McAfee Labs

Read McAfee Labs blogs for the latest threat research, threat intelligence, and thought leadership from the Advanced Threat Research team.

McAfee Labs

Ripple20 Critical Vulnerabilities – Detection Logic and Signatures

This document has been prepared by McAfee Advanced Threat Research in collaboration with JSOF who discovered and responsibly disclosed the vulnerabilities. It is intended to serve as a joint research effort to produce valuable insights for network administrators and security personnel, looking to further understand these vulnerabilities to defend against ...

McAfee Labs

McAfee Defender’s Blog: NetWalker

Building Adaptable Security Architecture Against NetWalker NetWalker Overview The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were discovered throughout 2019 and the beginning of 2020, with a strong uptick noticed in March of this year. NetWalker has noticeably evolved to a ...

McAfee Labs

Take a “NetWalk” on the Wild Side

Executive Summary The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were discovered throughout 2019 and the beginning of 2020, with a strong uptick noticed in March of this year. NetWalker has noticeably evolved to a more stable and robust ransomware-as-a-service (RaaS) ...

McAfee Labs

Operation (노스 스타) North Star A Job Offer That’s Too Good to be True?

Executive Summary We are in the midst of an economic slump [1], with more candidates than there are jobs, something that has been leveraged by malicious actors to lure unwitting victims into opening documents laden with malware. While the prevalence of attacks during this unprecedented time has been largely carried ...

McAfee Labs

McAfee Defender’s Blog: Operation North Star Campaign

Building Adaptable Security Architecture Against the Operation North Star Campaign Operation North Star Overview Over the last few months, we have seen attackers take advantage of the pandemic as a cover to launch cyberattacks. One such example is a campaign that McAfee Advanced Threat Research (ATR) observed as an increase ...

McAfee Labs

Six Hundred Million Reasons to Celebrate: No More Ransom Turns FOUR!!

Happy Birthday! Today we mark the fourth anniversary of the NoMoreRansom initiative with over 4.2 million visitors, from 188 countries, stopping an estimated $632 million in ransom demands from ending up in criminals’ pockets. It would be fair to say that the initiative, which started in a small meeting room ...

McAfee Labs

Hunting for Blues – the WSL Plan 9 Protocol BSOD

Windows Subsystem for Linux Plan 9 Protocol Research Overview This is the final blog in the McAfee research series trilogy on the Windows Subsystem for Linux (WSL) implementation – see The Twin Journey (part 1) and Knock, Knock–Who’s There (part 2). The previous research discussed file evasion attacks when the ...

McAfee Labs

McAfee COVID-19 Report Reveals Pandemic Threat Evolution

The McAfee Advanced Threat Research team today published the McAfee® Labs COVID-19 Threats Report, July 2020. In this “Special Edition” threat report, we delve deep into the COVID-19 related attacks observed by our McAfee Advanced Threats Research and McAfee Labs teams in the first quarter of 2020 and the early ...

McAfee Labs

Ripple20 Vulnerability Mitigation Best Practices

On June 16th, the Department of Homeland Security and CISA ICS-CERT issued a critical security advisory warning covering multiple newly discovered vulnerabilities affecting Internet-connected devices manufactured by multiple vendors. This set of 19 vulnerabilities in a low-level TCP/IP software library developed by Treck has been dubbed “Ripple20” by researchers from JSOF. A networking ...

McAfee Labs

My Adventures Hacking the iParcelBox

In 2019, McAfee Advanced Threat Research (ATR) disclosed a vulnerability in a product called BoxLock. Sometime after this, the CEO of iParcelBox, a U.K. company, reached out to us and offered to send a few of their products to test. While this isn’t the typical M.O. for our research we ...

Subscribe to McAfee Securing Tomorrow Blogs