February 7, 2012 - Many of you may have already noted this from Google’s home page, but for those not reading the fine print or not using Google: Today is International Safer Internet Day, which will have its 10th anniversary next year (if I counted right). (continue reading...) Read more
January 26, 2012 - The ShmooCon security conference takes place in Washington D.C. this weekend. There will be a good number of mobile and embedded talks, covering attacks on and defense of Bluetooth, Android, NFC, RFID, and more. Disposable computers A number of years ago (continue reading...) Read more
January 17, 2012 - Two weeks ago, I discussed the difficulties of obtaining relevant data regarding medical identity theft. I started my research in this field after I read some old stories on the Internet: Lind Weaver refused to pay hospital bills she received (continue reading...) Read more
January 17, 2012 - A recent social engineering attack that targeted Facebook accounts hit very close to home. One of my friends mentioned to me that his account was no longer accessible and that his password was not working. He even found his primary (continue reading...) Read more
January 5, 2012 - The topic of medical identity theft makes the headlines one or two time per year. In spite of its rarity, it’s worth delving into this subject. The elements that define private health information in the United States can be found in (continue reading...) Read more
December 31, 2011 - I heard a number of interesting mobile-related talks at the 28th Chaos Communications Congress (28c3) this week. Not every talk at the Congress was about newly discovered bugs or zero-day exploits; sometimes we got the building blocks necessary to better (continue reading...) Read more
December 30, 2011 - Multifunction printers (MFPs) have been common in offices for years. They let employees print, scan, and copy documents. Two separate talks at the 28th Chaos Communications Congress (28c3) show how attackers can infect these trusted office devices. Hacking MFPs In Andrei Costin’s (continue reading...) Read more
December 28, 2011 - Yesterday at the 28th Chaos Communications Congress (28C3), in Berlin, security researchers along with Karsten Nohl and Luca Melette showcased a number of flaws and solutions in GSM mobile phone networks. (continue reading...) Read more
December 17, 2011 - McAfee Labs Messaging Security recently observed a new malicious spam campaign pushing password-stealing Trojans associated with the Zeus/Zbot family. This campaign leverages several notable social engineering techniques. For admins and netizens familiar with contemporary email-borne threats, a message purporting an undeliverable (continue reading...) Read more
December 14, 2011 - Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader 9.4.6 and Reader 9.x Versions for Unix. This zero-day vulnerability (CVE-2011-2462) could allow an attacker (continue reading...) Read more
December 9, 2011 - In September, I had the pleasure of giving the keynote speech at “Hacktivity 2011″ in Budapest, Hungary. I was very excited to see the large audience, about 1,000 visitors, among them very serious and well-known security professionals, instructors, and security (continue reading...) Read more
November 3, 2011 - One of the most disruptive attacks to deal with in today’s threat landscape is the distributed denial of service attack, often called DDoS. Using the resources of many other computers, an attacker can focus a vast amount of packets and (continue reading...) Read more
November 2, 2011 - To celebrate the recent victory of the Tunisian Islamist party, the French satirical magazine “Charlie Hebdo” published a special issue in which it named the prophet Muhammad (also spelled Mohammad) as its editor-in-chief. Late night, the magazine’s offices in Paris (continue reading...) Read more
October 24, 2011 - Last week, there was quite a buzz in the mobile-malware researchers community about a new Android malware. It came to light not because of its sophistication or complexity but due to the simple method that it uses to spread. Most Android (continue reading...) Read more
October 21, 2011 - Malware is on the rise. At the beginning of 2008, our malware collection had 10 million samples. Today we have already surpassed 70 million. Most of the malicious samples are Trojans (backdoors, downloaders, fake alerts), but there (continue reading...) Read more
October 21, 2011 - In early April, I wrote about the famed “LizaMoon” SQL-injection attacks. I said it then, and I’ll say it again now: SQL-injection (SQLi) attacks are a constant. Some of these attacks are more visible than others. Some adversaries find intelligent ways to (continue reading...) Read more
October 21, 2011 - Following my previous blog on Francopol 2011, here are some data and slides from my own talk on the Anonymous Group. Anonymous circles are not the only component of hacktivism, merely a loose collection with the highest media profile. Other (continue reading...) Read more
October 19, 2011 - In my last post we discussed the most dangerous kind of vulnerabilities that we classify at McAfee Labs: remote code execution and denial of service. Today, we’ll talk about vulnerabilities that are not so dangerous, those we classify as (continue reading...) Read more
October 19, 2011 - Last week, I attended the Francopol conference on cybercrime in Nicolet, Canada, inside the impressive Quebec National Police School. As in 2010, I was impressed by the sessions and speakers taking part. Here are some elements I would like (continue reading...) Read more
October 18, 2011 - Stuxnet was possibly the most complex attack of this decade, and we expected that similar attacks would appear in the near future. One thing for sure is that the Stuxnet team is still active–as recent evidence has revealed. McAfee Labs (continue reading...) Read more