Featured Blogs
Happy New Year 2019! Anatova is here!
During our continuous hunt for new threats, we discovered a new ransomware family we call Anatova (based on the name...
Ryuk, Exploring the Human Connection
In collaboration with Bill Siegel and Alex Holdtman from Coveware. At the beginning of 2019, McAfee ATR published an...
What’s in the Box?
2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency,...
JAVA-VBS Joint Exercise Delivers RAT
The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an...
McAfee Protects Against Suspicious Email Attachments
Email remains a top vector for attackers. Over the years, defenses have evolved, and policy-based protections have become standard for...
Analysis of a Chrome Zero Day: CVE-2019-5786
1. Introduction On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader...
IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?
Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary...
LockerGoga Ransomware Family Used in Targeted Attacks
Co-authored by Marc RiveroLopez. Initial discovery Once again, we have seen a significant new ransomware family in the news. LockerGoga,...
RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability
During Microsoft’s May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol (RDP)....
Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement
A much overlooked but essential part in financially motivated (cyber)crime is making sure that the origins of criminal funds are...
Mr. Coffee with WeMo: Double Roast
McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please...
In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass
Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR...
RDP Security Explained
RDP on the Radar Recently, McAfee released a blog related to the wormable RDP vulnerability referred to as CVE-2019-0708 or...
Why Process Reimaging Matters
As this blog goes live, Eoin Carroll will be stepping off the stage at Hack in Paris having detailed the...
McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder
Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an...
Demystifying Blockchain: Sifting Through Benefits, Examples and Choices
You have likely heard that blockchain will disrupt everything from banking to retail to identity management and more. You may...
No More Ransom Blows Out Three Birthday Candles Today
Collaborative Initiative Celebrates Helping More Than 200,000 Victims and Preventing More Than 100 million USD From Falling into Criminal Hands...
DHCP Client Remote Code Execution Vulnerability Demystified
CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for...
Examining the Link Between TLD Prices and Abuse
This blog was written by Charlie Feng. Briefing Over the years, McAfee researchers have observed that certain new top-level Domains...
Clop Ransomware
This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This...
Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423
In September 2018, the Zero Day Initiative published a proof of concept for a vulnerability in Microsoft’s Jet Database Engine....
The Twin Journey, Part 1
Summary and Introduction: The recent changes in Windows 10, aiming to add case sensitivity (CS) at directory level, have prompted...
From Building Control to Damage Control: A Case Study in Industrial Security Ft. Delta
Management. Control. It seems that you can’t stick five people in a room together without one of them trying to...
Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware
Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies...
MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play
The McAfee mobile research team has found a new type of Android malware for the MoqHao phishing campaign (a.k.a. XLoader...
The Twin Journey, Part 2: Evil Twins in a Case In-sensitive Land
In the first of this 3-part blog series, we covered the implications of promoting files to “Evil Twins” where they...
The Twin Journey, Part 3: I’m Not a Twin, Can’t You See my Whitespace at the End?
In this series of 3 blogs (you can find part 1 here, and part 2 here), so far we have...
