McAfee Labs

‘McAfee Labs 2018 Threats Predictions Report’ Previews Five Cybersecurity Trends

Welcome to the McAfee Labs 2018 Threats Predictions Report. We find ourselves in a highly volatile stage of cybersecurity, with new devices, new risks, and new threats appearing every day. In this edition, we have polled thought leaders from McAfee Labs and the Office of the CTO. They offer their views on a wide range of threats, including machine learning, ransomware, serverless apps, and privacy issues.

McAfee Labs

Don’t Substitute CVSS for Risk: Scoring System Inflates Importance of CVE-2017-3735

This blog was co-written by Brook Schoenfield and Damian Quiroga. I am a wry observer of vulnerability announcements. CVE-2017-3735—which can allow a small buffer overread in an X.509 certificate—presents an excellent example of the limitations of the Common Vulnerability Scoring System (CVSS). This scoring system is the de facto security industry standard for calculating and …

McAfee Labs

Self-Signed Certificates Can Be Secure, So Why Ban Them?

This blog was co-written by Brook Schoenfield and Ramnath Venugopalan. In many organizations the use of self-signed certificates is forbidden by policy. Organizations may ban the use of self-signed certificates for several reasons: It is trivially easy to generate a certificate’s key pair without reasonable entropy, to fail protect the private key of the key …

McAfee Labs

McAfee Discovers Pinkslipbot Exploiting Infected Machines as Control Servers; Releases Free Tool to Detect, Disable Trojan

This blog was written by Sanchit Karve. McAfee Labs has discovered that banking malware Pinkslipbot (also known as QakBot/QBot) has used infected machines as control servers since April 2016, even after its capability to steal personal and financial data from the infected machine has been removed by a security product. These include home users whose …

Business, Technical How To

Update: Technical McAfee Detail On DoubleAgent

Cedric Cochin teamed with Brook Schoenfield on this article Updated March 29, 2017 McAfee has been investigating the impact of the so-called “DoubleAgent zero-day” technique of Windows debugging capabilities announced on 22 March 2017. This injection technique uses a Microsoft Windows debugging feature that requires administrative privileges.  On the fly debugging is designed to be used …

McAfee Labs

Analyzing a Fresh Variant of the Dorkbot Botnet

This blog post was written by Sudhanshu Dubey. At McAfee Labs, we have recently observed a new variant of the Dorkbot botnet. Dorkbot is a well-known bot, famous for its various capabilities including backdoor, password stealing, and other malicious behavior. Dorkbot relies on social networking as its infection vector. In this post, we offer our …

McAfee Labs

Analyzing KillDisk Ransomware, Part 1: Whitelisting

This blog post was written by Sudhanshu Dubey. At McAfee Labs we recently analyzed the ransomware KillDisk. We will share our analysis in two parts: the first, this article, contains general information about the malware and its whitelisting technique; the second part will appear soon with an analysis of its variants and techniques, including how …

McAfee Labs

Top Tips for Securing Home Cameras

Installing a home surveillance camera system can add great benefits but also may introduce new risks to privacy and network security. The goal is to increase your security and peace of mind, while avoiding cybersecurity threats. Here are three tips to consider when purchasing, installing, and configuring your new home camera system. The risks Home …

McAfee Labs

Next Targets for Cybercriminals: the Long Term (Part 2)

In the previous post in this series, I outlined how cybercriminals will use the holiday season to victimize unwary consumers and target businesses. They will also dive deeper into leveraging devices connected to the Internet of Things (IoT). The long-term outlook expands their reach to more bold and potentially more lucrative pastures. Rise of blockchain …

McAfee Labs

Floki Bot a Sensation With International Cybercriminals

Floki Bot, new financial malware, is popular with English-, Portuguese-, and Russian-speaking underground criminal markets, winning over cybercriminals with new features and functionality. It is currently in use by a number of cybercrime groups around the world and is sold on the dark market for about US$1,000, according to Flashpoint and Cisco Talos. Improvements abound …