Don’t Substitute CVSS for Risk: Scoring System Inflates Importance of CVE-2017-3735
This blog was co-written by Brook Schoenfield and Damian Quiroga. I am a wry observer of vulnerability announcements. CVE-2017-3735—which can...
Malware Mines, Steals Cryptocurrencies From Victims
How’s your Bitcoin balance? Interested in earning more? The value of cybercurrency is going up. One way to increase your...
Top Tips For Securing Your Devices
By now most of us know how important it is to protect our computers and smartphones from malware and other...
Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack
This blog post was co-written by Michael Rea. During our monitoring of activities around the APT28 threat group, McAfee Advanced...
Self-Signed Certificates Can Be Secure, So Why Ban Them?
This blog was co-written by Brook Schoenfield and Ramnath Venugopalan. In many organizations the use of self-signed certificates is forbidden...
Configuring McAfee ENS and VSE to Prevent Macroless Code Execution in Office Apps
Microsoft Office macros are a popular method of distributing malware. Users can defend themselves against macro attacks by disabling macros....
Code Execution Technique Takes Advantage of Dynamic Data Exchange
Email phishing campaigns are a popular social engineering technique among hackers. The idea is simple: Craft an email that looks...
KRACKs: Five Observations on WPA Authentication Vulnerability
KRACKs are in the news. McAfee has already discussed these key reinstallation attacks that affect Wi-Fi setups in two posts:...
ROCA: Which Key-Pair Attacks Are Credible?
This blog was co-written by Brook Schoenfield. In the past two weeks, we have seen two big encryption issues arise:...
KRACKs Against Wi-Fi Serious But Not End of the World
This blog was written by Brook Schoenfield. On October 12, researcher Mathy Vanhoef announced a set of Wi-Fi attacks that...
