Featured Blogs
In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass
Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR...
Why Process Reimaging Matters
As this blog goes live, Eoin Carroll will be stepping off the stage at Hack in Paris having detailed the...
RDP Security Explained
RDP on the Radar Recently, McAfee released a blog related to the wormable RDP vulnerability referred to as CVE-2019-0708 or...
How McAfee’s Paternity Leave Helped My New Family
By: Guillaume, EMEA Retail Marketing Manager, Slough, U.K. Becoming a parent is a daunting experience for anyone. The sheer amount...
16Shop Now Targets Amazon
Since early November 2018 McAfee Labs have observed a phishing kit, dubbed 16Shop, being used by malicious actors to target...
McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder
Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an...
Demystifying Blockchain: Sifting Through Benefits, Examples and Choices
You have likely heard that blockchain will disrupt everything from banking to retail to identity management and more. You may...
McAfee for McAfee: An Intern Journey
By Gwendolyn McAfee My grandfather always told me that I could achieve anything the world has to offer if I...
No More Ransom Blows Out Three Birthday Candles Today
Collaborative Initiative Celebrates Helping More Than 200,000 Victims and Preventing More Than 100 million USD From Falling into Criminal Hands...
Examining the Link Between TLD Prices and Abuse
This blog was written by Charlie Feng. Briefing Over the years, McAfee researchers have observed that certain new top-level Domains...
What Is Mshta, How Can It Be Used and How to Protect Against It
The not-so Usual Suspects There is a growing trend for attackers to more heavily utilize tools that already exist on...
Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423
In September 2018, the Zero Day Initiative published a proof of concept for a vulnerability in Microsoft’s Jet Database Engine....
The Twin Journey, Part 1
Summary and Introduction: The recent changes in Windows 10, aiming to add case sensitivity (CS) at directory level, have prompted...
Clop Ransomware
This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This...
DHCP Client Remote Code Execution Vulnerability Demystified
CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for...
The Twin Journey, Part 2: Evil Twins in a Case In-sensitive Land
In the first of this 3-part blog series, we covered the implications of promoting files to “Evil Twins” where they...
MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play
The McAfee mobile research team has found a new type of Android malware for the MoqHao phishing campaign (a.k.a. XLoader...
Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware
Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies...
HVACking: Understanding the Delta Between Security and Reality
The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help...
From Building Control to Damage Control: A Case Study in Industrial Security Ft. Delta
Management. Control. It seems that you can’t stick five people in a room together without one of them trying to...
McAfee AMSI Integration Protects Against Malicious Scripts
This blog describes how the AMSI (Antimalware Scan Interface) is used within the various McAfee products, and highlights some of the malware we are able to detect with it.
The Twin Journey, Part 3: I’m Not a Twin, Can’t You See my Whitespace at the End?
In this series of 3 blogs (you can find part 1 here, and part 2 here), so far we have...
Analyzing and Identifying Issues with the Microsoft Patch for CVE-2018-8423
Introduction As of July 2019, Microsoft has fixed around 43 bugs in the Jet Database Engine. McAfee has reported a...
Apple iOS Attack Underscores Importance of Threat Research
The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected,...
Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
Executive Summary Malware evasion techniques are widely used to circumvent detection as well as analysis and understanding. One of the...
How Visiting a Trusted Site Could Infect Your Employees
The Artful and Dangerous Dynamics of Watering Hole Attacks A group of researchers recently published findings of an exploitation of multiple...
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us
Episode 1: What the Code Tells Us McAfee’s Advanced Threat Research team (ATR) observed a new ransomware family in the...
