybercriminals attempted to steal...
5 Steps to Enhance Security of Cloud Applications
This blog post was written by Dileep Dasari. When you move applications to the cloud, the attack surface changes while the vulnerabilities...
Can Zealous Security Cause Harm?
Good security requires balancing risks, costs, and usability. Too much or too little of each can be unhealthy and lead...
Sex Sells: Looking at Android Adult Adware Apps
Advertising is one of the primary methods to generate money from mobile devices. Ads can be displayed in the browser...
Key Lessons From Verizon’s ‘2016 Data Breach Investigations Report’
The annual Data Breach Investigations Report (DBIR) is out and reinforces the value of well-established cybersecurity practices. The good folks...
Server-Side Request Forgery Takes Advantage of Vulnerable App Servers
This blog was written by Kunal Garg. Server-side request forgery is an attack in which an attacker can force a...
Current Campaign Delivers Hundreds of Thousands of Polymorphic Ransomware
You might have been getting out of bed when attackers started sending hundreds of thousands of fake invoices the morning...
Android Malware Clicker.G!Gen Found on Google Play
Recently the Mobile Malware Research Team of McAfee found on Google Play a new campaign of Android/Clicker.G in dozens of...
The Morning After: What Happens to Data Post-Breach?
This post first appeared on the security website Dark Reading. We need consumers and businesses to not simply shrug off...
Fake Android Update Delivers SMS, Click Fraud in Europe
McAfee Mobile Research has been monitoring a mobile malware campaign targeting users in Germany, France, and Russia since the beginning...
CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability
DLL planting, also known as DLL side loading, is a popular attack technique today. If we take a look at...
Malware Takes Advantage of Windows ‘God Mode’
Microsoft Windows has hidden an Easter Egg since Windows Vista. It allows users to create a specially named folder that...
