2014: Security Year in Review
From the Heartbleed bug to large-scale (and highly publicized) data breaches, Shellshock to mobile threats—2014 did not leave us wanting...
Slow File Infector Spies on Victims
Sourabh Kadam contributed to this blog. In the middle of 2012 McAfee Labs observed the complex malware XDocCrypt infecting documents,...
McAfee Adds Flash Exploit Detection to NSP 8.2
Adobe Flash vulnerabilities and exploits have worried users and security professionals for many years. The situation today remains serious. A...
InstallCube: How Russian Programmers Turn Adware Into Cash
We often observe applications bundled with ad-displaying programs to generate revenue for those products. These are not necessarily unethical, but...
What is Pharming?
. For a lot of kids today, mash-ups are all the rage—whether it’s combining two videos, two songs, or two...
Win32/Syndicasec Used In Targeted Attacks Against Indian Organizations
During the last couple of months, we’ve observed several RTF exploits that target Indian organizations. The first RTF exploit was...
Bypassing Microsoft’s Patch for the Sandworm Zero Day
This is the second part of our analysis of the Sandworm OLE zero-day vulnerability and the MS14-060 patch bypass. Check out...
Exploit Kits Improve Evasion Techniques
Exploit kits are toolkits that malicious developers use to take advantage of client-side vulnerabilities, targeting web browsers and programs that...
Bypassing Microsoft’s Patch for the Sandworm Zero Day, the Root Cause
On October 21, we warned the public that a new exploitation method could bypass Microsoft’s official patch (MS14-060, KB3000869) for...
New Exploit of Sandworm Zero-Day Could Bypass Official Patch
Update of October 25: Some comments posted after we published this report suggest that our proof-of-concept exploit will trigger the...
