Category Archives: McAfee ePO antivirus

10 Most Dangerous Celebrities in 2017

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

McAfee Inc. conducted the 11th annual McAfee Most Dangerous Celebrities study, which reveals which celebrities generate the most “dangerous” search results, & make the biggest risk for users browsing the web.

Most Dangerous celebrities 2017

How we done it?

McAfee conducted this study by using McAfee WebAdvisor site ratings to determine the number of risky websites generated by searches on Google, Bing and Yahoo!, that included a celebrity name and search terms likely to yield potentially malicious websites in the results. So, which celebs gives us the most cause for concern? Here’s our top 10 list:

There’s two key factors as to why A-lister Avril Lavigne takes the top spot. Oddly, she’s the target of an internet conspiracy theory that suspected the real Avril died and was replaced by an imposter. And it’s far from surprising that an internet conspiracy lead to unreliable sources and sketchy sites. The second reason is that in late 2016 Lavigne announced that she was working on a new album that will be released before the end of 2017. And unfortunately, content searches for new music lead many into uncertain areas of the internet.

For example — “Avril Lavigne + free mp3” was by far the riskiest way to search for Avril Lavigne content and resulted in a risk percentage of nearly 22%. In fact, musicians dominated this year’s list because of the dangers of searching for “free mp3,” which accounted for approximately 40% of the risky websites. Free torrent accounted for 36% of risky websites and free mp4 accounted for 24% of risky websites.

So, where do cybercriminals come in to all of this? Hackers know that consumers are looking for the latest album and movie releases from their favorite celebrities, and can use this against consumers to steal personal information. They love to leverage downloadable content like music or video files to entice consumers to visit potentially malicious websites designed to install malware.

So, since music could lead to malware, the next question is, how do you ensure your favorite artist doesn’t cost you your personal data? For starters, follow these tips:

  • Be careful what you click. Are you looking for a sneak-peak at Avril Lavigne’s rumored 2017 album? It’s best to wait for the official release than to visit a third-party website that could contain malware.
  • Searching for free MP3s? Be careful! Searching for “free MP3” returned the highest number of risky websites, so it’s important for consumers to be vigilant and ensure they are searching safely. If a website comes up that doesn’t seem 100% trustworthy, avoid paying it a visit.
  • Always browse with security protection. Whether you’re eager to learn more about your favorite artist’s background, or just discover new music, it’s important that you search the web safely. A tool such as McAfee WebAdvisor can help keep you safe by identifying malicious websites and warning the user before they click.

Source : mcafee-antivirus-setup

McAfee.com/activate : Blog

Cloud Network Security for Amazon Web Services

Activate-Mcafee-product

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

Security mammoth McAfee has declared the dispatch of another virtual security stage for Amazon Web Services (AWS) which intends to give propelled insurance to organizations working in people in general cloud.

The new item, named the Virtual Network Security Platform (vNSP), has been intended to secure workloads on AWS against cutting edge malware which can achieve a business through different channels, including cross-site scripting, SQL infusion assaults and botnets.

The risk in these cases likewise develops in the event that one virtual server is traded off, as malware can be exchanged to other powerless machines in a similar client condition.

As indicated by a McAfee release in lieu of observing the whole system section, the new vNSP works at the individual workload level. The organization contends this guarantees perceivability of between section activity, counteracts single purpose of disappointment hazard and uses security assets more productively than customary strategies.

View image on Twitter

‘AWS makes a considerable measure of progress, for example, security of the cloud, however clients are as yet in charge of their security in the cloud — including securing their working frameworks, applications and information movement,’ remarked Shishir Singh, VP and general administrator of the Network Security specialty unit at McAfee.

‘While firewall setups are imperative, security groups and cloud planners need to address misuse counteractive action, malware assurance and pick up perceivability into the parallel development of dangers. With McAfee Network Security Platform, clients can move past the essentials to more refined assurance of their cloud arrange,’ he included.

The security supplier is currently permitting free early sees of the innovation in 72-hour ‘test drive’ trials. Clients will have the capacity to direct tests to mirror certifiable digital assaults, design approach and audit the announcing dashboards.

Source : mcafee-antivirus-setup

McAfee.com/activate : Blog

Intel Security to become McAfee in 2017

Intel-Security-to-become-McAfee-in-2017

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

Intel Security is set to end up McAfee in April 2017, as per Chris Young, Intel Security general supervisor and future CEO of the new organization, in which Intel will hold a 49% stake.

“When we turn into an autonomous organization, we will be one of the biggest unadulterated play digital security organizations on the planet,” he told Intel Security’s yearly Focus meeting in Las Vegas.

“Not just will we be one of the biggest, however we won’t rest until we accomplish our objective of being the best,” said Young.

This is the principal Focus occasion since Intel reported arrangements to turn off its security business as a free organization in association with venture firm TPG, five years in the wake of procuring McAfee.

Young focused on his vision for the new company, its roadmap for achieving that, the need for rapid innovation and the importance of cross-industry collaboration.

“One of the things I love about this conference is that we all come together to find ways to win, to work together,” he said.

First, Young highlighted the publication of the book The Second Economy – the race for trust, treasure and time in the cyber security war.

The main objective of the book is to help chief information security officers (CISOs) communicate the battles facing everyone to others in the c-suite.

“So that we can recruit them into our fight. We need to enlist others on our journey if we are to be successful,” he said.

Challenging assumptions

The book is also aimed at encouraging information security professionals to challenge their own assumptions.

“I plan to send two copies of this book to the winner of the US presidential election, because cyber security is going to be one of the most important topics they could possibly face,” said Young.

“The book is about giving more people a view of the dynamism of what we face in cyber security, which is why we have to challenge our assumptions continually,” he said. “That is why we challenge our assumptions in the book as well as our assumptions about what we do every day.”

Young said Intel Security had been asking thousands of customers to challenge the company’s assumptions over the past 18 months so it can improve.

“This week, we are going to bring a lot of that feedback to life in the delivery of a tremendous amount of innovation across our entire portfolio,” he said.

Young then used a video to underline the message that the McAfee brand is built on the belief that there is power in working together, and that no one person, product or organisation can provide total security.

By enabling protection, detection and correction to work together, the company believes it can react to cyber threats faster.

By linking products from different providers to work together, the company believes the security of networks becomes better. By bringing companies together to share threat intelligence, better ways can be found to protect each other.

The company said cyber crime is the greatest challenge of the digital age, and this can only be overcome by working together. It revealed a new tagline: “Together is power”.

The video also revealed the new independent company’s logo, which Young called a symbol of its new beginning and a visual representation of what is core to the company’s strategy.

“The shield means defence, and the two interlocking components are a symbol of the togetherness we are about in the industry,” he said. “The red colour is a callback to our legacy in the industry.”

Three main reasons for independence

According to Young, there are three main reasons behind the decision to become an independent company.

First, is to be completely focused on cyber security at a company level, solving customers’ cyber security problems and dealing with customers’ cyber security challenges.

Second is innovation. “Because we are committed and dedicated to cyber security alone at company level, our innovation is centred around it,” said Young.

Third is growth. “Our industry is moving faster than any other sub-segment of IT. We have to grow as quickly, if not more quickly than everything that is happening in our space,” he said.

The new company will have 7,500 employees and more than $2bn in revenue with a growing profit base.

“The challenges in our industry have moved on and so must we,” said Young. “We are looking forward, and will accelerate what we are doing as a new organisation so we can be better at solving security challenges in the future.”

He added that in the past year, the company has invested more than $500m in research and development.

Record numbers

According to Young, the company also has 21% more engineers than at the start of 2016, as well as 25% more product managers and 19% more professional services staff, with another 11% to come in the next few months.

“This week, we are announcing 18 new product and partner innovations – a release across every single part of our product portfolio, in addition to the integration of new partners. It is a record number of solutions and innovations for any year in this company’s history,” he said.

He detailed some of these innovations, before announcing the company’s decision to make the McAfee data exchange layer (DXL) available to everyone in the industry for real-time threat intelligence sharing between different point products in their infrastructure.

“We are doing this because it is the right thing for our industry in order to move forward,” he said, calling on attendees to challenge every supplier they do business with to integrate with DXL.

“There are no more excuses. In the past, suppliers said they could not integrate with DXL because they first had to become members of the Intel Security Innovation Alliance. But there is no excuse now. It is open. Everybody can use it,” said Young.

Source : mcafee-antivirus-setup

McAfee.com/activate : Blog

New Server Security Release Makes Borderless Cloud Security a Reality

McAfee_Antivirus_Protection

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

Cloud Workload Discovery, initially declared in July 2016, secured Amazon Web Services (AWS) and Microsoft Azure. Cloud Workload Discovery for crossover cloud, accessible on December 15, 2016 stretches out scope to VMware and OpenStack private mists.

As the half and half server farm extends, finding the blind sides continues getting harder. Associations battle to survey their end-to-end security pose for workloads and stages, screen and ensure workloads over all mists and keep up administrative consistence.

Cloud Workload Discovery for crossover mists gives end-to-end perceivability into all workloads and their basic stages to make borderless cloud security a reality. With profound perceivability, appraisal and remediation for register, stockpiling, and system as appeared in the chart underneath, associations can evaluate end-to-end security act (workloads and stages), screen and ensure workloads over all private and open mists and keep up administrative consistence.

How Cloud Workload Discovery Works

Cloud Workload Discovery for hvbrid cloud provides three main capabilities:

  • Discovery of weak security controls for VMware, OpenStack, AWS and Microsoft Azure
  • Platform security audit, including firewall and encryption settings, for AWS and Microsoft Azure
  • Traffic and network threat visibility for AWS.

These insights lead to faster detection while while McAfee® ePolicy Orchestrator® (McAfee ePOTM)  or DevOps tools such as Chef, Puppet, and OpsWorks enable quick remediation.


Cloud Workload Discovery’s integration with McAfee ePO, a single management platform with simplified workflows, gives organizations effective control to help implement security solutions across physical, virtual and cloud environments.  Since Cloud Workload Discovery is agentless and powered by API integration with cloud providers, security administrators just enter their cloud account credentials in McAfee ePO to instantly discover workloads, address threat alerts and enforce policies.   Quick time to value and a low learning curve mean that you can significantly improve your cloud workload security with minimal involvement from your IT Security team.

Source : mcafee-antivirus-setup

McAfee.com/activate : Blog

Release Schedule Change – 5900 Anti-Malware Engine Beta Refresh

Activate-Mcafee-product

The McAfee Anti-Malware Engine, a core component of the McAfee Endpoint and Gateway products, uses patented technology to analyze potentially malicious code to detect and block Trojans, viruses, worms, adware, spyware, and other threats.

The 5900 Anti-Malware Engine Beta Refresh and VirusScan Command Line 6.1.0 Beta release schedule has changed to take an opportunity to further improve the engine performance in relation to new JavaScript versions, based on work done during the previous Beta cycle.

New planned schedule
5900 Engine Beta 3 – January 17, 2017
VirusScan Command Line 6.1.0 products Beta 3 – by January 21, 2017
Release Candidate (RC) packages of 5900 Engine and VirusScan Command Line 6.1.0 products – mid-February 2017
5900 Engine (Elective download) general availability (GA) and VirusScan Command Line 6.1.0 products GA – late February 2017
5900 Engine (AutoUpdate) GA – late April 2017

New features in the 5900 Anti-Malware Engine

The 5900 Anti-Malware Engine is a yearly Engine release that will succeed the current 5800 Engine and includes the following improvements:

Detection and Performance Enhancements:

Enhanced support of JavaScript to detect more threats.
Improved support for Microsoft Office (OLE) file format.
Improved unpacking of Dotfuscator and MPRESS packed files.
Enhancements to DAT content to improve predictability of content processing.

Platform Enhancements
New Platform Support
Windows 10 Anniversary Update
Windows Server 2016

Where are the Beta/RC Packages available?
They are available from the Engines area of the McAfee Enterprise Beta site: http://www.mcafee.com/us/beta/public-betas/engines/5900-anti-malware-engine.aspx

For complete information about the 5900 Anti-Malware Engine, see KB66741: https://kc.mcafee.com/corporate/index?page=content&id=KB66741

Source : mcafee-antivirus-setup.com

McAfee.com/activate : Blog

McAfee Launches Free Tool That Removes Pinkslipbot Leftovers That Use Your PC as Proxy

mcafee-antovirus-pro

 

McAfee launched AmlPinkC2 free tool which is window command line application. It deletes remnant files of Pinkslipbot infections that permission the malware to continue to use the previously infected computers as proxy relays, even if the original malware’s binary has been hose downed and removed from infected hosts.

typical Pinkslipbot control server

System Requirement:

To use this tool, you must have:

  • A computer running Windows XP or higher
  • An active network connection

What is the Pinkslipbot?

what is the pinkslipbot

Pinkslipbot is a banking trojan that became visible in 2007 and is also tracked under three other names, such as Qakbot, Qbot, and PinkSlip.

This banking trojan isn’t always active, and it keeps coming back in waves, as part of very well-planed campaigns. In the past years, numerous cyber-security companies have tracked its attacks and broken down its different versions [1, 2, 3, 4, 5, 6, 7, 8, 9, 10].

The most recent campaign was spotted by IBM security researchers, who noticed Pinkslipbot versions that caused Active Directory lockouts on infected computers.

McAfee finds new wrinkle in Pinkslipbot infections

One of the companies that have historically tracked Pinkslipbot campaigns is McAfee. Its researchers presented an analysis of the trojan’s C&C server infrastructure and its method C&C communications at last year’s Virus Bulletin security conference.

Last week, while looking over past and present Pinkslipbot campaigns, researchers found a new wrinkle in the trojan’s mode of operation.

Researchers say Pinkslipbot authors are much clever than they initially thought. According to McAfee, besides stealing the user’s data, the banking trojan also uses infected hosts as proxy servers to relay information from the central C&C server to other infected hosts, in a mesh-like network.

New McAfee tool removes last remnants of Pinkslipbot infections

According to McAfee, most security tools remove only the malware’s main binaries, crippling the trojan’s ability to collect passwords from infected hosts.

These Pinkslipbot removal procedures leave intact the code that creates these proxy servers, which run via the Windows UPnP (Universal Plug and Play) service.

McAfee’s new tool will remove these remaining files and prevent Pinkslipbot from using users’ PCs to relay C&C commands or to hide the exfiltration of stolen data through a mesh of proxies.

Source : mcafee-antivirus-setup.com

McAfee.com/activate : Blog

Dangerous hole found in McAfee ePO antivirus central management suit

mcafee-antovirus-pro

Intel Security’s McAfee has released a patch for a critical SQL injection flaw in ePolicy Orchestrator or ePO, its admin console used to centrally manage software and antivirus on tens of millions of enterprise devices worldwide.

Cisco’s Talos security team disclosed details of the issue today, warning that anyone on the web can send a specially crafted HTTP POST in an SQL query that causes an ePO database to spill enough information to profile users or monitor IT infrastructure.

“An attacker can use any HTTP client to trigger this vulnerability,” Talos researchers said.

ePO is used by 30,000 enterprise customers worldwide, and is responsible for keeping 60 million devices secure, according to McAfee.

McAfee has given the bug the highest CVSS v3 Base score of 10.0, noting that the bug is not complex to exploit and doesn’t require user privileges or interaction.

Affected products include ePO 5.1.3 and earlier and ePO 5.3.2 and earlier. The company has released hotfix files to address the issue.

Security admins use the ePO console to centrally manage antivirus and software polices via software agents that are installed on endpoint devices. Talos researchers discovered that the bug can also be used to impersonate these agents and cause information disclosure.

McAfee ePO antivirus central management suit

Given ePO’s role in managing endpoint antivirus, the software is likely to be an attractive target to attackers. It serves as yet another reminder that flaws in security software can widen a user’s attack surface, as a former Mozilla engineer highlighted recently.

“Vulnerabilities like this can allow deep insight into the organization without an attacker requiring any privileged access to centralized platforms such as Active Directory, with this access an attacker can profile users and the infrastructure passively,” said Talos.

Talos says the vulnerability lies within the application server for ePO’s Apache Tomcat-based administrator management console. The server is reachable via the console directly, or by way of a custom protocol, known as SPIPE, that hands off communication between agents and the console.

Talos’ detailed writeup is available here, where it explains that to mitigate this attack ePO customers can shut off direct access to the console and limit it to SPIPE.

“To ensure that an attacker does not have direct access to the vulnerability and instead has to use just SPIPE as an agent, verify that port 8443 that the McAfee ePolicy Orchestrator Console is bound to is inaccessible by ePolicy Orchestrator’s agents and can only by accessed by Administrators,” wrote Talos.

Source : mcafee-antivirus-setup.com

McAfee.com/activate : Blog