McAfee launches Impact Report: How we’re doing and the opportunities ahead 

Read Time:2 Minute, 36 Second

Today, we publish our annual Impact Report. In our 2021 report, we highlight initiatives and share stories about our progress in creating a more inclusive workplace, supporting our communities, and protecting the planet.

Reflecting on 2021, it’s easy to see it was a monumental year for McAfee. Our business underwent an incredible transformation — we divested our Enterprise business and McAfee emerged as a worldwide leader for online protection, empowering individuals and families to live a safer life online. We also kicked off our journey to become a privately held company.

Our strides toward a better future

As we accelerate our journey as a dedicated consumer business and I evaluate our strides since our first report in 2018, I am humbled by our progress. In the last year, we’ve seen our representation for women reach 30.9% overall and for underrepresented professionals reach 14.8 percent. In addition, we’ve seen a 40% increase in the proportion of women promoted to director and above in the last year.

We maintained pay parity for women globally and underrepresented professionals in the U.S with our most recent audit revealing no disparities. We rolled out a new inclusion and awareness training and were recognized as the best company for multicultural women and dads. We prioritized our people’s well-being with a rollout of the Calm app, fitness challenges, and a week focused on wellness.

All the while, McAfee rose to meet the increased needs of our community with laptop donation programs and employee giving campaigns. We also made progress for sustainability redefining how and where we work.

The opportunities ahead to do better

However, it’s not lost on me that 2021 followed a year fraught with challenges that didn’t disappear with the end of 2020. And today, we continue to live and work against the backdrop of a global pandemic, respond to acts of racial injustice, and hear undeniable lived experiences of hate and intolerance.

It’s fueled our desire to do better. We know there is so much work to do and our responsibility to create an equitable workplace and world has never been greater. It’s the right thing to do and a business imperative—we rely on the fresh ideas and unique perspectives of the people of McAfee. Truthfully, it’s their tenacity and resiliency that inspire me.

Whether it’s showing up for one another during a COVID-19 surge, asking for more resources to become a better ally, or rallying around each other to prioritize health, our people are exceptional.

As we progress in 2022, grow as a consumer-focused business, and welcome our new President and CEO Greg Johnson, we will have the opportunity to take all we’ve learned and help turn our aspirations into reality. We will invest in our people, our community, and our planet, but also ask what we can do better.

I invite you to read our 2021 Impact Report to see our progress and our commitment.

The post McAfee launches Impact Report: How we’re doing and the opportunities ahead  appeared first on McAfee Blog.

Read More

New ransomware HavanaCrypt poses as Google software update

Read Time:52 Second

A new strain of ransomware has been making victims for the past two months, masquerading as a Google software update application and reusing an open-source password management library for encryption. Dubbed HavanaCrypt by researchers from Cybereason, the new ransomware program features anti-analysis, data exfiltration and privilege escalation mechanisms, but doesn’t seem to be dropping a traditional ransom note.

HavanaCrypt deployment

The researchers don’t have a lot of information about the initial access vector because the sample they analyzed was obtained from VirusTotal, a web-based file scanning service, where it was likely uploaded by a victim. What is clear is that the metadata of the malicious executable has been modified to list the publisher as Google and the application name as Google Software Update and upon execution it creates a registry autorun entry called GoogleUpdate. Based on this information, one could assume that the lure used to distribute the ransomware, either via email or the web, is centered around a fake software update.

To read this article in full, please click here

Read More

Why business email compromise still tops ransomware for total losses

Read Time:31 Second

While businesses are busy trying to protect themselves against ransomware attacks that spark headlines news, threat actors are sticking to one of the oldest and most effective hacking techniques—business email compromise (BEC).

Enterprise security has skewed toward ransomware in recent years, but FBI data highlights that  enterprises in aggregate are losing 51 times more money through BEC attacks. In 2021, BEC attacks in the US caused total losses of $2.4 billion, a 39% increase from 2020. In contrast, at the same time, companies in the US lost only $49.2 million to ransomware.

To read this article in full, please click here

Read More

Announcing: Code-free API log collection and parser creation

Read Time:3 Minute, 51 Second

AT&T Cybersecurity is pleased to announce a code-free way for our USM Anywhere customers to make their own API-driven log collectors and custom parsers. This big advancement in threat detection and response technology will make it possible for customers to collect information from a much larger variety of sources and SaaS services without having to request new integrations or log parsers.

The foundation of threat detection is visibility; this means visibility into internal network activity, user logins and behaviors, and cloud application access to name just a few examples. And visibility is data. But getting all this information from the cloud, on premises, and user endpoints has always been a challenge. Business transformation has completely changed where our data lives and how we need to collect it.

Two big trends have emerged: businesses are flocking to SaaS services of every description, and the internet of things has massively expanded the number and type of devices we want to collect data from—think security cameras, meeting room equipment, even building control systems and thermostats. These trends have conspired to make it very difficult for security vendors to keep up with the demand for data collection tools. Custom applications need to be written to talk to cloud APIs, and even if old-school syslog is used by legacy building control systems, parsers are required to normalize and enrich the data before it can be used to find threats.

AT&T is proud to announce Custom AlienApps and Custom Log Parsers

The Custom AlienApps feature empowers customers to create their own REST API applications for collecting data from any cloud service with an API for collecting events. To do this, customers do not need to understand how to code in any scripting languages, nor do they need any special skills. All they will need to do is complete a simple configuration dialogue and provide some relevant information, which includes authentication type, location of the log endpoint.

Once the app has been successfully configured by the customer, it will reach out to the SaaS service and download the events that are waiting there. However, as you may know, not all log event data is the same. There is no standard way to perform logging, nor is there one convention for how to format logs or name the keys used in logs. Logs are essentially key value pairs, and the USM platform must normalize these pairs in order for detection to work. For example, network logs usually have a field for the source IP address of the event the log refers to. Sometimes vendors use sourceip=, and sometimes they use source_ip=, source-ip=, etc.

Figure 1: App mapping

Normalizing the logs is the job of a parser. With the new Custom Log Parser feature, customers can build their own parser by dragging and dropping fields instead of waiting for an engineer to build one for them. (See figure 1.) Note that this step should be performed carefully because all data correlation will depend on it. This new feature allows customers to create parsers not only for their custom AlienApps, but also for any “Generic Log” imported via syslog or an S3 bucket. See figure 2 for a graphical view of this.

Figure 2: Custom Log Parsers – graphical view

These innovations join a host of others in the AlienApps log ingestion framework. (See figure 3.) Our log processing architecture is built to accommodate as many methods as possible, and we continue to evolve and add others. In addition to making their own AlienApps and parsers, customers can ingest logs via our roster of 36 Advanced AlienApps for various cloud services. And these apps also allow customers to respond to alarms by using the containment capabilities of the various security products in their network, such as endpoint self-isolation or adding a firewall.

Figure 3: AlienApp log processing architecture

The USM platform also supports traditional syslog, in standard format and CEF. We currently have more than 570 parsers for different products. Additionally, the platform will process logs that are sent to an Amazon S3 bucket and grab logs from the customer’s IaaS services. We recently added sensorless log collection for AWS with our Cloud Connector feature, and we collect endpoint logs using our agent or the SentinelOne EDR agent.

If you’d like to learn more about Custom AlienApps and Custom Log Parsers, you can find full documentation in the USM Anywhere Help section. If you’re interested in trying out these features and are not already a customer, we invite you to sign up for a free trial.

Read More

Why patching quality, vendor info on vulnerabilities are declining

Read Time:51 Second

Those who apply security patches are finding that it’s becoming harder to time updates and determine the impact of patching on their organizations. Dustin Childs of the ZDI Zero Day Initiative and Trend Micro brought this problem to light at the recent Black Hat security conference: Patch quality has not increased and in fact is getting worse. We are dealing with repatching bugs that weren’t fixed right or variant bugs that could have been patched the first time.

Childs also pointed out that vendors are not providing good information about the Common Vulnerability Scoring System (CVSS) risk to easily analyze whether to patch. The vendor might give a high CVSS risk score to a bug that wouldn’t be easily exploited. I am having to dig more into details of a bug to better understand the risk of not applying an update immediately. Vendors are adding obscurity to bug information and making it harder to understand the risk.

To read this article in full, please click here

Read More