McAfee Labs

Read McAfee Labs blogs for the latest threat research, threat intelligence, and thought leadership from the Advanced Threat Research team.

McAfee Labs

McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware

Executive Summary  Cuba ransomware is an older ransomware, that has recently undergone some development. The actors have incorporated the leaking of victim data to increase its impact and revenue, much like we have seen recently with other major ransomware campaigns.  In our analysis, we observed that the attackers had access to the network before the infection and were ...

McAfee Labs

McAfee Defender’s Blog: Cuba Ransomware Campaign

Cuba Ransomware Overview Over the past year, we have seen ransomware attackers change the way they have responded to organizations that have either chosen to not pay the ransom or have recovered their data via some other means. At the end of the day, fighting ransomware has resulted in the ...

McAfee Labs

McAfee Defenders Blog: Reality Check for your Defenses

Welcome to reality Ever since I started working in IT Security more than 10 years ago, I wondered, what helps defend against malware the best? This simple question does not stand on its own, as there are several follow-up questions to that: How is malware defined? Are we focusing solely ...

McAfee Labs

Netop Vision Pro – Distance Learning Software is 20/20 in Hindsight

The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. We recently investigated software installed on computers used in K-12 school districts. The focus of this blog is on Netop Vision Pro ...

McAfee Labs

McAfee Defender’s Blog: Operation Dianxun

Operation Dianxun Overview In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign, targeting telecommunication companies, named Operation Diànxùn. The tactics, techniques and procedures (TTPs) used in the attack are like those observed in earlier campaigns publicly attributed to the threat actors RedDelta ...

McAfee Labs

Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies

In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed Operation Diànxùn. In this attack, we discovered malware using similar tactics, techniques and procedures (TTPs) to those observed in earlier campaigns publicly attributed to the threat actors RedDelta and Mustang ...

McAfee Labs

Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates

Overview For the March 2021 Patch Tuesday, Microsoft released a set of seven DNS vulnerabilities. Five of the vulnerabilities are remote code execution (RCE) with critical CVSS (Common Vulnerability Scoring Standard) scores of 9.8, while the remaining two are denial of service (DoS). Microsoft shared detection guidance and proofs of ...

McAfee Labs

McAfee ATR Thinks in Graphs

0. Introduction John Lambert, a distinguished researcher specializing in threat intelligence at Microsoft, once said these words that changed perspectives: “Defenders think in lists. Attackers think in graphs.” This is true and, while it remains that way, attackers will win most of the time. However, the true power of graphs ...

McAfee Labs

Babuk Ransomware

Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises, with one already paying the criminals $85,000 after negotiations. As with other variants, this ransomware is deployed in the network of enterprises that the criminals carefully target and compromise. Using ...

McAfee Labs

Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use

On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc.  As we disclosed the findings to Agora in April 2020, this lengthy disclosure timeline represents a nonstandard process for McAfee but was a joint agreement with the vendor to ...

Subscribe to McAfee Securing Tomorrow Blogs