Steve Povolny
Steve Povolny is the Head of McAfee Advanced Threat Research, which delivers groundbreaking vulnerability research spanning nearly every industry. With more than a decade of experience in network security, Steve is a recognized authority on hardware and software vulnerabilities, and regularly collaborates with influencers in academia, government, law enforcement, consumers and enterprise businesses of all sizes. Steve is a sought after public speaker and media commentator who often blogs on key topics. He brings to McAfee his passion for threat research and a unique vision to harness the power of collaboration between the research community and product vendors, through responsible disclosure, for the benefit of all.
Subscribe to Steve Povolny BlogsMore from Steve Povolny
Apple iOS Attack Underscores Importance of Threat Research
The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected, through the use of zero-day vulnerabilities. In this scenario, a threat actor or actors operated multiple compromised websites, using at least one or more zero-day vulnerabilities and numerous unique exploit ...
In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass
Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR (Endpoint Detection and Response) Endpoint Security Solution’s (such as Microsoft Defender Realtime Protection), ability to detect the correct binaries loaded in malicious processes. This inconsistency has led McAfee’s Advanced Threat ...
RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708
During Microsoft’s May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol (RDP). What was unique in this particular patch cycle was that Microsoft produced a fix for Windows XP and several other operating systems, which have not been supported for security updates ...
IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?
Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we will explore a vulnerability submitted by McAfee Advanced Threat Research (ATR) and investigate a piece of malware that recently incorporated similar vulnerabilities. The takeaway from ...
When the Digital Impacts the Physical
Cyberattacks have always been, well, cyber. Their immediate effects were on our data, our digital information, and our devices…until they weren’t. The interconnected nature of the world and the way it’s built in 2018 has brought us exciting and revolutionary innovations, but it has also been leveraged by hackers to ...
McAfee Opens State-of-the-Art Security Research Lab in Oregon
Today we are pleased to announce the grand opening of our dedicated research lab in the Hillsboro, Oregon, office near Portland.
Microsoft Cortana Allows Browser Navigation Without Login: CVE-2018-8253
A locked Windows 10 device with Cortana enabled on the lock screen allows an attacker with physical access to the device to do two kinds of unauthorized browsing.
Unintended Clipboard Paste Function in Windows 10 Leads to Information Leak in RS1
The McAfee Labs Advanced Threat Research team has been investigating the Windows 10 platform. We have submitted several vulnerabilities already and have disclosed our research to Microsoft. Please refer to our vulnerability disclosure policy for further details or the post from earlier this week on Windows 10 Cortana vulnerabilities. Early last ...
Want to Break Into a Locked Windows 10 Device? Ask Cortana (CVE-2018-8140)
June’s “Patch Tuesday” (June 12) is here, but it is likely many Windows 10 users have not yet applied these updates.
Syn/Ack Unique Proactive Protection Technique
McAfee’s Advanced Threat Research team has performed analysis on samples of Syn/Ack ransomware implementing Process Doppelgänging. For those who are concerned about the potential impact of this ransomware but are currently unable to implement McAfee product protections, we have found a simple but interesting alternative method. Prior to encryption and ...
- 1
- 2
