February 17, 2021

Index Engines released an API-based developer’s kit to support the integration of CyberSense software’s analytics and reporting into third-party backup and storage platforms. CyberSense delivers API’s that support full-content indexing of data, alerts …

Read More Index Engines releases API-based developer kit for integration of data integrity software Cybersense

Optiv Security announced new capabilities to help clients navigate Cybersecurity Maturity Model Certification (CMMC), a set of DOD regulations aimed at keeping the United States government supply chain safer by requiring 300,000+ defense contractors to…

Read More Optiv announces new capabilities to help clients navigate Cybersecurity Maturity Model Certification

Digital Wellness

How 2020 Has Shaped The Way We Live Our Lives I’ve had such a busy morning! I’ve hunted down my favourite foundation, bought a puzzle mat, stocked up on special dog food for our naughty new puppy, ordered the groceries, made a few appointments and chatted with several friends. And guess what? I haven’t left […]

The post How 2020 Has Shaped The Way We Live Our Lives appeared first on McAfee Blogs.

Read More How 2020 Has Shaped The Way We Live Our Lives

The US DOJ charged three members of the North Korea-linked Lazarus Advanced Persistent Threat (APT) group. The U.S. Justice Department indicted three North Korean military intelligence officials, members of the Lazarus APT group, for their involvement in cyber-attacks, including the theft of $1.3 billion in money and crypto-currency from organizations around the globe. The indictment […]

The post US DoJ charges three members of the North Korea-linked Lazarus APT group appeared first on Security Affairs.

Read More US DoJ charges three members of the North Korea-linked Lazarus APT group

Android App Malware

We’ve all come to a realization that we don’t go anywhere without our phone. It’s a utility that helps us navigate our daily lives: directions, schedules, shopping, discounts, banking, and so on. And as our reliance on our smartphone continues to grow, it’s no wonder that hackers have taken notice. This time, it’s another case […]

The post Millions Affected by Malware Attributed to Android Barcode-Scanning App  appeared first on McAfee Blogs.

Read More Millions Affected by Malware Attributed to Android Barcode-Scanning App 

The U.S. Justice Department today unsealed indictments against three men accused of working with the North Korean regime to carry out some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017, and the theft of roughly $200 million and attempted theft of more than $1.2 billion from banks and other victims worldwide.

Read More U.S. Indicts North Korean Hackers in Theft of $200 Million

Use of “domain age” is a feature being promoted by various firewall and web security vendors as a method to protect users and systems from accessing malicious internet destinations. The concept is to use domain age as a generic traffic filtering parameter. The thought is that hosts associated with newly registered domains should be either […]

The post Domain Age as an Internet Filter Criteria appeared first on McAfee Blogs.

Read More Domain Age as an Internet Filter Criteria

Alert fatigue is a top of mind challenge when it comes to security monitoring. As a result, organizations are constantly trying to improve their human capabilities, processes, and technology to address the challenge. Microsoft is uniquely positioned to take on this problem by tapping into the end-to-end capabilities of our Extended detection and response (XDR) offering that doesn’t just span the key security domains of concern but is also tightly integrated across those domains and powered by intelligence.

The post 6 strategies to reduce cybersecurity alert fatigue in your SOC appeared first on Microsoft Security.

Read More 6 strategies to reduce cybersecurity alert fatigue in your SOC

Malvertising gang ScamClub has exploited an unpatched zero-day vulnerability in WebKit-based browsers in a campaign aimed at realizing online gift card scams. The Malvertising gang ScamClub has abused an unpatched zero-day vulnerability in WebKit-based browsers to bypass security measures and redirect users from legitimate sites to websites hosting online gift card scams. The malvertising campaign […]

The post ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams appeared first on Security Affairs.

Read More ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams

texting slang

The McAfee Advanced Threat Research (ATR) team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. We recently investigated and published several findings on a personal robot called “temi”, which can be read about in detail here. A byproduct of our robotic research was […]

The post Don’t Call Us We’ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK appeared first on McAfee Blogs.

Read More Don’t Call Us We’ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK

Mobile Conferencing Apps Carry Risks

Hang Up on Hackers: Protect Yourself from Mobile App Video Conferencing Vulnerabilities Whether they’re attending regular work meetings or catching up with extended family across the globe, many people leverage video conferencing to better connect with others – a process that will likely continue as our world only becomes more digital. But as the rapid adoption of video […]

The post Hang Up on Hackers: Protect Yourself from Mobile App Video Conferencing Vulnerabilities appeared first on McAfee Blogs.

Read More Hang Up on Hackers: Protect Yourself from Mobile App Video Conferencing Vulnerabilities

Today’s podcast reports on the security of the file-sharing Android app ShareIt questioned, a new payment card skimmer found in the US and the hack of a French IT monitoring application discovered
The post Cyber Security Today – Security of file-sharin…

Read More Cyber Security Today – Security of file-sharing Android app questioned, a new payment card skimmer found and hack of a French IT monitoring application discovered

French software firm Centreon announced this week that the recently disclosed supply chain attack did not impact its paid customers. The French security agency ANSSI recently warned of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates […]

The post Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software appeared first on Security Affairs.

Read More Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software

Interesting research on persistent web tracking using favicons. (For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.)

Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and practitioners alike. This has resulted in users becoming more privacy-cautious and browser vendors gradually adopting countermeasures to mitigate certain forms of cookie-based and cookie-less tracking. Nonetheless, the complexity and feature-rich nature of modern browsers often lead to the deployment of seemingly innocuous functionality that can be readily abused by adversaries. In this paper we introduce a novel tracking mechanism that misuses a simple yet ubiquitous browser feature: …

Read More Browser Tracking Using Favicons