It’s a question I get several times a year from anxious parents, either via a direct message, an email or even in line at the grocery store….
The post Potentially Malicious Apps Your Kids May Use appeared first on McAfee Blogs.
AV evasion with 64-bit Executables
https://isc.sans.edu/forums/diary/All+your+Base+arenearly+equal+when+it+comes+to+AV+evasion+but+64bit+executables+are+not/27466/
Unpatches WebKit Vulnerablity in iOS/macOS
https://blog.theori.io/research/webkit-type…
Nearly 50,000 IPs Compromised in Worm-like TeamTNT Attack and Misconfigurations are the Biggest Threat to Cloud Security
We focus on the behavior of the DarkSide variant that targets Linux. We discuss how it targets virtual machine-related files on VMware ESXI servers, parses its embedded configuration, kills virtual machines (VMs), encrypts files on the infected machine…
May 2021 has been an extraordinary month in the cybersecurity world, with the DoD releasing its DoD Zero Trust Reference…
The post Why May 2021 Represents a New Chapter in the “Book of Cybersecurity Secrets” appeared first on McAfee Blogs.
Believe it or not, the baby turns 3 today! And like with every three-year-old, there is a lot to watch…
The post Happy Birthday GDPR! appeared first on McAfee Blogs.
A Survey of Bluetooth Vulnerabilities
https://isc.sans.edu/forums/diary/A+Survey+of+Bluetooth+Vulnerabilities+Trends/27460/
Google Chrome Update
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
Attacks on PDF …
5G acts as a catalyst for change for industrial environments. One part of its deployment is the 4G/5G campus network for some organizations. In our research we delve into the security risks and implications of this technology.
Open source code is in the vast majority of commercial softwares today. Learn best practices to mitigate the unique risks that accompany its use.
Posted by Jon Markoff and Sean Smith, Android Security and Privacy Team Integrating security into your app development lifecycle can save a lot of time, money, and risk. That’s why we’ve launched Security by Design on Google Play Academy to help develo…
The security industry is engulfed in the most asymmetric cyberwarfare we have ever seen. The outcome of an Attacker’s mission…
The post Cyber Cyber, Burning Bright: Can XDR Frame Thy Fearful Asymmetry? appeared first on McAfee Blogs.
As people turn to the Internet for news and answers to tough questions, it only makes sense that it would…
The post Private browsing vs VPN – Which one is more private? appeared first on McAfee Blog.
Uncovering Shenenigans in an IP Address Block via Hurricane Electic’s BGP Toolkit
https://isc.sans.edu/forums/diary/Uncovering+Shenanigans+in+an+IP+Address+Block+via+Hurricane+Electrics+BGP+Toolkit/27456/
VMware Advisory
https://www.vmware.com/securi…
Research Team: Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu & Mattias Nissler Today, we are sharing details around our discovery of Half-Double, a new Rowhammer technique that capitalizes on the worsening physics of some of the newer DR…
In response to the latest MITRE Engenuity ATT&CK® Evaluation 3, McAfee noted five capabilities that are must-haves for Sec Ops and displayed in the evaluation. This blog will speak to the alert actionability capability which…
The post Alert Actionability In Plain English From a Practitioner appeared first on McAfee Blogs.
In previous posts we have explored what differential privacy is, how it works, and how to answer questions about data in ways that protect privacy. All of the algorithms we’ve discussed have been demonstrated via mathematical proof to be effective for …
In this fourth episode of our 5-episode podcast, The C-level Strategic Guide for CIAM Investment, we will explore phase 3 on the CIAM Maturity Curve: Intelligent. To move from phase 2 (automated) to phase 3 (intelligent) involves a number of importa…
Anyone seeking information security standards or guidance is spoilt for choice e.g.:ISO27k – produced by a large international committee of subject matter experts and national representatives NIST SP 800 series – well researched, well w…
Apple Patches 0-Days
https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/
https://support.apple.com/en-us/HT201222
Bluetooth Vulnerabilities
https://kb.cert.org/vuls/id/799380
https://francozappa.github.io/about-bias/publicat…
On the frontline: revealing the personal and professional challenges facing SecOps teams. New research shows that security teams are struggling with overwhelming workloads, and organizations are lacking the solution.
We have found and confirmed close to 50,000 IPs compromised by this attack perpetrated by TeamTNT across multiple clusters. Several IPs were repeatedly exploited during the timeframe of the episode, occurring between March and May.
Over the past 14 months, organizations have had to navigate the abrupt discontinuity caused by COVID-19 and the ensuing regulations. Today, sports fans are returning to arenas and students are back in schools, but most office workers are still on wo…
Imagine this scenario: a CEO, CIO, CTO, CISO walk into a bar… The CTO has heard about cocktails that go…
The post Give CISOs a Shot – They Deserve It appeared first on McAfee Blogs.
In Part 1 of our Through Your Mind’s Eye series, we explored how our brains don’t give each decision we…
The post Through Your Mind’s Eye: How to Address Biases in Cybersecurity – Part 2 appeared first on McAfee Blogs.
Summer is here, which means more sun and more fun for everyone. It also means more streaming, gaming, and downloading. This seasonal reality reminds…
The post At Home or On-the-Go: Boost Your Internet Safety this Summer appeared first on McAfee Blogs.
Today I’ve slogged my way through a stack of ~50 ISO/IEC JTC1/SC27 emails, updating a few ISO27001security.compages here and there on ongoing standards activities. The most significant thing to report is that the project to revise the 3rd (2013) e…
Serverless Phishing Campaign
https://isc.sans.edu/forums/diary/Serverless+Phishing+Campaign/27446/
Locking Kernel32.dll As Anti-Debugging Technique
https://isc.sans.edu/forums/diary/Locking+Kernel32dll+As+AntiDebugging+Technique/27444/
WinRM Vulnerab…
When we think of tipping, many don’t see it as anything beyond a display of gratitude. However, Twitter’s latest feature is prompting its users to rethink this sentiment. It hasn’t been long since Twitter…
The post Keep the Change: 3 Tips for Using the Twitter Tip Jar appeared first on McAfee Blogs.
My background is as a developer and a security professional, so when I had to learn system design I approached it from that perspective. While I was familiar with many of these concepts, I decided that I had to learn it in depth and in earnest. Now tha…
New YouTube Video Series: Everything you ever wanted to know about DNS and more
https://isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27440/
And Ransomware Just Got a Bit Meaner
https://isc.s…
In the wake of the Schrems II decision[1], and even more in the light of Friday’s Facebook ruling[2], the question…
The post Data Localisation – The Magic Bullet? appeared first on McAfee Blogs.
May 2021 Forensic Contest: Answers and Analysis
https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest+Answers+and+Analysis/27430/
CIS Controls V8
https://www.cisecurity.org/controls/v8/
Dell iDRAC 9 Security Update
https://www.dell.com/support…
Cybersecurity and biases are not topics typically discussed together. However, we all have biases that shape who we are and,…
The post Through Your Mind’s Eye: What Biases Are Impacting Your Security Posture? appeared first on McAfee Blogs.
In our last blog about defense capabilities, we outlined the five efficacy objectives of Security Operations, that are most important…
The post Miles Wide & Feet Deep Visibility of Carbanak+FIN7 appeared first on McAfee Blogs.
Personal devices and the information they carry are incredibly valuable to their owners. It is only natural to want to protect…
The post Less Is More: Why One Antivirus Software Is All You Need appeared first on McAfee Blogs.
Today’s blog is from Michaela Iorga, Senior Technical Lead of the Computer Security Division (CSD) in the Information Technology Laboratory at NIST. Michaela’s team at NIST is working with the industry to develop the Open Security Controls Assessment L…
The SolarWinds breach represents a tectonic shift in threat actor tactics, suggesting this kind of attack vector will be replicated. Not only were the attacker’s sophistication and technical proficiency high — allowing them to stay in stealth mode — …
From RunDLL32 to JavaScript then PowerShell
https://isc.sans.edu/forums/diary/From+RunDLL32+to+JavaScript+then+PowerShell/27428/
New Pulse Secure VPN Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/
Android Stalkerware …
Today’s technology allows you to complete various tasks at the touch of a button wherever you go. As a result, you place trust in online services that make…
The post Elevate Your Financial Security: How to Safely Bank Online appeared first on McAfee Blogs.
Famous mock musician David St. Hubbins once said, “There’s a fine line between stupid and clever.” On one side of the line is an endless celebration of genius. On the other: failure and ignominy.The tech industry has no choice but to embrace innovat…