608 matches found
White House Executive Order – Navigating EDR Implementation
White House Executive Order – Navigating Endpoint Detection and Response EDR Implementation Tom Gann · March 08, 2022 This is the fourth in a series of blogs on the Biden Administration’s Executive Order EO on Improving the Nation’s Cybersecurity. I encourage you to read those you may have missed...
Validate the Efficacy of your Endpoint Security Controls Continuously with Breach and Attack Simulations
Validate the efficacy of your Endpoint Security controls continuously with Breach and Attack Simulations By Nicolas Stricher, Trellix XDR solution Architect, EMEA and Doron RosenbergTrellix Senior Sales Engineer, Israel · March 4, 2022 Efficacy of Trellix Endpoint Security At Trellix we are proud...
My Adventures Hacking the iParcelBox
ARCHIVED STORY My Adventures Hacking the iParcelBox By Sam Quinn · June 18, 2020 In 2019, McAfee Advanced Threat Research ATR disclosed a vulnerability in a product called BoxLock. Sometime after this, the CEO of iParcelBox, a U.K. company, reached out to us and offered to send a few of their...
Ransomware Maze
ARCHIVED STORY Ransomware Maze Alexandre Mundo · MAR 26, 2020 Overview The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura1. The main goal of the ransomware is to crypt all files that it can in an infected system and...
Industrial Security Featuring Delta's enteliBUS Manager
ARCHIVED STORY From Building Control to Damage Control: A Case Study in Industrial Security Featuring Delta's enteliBUS Manager By Mark Bereza · August 09, 2019 Management. Control. It seems that you can’t stick five people in a room together without one of them trying to order the others around...
Clop Ransomware
ARCHIVED STORY Clop Ransomware Alexandre Mundo · AUG 01, 2019 This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This blog will explain the technical details and share information about how this new ransomware family is working. There a...
DDoS Attacks in the Netherlands Reveal Teen Gamers on Troublesome Path
ARCHIVED STORY DDoS Attacks in the Netherlands Reveal Teen Gamers on Troublesome Path By John Fokker · Febraury 22, 2018 At the end of January, the Netherlands was plagued by distributed denial of service DDoS attacks targeting various financial institutions, tech sites, and the Dutch tax...
McAfee Labs Advanced Threat Research Aids Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker
ARCHIVED STORY McAfee Labs Advanced Threat Research Aids Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker By Trellix · December 20, 2017 In our recent research, we interviewed the actors behind ransomware campaigns. One of the interesting findings was cybercriminals seemed to...
‘Popcorn Time’ Ransomware Sure to Cause Indigestion
ARCHIVED STORY ‘Popcorn Time’ Ransomware Sure to Cause Indigestion By Tim Hux · December 19, 2016 In early December the new ransomware “Popcorn Time” was discovered. It gives the victim the option of paying the ransom or infecting two other individuals and getting them to pay. “Popcorn Time” is a...
Analysis of Black Basta Ransomware Chat Leaks
Analysis of Black Basta Ransomware Chat Leaks By Jambul Tologonov and John Fokker · March 18, 2025 Introduction On Feb 11, 2025 a Telegram user @ExploitWhispers shared via their Telegram channel ‘shopotbasta’ EN: ‘basta whisper’ Black Basta RaaS Ransomware as a Service Matrix chat leaks containin...
Handala’s Wiper Targets Israel
Handala’s Wiper Targets Israel By Tomer Shloman · July 26, 2024 This blog was also written by Mathanraj Thangaraju and Max Kersten CrowdStrike’s Falcon agent caused downtime for millions of computers across the globe beginning July 19. This event caused panic and chaos, which threat actors quickl...
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...
ICYMI: Emotet Reappeared Early This Year, Unfortunately
ICYMI: Emotet Reappeared Early This Year, Unfortunately By Adithya Chandra, Joao Marques, and Raghav Kapoor · September 1, 2023 Executive Summary Emotet first appeared in 2014 and continues to be a dangerous and resilient malware, despite attempts by law enforcement agencies to take it down in...
Feeding Gophers to Ghidra
Feeding Gophers to Ghidra By Trellix · June 6, 2023 This blog was written by Max Kersten The scripts discussed in the article are based on the magnificent work ofDorka Palotay from CUJOai. Golang malware is becoming increasingly prevalent, requiring analysts to know how to effectively analyze the...
Evolution of BazarCall Social Engineering Tactics
Evolution of BazarCall Social Engineering Tactics By Daksh Kapur · October 6, 2022 What is BazarCall? As nicely defined in this article by Microsoft: BazarCall campaigns forgo malicious links or attachments in email messages in favor of phone numbers that recipients are misled into calling. It’s ...
Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan
Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan By Anne An · September 29, 2022 Preface U.S. House Speaker Nancy Pelosi’s visit to Taiwan led to an aftershock across the Taiwan Strait and through the Asia Pacific region. Immediately after Pelosi’s...
Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan
Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan By Anne An · September 29, 2022 Preface U.S. House Speaker Nancy Pelosi’s visit to Taiwan led to an aftershock across the Taiwan Strait and through the Asia Pacific region. Immediately after Pelosi’s...
Targeted attack on Government Agencies
Targeted Attack on Government Agencies By Sushant Kumar Arya, Mohsin Dalla · July 13, 2022 Executive summary The Trellix Email Security Research Team has discovered a malicious campaign targeting government agencies of Afghanistan, India, Italy, Poland, and the United States since 2021. The attac...
Five Eyes Alliance Advisory & Using Threat Intelligence
Trellix Global Defenders: Five Eyes Alliance Advisory and Using Threat Intelligence to Protect Against Future Attacks By Taylor Mullins · May 6, 2022 Evolving intelligence continues to indicate that the Russian government is exploring options to launch cyberattacks in retaliation against...
Get To Know John Fokker
Meet John Fokker Head of Cyber Investigations for Trellix Threat Labs By Michael Alicea · April 28, 2022 At Trellix, we celebrate and champion our people. This week, I sat down with John Fokker, Head of Cyber Investigations for Trellix Threat Labs and one of the leading cybersecurity experts in t...
Digging into HermeticWiper
Digging into HermeticWiper By Max Kersten · March 2, 2022 A special thanks to Marc Elias for his help during my analysis. Additionally, I’d like to commend all researchers who have publicly shared their initial findings to help incident response teams; I hope this deep dive contributes to a furth...
Trellix Launches Annual CTF Competition – Catmen Sanfrancisco!
Trellix Launches Annual CTF Competition – Catmen Sanfrancisco! By Trellix · February 1, 2022 This story was written by Steve Povolny. The Advanced Threat Research team, now with Trellix, is pleased to announce the return of our second annual Capture the Flag contest featuring 12 new challenges of...
Trellix Threat Report: Log4j Attack, Ransomware & APT Threats
Trellix Threat Report: Log4j Attack, Ransomware & APT Threats By Trellix · January 31, 2022 This story was written by Raj Samani. Ransomware continues to threaten enterprises and assets around the globe, but it was the discovery of a new vulnerability affecting widely used Log4j library that...
Detecting Credential Stealing Attacks Through Active In-Network Defense
ARCHIVED STORY Detecting Credential Stealing Attacks Through Active In-Network Defense By Trellix · September 22, 2021 This blog was written by Chintan Shah Executive Summary Today, enterprises tend to use multiple layers of security defenses, ranging from perimeter defense on network entry point...
A New Program for Your Peloton – Whether You Like It or Not | McAfee Blogs
ARCHIVED STORY A New Program for Your Peloton – Whether You Like It or Not Sam Quinn · JUN 15, 2021 Executive Summary For those that are not familiar with Peloton, it is a brand that has combined high end exercise equipment with cutting-edge technology. Its products are equipped with a large tabl...
ATR Team Finds Vulnerability in Agora Video SDK
ARCHIVED STORY Don’t Call Us We’ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK Douglas McKee · FEB 17, 2021 The McAfee Advanced Threat Research ATR team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesse...
Securing Space 4.0 – One Small Step or a Giant Leap? - Part 2
ARCHIVED STORY Securing Space 4.0 – One Small Step or a Giant Leap? Part 2 By Eoin Carroll · September 30, 2020 McAfee Advanced Threat Research ATR is collaborating with Cork Institute of Technology CIT and its Blackrock Castle Observatory BCO and the National Space Center in Cork, Ireland. In th...
We Be Jammin’ – Bypassing Chamberlain myQ Garage Doors
ARCHIVED STORY We Be Jammin’ – Bypassing Chamberlain myQ Garage Doors Sam Quinn · JAN 06, 2020 The idea of controlling your garage door remotely and verifying that everything is secure at home, or having packages delivered directly into your garage is enticing for many people. The convenience tha...
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - The All-Stars | McAfee Blogs
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – The All-Stars John Fokker · OCT 02, 2019 Episode 2: The All-Stars Analyzing Affiliate Structures in Ransomware-as-a-Service Campaigns This is the second installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi...
HVACking: Understanding the Delta Between Security and Reality
ARCHIVED STORY HVACking: Understanding the Delta Between Security and Reality By Douglas McKee · August 09, 2019 The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and...
McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder
ARCHIVED STORY McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder By John Fokker · July 16, 2019 Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an invoice, a cybercriminal sender tries to entice a...
IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?
ARCHIVED STORY IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? By Steve Povolny · April 18, 2019 Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we...
IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?
ARCHIVED STORY IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? By Steve Povolny · April 18, 2019 Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we...
Your Smart Coffee Maker is Brewing Up Trouble
ARCHIVED STORY Your Smart Coffee Maker is Brewing Up Trouble By Sam Quinn · Febraury 25, 2019 IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster...
The Bug Report - October 2025 Edition
The Bug Report – October 2025 Edition By Jonathan Omakun · October 31, 2025 Why am I here? Welcome to October's cybersecurity horror show, where the tricks are malicious and the treats are... Well, there aren't any treats. Just vulnerabilities that would make even the most seasoned security...
XWorm V6: Exploring Pivotal Plugins
XWorm V6: Exploring Pivotal Plugins By Niranjan Hegde and Sijo Jacob · October 2, 2025 Introduction In the constantly evolving world of cyber threats, staying informed is not just an advantage; it's a necessity. First observed in 2022, XWorm quickly gained notoriety as a highly effective malware,...
Dark Web Roast - August 2025 Edition
Dark Web Roast - August 2025 Edition By Trellix Advanced Research Center · September 18, 2025 Executive Summary August 2025 delivered a masterclass in cybercriminal incompetence that would make amateur hour look professional. From racist social engineering recruiters who prioritize race over actu...
ToolShell Unleashed: Decoding the SharePoint Attack Chain
ToolShell Unleashed: Decoding the SharePoint Attack Chain By Akhil Reddy, Aniket Choukde, Aparna Aripirala, Satyajit Daulaguphu and Yadunadh · September 4, 2025 Introduction A wave of active exploitation is targeting recently disclosed vulnerabilities in Microsoft SharePoint Server CVE-2025-49704...
A Comprehensive Analysis of HijackLoader and its Infection Chain
A Comprehensive Analysis of HijackLoader and Its Infection Chain By Ryan Weil · August 14, 2025 Initial contact Dodi Repacks is a website that distributes pirated games. The site is listed as safe/trusted on various piracy forums, and users say that "as long as you have an adblocker installed suc...
Hacktivist Groups: The Shadowy Links to Nation-State Agendas
Hacktivist Groups: The Shadowy Links to Nation-State Agendas By Ernesto Fernández Provecho · December 16, 2024 Introduction Hacktivism, the intersection of hacking and activism, has emerged as a potent force in the digital age. It involves using technology to achieve social or political goals,...
Saints Turned Evil
Saints Turned Evil By Daksh Kapur and Rohan Shah · January 2, 2024 This blog was also written by Sushant Kumar Arya Attribution at the Bottom As technology advances, attackers are constantly developing new evasion mechanisms to bypass security products and stay one step ahead of security vendors...
Rhysida Ransomware
Rhysida Ransomware By Leandro Velasco · October 9, 2023 This blog was also written by Alexandre Mundo and Max Kersten New ransomware victims are made every day by ransom gangs with a variety of ransomware malware families, one of which is the Rhysida ransomware family. Within this blog, an...
Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat
Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat By Trellix Advanced Research Center · August 28, 2023 Introduction Ransomware, a malicious software that encrypts valuable data and demands a ransom for its release, has a notorious history marked by its evolution fro...
China-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan
China-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan By Daksh Kapur, Leandro Velasco · May 17, 2023 Figure 1 image from freepik.com “In the past few years, we noticed that geopolitical conflicts are one of the main drivers for cyber-attacks on a variety of industries and institutions...
ChatGPT: A tool for offensive cyber operations?! Not so fast!
ChatGPT: A tool for offensive cyber operations?! Not so fast! By Trellix · March 09, 2023 This story was also written by John Rodriguez. To ChatGPT or to not ChatGPT? That is a predominant question in the cyber landscape these days. It’s no surprise that AI bots have taken society by storm. On th...
Cybercrime Takes Advantage of 2023-Recession with Job-Themed Scams
Cybercrime Takes Advantage of 2023 Recession with Job-Themed Scams By Daksh Kapur · February 28, 2023 Figure 1 image from freepik.com and flaticon.com The current economic climate globally is grim because of the ongoing recession. In this environment, job-themed emails have become a prime target...
Get to Know Patrick Flynn
Meet Patrick Flynn Head of Advanced Programs Group at Trellix Threat Labs By Trellix · May 24, 2022 This blog was written by Michael Alicea At Trellix, we celebrate and champion our people. This week, I sat down with Pat Flynn, Head of Advanced Programs Group for Trellix Threat Labs. His job is a...
Five Eyes Alliance Advisory & Using Threat Intelligence
Trellix Global Defenders: Five Eyes Alliance Advisory and Using Threat Intelligence to Protect Against Future Attacks By Taylor Mullins · May 6, 2022 Evolving intelligence continues to indicate that the Russian government is exploring options to launch cyberattacks in retaliation against...
The Hermit Kingdom’s Ransomware Play
The Hermit Kingdom’s Ransomware play By Trellix · May 3, 2022 With a special thanks to @ValidHorizon who helped and shared information In February 2016, news broke about what is now known as the ‘Bangladesh Bank Heist’. Hackers attempted to transfer nearly one billion USD through the SWIFT system...
Executive Summary: Organizations and Nation-State Cyber Threats
Executive Summary: Organizations and Nation-State Cyber Threats By John Fokker · March 28, 2022 Traditionally when we talk about threat actors, we first need to make the split between cybercrime and nation-state sponsored operations. Where cybercrime is mostly focused on financial gain,...