Featured Blogs
Apps Sending Plain HTTP Put Personal Data at Risk
At the AVAR Conference in November 2014, McAfee Labs presented how to exploit a cross-site scripting vulnerability of the Costco...
Slow File Infector Spies on Victims
Sourabh Kadam contributed to this blog. In the middle of 2012 McAfee Labs observed the complex malware XDocCrypt infecting documents,...
McAfee Adds Flash Exploit Detection to NSP 8.2
Adobe Flash vulnerabilities and exploits have worried users and security professionals for many years. The situation today remains serious. A...
InstallCube: How Russian Programmers Turn Adware Into Cash
We often observe applications bundled with ad-displaying programs to generate revenue for those products. These are not necessarily unethical, but...
Is This Your Photo? No, It’s SMS Spam With Mobile Malware
One of the most important concerns of Internet users is privacy. For this reason one of the most effective phishing...
At McAfee, Protecting Customers Takes Precedence Over Seeking Headlines
One question I often hear is “When will McAfee publish a report on the latest threat?” It seems to be...
Win32/Syndicasec Used In Targeted Attacks Against Indian Organizations
During the last couple of months, we’ve observed several RTF exploits that target Indian organizations. The first RTF exploit was...
Exploit Kits Improve Evasion Techniques
Exploit kits are toolkits that malicious developers use to take advantage of client-side vulnerabilities, targeting web browsers and programs that...
Bypassing Microsoft’s Patch for the Sandworm Zero Day, the Root Cause
On October 21, we warned the public that a new exploitation method could bypass Microsoft’s official patch (MS14-060, KB3000869) for...
Chinese Trojan Hooks Macs, iPhones
“Distrust and caution are the parents of security”–Benjamin Franklin A recent threat targeting Chinese users of Mac OS X and...
New Exploit of Sandworm Zero-Day Could Bypass Official Patch
Update of October 25: Some comments posted after we published this report suggest that our proof-of-concept exploit will trigger the...
Top 3 Phishing Attacks Use Similar Tricks
Phishing scams are immensely popular and we see millions of phishing messages everyday. Today we offer the top three phishing...
BackOff Malware Uses Encryption to Hide Its Intentions
Often we see malware authors using encryption or obfuscation along with other techniques to modify the static contents of malware....
CelebGate: a Long, Dangerous List of Celebrities
During the past few days, the media has been abuzz with the massive celebrity photo leak nicknamed CelebGate 2014. The...
Beware of Impostor Android Apps Using Fake ID
Recently discovered, an Android vulnerability called Fake ID allows apps to impersonate other apps by copying their identity. Each app...
Trust Is the Most Valuable Asset
The most valuable asset for actors in cyberspace is trust. It is an important ingredient in successful business operations as...
Adobe Flash Player Installer Scams Reappear on Google Play
Adobe Flash Player has been a boon to Android malware creators for a long time. These developers have taken advantage...
Yahoo Ads Serve Mobile Fake Alerts
“Android Armour,” a malicious knockoff of Armor For Android, has been circulating for some time with no end in sight, perhaps...
