Steve Povolny is the Head of Advanced Threat Research for McAfee Enterprise, which delivers groundbreaking vulnerability research spanning nearly every industry. With more than a decade of experience in network security, Steve is a recognized authority on hardware and software vulnerabilities, and regularly collaborates with influencers in academia, government, law enforcement, consumers and enterprise businesses of all sizes. Steve is a sought after public speaker and media commentator who often blogs on key topics. He brings his passion for threat research and a unique vision to harness the power of collaboration between the research community and product vendors, through responsible disclosure, for the benefit of all.
Steve Povolny Blog FeedMore from Steve Povolny
Log4Shell Vulnerability is the Coal in our Stocking for 2021
Overview: On December 9th, a vulnerability (CVE-2021-44228) was released on Twitter along with a POC on Github for the Apache...
Overmedicated: Breaking the Security Barrier of a Globally Deployed Infusion Pump
Cyberattacks on medical centers are one of the most despicable forms of cyber threat there is. For instance, on October...
Critical RDP Vulnerabilities Continue to Proliferate
This month’s Patch Tuesday brings us a relatively small number of CVEs being patched, but an abnormally high percentage of...
Major HTTP Vulnerability in Windows Could Lead to Wormable Exploit
Today, Microsoft released a highly critical vulnerability (CVE-2021-31166) in its web server http.sys. This product is a Windows-only HTTP server...
Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use
On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora,...
Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows’ Network Stack
The concept of a trail of breadcrumbs in the offensive security community is nothing new; for many years, researchers on...
McAfee ATR Launches Education-Inspired Capture the Flag Contest!
McAfee’s Advanced Threat Research team just completed its second annual capture the flag (CTF) contest for internal employees. Based on tremendous...
CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server
CVSS Score: 9.8 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Overview Microsoft released a patch today for a critical vulnerability (CVE-2020-17051) in the Windows NFSv3 (Network File System) server. NFS is typically...
CVE-2020-16898: “Bad Neighbor”
CVE-2020-16898: “Bad Neighbor” CVSS Score: 8.8 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Overview Today, Microsoft announced a critical vulnerability in the Windows IPv6 stack,...
Dopple-ganging up on Facial Recognition Systems
Co-authored with Jesse Chick, OSU Senior and Former McAfee Intern, Primary Researcher. Special thanks to Dr. Catherine Huang, McAfee Advanced...
