Tips & Advice

By Guilherme Venere, Ismael Valenzuela, Carlos Diaz, Cesar Vargas, Leandro Costantino, Juan Olle, Jose Luis Sanchez Martinez, AC3 Team Collaborators: ATR Team (Steve Povolny, Douglas McKee, Mark Bereza), Frederick House (FireEye) In this post we want to show how an endpoint solution with performant memory scanning capabilities can effectively detect active exploitation scenarios and complement

We’re online more than ever, in large part because it allows us to take advantage of online conveniences like bill pay and booking appointments. But these many benefits might also leave us exposed to risks, like identity theft. Identity theft is characterized by one person using another’s personal or financial data for their benefit. Cybercriminals

Most of us use the internet every day, so we’re comfortable sharing a lot of information online. However, cybercriminals want us to get a bit too comfortable so they can take our personal or financial data and use it for their benefit. This is called identity theft, and it can cost people money and may

What’s the difference between identity fraud and identity theft? Well, it’s subtle, so much so that it’s easy to use them nearly interchangeably. While both can take a bite out of your wallet, they are different—and knowing the differences can help you know understand what’s at stake.  Let’s start with an overview and a few examples of

Most of us take our skills for granted when it comes to technology. We move effortlessly between applications and multiple devices. We install new software, set up numerous accounts, and easily clear technical hurdles that come our way. Unfortunately, that picture isn’t the norm for many older adults.   Engaging with technology can be challenging for older adults. However, when digital literacy skills are neglected or avoided, everyday activities such as online bill paying, shopping, medical appointments, and

Log4j/Log4shell is a remote code execution vulnerability (RCE) in Apache software allowing attackers unauthenticated access into the remote system. It is found in a heavily utilized java open-source logging framework known as log4j. The framework is widely used across millions of enterprise applications and therefore a lucrative target for threat actors to exploit. The availability

How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part

The internet provides plenty of fun and exciting opportunities for you and your family, from sharing on social media to online shopping. To help you enjoy every minute of it, though, it’s good to be aware of what less savory characters are up to. And they sure have been busy. In fact, the U.S. Federal

Last week, I waved my 18-year-old off as he embarked on the Aussie school leaver’s rite of passage – Schoolies!! A week spent kicking up your heels and living life to the max without any parental supervision at all! Oh, the sleepless nights many of us parents have had! And once Christmas and New Year

Cybercriminals make people uneasy about the safety of their identity and online accounts. McAfee is your partner who’ll work tirelessly to restore your confidence in your online activities. Check out this roundup of privacy protection, identity protection, and device security best practices to boost your confidence in the safety of your personal information and technology.  Privacy Protection  Privacy protection means keeping the information you’d rather keep to yourself from getting

Before you take the fun-looking quiz that popped up in your social media feed, think twice. The person holding the answers may be a hacker.  Where people go, hackers are sure to follow. So it’s no surprise hackers have set up shop on social media. This has been the case for years, yet now social media-based crime is on the rise. In 2019, total reported losses to this

By Sriram P & Lakshya Mathur  Hancitor, a loader that provides Malware as a Service, has been observed distributing malware such as FickerStealer, Pony, CobaltStrike, Cuba Ransomware, and many more. Recently at McAfee Labs, we observed Hancitor Doc VBA (Visual Basic for Applications) samples dropping the payload using the Windows clipboard through Selection.Copy method.  This blog focuses on

Like many consumers around the world, you’re probably scouring the internet to find the perfect gifts for your friends and family in time for the holidays. While buyers prepare for the festivities, cybercriminals look for opportunities to scam shoppers with various tricks. In 2020, the FBI received over 17,000 complaints regarding goods that were never delivered, totaling losses of more than

Something’s not right. Maybe your phone is losing its charge way too quickly. Or one day it suddenly starts turning itself off and on again. Perhaps it’s running hot, so hot it’s hard to hold. Likewise, you might see outgoing calls that you never dialed or strange spikes in your data usage. Signs like these could mean that your smartphone’s been

Overview: On December 9th, a vulnerability (CVE-2021-44228) was released on Twitter along with a POC on Github for the Apache Log4J logging library. The bug was originally disclosed to Apache on November 24th by Chen Zhaojun of Alibaba Cloud Security Team. The impact of this vulnerability has the potential to be massive due to its

Several security researchers have recently reported a powerful software bug that could potentially affect thousands of popular websites, services, hosted apps, and even game servers—thanks to an apparent flaw that could allow hackers to compromise or take control of servers that run them.   Just as reported by the developers of the popular Minecraft game, this flaw potentially affects servers that run Twitter, Apple’s iCloud, the Steam gaming platform, and a growing number of others that may be vulnerable.  One research group

We all know the frustration. A new piece of tech isn’t working the way it should. Or maybe setting it up is simply turning into a royal pain. Grrr, right? Just make sure that when you go on the hunt for some help, you don’t let a tech support scam get the better of you.   Like so many scams out there, tech support scams play on people’s emotions. Specifically, the frustration you feel

Have you noticed that when parents gather, it doesn’t take long before the topic of kids and social media comes up. That’s because concern over screen time is a big deal, especially in this post-pandemic season. Parents want to know: How much is too much screen time? When should we step in? How do we reverse poor habits, and what will the lasting digital fallout of the lockdown be?   Device Dependence  These conversations weigh heavy on parents for a good reason. According

With the holidays on the horizon, spirits are high—and it’s those same high spirits that hackers want to exploit. ‘Tis the season for clever social engineering attacks that play on your emotions, designed to trick you into giving up personal info or access to your accounts.   Social engineering attacks unfold much like a confidence scam. A crook takes advantage of someone’s trust, applies a little human psychology to further fool

Your Cybersecurity Comic Relief  CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.”  Why am I here?  For all our newcomers, welcome to the Advanced Threat Research team’s monthly bug report – a digest of all the latest and greatest vulnerabilities from the last 30-ish days based on merits just

You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in a taxi or lost an expensive ring down the drain. You never let your smartphone out of your sight, yet one day you notice it’s acting oddly.   Did you know that your device can fall into cybercriminals’ hands without

You open up your laptop and check the daily news. You see a headline stating that one of your favorite online retailers was breached and that thousands of their customers’ passwords were exposed. Data breaches like this frequently appear in the news, but many consumers don’t realize the implications these breaches have on their personal privacy. When data breaches occur, oftentimes billions of these hacked login credentials become available on the dark

And just like that, the holidays are here! That means it’s time to grab your devices and credit cards for some online holiday shopping. But while you plan to share the merry and shop for gifts, criminals are preparing some not-so-festive tricks of their own. Let’s unwrap the top four phishing scams that users should beware

I think it’s fair to say that come to next Australia Day, there needs to be a special award category for parents of young children who survived home learning during the lockdowns. Let’s be honest – it’s been brutal! So many parents had to juggle their own full-time work, running a household, AND supervising a

Online is a little different for everyone How do you connect online these days? I’ll give you an example from my own life: From my 15-year old son to my 80-year-old mother, not one of us leaves the house without our phone. And today, there isn’t a single thing you can’t do on your phone. It’s the minicomputer that goes where you go.  This

Relying on the kindness of strangers is not an ideal strategy for CISOs and CIOs. And yet that is the precise position where most find themselves today while trying to battle cybersecurity issues across their supply chain. While these supply chains have plenty of their own challenges, such as global disruptions of distribution, our recent

We’ve all fallen for clickbait. Sometimes it’s a juicy headline designed to spark curiosity and drive traffic to a specific website. Other times it’s a quiz that will magically reveal your celebrity look-alike. While the innocent click connected to most clickbait is seemingly harmless, some clickbait can install dangerous malware onto your devices.  According to the FBI’s Crime Complaint Center’s 2020

The time to repurpose vulnerabilities into working exploits will be measured in hours and there’s nothing you can do about it… except patch By Fred House 2021 is already being touted as one of the worst years on record with respect to the volume of zero-day vulnerabilities exploited in the wild. Some cite this as

Threat Summary On November 17, 2021, The US Cybersecurity & Infrastructure Security Agency (CISA) pushed an Alert entitled “Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities” which you need to pay attention to if you use Microsoft Exchange or Fortinet appliances. It highlights one Microsoft Exchange CVE

If you find that your email has been hacked, one of your immediate reactions is wondering what you should next.   The answer: take a deep breath and jump into action. There are five steps can help you prevent or minimize any damage done by a compromised account.  So why do hackers go after email accounts? Fact is, that email account of yours is