McAfee Labs

Brazilian Banking Malware Hides in SQL Database

Spam is a plague that has given headaches to system administrators and users for years. A lot of spam tries to sell “performance enhancement” medicine or lure us to suspicious websites. But one of the main uses of spam, which appears to be making a comeback, is the distribution of ...

Security Operations

Cyber Threat Management: A Perfect Fit for McAfee SIEM

This blog was written by Bart Lenaerts-Bergman. Driven by the misfortune of many, Cyber Threat Intelligence exchange and consumption is becoming more proliferated, accessible and standardized. Together with legacy security technologies like Firewall, IPS and Vulnerability Assessment tools, SIEMs have used threat intelligence initially for the most common use-case of ...

McAfee Labs

Chinese Trojan Hooks Macs, iPhones

“Distrust and caution are the parents of security”–Benjamin Franklin A recent threat targeting Chinese users of Mac OS X and iPhone came to light yesterday. The malware, called WireLurker, is distributed by the Chinese third-party app store Maiyadi. Since the threat’s discovery, more than 400 applications containing the Trojan were ...

McAfee Labs

Dropping Files Into Temp Folder Raises Security Concerns

Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables “attached” to the documents. Usually, some words in the documents try to convince users to click and run the attachments. The following figure shows the point at which a ...

McAfee Labs

Examining Your Very Own Sefnit Trojan

Most malware is created for economic purposes. To name just a few of our reports and blogs on this topic, we have written about Cybercrime Exposed, stolen data, and the Target point-of-sale malware. But sometimes it’s not clear to our customers how much time and skill malware authors invest in ...

Security Operations

Updates and Mitigation to Microsoft Office Zero-Day Threat (CVE-2013-3906)

On November 5, Microsoft posted Security Advisory 2896666. This vulnerability, discovered by Haifei Li of McAfee Labs, affects multiple versions of Microsoft Office, Windows, and Lync. Successful exploitation could result in the ability to execute arbitrary code on a vulnerable host (a remote code execution vulnerability). The issue (an integer overflow) lies ...

Security Operations

Using the McAfee SIEM to Augment Successful Detection of Financial Fraud

Financial fraud has a wide range of impact across a society: Providers of financial services may incur the largest losses, but the users of financial services who become victims may be hit much harder. Fraud victims range across the income scale, and even a small fraud can be catastrophic to ...

Security Operations

New in SIEM – Advanced Correlation Features

Now that 9.2 has been out for some time, it’s time to document some of the very cool things the McAfee SIEM can do. While the documentation is a must read for the how, this post is meant to bring you up to speed of the why of some advanced ...

McAfee Labs

Quarian Group Targets Victims With Spearphishing Attacks

This blog post was written by Rahul Mohandas. The current generation of targeted attacks are getting more sophisticated and evasive. These attacks employ media-savvy stories in their social engineering themes to lure unsuspecting users. We have seen heightened activity by one of the groups, dubbed Quarian. It is believed to ...

McAfee Labs Executive Perspectives McAfee Partners

Tool Talk: Cracking the Code on XtremeRAT

Late last week, reports began to surface that the Israeli police (along with other regional law enforcement) were targeted by a malware attack.  The entry vector was described as a phishing campaign sent from Benny Gantz (head of the Israeli Defense Forces).  Initially, details and indicators around the malware were beyond sparse. ...

Subscribe to McAfee Securing Tomorrow Blogs