608 matches found
The Bug Report - March 2022 Edition
The Bug Report - March 2022 By Charles McFarland · April 6, 2022 Your Cybersecurity Comic Relief Comic from https://geek-and-poke.com/ and remains unedited. https://creativecommons.org/licenses/by/3.0/ Use of this comic does not indicate endorsement by the creator. Why am I here? Welcome back the...
The Bug Report - January 2022 Edition
The Bug Report - January 2022 By Trellix · February 2, 2022 This story was written by Kevin McGrath Your Cybersecurity Comic Relief Image courtesy of https://toggl.com/ Why am I here? Omicron is the 15th letter in the Greek alphabet, used by Donald Knuth to denote Big-O notation, represented zero...
The Bug Report - April 2024 Edition
The Bug Report - April 2024 Edition By Jonathan Omakun and Tobi Olawale· April 29, 2024 Why am I here? Just when you thought it was safe to go back into the digital waters, out pops another series of rogue waves in the form of CVEs! It's like that beach vacation you planned to get away from it al...
The Bug Report – April 2023 Edition
The Bug Report – April 2023 Edition By Trellix · May 03, 2023 This story was also written by John Rodriguez. It’s never easy coming back. Why am I here? Seems as if some of us should have stayed at our tropical vacation getaway. Nothing like coming back to the cyber world screeching about...
The Bug Report - December 2021 Edition
The Bug Report - December 2021 By Philippe Laulheret · January 19, 2022 Your Cybersecurity Comic Relief Why am I here? If you’re reading these words, CONGRATULATIONS! You’ve made it to 2022! And even better, you found your way to ATR’s monthly security digest where we discuss our favorite...
The Bug Report – April 2022 Edition
The Bug Report – April 2022 Edition By Trellix · May 4, 2022 This blog was written by Mark Bereza Your Cybersecurity Comic Relief Source: https://twitter.com/cyb3rops/status/1509290413168934918 Why Am I here? For those in my hemisphere, springtime is finally here and, like always, it promises...
The Dark Side of Innovation: Cybercriminals and Their Adoption of GenAI
The Dark Side of Innovation: Cybercriminals and Their Adoption of GenAI By Jambul Tologonov and John Fokker · March 06, 2024 In the ever-evolving threat landscape, the Trellix Advanced Research Center has been at the forefront of understanding and combating the dual-edged sword of Generative...
Industrial and Manufacturing CVEs: Addressing the SCADA in the Room
Industrial and Manufacturing CVEs: Addressing the SCADA in the Room By Charles McFarland · May 22, 2023 The industrial and manufacturing spaces are critical to the global economy. They produce the goods and services we rely on every day, from food and clothing to cars and electronics. Disruptions...
The Bug Report - March 2022 Edition
The Bug Report - March 2022 By Charles McFarland · April 6, 2022 Your Cybersecurity Comic Relief Comic from https://geek-and-poke.com/ and remains unedited. https://creativecommons.org/licenses/by/3.0/ Use of this comic does not indicate endorsement by the creator. Why am I here? Welcome back the...
Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows' Network Stack | McAfee Blogs
ARCHIVED STORY Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows’ Network Stack Steve Povolny · FEB 09, 2021 The concept of a trail of breadcrumbs in the offensive security community is nothing new; for many years, researchers on both sides of the ethical spectrum have...
The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component
The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...
Limiting the Software Supply Chain Attack Surface
Limiting the Software Supply Chain Attack Surface By Trellix · September 21, 2022 This blog was written by Douglas McKee We often discuss how the intentions of an action matter, and it's clear to see why they do. If I am walking down the sidewalk, distracted by my phone of course and run into a...
Limiting the Software Supply Chain Attack Surface
Limiting the Software Supply Chain Attack Surface By Trellix · September 21, 2022 This blog was written by Douglas McKee We often discuss how the intentions of an action matter, and it's clear to see why they do. If I am walking down the sidewalk, distracted by my phone of course and run into a...
Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers
Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers By Trellix · August 3, 2022 This story was written by Philippe Laulheret. Summary The Trellix Threat Labs Vulnerability Research team has found an unauthenticated remote code execution vulnerability, filed under...
Validate the Efficacy of your Endpoint Security Controls Continuously with Breach and Attack Simulations
Validate the efficacy of your Endpoint Security controls continuously with Breach and Attack Simulations By Nicolas Stricher, Trellix XDR solution Architect, EMEA and Doron RosenbergTrellix Senior Sales Engineer, Israel · March 4, 2022 Efficacy of Trellix Endpoint Security At Trellix we are proud...
Log4shell Vulnerability is the Coal in Our Stocking for 2021
Log4Shell Vulnerability is the Coal in our Stocking for 2021 By Steve Povolny and Douglas McKee · January 19, 2022 Overview On December 9, a vulnerability CVE-2021-44228 was released on Twitter along with a PoC on GitHub for the Apache Log4j logging library. The bug was originally disclosed to...
Log4shell Vulnerability is the Coal in Our Stocking for 2021
Log4Shell Vulnerability is the Coal in our Stocking for 2021 By Steve Povolny and Douglas McKee · January 19, 2022 Overview On December 9, a vulnerability CVE-2021-44228 was released on Twitter along with a PoC on GitHub for the Apache Log4j logging library. The bug was originally disclosed to...
The Bug Report November 2021 Edition
The Bug Report — November 2021 Edition By Mark Bereza · November 30, 2021 Your Cybersecurity Comic Relief CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.” Why am I here? For all our newcomers, welcome to the Advanced Threat Research team’s monthly bug report ...
Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows' Network Stack | McAfee Blogs
ARCHIVED STORY Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows’ Network Stack Steve Povolny · FEB 09, 2021 The concept of a trail of breadcrumbs in the offensive security community is nothing new; for many years, researchers on both sides of the ethical spectrum have...
RagnarLocker Ransomware Threatens to Release Confidential Information | McAfee Blogs
ARCHIVED STORY RagnarLocker Ransomware Threatens to Release Confidential Information Alexandre Mundo · JUN 09, 2020 EXECUTIVE SUMMARY The RagnarLocker ransomware first appeared in the wild at the end of December 2019 as part of a campaign against compromised networks targeted by its operators. Th...
Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS
Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS By Trellix · February 21, 2023 This blog was written by Austin Emmitt Introduction Since the first version of iOS on the original iPhone, Apple has enforced careful restrictions on the software that c...
Ancient CVEs Can Cause You Problems
Ancient CVEs Can Cause You Problems By Kent Landfield · September 23, 2022 The Common Vulnerability and Exposures CVE Program was founded in 1999 for the purpose of giving individual cyber vulnerabilities an identifier that could be used as an interoperable means for identifying a specific...
Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System
Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System By Trellix · June 9, 2022 This story was also written by Steve Povolny and Sam Quinn. Today at the Hardwear.io Security Trainings and Conference, Trellix Threat Labs is sharing new research into...
The Continued Evolution of the DarkGate Malware-as-a-Service
The Continued Evolution of the DarkGate Malware-as-a-Service By Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll and Vinoo Thomas · November 21, 2023 On September 2023, the Trellix Security Operations Center SOC successfully detected and stopped an attack against Musarubra, the holding...
Storm-0324: An access for the RaaS Threat Actor (Sangria Tempest)
Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities By Trellix · October 5, 2023 This blog was written by Gurumoorthi Ramanathan Executive Summary: In early July 2023, the threat actor that Microsoft calls “Storm-0324” was observed sending a phishing message through Microsoft Teams...
Qakbot Evolves to OneNote Malware Distribution
Qakbot Evolves to OneNote Malware Distribution By Pham Duy Phuc, Raghav Kapoor, John Fokker J.E., Alejandro Houspanossian and Mathanraj Thangaraju · March 07, 2023 Qakbot aka QBot, QuakBot, and Pinkslipbot is a sophisticated piece of malware that has been active since at least 2007. Since the end...
Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities
Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities By Charles McFarland · September 21, 2022 The zero-day is the holy grail for cybercriminals; However, N-day vulnerabilities can pose problems even years after discovery. If a target is vulnerable, it doesn’t matter whether...
Take a "NetWalk" on the Wild Side
ARCHIVED STORY Take a “NetWalk” on the Wild Side ATR Operational Intelligence Team · AUG 03, 2020 · 25 MIN READ Executive Summary The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were discovered throughout 2019 and the beginning of...
The Bug Report - June 2024 Edition
The Bug Report - June 2024 Edition By Jonathan Omakun & Tobi Olawale · June 27, 2024 Why am I Here Welcome back to The Bug Report, the "so hot the server fans are sweating" edition! For those who are new to our monthly adventure, every month, our dedicated Advanced Research Center vulnerability...
QakBot's Endgame: The Final Move Before the Takedown
QakBot's Endgame: The Final Move Before the Takedown By Daksh Kapur, Nico Paulo Yturriaga and Alfred Alvarado · September 06, 2023 Figure 1 Attribution at the bottom Qakbot, known under aliases like QBot, QuakBot, and Pinkslipbot, represents an intricately advanced malware strain that has...
The Bug Report – August 2023 Edition
The Bug Report – August 2023 Edition By Trellix · September 6, 2023 This blog was written by Charles McFarland Why am I here? Welcome back to The Bug Report, the hotter-than-hell Texas edition! For those still unfamiliar with our monthly escapades, every month our trusty Advanced Research Center...
The Bug Report - July 2023 Edition
The Bug Report – July 2023 Edition By Trellix · August 02, 2023 This story was also written by John Dunlap. A Storm is Brewing! Why am I here? Summer is now in full swing, and our July Bug Report is similarly coming out swinging. This month comes with a red-hot list of software vulnerabilities...
Shining Light on Dark Power: Yet Another Ransomware Gang
Shining Light on Dark Power: Yet Another Ransomware Gang By Pham Duy Phuc, Max Kersten and Tomer Shloman · March 23, 2023 Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives into the specifics of the...
Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates
ARCHIVED STORY Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates Eoin Carroll · MAR 09, 2021 Overview For the March 2021 Patch Tuesday, Microsoft released a set of seven DNS vulnerabilities. Five of the vulnerabilities are remote code execution RCE with critical CVSS Common...
Ripple20 Critical Vulnerabilities – Detection Logic and Signatures
ARCHIVED STORY Ripple20 Critical Vulnerabilities – Detection Logic and Signatures By Steve Povolny · August 05, 2020 This document has been prepared by McAfee Advanced Threat Research in collaboration with JSOF who discovered and responsibly disclosed the vulnerabilities. It is intended to serve ...
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - What The Code Tells Us
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us By McAfee Labs · October 2, 2019 Episode 1: What the Code Tells Us McAfee’s Advanced Threat Research team ATR observed a new ransomware family in the wild, dubbed Sodinokibi or REvil, at the end of April 201...
Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat
Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat By Trellix · June 18, 2025 This blog was also written by Trishaan Kalra Introduction What happens when a trusted open source library becomes a conduit for stealthy malware delivery? That question became reality when the...
Trellix Advanced Research Center patches 61,000 vulnerable open-source projects
Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects By Trellix · January 23, 2023 This blog was written by Douglas McKee Late last year, the Trellix Advanced Research Center team uncovered a vulnerability in Python’s tarfile module. As we dug in, we realized this was...
Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates
ARCHIVED STORY Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates Eoin Carroll · MAR 09, 2021 Overview For the March 2021 Patch Tuesday, Microsoft released a set of seven DNS vulnerabilities. Five of the vulnerabilities are remote code execution RCE with critical CVSS Common...
SuperSize Me
SuperSize Me By Floser Bacurio Jr., Bernadette Canubas, Michaelo Oliveros · April 02, 2024 Introduction Cyber attackers are always finding new ways to outsmart security systems and distribute malware effectively. We discovered an interesting detection evasion technique of delivering archive files...
The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component
The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity By Daksh Kapur, Tomer Shloman, Robert Venal and John Fokker · January 24, 2023 Figure 1 It has been almost a year since Russia invaded Ukraine in a major escalation of the Russo-Ukrainian War...
The Bug Report – July 2022 Edition
The Bug Report – July 2022 Edition By Trellix · August 3, 2022 This story was also written by Kasimir Schulz and Jesse Chick Your Cybersecurity Comic Relief Why am I here? Welcome to the Bug Report, Heat Wave Edition! In the face of chronic irritability and soggy-pants syndrome, we are back at it...
Small Business, Mighty Attack Surface
Small Business, Mighty Attack Surface By Trellix · August 3, 2022 This blog was written by Douglas McKee If given the chance to name the first five businesses that come to mind, what would they be? Maybe if you're close to the security industry you might suggest names like Microsoft, Apple or...
Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer
Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer By Taylor Mullins · February 7, 2022 What information are you storing in your Browsers? Storing credentials and other important information in web browsers is a helpful method to not have to...
Worming your way in through IIS - CVE-2022-21907
Worming your way in through IIS - CVE-2022-21907 By Trellix · January 27, 2022 This story was written by Eion Carroll. IIS HTTP Stack History In the first patch Tuesday of 2022, Microsoft released a patch for a wormable vulnerability CVE-2022-21907 within the IIS HTTP stack, or more specifically...
Finding 0-days with Jackalope
ARCHIVED STORY Finding 0-days with Jackalope By Douglas McKee · September 16, 2021 Overview On March 21st, 2021, the McAfee Enterprise Advanced Threat Research ATR team released several vulnerabilities it discovered in the Netop Vision Pro Education software, a popular schooling software used by...
Rapidly Evolving Ransomware Gandcrab Version
ARCHIVED STORY Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation By Alexandre Mundo · October 10, 2018 The GandCrab ransomware, which first appeared in January, has been updated rapidly during its short life, with Version 5.0.2 appearing this month. In this post we will...
Anatomy of Celestial Stealer: Malware-as-a-Service Revealed
Anatomy of Celestial Stealer: Malware-as-a-Service Revealed By Niranjan Hegde, Adarsh S and Shashikala Piddannavar · December 3, 2024 Introduction During proactive hunting, Trellix Advanced Research Center found samples belonging to Celestial Stealer, a JavaScript-based infostealer which is...
Detecting and Visualizing Lateral Movement Attacks with Trellix XDR
Detecting and Visualizing Lateral Movement Attacks with Trellix XDR By Chintan Shah, Maulik Maheta, Ajeeth S · December 13, 2023 Executive summary With Organizations deploying multiple security controls and solutions on their network and endpoints, there is a significant gap in the way threat...