November 2020
The Multi-Million Pound Manchester United Hack
Earlier this year I wrote a blog post about the Manchester City Billion Pound Hack, which explored cyberattacks within elite football. Now it is the turn of City big rivals Manchester United, after they reported their IT systems had been impacted by a …
Read More The Multi-Million Pound Manchester United HackCyber security statistics for small organisations
No matter what size your organisation is, it will suffer a cyber attack sooner or later. There are simply too many malicious actors and too many vulnerabilities for you to identify. Unfortunately, SMEs often fall into the trap of believing that they are too small to be on cyber criminals’ radars. Why would they even think to target you? But criminal hackers target vulnerabilities rather than specific organisations. They look for weaknesses – whether it’s a flaw in a piece of software or an unprotected database containing sensitive information – and leverage it in whatever way they can. That’s why
The post Cyber security statistics for small organisations appeared first on IT Governance UK Blog.
Read More Cyber security statistics for small organisationsGood News: SANS Virtual Summits Will Be FREE for the Community in 2021
SANS Summits blog announcing free virtual cybersecurity summits in 2021
Read More Good News: SANS Virtual Summits Will Be FREE for the Community in 2021Weekly Update 219: IoT Unravelled with Scott Helme
What. A. Week. Blog post every day, massive uptick in comments, DMs, newsletter subscribers, followers and especially, blog traffic. More than 200,000 unique visitors dropped by this week, mostly to read about IoT things. This has been a fascinating experience for me and I’ve enjoyed sharing the journey, complete
Read More Weekly Update 219: IoT Unravelled with Scott HelmeThreat Actor: Unkown
Today I’d like to share a quick analysis on a quite new and unknown threat spotted in the wild. The file which grabbed my attention is called Loader.js (md5: 59a03086db5ebd33615b819a7c3546a5) and if you wish you can download it from Yomi. A very similar (or maybe the same) threat has been observed in the past months […]
Read More Threat Actor: UnkownIoT Unravelled Part 5: Practical Use Case Videos
This is the fifth and final part of the IoT unravelled blog series. Part 1 was all about what a mess the IoT landscape is, but then there’s Home Assistant to unify it all. In part 2 I delved into networking bits and pieces, namely IP addresses, my Ubiquiti UniFi
Read More IoT Unravelled Part 5: Practical Use Case VideosHow secure are your AI and machine learning projects?
Artificial intelligence and machine learning bring new vulnerabilities along with their benefits. Here’s how experts minimized their risk.
Read More How secure are your AI and machine learning projects?IoT Unravelled Part 4: Making it All Work for Humans
The first few parts of this series have all been somewhat technical in nature; part 1 was how much of a mess the IoT ecosystem is and how Home Assistant aims to unify it all, part 2 got into the networking layer with both Wi-Fi and Zigbee and in part
Read More IoT Unravelled Part 4: Making it All Work for Humans5 information security policies your organisation must have
Information security policies are essential for tackling organisations’ biggest weakness: their employees. Everything an organisation does to stay secure, from implementing technological defences to physical barriers, is reliant on people using them properly. It only takes one employee opening a phishing email or letting a crook into the premises for you to suffer a data breach. Information security policies are designed to mitigate that risk by helping staff understand their data protection obligations in various scenarios. Organisations can have as many policies as they like, covering anything that’s relevant to their business processes. But to help you get started, here are five policies
The post 5 information security policies your organisation must have appeared first on IT Governance UK Blog.
Read More 5 information security policies your organisation must haveState of Software Security v11: Key Takeaways for Developers
We recently released volume 11 of our annual State of Software Security (SOSS) report, which analyzes the security activity and history of applications Veracode scanned during a one-year period. Giving us a view of the full lifecycle of applications, t…
Read More State of Software Security v11: Key Takeaways for DevelopersNIST AI System Discovers New Material
When the words “artificial intelligence” (AI) come to mind, your first thoughts may be of super-smart computers, or robots that perform tasks without needing any help from humans. Now, a multi-institutional team including researchers from the National …
Read More NIST AI System Discovers New MaterialAdvice: Protecting Lone Workers Through Covid Restrictions
Protecting lone workers is an issue that businesses may not have come across previously, especially those based in busy city centre office blocks pre-coronavirus. Yet with many thriving business districts deserted through a lockdown and not everyone ab…
Read More Advice: Protecting Lone Workers Through Covid Restrictions‘Antiquated process’: data regulator on obtaining Cambridge Analytica warrant
UK information commissioner calls for international approach to emerging threatThe information commissioner has criticised the “antiquated process” that led to Facebook getting hold of Cambridge Analytica’s servers before the UK regulator itself, and r…
Read More ‘Antiquated process’: data regulator on obtaining Cambridge Analytica warrantNewsBites Drilldown for the Week Ending 20 November 2020
SANS DFIR Presenta Nuevos Webcasts en Español
SANS DFIR presenta sus nuevos episodios en Español
Read More SANS DFIR Presenta Nuevos Webcasts en Español70,000 Phishing Emails Sent Impersonating the IRS: How to Stay Protected

70,000 Phishing Emails Sent Impersonating the IRS: How to Stay Protected You wake up, log in to your Outlook, and find an email waiting in your inbox from [email protected] Much to your confusion, the email claims that you have an outstanding account balance that you must pay immediately, or you will face legal charges. As it […]
The post 70,000 Phishing Emails Sent Impersonating the IRS: How to Stay Protected appeared first on McAfee Blogs.
Read More 70,000 Phishing Emails Sent Impersonating the IRS: How to Stay ProtectedZooming with the Grandkids: Five Easy Video Chat Apps for the Holidays

Zooming with the Grandkids, Nieces, and Nephews: Five Free and Easy Video Chat Apps for the Holidays All the kids are doing it, and so can you. If you haven’t hopped onto a video chat with the family yet, the holidays are a great time to give it a whirl. While there are plenty of […]
The post Zooming with the Grandkids: Five Easy Video Chat Apps for the Holidays appeared first on McAfee Blogs.
Read More Zooming with the Grandkids: Five Easy Video Chat Apps for the HolidaysSeven Debunked Myths of Cybersecurity
Article by Kristin Herman, a writer and editor at Ukwritings.com and Academized.comThe term ‘cybersecurity’ has been tossed around lately. But although cybersecurity has been viewed as a saving grace for mobile devices, computers, etc. the topic is sti…
Read More Seven Debunked Myths of CybersecurityVote Now for 2020 Special Interest Group Projects
From now through 21 December 2020, PCI SSC Participating Organizations are invited to vote on proposals for 2021 Special Interest Group (SIG) projects.
McAfee Team Members Share Their Virtual Onboarding Experiences

At McAfee, ensuring our new team members are well prepared and supported for their roles is a top priority. From the first day of onboarding, team members are nurtured and given the tools they need for successful development. McAfee’s traditional in-person orientation process has evolved virtually because of the pandemic. But the approach and goal […]
The post McAfee Team Members Share Their Virtual Onboarding Experiences appeared first on McAfee Blogs.
Read More McAfee Team Members Share Their Virtual Onboarding ExperiencesSAFECode and PCI SSC Discuss the Evolution of Secure Software
When the PCI Security Standards Council (PCI SSC) developed its Software Security Framework (SSF) a few years ago, it relied on the expertise of a Software Security Task Force. As part of this task force, SAFECode, along with other indust…
Read More SAFECode and PCI SSC Discuss the Evolution of Secure SoftwareAWS Network Firewall: More Than Just Layer 4
Up until very recently, network prevention has been quite limited in Amazon Web Services (AWS).
Read More AWS Network Firewall: More Than Just Layer 4Instructor Spotlight: Brandon Evans, SEC510 Lead Author
Get to know SANS Certified Instructor and SANS Cloud Ace, Brandon Evans, lead author of SEC510: Public Cloud Security: AWS, Azure, and GCP.
Read More Instructor Spotlight: Brandon Evans, SEC510 Lead Author5 Fun Ways to Keep Family Connections Strong (and Secure) This Holiday

5 Fun Ways to Keep Family Connections Strong (and Secure) This Holiday The reality is beginning to hit: The holiday season will look and feel different this year. Traditional family gatherings, complete with mile-long dinner tables and flag football games, are now considered COVID “super spreader” events, putting a dent in plans for large gatherings. […]
The post 5 Fun Ways to Keep Family Connections Strong (and Secure) This Holiday appeared first on McAfee Blogs.
Read More 5 Fun Ways to Keep Family Connections Strong (and Secure) This HolidayHealthcare Orgs: What You Need to Know About TrickBot and Ryuk
In late October, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) co-authored an advisory report on the latest tactics used by cybercriminals t…
Read More Healthcare Orgs: What You Need to Know About TrickBot and RyukFree VPNs May Still Come with a Price

Free VPNs May Still Come with a Price If we’re being honest, many of us are consuming a lot of online content these days, whether it be for work, education, or sheer entertainment. I know my family is trying to balance what we need to do online, like meetings and classes, with fun activities like […]
The post Free VPNs May Still Come with a Price appeared first on McAfee Blogs.
Read More Free VPNs May Still Come with a PriceNature vs. Nurture Tip 1: Use DAST With SAST
When conducting research for this year???s State of Software Security report, we looked at how ???nature??? and ???nurture??? contribute to the time it takes to close out a security flaw. For the ???nature??? side, we looked at attributes that we canno…
Read More Nature vs. Nurture Tip 1: Use DAST With SASTWhat Truebill and Other Financial Apps Have in Common With EDR

Truebill, Chargebee, Fusebill and other financial apps have been inundating my social feeds and until recently I didn’t understand why I would need one of these apps. I’m the type that knows her bank account balance to the penny and I was shocked to discover that many of my co-workers and, of course, my college […]
The post What Truebill and Other Financial Apps Have in Common With EDR appeared first on McAfee Blogs.
Read More What Truebill and Other Financial Apps Have in Common With EDRSANS Threat Analysis Rundown Recap: The Return of UNC1878
This blog is a recap of an episode of the SANS Threat Analysis Rundown (STAR) webcast series which pertains to RYUK and UNC1878.
Read More SANS Threat Analysis Rundown Recap: The Return of UNC1878McAfee MVISION Solutions Meet FedRAMP Cloud Security Requirements

Today’s U.S. government is in a race to modernize its IT infrastructure to support ever more complicated missions, growing workloads and increasingly distributed teams—and do so facing a constantly evolving threat landscape. To support these efforts, McAfee has pursued and received a Federal Risk and Authorization Management Program (FedRAMP) Authorization designation for McAfee MVISION for […]
The post McAfee MVISION Solutions Meet FedRAMP Cloud Security Requirements appeared first on McAfee Blogs.
Read More McAfee MVISION Solutions Meet FedRAMP Cloud Security RequirementsTwitter hires veteran hacker Mudge as head of security
Peiter Zatko’s appointment follows mass attack on social media platform in JulyTwitter has appointed one of the world’s most respected hackers as its new head of security in the wake of a humiliating mass attack in July.The company has placed Peiter Za…
Read More Twitter hires veteran hacker Mudge as head of securityConsumer-targeted phishing and fraud are rising in time for a COVID holiday season
Black Friday and the holiday shopping season are on the horizon, and the spammers are already at work. Customers receive an email “advertising” a special limited offer, encouraging them to click links leading to websites pretending to be well-known …
Read More Consumer-targeted phishing and fraud are rising in time for a COVID holiday seasonChristmas Shopping 2020

How To Stay Safe While Shopping Online This Holiday Season I’m pleased to report that I’ve achieved a number of personal bests in 2020 but the one I’m most proud about is my achievement in the highly skilled arena of online shopping. I’ve shopped online like I’m competing in the Olympics: groceries, homewares, clothing – […]
The post Christmas Shopping 2020 appeared first on McAfee Blogs.
Read More Christmas Shopping 2020‘Sleigh’ Holiday Shopping by Protecting Your Online Security

‘Sleigh’ Holiday Shopping by Protecting Your Online Security And just like that, the holiday shopping season is among us! Like consumers everywhere, you may be trying to plan ahead when it comes to picking out gifts for your friends and family, scouring far and wide to cross items off your list. This year, however, will […]
The post ‘Sleigh’ Holiday Shopping by Protecting Your Online Security appeared first on McAfee Blogs.
Read More ‘Sleigh’ Holiday Shopping by Protecting Your Online SecurityCyber Monday is Coming – 10 Tips to Protect You From Online Shopping Scams

Cyber Monday is Coming – 10 Tips to Protect You and Your Family from Online Shopping Scams You’re not the only one looking forward to the big holiday sales like Black Friday and Cyber Monday. Hackers are too. As people flock to retailers big and small in search of the best deals online, hackers have […]
The post Cyber Monday is Coming – 10 Tips to Protect You From Online Shopping Scams appeared first on McAfee Blogs.
Read More Cyber Monday is Coming – 10 Tips to Protect You From Online Shopping ScamsNewsBites Drilldown for the Week Ending 13 November 2020
Instructor Spotlight: Ryan Nicholson, SEC488 Author
Ryan Nicholson is a Certified Instructor for SANS Institute and the author of the new SEC488: Cloud Security Essentials course from SANS.
Read More Instructor Spotlight: Ryan Nicholson, SEC488 AuthorCyber42 Cybersecurity Leadership Simulation Games
The Cyber42 Cybersecurity Leadership simulation game is the NetWars of SANS Cybersecurity Leadership curriculum.
Read More Cyber42 Cybersecurity Leadership Simulation GamesJava Crypto Catchup
In 2017, we started a blog series talking about how to securely implement a crypto-system in java. How to Get Started Using Java Cryptography Securely touches upon the basics of Java crypto, followed by posts around various crypto primitives Cryptograp…
Read More Java Crypto CatchupState of Software Security v11: How to Use the Findings
As a security professional reading through version 11 of our State of Software Security (SOSS) report, the first statistic that probably stands out to you is that 76 percent of applications have security flaws. It???s encouraging to see that only 24 pe…
Read More State of Software Security v11: How to Use the FindingsCheck, Please! Adding up the Costs of a Financial Data Breach
Guest article by Andrea Babbs, UK General Manager at VIPREReliance on email as a fundamental function of business communication has been in place for some time. But as remote working has become a key factor for the majority of business during 2020, it’…
Read More Check, Please! Adding up the Costs of a Financial Data BreachHow to Prevent Keyboard Snooping Attacks on Video Calls

How to Prevent Keyboard Snooping Attacks on Video Calls Video conferencing has really taken off this year. With more people working and learning from home than ever before, video calling has rapidly become the mainstream method for remote communication, allowing users to stay connected. But very few may realize that they might be giving away […]
The post How to Prevent Keyboard Snooping Attacks on Video Calls appeared first on McAfee Blogs.
Read More How to Prevent Keyboard Snooping Attacks on Video CallsAnnouncing our open source security key test suite
Posted by Fabian Kaczmarczyck, Software Engineer, Jean-Michel Picod, Software Engineer and Elie Bursztein, Security and Anti-abuse Research LeadSecurity keys and your phone’s built-in security keys are reshaping the way users authenticate online. These…
Read More Announcing our open source security key test suiteThis Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about a ransomware group that walked away with 2,200 Bitcoin: More than $33 million based on the current Bitcoin exchange rate. Also, read about this month’s Patch…
The post This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs appeared first on .
Read More This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical BugsNew PCI Regulations Indicate the Need for AppSec Throughout the SDLC
Last year, the PCI Security Standards Council published the PCI Secure Software Standard and the PCI Secure Software Lifecycle (Secure SLC) Standard as a part of a new PCI Software Security Framework (SSF), also referred to as PCI S3. The SSF offers ob…
Read More New PCI Regulations Indicate the Need for AppSec Throughout the SDLCSANS Cloud Security Curriculum
Blog outlining the new SANS Institute Cloud Security Curriculum
Read More SANS Cloud Security CurriculumAdvice from the Pros: Turning Your Free Computing Device into a Goldmine of Hands-On Experience
In this SANS blog, SANS Instructors help you find your path to building a home lab and testing environment that can ultimately help you advance your cybersecurity career.
Read More Advice from the Pros: Turning Your Free Computing Device into a Goldmine of Hands-On ExperienceBe a part of the HBCU Fall Classic Range Competition!
Be a part of the HBCU Fall Classic Cyber Range Competition and compete to win four months of NetWars Continuous (a $3200 value).
Read More Be a part of the HBCU Fall Classic Range Competition!SOCwise: A Security Operation Center (SOC) Resource to Bookmark

Core to any organization is managing cyber risk with a security operations function whether it be in-house or outsourced. McAfee has been and continues their commitment to protecting cyber assets. We are dedicated to empowering security operations and with this dedication comes expertise and passion. Introducing SOCwise a monthly series of blogs, podcasts and talks […]
The post SOCwise: A Security Operation Center (SOC) Resource to Bookmark appeared first on McAfee Blogs.
Read More SOCwise: A Security Operation Center (SOC) Resource to BookmarkBridge the Gap Between the Security You Have and the Security You Need

Change happens – sometimes much faster than expected – like it has in 2020. When the threat landscape shifts suddenly, security professionals must quickly react and change their security posture. This not only means reconfiguring existing security investments but also adding new ones. But given the number of heterogenous security applications sold by multiple vendors, […]
The post Bridge the Gap Between the Security You Have and the Security You Need appeared first on McAfee Blogs.
Read More Bridge the Gap Between the Security You Have and the Security You NeedThankful for broadband internet, and hopeful for much more

Thankful for broadband internet, and hopeful for much more Where would we be without our internet this year? We’ve shopped, worked, studied and taught, job hunted, and cared for each other online this year in ways we haven’t before—not to mention entertained ourselves plenty too. As so many of us have faced challenges and outright adversity this year, it’s difficult to imagine what this year […]
The post Thankful for broadband internet, and hopeful for much more appeared first on McAfee Blogs.
Read More Thankful for broadband internet, and hopeful for much moreAre You Prepared for Cybersecurity in the Boardroom?

Corporate boards have many dimensions of responsibility. Cybersecurity can be one of the most nuanced and important areas of focus for a board, but not all board members are well versed in why and what they need to care about related to cybersecurity. Cybersecurity is a board level topic for three main reasons: Cybersecurity breaches […]
The post Are You Prepared for Cybersecurity in the Boardroom? appeared first on McAfee Blogs.
Read More Are You Prepared for Cybersecurity in the Boardroom?Home-Point Cybersecurity: Bring Your Enterprise Home

For more than 20 years, the cybersecurity industry has been focused on enterprises, not on a larger national integrated security environment – and certainly not on comprehensive home security. Smart devices that make home life more convenient have been growing in acceptance and adoption, but by and large, the industry continues to concentrate on enterprise […]
The post Home-Point Cybersecurity: Bring Your Enterprise Home appeared first on McAfee Blogs.
Read More Home-Point Cybersecurity: Bring Your Enterprise HomeCIOs on the hook for governance as automation rises
Automation technologies are becoming woven throughout the fabric of virtually every company, raising the question of IT’s role in governing such capabilities. CIOs can and should provide guardrails to make sure automation technologies run properly — if…
Read More CIOs on the hook for governance as automation risesUnbreak My Heart: What I Learned About Building Better Medical Devices While Troubleshooting My Pacemaker
This blog outlines the story of Veronica Schmitt’s journey to fixing her ICD/Pacemaker using Medical Device Forensics.
Read More Unbreak My Heart: What I Learned About Building Better Medical Devices While Troubleshooting My PacemakerClick Security because “click happens”
CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server

CVSS Score: 9.8 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Overview Microsoft released a patch today for a critical vulnerability (CVE-2020-17051) in the Windows NFSv3 (Network File System) server. NFS is typically used in heterogenous environments of Windows and Unix/Linux for file sharing. The vulnerability can be reproduced to cause an immediate BSOD (Blue Screen of Death) within the nfssvr.sys driver. Interestingly, the November patches from Microsoft also include a remote kernel data read […]
The post CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server appeared first on McAfee Blogs.
Read More CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows ServerHonoring Our Brave Military Veterans from the McAfee Community

Paying Tribute November 11 marks Veterans Day and Remembrance Day. It is a time for us to come together and honor the brave men and women who have risked their lives to protect our nations. We pay tribute to those who have served in the U.S. military during Veterans Day. In the Commonwealth countries, we honor […]
The post Honoring Our Brave Military Veterans from the McAfee Community appeared first on McAfee Blogs.
Read More Honoring Our Brave Military Veterans from the McAfee CommunityHow CASB and EDR Protect Federal Agencies in the Age of Work from Home

Malicious actors are increasingly taking advantage of the burgeoning at-home workforce and expanding use of cloud services to deliver malware and gain access to sensitive data. According to an Analysis Report (AR20-268A) from the Cybersecurity and Infrastructure Security Agency (CISA), this new normal work environment has put federal agencies at risk of falling victim to […]
The post How CASB and EDR Protect Federal Agencies in the Age of Work from Home appeared first on McAfee Blogs.
Read More How CASB and EDR Protect Federal Agencies in the Age of Work from HomeIn the Financial Services Industry, 74% of Apps Have Security Flaws
Over the past year, the financial services industry has been challenged with pivoting its operations to a fully digital model, putting the security of its software center stage. Despite the unanticipated pivot, our recent State of Software Security v11…
Read More In the Financial Services Industry, 74% of Apps Have Security FlawsOne Step Beyond: Using Threat Hunting to Anticipate the Unknown
Article by Paul German, CEO, Certes NetworksA cyber threat could be lurking in any corner of an organisation’s infrastructure. The complex networks encompassing numerous smart and interconnected technologies make it easy for cybercriminals to hide, but…
Read More One Step Beyond: Using Threat Hunting to Anticipate the UnknownWhat You Need to Know About Among Us

Among Us – one of the Most Popular Online Game of 2020 (pictured credit: axel 795, Pixabay) If you have teens and you haven’t yet heard of ‘Among Us’ then I guarantee it won’t be long. Among Us is an online deception and strategy game that is having a real moment worldwide. Over the last […]
The post What You Need to Know About Among Us appeared first on McAfee Blogs.
Read More What You Need to Know About Among UsNewsBites Drilldown for the Week Ending 6 November 2020
Unravel the XDR Noise and Recognize a Proactive Approach

Cybersecurity professionals know this drill well all too well. Making sense of lots of information and noise to access what really matters. XDR (Extended Detection & Response) has been a technical acronym thrown around in the cybersecurity industry with many notations and promises. This can be intriguing and nagging for cybersecurity professionals who are heads down defending against the persistent adversaries. The intent of this blog is to clarify XDR and remove the noise and hype into relevant and purposeful cybersecurity […]
The post Unravel the XDR Noise and Recognize a Proactive Approach appeared first on McAfee Blogs.
Read More Unravel the XDR Noise and Recognize a Proactive ApproachNew Book! The Best of TaoSecurity Blog, Volume 3
Introduction I published a new book!The Best of TaoSecurity Blog, Volume 3: Current Events, Law, Wise People, History, and Appendices is the third title in the TaoSecurity Blog series. It’s in the Kindle Store, and if you have an Unlimi…
Read More New Book! The Best of TaoSecurity Blog, Volume 3Many of us will be working from home forever
The future of work is here, and for many of us it’s going to be from home.
Read More Many of us will be working from home foreverHelping Your Family Combat Digital Misinformation

Helping Your Family Combat Digital Misinformation If 2020 has taught us anything, it’s that our ability to think critically about the information we encounter online is now a fundamental life skill we need to learn, practice, and pass on to our offspring. But the actual task of teaching kids how to discern real and fabricated […]
The post Helping Your Family Combat Digital Misinformation appeared first on McAfee Blogs.
Read More Helping Your Family Combat Digital MisinformationThis Week in Security News: US Cyber Command Exposes New Russian Malware and REvil Ransomware Gang ‘Acquires’ KPOT Malware
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about eight new malware samples that were developed and deployed by Russian hackers in recent attacks. Also, read about how the operators of the REvil ransomware strain…
The post This Week in Security News: US Cyber Command Exposes New Russian Malware and REvil Ransomware Gang ‘Acquires’ KPOT Malware appeared first on .
Read More This Week in Security News: US Cyber Command Exposes New Russian Malware and REvil Ransomware Gang ‘Acquires’ KPOT MalwareHospitals need to practice their security hygiene just like handwashing
Three federal agencies – the FBI and the Departments of Homeland Security and Health and Human Services – issued a security alert for hospitals last week that they have credible evidence of an increased and imminent cybercrime threat to U.S. hospita…
Read More Hospitals need to practice their security hygiene just like handwashingOne Team Member Selflessly Provides Relief to COVID-19’s Front Line

By: Heiko, Senior Security Engineer, Germany I never could have imagined that what started as a national duty to volunteer in Germany would spark an innate passion of giving back to those in need during a time of crisis. For many years, German men were required to spend 15 months in the military after graduating […]
The post One Team Member Selflessly Provides Relief to COVID-19’s Front Line appeared first on McAfee Blogs.
Read More One Team Member Selflessly Provides Relief to COVID-19’s Front LineOperation North Star: Behind The Scenes

Executive Summary It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within the digital realm. The only transparency afforded is a limited view of victims, a malware sample, and perhaps the IP addresses of historical command and control (C2) infrastructure. The Operation North Star campaign we detailed […]
The post Operation North Star: Behind The Scenes appeared first on McAfee Blogs.
Read More Operation North Star: Behind The ScenesOperation North Star: Summary Of Our Latest Analysis

McAfee’s Advanced Threat Research (ATR) today released research that uncovers previously undiscovered information on how Operation North Star evaluated its prospective victims and launched attacks on organizations in Australia, India, Israel and Russia, including defense contractors based in India and Russia. McAfee’s initial research into Operation North Star revealed a campaign that used social media […]
The post Operation North Star: Summary Of Our Latest Analysis appeared first on McAfee Blogs.
Read More Operation North Star: Summary Of Our Latest AnalysisMcAfee Labs Report Reveals Continuing Surge of COVID-19 Threats and Malware

The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: November 2020. In this edition, we follow our preceding McAfee Labs COVID-19 Threats Report with more research and data designed to help you better protect your enterprise’s productivity and viability during challenging times. What a year so far! The first quarter of […]
The post McAfee Labs Report Reveals Continuing Surge of COVID-19 Threats and Malware appeared first on McAfee Blogs.
Read More McAfee Labs Report Reveals Continuing Surge of COVID-19 Threats and MalwareCyber Security Roundup for November 2020
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, October 2020.London’s Hackney Borough Council has been tight-lipped about “a serious cyber-attack” which …
Read More Cyber Security Roundup for November 2020Lessons from COVID: Futureproofing your IT infrastructure
2020 has seen IT executives dealing with major disruptions, and many are still uncertain about what IT will be like on the other side of the worldwide health crisis.To read this article in full, please click here(Insider Story)
Read More Lessons from COVID: Futureproofing your IT infrastructureSPOTLIGHT: Women in Cybersecurity

There are new and expanding opportunities for women’s participation in cybersecurity globally as women are present in greater numbers in leadership. In recent years, the international community has recognized the important contributions of women to cybersecurity, however, equal representation of women is nowhere near a reality, especially at senior levels. The RSA Conference USA 2019 held […]
The post SPOTLIGHT: Women in Cybersecurity appeared first on McAfee Blogs.
Read More SPOTLIGHT: Women in CybersecurityDraft FIPS 201-3 and Workshop: Personal Identity Verification (PIV) of Federal Employees and Contractors
NIST requests comments on Draft Federal Information Processing Standard (FIPS) 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors. This Standard defines common credentials and authentication mechanisms offering varying deg…
Read More Draft FIPS 201-3 and Workshop: Personal Identity Verification (PIV) of Federal Employees and Contractors