The ongoing rash of data leaks caused by misconfigured clouds is the result of companies having virtually no visibility into how their cloud instances are configured, and very little ability to audit and manage them. This less-than-sunny news comes courtesy of the team at McAfee, which said in its latest Infrastructure as a …

Brit retailer Dixons has lashed back at McAfee's £30m High Court broadside, saying it was entitled to promote rival antivirus (AV) tech from Symantec if McAfee's software wouldn't work on Windows 10S devices. Not only was McAfee trying to punt AV onto devices it simply wouldn't run on, Dixons argued in legal filings seen by …

RoundupHere is your friendly summary of recent news from the front lines of information security beyond everything else we've already reported. Our vultures have also spent the past week or so flying around Las Vegas, keeping a close eye on what is essentially hacker comic con. Follow these links for our Black Hat, DEF CON, and …

A 20-year-old man from the Netherlands accused of building and selling Office macro malware was arrested Wednesday. The Dutch National Police's Office of the Team High Tech Crime (THTC) unit claimed the unnamed bloke, cuffed while on his computer as cops swooped on his home, was responsible for building, selling, and …

McAfee is suing former senior salespeople whom it alleges stole company trade secrets when they moved to a rival security vendor. Three former "highly compensated" sales staffers, named in court documents as Jennifer Kinney, Percy Tejeda and Alan Coe, are said to have moved to rival antivirus endpoint security company Tanium …

John McAfee has been ordered to cough up $25m for the wrongful death of Gregory Faull, his former neighbor in Belize, but refuses to pay and claims he has no assets. The decision [PDF] by a US federal district judge in Florida was entered by default after former antivirus baron McAfee refused to respond to the lawsuit, brought …

RSAMcAfee – the infosec company, not that weird bloke – says rather than worry about ultra-smart AIs causing havoc all by themselves, we should instead focus on stopping the human element: the miscreants with their hands on the levers. Speaking today at this year's RSA conference in San Francisco, McAfee chief technology officer …

McAfee (the antivirus firm, not John the dodgy "playboy") reckons the Sharpshooter malware campaign it uncovered in late 2018 is the work of North Korean hacking crew the Lazarus Group. Thanks to data from a command-and-control server that was "provided to McAfee for analysis by a government entity that is familiar with McAfee …

Hackers are targetting critical infrastructure providers, including nuclear power and defense agencies, in what may be a state-sponsored attack that's hiding behind North Korean code. Discovered by McAfee and dubbed "Sharpshooter", the operation has been running since November, largely focusing on US-based or English-speaking …

Infosec personality John McAfee has been found legally "liable" via a default judgment for the death of his neighbour, who was found dead from a gunshot wound to the head in his Belize home in 2012. The ruling (PDF) was made yesterday in a Florida district court as part of a five-year legal battle by Gregory Faull’s estate …

The average business has around 14 improperly configured IaaS instances running at any given time and roughly one in every 20 AWS S3 buckets are left wide open to the public internet. These are among the grim figures rolled out Monday by researchers with McAfee, who say that security practice has not kept up with the rapid …

A privilege escalation flaw in McAfee's True Key software remains open to exploitation despite multiple attempts to patch it. This according to researchers with security shop Exodus Intel, who claim that CVE-2018-6661 was not fully addressed with either of the two patches McAfee released for it. The flaw is an elevation of …

McAfee has pulled a version of its Endpoint Security software after folks reported the antivirus software was crashing their Windows machines. The security giant said it has taken down the August update for Endpoint Security 10.5.4, and is advising anyone who has downloaded it, but not installed, to hold off installing it. " …

A security vulnerability in "smart" power plugs can be exploited to infiltrate local computer networks. The flaw, spotted in Belkin's Wemo Insight smartplugs, would potentially allow an attacker to not only manipulate the plug itself, but also allow hopping to other devices connected to the same Wi-Fi home network. …

Hackers may be able to falsify patient vitals by messing with the traffic on hospital networks. Research from McAfee shows it’s possible to emulate and modify a patient’s vital signs in real time on a medical network using a patient monitor and a central monitoring station. Most patient monitoring systems comprise a minimum …

RoundupThis week you had to deal with AI security panic, fake Fortnite, and, if you use OpenBSD, the end of Intel HyperThread support Here are a few more bits of security news that you might have missed. Ready or not, here comes two-factor Azure log-in Microsoft is going to get its customers using best practices, even if it has to …

UpdatedIBM’s cloud experienced an “unplanned event” that caused its McAfee-as-a-service offering to operate with sub-par performance for nearly a day. “At approximately 0347 AM UTC on June 20, engineers with Compute Infrastructure identified a database issue that necessitated the restoration of a key update repository for McAfee …

McAfee has moved to patch a bug that falls under the “didn’t you get the memo?” category: among other things, its free Security Scan Plus online tool retrieved information over HTTP – that is, in plain text. The potential man-in-the-middle vector exists not in the operation of the free online scan, but in the house ads and UI …