A privilege escalation flaw in McAfee's True Key software remains open to exploitation despite multiple attempts to patch it. This according to researchers with security shop Exodus Intel, who claim that CVE-2018-6661 was not fully addressed with either of the two patches McAfee released for it. The flaw is an elevation of …

McAfee has pulled a version of its Endpoint Security software after folks reported the antivirus software was crashing their Windows machines. The security giant said it has taken down the August update for Endpoint Security 10.5.4, and is advising anyone who has downloaded it, but not installed, to hold off installing it. " …

A security vulnerability in "smart" power plugs can be exploited to infiltrate local computer networks. The flaw, spotted in Belkin's Wemo Insight smartplugs, would potentially allow an attacker to not only manipulate the plug itself, but also allow hopping to other devices connected to the same Wi-Fi home network. …

Hackers may be able to falsify patient vitals by messing with the traffic on hospital networks. Research from McAfee shows it’s possible to emulate and modify a patient’s vital signs in real time on a medical network using a patient monitor and a central monitoring station. Most patient monitoring systems comprise a minimum …

Roundup This week you had to deal with AI security panic, fake Fortnite, and, if you use OpenBSD, the end of Intel HyperThread support Here are a few more bits of security news that you might have missed. Ready or not, here comes two-factor Azure log-in Microsoft is going to get its customers using best practices, even if it has to …

Updated IBM’s cloud experienced an “unplanned event” that caused its McAfee-as-a-service offering to operate with sub-par performance for nearly a day. “At approximately 0347 AM UTC on June 20, engineers with Compute Infrastructure identified a database issue that necessitated the restoration of a key update repository for McAfee …

McAfee has moved to patch a bug that falls under the “didn’t you get the memo?” category: among other things, its free Security Scan Plus online tool retrieved information over HTTP – that is, in plain text. The potential man-in-the-middle vector exists not in the operation of the free online scan, but in the house ads and UI …

Ransomware scum are investing in customer service processes to get more people paying, according to McAfee's lead scientist and principal engineer Christiaan Beek. Speaking at the RSA Pacific and Japan conference in Singapore today, Beek said that ransomware victims share stories of their experiences handing over bitcoin. If …

Virus-fighting tech renegade John McAfee has settled his lawsuit in the US with Intel over his own name. A judge in Manhattan dismissed both the barmy baron's 2016 lawsuit and Intel's countersuit on Wednesday after they announced they had received agreement over how and when McAfee was allowed to use his own name. The full …

Cisco's adding McAfee's Advanced Threat Defense to platforms supported by its Email Security Appliance platform. The alliance is designed to make integration between the two systems easy – the Advanced Threat Defence (ATD) e-mail connector is a single checkbox in the McAfee UI, plus selecting permitted hosts and the file …

All eyes will be on Microsoft's April patch run - due tomorrow - to see whether Redmond gets ahead of a nasty Word zero-day that popped up last week. The hack exploits Object Linking and Embedding and the FireEye researchers who discovered the bug were working with Microsoft, but were pre-empted by a disclosure from McAfee. …

LOGO WATCH McAfee is McAfee again: the security company that Intel thought was worth US$7.68bn in 2010 and then sold 51 per cent of for $3.1bn in 2016 is now independent once more. McAfee LLC's new CEO, a chap named Christopher D. Young, has penned a letter setting out his stall. It's a minor masterpiece of ShinyHappyCorpSpeak™, …

The tech world's equivalent of Jarndyce and Jarndyce rolled back into a New York Court last week, with a judge refusing to grant John McAfee an injunction blocking Intel from transferring trademark rights to the name McAfee to a proposed cyber-security spin-off. Intel bought the name "McAfee" when it bought McAfee Associates …

McAfee has taken six months to patch 10 critical vulnerabilities in its VirusScan Enterprise Linux client. And these were nasty bugs as when chained they resulted remote code execution as root. Andrew Fasano, security researcher with MIT Lincoln Laboratory, says attackers can chain the flaws to compromise McAfee Linux clients …

Intel is selling off a majority stake in its security software arm – formerly known as McAfee – to private equity firm TPG, which will rename itself to, er, McAfee. Chipzilla absorbed McAfee Inc in 2010 for $7.68bn, and in 2014 it phased out the McAfee brand name. According to Intel, that software division is today valued at …

Some of the biggest names in the security software business have been compromised by a serious flaw that could allow a hacker to use the commercial security code to infiltrate computers. In March, researchers at security firm enSilo found a serious flaw in popular free antivirus engine AVG Internet Security 2015. They found …

McAfee's Enterprise Security Manager (ESM) needs patching, as smartly as you can manage, due to an administrator-level authentication bypass. The advisory here says “a specially crafted username” can get past the Security Information & Event Management logins without authentication, and without a password, “if the ESM is …

Intel Security is decommissioning bits of its software-as-a-service armoury. The newly-re-named outfit (We have nothing – NOTHING! to do with that oddball John McAfee) has emailed customers of its McAfee SaaS Endpoint Products and SaaS Email Protection and Archiving to let them know that as of January 11th next year it will …