The Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program is a key component of the federal government’s cybersecurity posture. This important program provides real-time, continuous monitoring of federal networks while also auditing networks for unauthorized changes. While the CDM program has been a boon to the security of many civilian agencies, there ...
Read Blog
The Artful and Dangerous Dynamics of Watering Hole Attacks A group of researchers recently published findings of an exploitation of multiple iPhone vulnerabilities using websites to infect final targets. The key concept behind this type of attack is the use of trusted websites as an intermediate platform to attack others, and it’s defined as a watering hole ...
Read Blog
According to an analysis by McAfee’s cloud division, log data tracking the activities of some 200,000 government workers in the United States and Canada, show that the average agency uses 742 cloud services, on the order of 10 to 20 times more than the IT department manages. The use of unauthorized applications creates severe security ...
Read Blog
Executive Summary Malware evasion techniques are widely used to circumvent detection as well as analysis and understanding. One of the dominant categories of evasion is anti-sandbox detection, simply because today’s sandboxes are becoming the fastest and easiest way to have an overview of the threat. Many companies use these kinds of systems to detonate malicious ...
Read Blog
In this exclusive episode featuring McAfee CEO Chris Young, we’re exploring EDR guided investigation and the opportunities it provides for reducing alert noise, maximizing the productivity of cybersecurity teams, and reducing triage and remediation times. Chris is joined by McAfee’s Chief Product Officer Ash Kulkarni, Forrester’s Principal Analyst Josh Zelonis, and GM Financial’s Assistant Vice ...
Read Blog
The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected, through the use of zero-day vulnerabilities. In this scenario, a threat actor or actors operated multiple compromised websites, using at least one or more zero-day vulnerabilities and numerous unique exploit chains and known vulnerabilities to ...
Read Blog
I ruined Easter Sunday 2017 for McAfee employees the world over. That was the day our company’s page on a prominent social media platform was defaced—less than two weeks after McAfee had spun out of Intel to create one of the world’s largest pure-play cybersecurity companies. The hack would have been embarrassing for any company; ...
Read Blog