Featured Blogs
On Drovorub: Linux Kernel Security Best Practices
Intro In a U.S. government cyber security advisory released today, the National Security Agency and Federal Bureau of Investigation warn...
Vulnerability Discovery in Open Source Libraries: Analyzing CVE-2020-11863
Open Source projects are the building blocks of any software development process. As we indicated in our previous blog, as...
Securing Space 4.0 – One Small Step or a Giant Leap? Part 2
McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and...
Securing Space 4.0 – One Small Step or a Giant Leap? Part 1
McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and...
Our Experiences Participating in Microsoft’s Azure Sphere Bounty Program
From June to August, part of the McAfee Advanced Threat Research (ATR) team participated in Microsoft’s Azure Sphere Research Challenge. Our research resulted...
CVE-2020-16898: “Bad Neighbor”
CVE-2020-16898: “Bad Neighbor” CVSS Score: 8.8 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Overview Today, Microsoft announced a critical vulnerability in the Windows IPv6 stack,...
Operation North Star: Summary Of Our Latest Analysis
McAfee’s Advanced Threat Research (ATR) today released research that uncovers previously undiscovered information on how Operation North Star evaluated its...
Operation North Star: Behind The Scenes
Executive Summary It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within...
CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server
CVSS Score: 9.8 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Overview Microsoft released a patch today for a critical vulnerability (CVE-2020-17051) in the Windows NFSv3 (Network File System) server. NFS is typically...
SUNBURST Malware and SolarWinds Supply Chain Compromise
Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s...
Additional Analysis into the SUNBURST Backdoor
Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the...
How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise
In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s Orion IT monitoring and management...
2021 Threat Predictions Report
The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector –...
A Year in Review: Threat Landscape for 2020
As we gratefully move forward into the year 2021, we have to recognise that 2020 was as tumultuous in the...
Two Pink Lines
Depending on your life experiences, the phrase (or country song by Eric Church) “two pink lines” may bring up a...
McAfee ATR Launches Education-Inspired Capture the Flag Contest!
McAfee’s Advanced Threat Research team just completed its second annual capture the flag (CTF) contest for internal employees. Based on tremendous...
Don’t Call Us We’ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK
The McAfee Advanced Threat Research (ATR) team is committed to uncovering security issues in both software and hardware to help...
Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows’ Network Stack
The concept of a trail of breadcrumbs in the offensive security community is nothing new; for many years, researchers on...
Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use
On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora,...
Babuk Ransomware
Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises,...
McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware
Executive Summary Cuba ransomware is an older ransomware, that has recently undergone some development. The actors have incorporated the leaking of victim data to increase its impact...
McAfee ATR Thinks in Graphs
0. Introduction John Lambert, a distinguished researcher specializing in threat intelligence at Microsoft, once said these words that changed perspectives:...
Netop Vision Pro – Distance Learning Software is 20/20 in Hindsight
The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help...
Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies
In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed...
Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates
Overview For the March 2021 Patch Tuesday, Microsoft released a set of seven DNS vulnerabilities. Five of the vulnerabilities are...
McAfee Defender’s Blog: Operation Dianxun
Operation Dianxun Overview In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign,...
McAfee Defenders Blog: Reality Check for your Defenses
Welcome to reality Ever since I started working in IT Security more than 10 years ago, I wondered, what helps...
