Analyzing a Patch of a Virtual Machine Escape on VMware
This blog was written by Yakun Zhang. A virtual machine is a completely isolated guest operating system installation within a...
WannaCry: The Old Worms and the New
The morning of Friday, May 12 multiple sources in Spain began reporting an outbreak of the ransomware now identified as...
Vulnerable OpenSSL Handshake Renegotiation Can Trigger Denial of Service
OpenSSL, the popular general-purpose cryptographic library that implements SSL/TLS protocols for web authentication, has recently suffered from several vulnerabilities. We...
Critical Office Zero-Day Attacks Detected in the Wild
At McAfee, we have put significant efforts in hunting attacks such as advanced persistent threats and “zero days.” Yesterday, we...
Analyzing CVE-2017-3731: Truncated Packets Can Cause Denial of Service in OpenSSL
OpenSSL is a popular open-source library for SSL and is used by various software and companies across the world. In...
Analyzing CVE-2016-9311: NTPD Vulnerability Can Lead to Denial of Service
The network time protocol synchronizes time across various devices on a network. The network time protocol daemon (NTPD) is an...
A New Year with No Patch Management Hangover
This blog post was written by Teresa Wingfield. The frequency of database and application vulnerabilities is increasing. Testing and deploying...
Digging Into a Windows Kernel Privilege Escalation Vulnerability: CVE-2016-7255
This blog was written by Stanley Zhu. The Windows kernel privilege escalation vulnerability CVE-2016-7255 has received a lot of media...
‘SSL Death Alert’ (CVE-2016-8610) Can Cause Denial of Service to OpenSSL Servers
Recently we noticed a security patch has been published for the OpenSSL vulnerability called SSL Death Alert. As with other...
How to Protect Against OpenSSL 1.1.0a Vulnerability CVE-2016-6309
This blog post was written by Rock Liu. Recently the OpenSSL security library gained a fix for a critical security...