Featured Blogs
How to Protect Against WannaCry Ransomware in a McAfee Environment
WannaCry is a ransomware family targeting Microsoft Windows. On Friday May 12, a large cyberattack based on this threat was launched. At this time, it is estimated that more than 250,000 computers in 150 countries have been infected, each demanding a ransom payment.
Misuse of DocuSign Email Addresses Leads to Phishing Campaign
DocuSign, which provides electronic signatures and digital transaction management, reported that email addresses were stolen by an unknown party on...
Adylkuzz CoinMiner Spreading Like WannaCry
The last few days have been very busy for security teams all around the globe due to the nasty ransomware...
Fake WannaCry ‘Protectors’ Emerge on Google Play
Are Android devices affected by the self-propagating ransomware WannaCry? No—because this threat exploits a vulnerability in Microsoft Windows. This malware...
McAfee Discovers Pinkslipbot Exploiting Infected Machines as Control Servers
This blog was written by Sanchit Karve. McAfee Labs has discovered that banking malware Pinkslipbot (also known as QakBot/QBot) has...
How to Protect Against Petya Ransomware in a McAfee Environment
A new variant of the ransomware Petya (also called Petrwrap) began spreading around the world on June 27. Petya is ransomware that exploits the vulnerability CVE-2017-0144 in Microsoft’s implementation of the Server Message Block protocol. This ransomware encrypts the master boot records of infected Windows computers, making the machines unusable.
LeakerLocker: Mobile Ransomware Acts Without Encryption
We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a...
Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution
Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using...
Darknet Markets Will Outlive AlphaBay and Hansa Takedowns
On June 20, law enforcement took over the Hansa marketplace after investigations that began in 2016. On July 5, police...
Analyzing CVE-2017-0190: WMF Flaws Can Lead to Data Theft, Code Execution
CVE-2017-0190 is a recently patched vulnerability related to Windows metafiles (WMFs), a portable image format mainly used by 16-bit Windows...
Smishing Campaign Steals Banking Credentials in U.S.
The McAfee Mobile Research team recently found an active smishing campaign, using SMS messages, that targets online banking users in...
DEFCON – Connected Car Security
Sometime in the distant past, that thing in your driveway was a car. However, the “connected car is already the...
Android Banking Trojan MoqHao Spreading via SMS Phishing in South Korea
Last month, a number of users started posting on South Korean sites screenshots of suspicious SMS messages phishing texts (also...
Android Click-Fraud Apps Briefly Return to Google Play
Click-fraud apps frequently appear on Google Play and third-party markets. They are sometimes hard to identify because the malicious behavior...
Emotet Trojan Acts as Loader, Spreads Automatically
Since the middle of July, McAfee has observed new updates of the Emotet, a Trojan that was first discovered in...
Android Click-Fraud App Repurposed as DDoS Botnet
The McAfee Mobile Research Team tracks the behavior of Android click-fraud apps. We have detected multiple implementations, including recent examples...
Microsoft Kills Potential Remote Code Execution Vulnerability in Office (CVE-2017-8630)
Recently the McAfee IPS Research Team informed Microsoft about a potential remote code execution vulnerability in Office 2016 that McAfee...
Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805
Apache Struts, an open-source web development framework, is prone to vulnerabilities. We wrote about CVE-2017-9791 in July. The latest is...
