Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Spammers Abuse Vulnerability in McAfee SaaS Total Protection Suite

Security vendor McAfee issued a patch on Thursday to address a problem impacting its SaaS Total Protection service, including a bug that allows attackers to turn a computer into a relay point for spam.

Security vendor McAfee issued a patch on Thursday to address a problem impacting its SaaS Total Protection service, including a bug that allows attackers to turn a computer into a relay point for spam.

The Intel-owned company’s SaaS Total Protection is an integrated suite of software-as-a-service (SaaS) offerings that includes Web filtering, antivirus and anti-spam capabilities. However, early this week users began complaining of a problem in the service’s ‘Rumor Technology,’ which uses file-sharing intelligence to distribute security updates within a network.

The idea behind Rumor is to enable McAfee McAfee SaaS Endpoint Protection installed agents to share anti-virus, anti-spyware and firewall product updates and upgrades with one another across a local area network, thereby saving bandwidth and management time.

However, users complained that service providers were blocking their IP address after noticing an increase in spam coming from their machines. Keith and Annabel Morrigan of British art company Kaamar warned in a blog post Monday that the issue turned affected computers into “open proxies” and that spammers were abusing port 6515.

“This means that your IP address can be used by anyone to bounce messages and spam on to other sites, as if coming from your address,” they wrote.

Though the vulnerability in the Rumor technology enables an attacker to use the machine as an “open relay,” it does not give the attacker access to data on the computer, Dave Marcus, director of security research for McAfee Labs, wrote in a blog post.

The other issue involved the abuse of an ActiveX control to execute code.

“(This) issue has much in common with a similar issue patched in August 2011,” Marcus explained. “In fact, the patch delivered then basically cuts off the exploitation path for this issue, effectively reducing the risk to zero. Because of this, customer data is not directly at risk.”

Advertisement. Scroll to continue reading.

McAfee customers using SaaS Total Protection will automatically receive the updates.

(Updated 3:05PM EST to Reflect the being being rolled out)

Written By

Marketing professional with a background in journalism and a focus on IT security.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Bill Dunnion has joined telecommunications giant Mitel as Chief Information Security Officer.

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

More People On The Move

Expert Insights

Related Content

Full Disclosure List Gets a Fresh Start – Reborn Under New Operator

Vulnerabilities

Full Disclosure List Gets a Fresh Start – Reborn Under New Operator

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

March 26, 2014
Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability

Cybercrime

Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

October 1, 2019
Ransomware Alerts Ransomware Alerts

Cybercrime

Cyber Insights 2023 | Ransomware

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

February 2, 2023
Web3 and Metaverse Security Web3 and Metaverse Security

Cybercrime

Cyber Insights 2023 | The Coming of Web3

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

February 6, 2023
Neiman Marcus Says Hackers Breached Customer Accounts

Cybercrime

Neiman Marcus Says Hackers Breached Customer Accounts

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

February 2, 2016
ChatGPT attack ChatGPT attack

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

March 28, 2023
16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure

IoT Security

16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

January 5, 2023
Burglars Can Easily Disable SimpliSafe Alarms: Researcher

Vulnerabilities

Burglars Can Easily Disable SimpliSafe Alarms: Researcher

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

February 18, 2016