How Thinking Like an Attacker Makes You a Better Threat Hunter

In the race against cybercrime, like in a chess game, threat hunters are constantly trying to get one step ahead of the opponent, trying to predict what the next movement will be. Evidence suggests, however, that most organizations struggle to catch up with the pace, with their defenders (also commonly referred as blue teams) falling back into a mostly reactive position.

The post How Thinking Like an Attacker Makes You a Better Threat Hunter appeared first on McAfee Blogs.

Continue Reading

How Cyber Thugs Use Music and Celebrity Searches to Dupe Your Family

Like stockbrokers watch the market, cybercriminals keep an eye on the public’s latest obsessions. And, once they spot a trend in our search behavior, they know exactly where to plant malware links designed to steal personal information from our devices. Such is the case with Canadian pop-punk artist Avril Lavigne, who by no fault of …

The post How Cyber Thugs Use Music and Celebrity Searches to Dupe Your Family appeared first on McAfee Blogs.

Continue Reading

Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805

Apache Struts, an open-source web development framework, is prone to vulnerabilities. We wrote about CVE-2017-9791 in July. The latest is CVE-2017-9805, another remote code execution flaw actively being exploited, according to reports. This vulnerability affects the Struts plug-in Representational State Transfer (REST). Apache has updated Struts with Version 2.5.13 to fix this issue. In this post …

The post Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805 appeared first on McAfee Blogs.

Continue Reading

Do I Even Need to Secure the Cloud?

You share responsibility for securing your data in the cloud. What does that mean? More than anything else, that you understand where the layers of protection from your cloud provider ends, and your responsibility begins.   A storm awaits many companies as they move infrastructure, applications, and entire portfolios to cloud services.  Yet, the pace …

The post Do I Even Need to Secure the Cloud? appeared first on McAfee Blogs.

Continue Reading

Most Dangerous Celebrities 2017: #RT2Win a Hollywood Worthy Prize

“Hey hey, you you!” Did you hear that we released our 2017 Most Dangerous Celebrities List? This year marks the release of our 11th annual roundup of the Most Dangerous Celebrities—that is, the stars that are most likely to land you viruses when searched for online. Can you guess who took this year’s number one …

The post Most Dangerous Celebrities 2017: #RT2Win a Hollywood Worthy Prize appeared first on McAfee Blogs.

Continue Reading

Are You Click Bait? How to Calm Your Clicks and Keep Your Privacy Intact

It all feels so harmless. Who isn’t even alittle curious which celebrity is their look-a-like or what ’80s song best matches their personality? While some of these fun little quizzes and facial recognition-type games that pop up on social media are advertiser-generated and harmless, others have been carefully designed to steal your data. According to …

The post Are You Click Bait? How to Calm Your Clicks and Keep Your Privacy Intact appeared first on McAfee Blogs.

Continue Reading

Microsoft Kills Potential Remote Code Execution Vulnerability in Office (CVE-2017-8630)

Recently the McAfee IPS Research Team informed Microsoft about a potential remote code execution vulnerability in Office 2016 that McAfee discovered in March. Microsoft released a patch for this vulnerability this week with CVE-2017-8630. In this post, we will briefly discuss the vulnerability and its exploitability. The Problem While auditing PowerPoint, we came across an …

The post Microsoft Kills Potential Remote Code Execution Vulnerability in Office (CVE-2017-8630) appeared first on McAfee Blogs.

Continue Reading