Original release date: January 15, 2015 The Internet Crime Complaint Center (IC3) has issued an alert addressing a spear phishing scam targeting university employees and their payroll accounts. Scam operators use fraudulent e-mails and websites to entice employees to reveal login credentials. Users are encouraged to review the IC3 Aler t for details and refer to Security Tip ST04-014 for information on social engineering and phishing attacks.
This video explains how to use the McAfee Enterprise Security Manager Integration with Threat Intelligence Exchange. Additional information about the McAfee SIEM solutions and McAfee Enterprise…
This video explains how to use Global Threat Intelligence integration with McAfee Enterprise Security Manager, and demonstrates some of the new features that it offers. Additional information…
Vulnerability Note VU#533140 Tianocore UEFI implementation reclaim function vulnerable to buffer overflow Original Release date: 05 Jan 2015 | Last revised: 12 Jan 2015 Overview The reclaim function in the Tianocore open source implementation of UEFI contains a buffer overflow vulnerability. Description The open source Tianocore project provides a reference implementation of the Unified Extensible Firmware Interface (UEFI). Some commercial UEFI implementations incorporate portions of the Tianocore source code
Vulnerability Note VU#976132 Some UEFI systems do not properly secure the EFI S3 Resume Boot Path boot script Original Release date: 05 Jan 2015 | Last revised: 05 Jan 2015 Overview Some UEFI systems fail to properly restrict access to the boot script used by the EFI S3 Resume Boot Path, allowing an authenticated, local attacker to bypass various firmware write protections. Description According to Rafal Wojtczuk and Corey Kallenberg of The MITRE Corporation: “During the UEFI S3 Resume p at h, a boot script is i nterpreted to re-initialize the platform
Vulnerability Note VU#533140 UEFI EDK1 vulnerable to buffer overflow Original Release date: 05 Jan 2015 | Last revised: 05 Jan 2015 Overview The EDK1 UEFI reference implementation contains a buffer overflow vulnerability. Description The open source EDK1 project provides a reference implementation of the Unified Extensible Firmware Interface (UEFI). Commercial UEFI implementations may incorporate portions of the EDK1 source code.