Babuk Ransomware

ARCHIVED STORY Babuk Ransomware By Alexandre Mundo · February 23, 2021 Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises, with one already paying the criminals $85,000 after negotiations. As with other variants, this...

Babuk Ransomware

ARCHIVED STORY Babuk Ransomware By Alexandre Mundo · February 23, 2021 Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises, with one already paying the criminals $85,000 after negotiations. As with other variants, this...

Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use | McAfee Blogs

Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use Steve Povolny · FEB 18, 2021 On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc. As we disclosed the findings to Agora in April 2020, this...

Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use | McAfee Blogs

Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use Steve Povolny · FEB 18, 2021 On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc. As we disclosed the findings to Agora in April 2020, this...

ATR Team Finds Vulnerability in Agora Video SDK

ARCHIVED STORY Don’t Call Us We’ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK Douglas McKee · FEB 17, 2021 The McAfee Advanced Threat Research ATR team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesse...

ATR Team Finds Vulnerability in Agora Video SDK

ARCHIVED STORY Don’t Call Us We’ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK Douglas McKee · FEB 17, 2021 The McAfee Advanced Threat Research ATR team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesse...

Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows' Network Stack | McAfee Blogs

ARCHIVED STORY Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows’ Network Stack Steve Povolny · FEB 09, 2021 The concept of a trail of breadcrumbs in the offensive security community is nothing new; for many years, researchers on both sides of the ethical spectrum have...

Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows' Network Stack | McAfee Blogs

ARCHIVED STORY Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows’ Network Stack Steve Povolny · FEB 09, 2021 The concept of a trail of breadcrumbs in the offensive security community is nothing new; for many years, researchers on both sides of the ethical spectrum have...

Additional Analysis into the SUNBURST Backdoor | McAfee Blogs

ARCHIVED STORY Additional Analysis into the SUNBURST Backdoor Christiaan Beek · DEC 17, 2020 Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoC...

Additional Analysis into the SUNBURST Backdoor | McAfee Blogs

ARCHIVED STORY Additional Analysis into the SUNBURST Backdoor Christiaan Beek · DEC 17, 2020 Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoC...

Operation North Star: Behind The Scenes | McAfee Blogs

ARCHIVED STORY Operation North Star: Behind The Scenes Christiaan Beek · NOV 05, 2020 Executive Summary It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within the digital realm. The only transparency afforded is a limited view of victims, a malware...

Operation North Star: Behind The Scenes | McAfee Blogs

ARCHIVED STORY Operation North Star: Behind The Scenes Christiaan Beek · NOV 05, 2020 Executive Summary It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within the digital realm. The only transparency afforded is a limited view of victims, a malware...

Operation North Star: Summary Of Our Latest Analysis | McAfee Blogs

Operation North Star: Summary Of Our Latest Analysis By Trellix · NOV 05, 2020 McAfee’s Advanced Threat Research ATR today released research that uncovers previously undiscovered information on how Operation North Star evaluated its prospective victims and launched attacks on organizations in...

Operation North Star: Summary Of Our Latest Analysis | McAfee Blogs

Operation North Star: Summary Of Our Latest Analysis By Trellix · NOV 05, 2020 McAfee’s Advanced Threat Research ATR today released research that uncovers previously undiscovered information on how Operation North Star evaluated its prospective victims and launched attacks on organizations in...

CVE-2020-16898: Bad Neighbor | McAfee Blogs

ARCHIVED STORY CVE-2020-16898: “Bad Neighbor” Steve Povolny · OCT 13, 2020 CVE-2020-16898: “Bad Neighbor” CVSS Score: 8.8 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Overview Today, Microsoft announced a critical vulnerability in the Windows IPv6 stack, which allows an...

CVE-2020-16898: Bad Neighbor | McAfee Blogs

ARCHIVED STORY CVE-2020-16898: “Bad Neighbor” Steve Povolny · OCT 13, 2020 CVE-2020-16898: “Bad Neighbor” CVSS Score: 8.8 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Overview Today, Microsoft announced a critical vulnerability in the Windows IPv6 stack, which allows an...

Securing Space 4.0 – One Small Step or a Giant Leap? - Part 1

ARCHIVED STORY Securing Space 4.0 – One Small Step or a Giant Leap? - Part 1 By Eoin Carroll · September 30, 2020 McAfee Advanced Threat Research ATR is collaborating with Cork Institute of Technology CIT and its Blackrock Castle Observatory BCO and the National Space Center NSC in Cork, Ireland...

Securing Space 4.0 – One Small Step or a Giant Leap? - Part 2

ARCHIVED STORY Securing Space 4.0 – One Small Step or a Giant Leap? Part 2 By Eoin Carroll · September 30, 2020 McAfee Advanced Threat Research ATR is collaborating with Cork Institute of Technology CIT and its Blackrock Castle Observatory BCO and the National Space Center in Cork, Ireland. In th...

Securing Space 4.0 – One Small Step or a Giant Leap? - Part 1

ARCHIVED STORY Securing Space 4.0 – One Small Step or a Giant Leap? - Part 1 By Eoin Carroll · September 30, 2020 McAfee Advanced Threat Research ATR is collaborating with Cork Institute of Technology CIT and its Blackrock Castle Observatory BCO and the National Space Center NSC in Cork, Ireland...

Securing Space 4.0 – One Small Step or a Giant Leap? - Part 2

ARCHIVED STORY Securing Space 4.0 – One Small Step or a Giant Leap? Part 2 By Eoin Carroll · September 30, 2020 McAfee Advanced Threat Research ATR is collaborating with Cork Institute of Technology CIT and its Blackrock Castle Observatory BCO and the National Space Center in Cork, Ireland. In th...

Dopple-Ganging Up on Facial Recognition

ARCHIVED STORY Dopple-ganging up on Facial Recognition Systems By Steve Povolny · August 25, 2020 Co-authored with Jesse Chick, OSU Senior and Former McAfee Intern, Primary Researcher. Special thanks to Dr. Catherine Huang, McAfee Advanced Analytics Team Special thanks to Kyle Baldes, Former McAf...

Dopple-Ganging Up on Facial Recognition

ARCHIVED STORY Dopple-ganging up on Facial Recognition Systems By Steve Povolny · August 25, 2020 Co-authored with Jesse Chick, OSU Senior and Former McAfee Intern, Primary Researcher. Special thanks to Dr. Catherine Huang, McAfee Advanced Analytics Team Special thanks to Kyle Baldes, Former McAf...

‘Insight’ into Home Automation Reveals Vulnerability in Simple IoT Product

ARCHIVED STORY ‘Insight’ into Home Automation Reveals Vulnerability in Simple IoT Product By Douglas McKee · August 18, 2020 Eoin Carroll, Charles McFarland, Kevin McGrath, and Mark Bereza contributed to this report. The Internet of Things promises to make our lives easier. Want to remotely turn...

‘Insight’ into Home Automation Reveals Vulnerability in Simple IoT Product

ARCHIVED STORY ‘Insight’ into Home Automation Reveals Vulnerability in Simple IoT Product By Douglas McKee · August 18, 2020 Eoin Carroll, Charles McFarland, Kevin McGrath, and Mark Bereza contributed to this report. The Internet of Things promises to make our lives easier. Want to remotely turn...

On Drovorub: Linux Kernel Security Best Practices | McAfee Blogs

ARCHIVED STORY On Drovorub: Linux Kernel Security Best Practices By ATR Operational Intelligence Team/b · AUG 13, 2020 Intro In a U.S. government cyber security advisory released today, the National Security Agency and Federal Bureau of Investigation warn of a previously undisclosed piece of Linu...

On Drovorub: Linux Kernel Security Best Practices | McAfee Blogs

ARCHIVED STORY On Drovorub: Linux Kernel Security Best Practices By ATR Operational Intelligence Team/b · AUG 13, 2020 Intro In a U.S. government cyber security advisory released today, the National Security Agency and Federal Bureau of Investigation warn of a previously undisclosed piece of Linu...

Ripple20 Critical Vulnerabilities – Detection Logic and Signatures

ARCHIVED STORY Ripple20 Critical Vulnerabilities – Detection Logic and Signatures By Steve Povolny · August 05, 2020 This document has been prepared by McAfee Advanced Threat Research in collaboration with JSOF who discovered and responsibly disclosed the vulnerabilities. It is intended to serve ...

Call an Exorcist! My Robot! My Robot's Possessed!

ARCHIVED STORY Call an Exorcist! My Robot’s Possessed! By Mark Bereza · AUG 05, 2020 · 69 MIN READ Overview As part of our continued goal of helping developers provide safer products for businesses and consumers, we here at McAfee Advanced Threat Research ATR recently investigated temi, a...

Ripple20 Critical Vulnerabilities – Detection Logic and Signatures

ARCHIVED STORY Ripple20 Critical Vulnerabilities – Detection Logic and Signatures By Steve Povolny · August 05, 2020 This document has been prepared by McAfee Advanced Threat Research in collaboration with JSOF who discovered and responsibly disclosed the vulnerabilities. It is intended to serve ...

Call an Exorcist! My Robot! My Robot's Possessed!

ARCHIVED STORY Call an Exorcist! My Robot’s Possessed! By Mark Bereza · AUG 05, 2020 · 69 MIN READ Overview As part of our continued goal of helping developers provide safer products for businesses and consumers, we here at McAfee Advanced Threat Research ATR recently investigated temi , a...

Robot Character Analysis Reveals Trust Issues

ARCHIVED STORY Robot Character Analysis Reveals Trust Issues By Douglas McKee · August 05, 2020 Retired Marine fighter pilot and Top Gun instructor Dave Berke said “Every single thing you do in your life, every decision you make, is an OODA Loop.” OODA Loop? Observe–Orient–Decide–Act, the “OODA...

Robot Character Analysis Reveals Trust Issues

ARCHIVED STORY Robot Character Analysis Reveals Trust Issues By Douglas McKee · August 05, 2020 Retired Marine fighter pilot and Top Gun instructor Dave Berke said “Every single thing you do in your life, every decision you make, is an OODA Loop.” OODA Loop? Observe–Orient–Decide–Act, the “OODA...

Take a "NetWalk" on the Wild Side

ARCHIVED STORY Take a “NetWalk” on the Wild Side ATR Operational Intelligence Team · AUG 03, 2020 · 25 MIN READ Executive Summary The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were discovered throughout 2019 and the beginning of...

Take a "NetWalk" on the Wild Side

ARCHIVED STORY Take a “NetWalk” on the Wild Side ATR Operational Intelligence Team · AUG 03, 2020 · 25 MIN READ Executive Summary The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were discovered throughout 2019 and the beginning of...

Six Hundred Million Reasons to Celebrate: No More Ransom Turns FOUR!!

ARCHIVED STORY Six Hundred Million Reasons to Celebrate: No More Ransom Turns FOUR!! By John Fokker · July 27, 2020 Happy Birthday! Today we mark the fourth anniversary of the NoMoreRansom initiative with over 4.2 million visitors, from 188 countries, stopping an estimated $632 million in ransom...

Six Hundred Million Reasons to Celebrate: No More Ransom Turns FOUR!!

ARCHIVED STORY Six Hundred Million Reasons to Celebrate: No More Ransom Turns FOUR!! By John Fokker · July 27, 2020 Happy Birthday! Today we mark the fourth anniversary of the NoMoreRansom initiative with over 4.2 million visitors, from 188 countries, stopping an estimated $632 million in ransom...

Ripple20 Vulnerability Mitigation Best Practices

ARCHIVED STORY Ripple20 Vulnerability Mitigation Best Practices By Kevin McGrath · June 22, 2020 On June 16th, the Department of Homeland Security and CISA ICS-CERT issued a critical security advisory warning covering multiple newly discovered vulnerabilities affecting Internet-connected devices...

Ripple20 Vulnerability Mitigation Best Practices

ARCHIVED STORY Ripple20 Vulnerability Mitigation Best Practices By Kevin McGrath · June 22, 2020 On June 16th, the Department of Homeland Security and CISA ICS-CERT issued a critical security advisory warning covering multiple newly discovered vulnerabilities affecting Internet-connected devices...

What’s in the Box? Part II: Hacking the iParcelBox

ARCHIVED STORY What’s in the Box? Part II: Hacking the iParcelBox By Steve Povolny · June 18, 2020 Package delivery is just one of those things we take for granted these days. This is especially true in the age of Coronavirus, where e-commerce and at-home deliveries make up a growing portion of...

My Adventures Hacking the iParcelBox

ARCHIVED STORY My Adventures Hacking the iParcelBox By Sam Quinn · June 18, 2020 In 2019, McAfee Advanced Threat Research ATR disclosed a vulnerability in a product called BoxLock. Sometime after this, the CEO of iParcelBox, a U.K. company, reached out to us and offered to send a few of their...

My Adventures Hacking the iParcelBox

ARCHIVED STORY My Adventures Hacking the iParcelBox By Sam Quinn · June 18, 2020 In 2019, McAfee Advanced Threat Research ATR disclosed a vulnerability in a product called BoxLock. Sometime after this, the CEO of iParcelBox, a U.K. company, reached out to us and offered to send a few of their...

What’s in the Box? Part II: Hacking the iParcelBox

ARCHIVED STORY What’s in the Box? Part II: Hacking the iParcelBox By Steve Povolny · June 18, 2020 Package delivery is just one of those things we take for granted these days. This is especially true in the age of Coronavirus, where e-commerce and at-home deliveries make up a growing portion of...

CurveBall – An Unimaginative Pun but a Devastating Bug

ARCHIVED STORY CurveBall – An Unimaginative Pun but a Devastating Bug By Steve Povolny · June 17, 2020 Enterprise customers looking for information on defending against Curveball can find information here. 2020 came in with a bang this year, and it wasn’t from the record-setting number of firewor...

CurveBall – An Unimaginative Pun but a Devastating Bug

ARCHIVED STORY CurveBall – An Unimaginative Pun but a Devastating Bug By Steve Povolny · June 17, 2020 Enterprise customers looking for information on defending against Curveball can find information here. 2020 came in with a bang this year, and it wasn’t from the record-setting number of firewor...

RagnarLocker Ransomware Threatens to Release Confidential Information | McAfee Blogs

ARCHIVED STORY RagnarLocker Ransomware Threatens to Release Confidential Information Alexandre Mundo · JUN 09, 2020 EXECUTIVE SUMMARY The RagnarLocker ransomware first appeared in the wild at the end of December 2019 as part of a campaign against compromised networks targeted by its operators. Th...

RagnarLocker Ransomware Threatens to Release Confidential Information | McAfee Blogs

ARCHIVED STORY RagnarLocker Ransomware Threatens to Release Confidential Information Alexandre Mundo · JUN 09, 2020 EXECUTIVE SUMMARY The RagnarLocker ransomware first appeared in the wild at the end of December 2019 as part of a campaign against compromised networks targeted by its operators. Th...

Tales From the Trenches; a Lockbit Ransomware Story

ARCHIVED STORY Tales From the Trenches; a Lockbit Ransomware Story By ATR Operational Intelligence Team · APR 30, 2020 Co-authored by Marc RiveroLopez. In collaboration with Northwave As we highlighted previously across two blogs, targeted ransomware attacks have increased massively over the past...

Tales From the Trenches; a Lockbit Ransomware Story

ARCHIVED STORY Tales From the Trenches; a Lockbit Ransomware Story By ATR Operational Intelligence Team · APR 30, 2020 Co-authored by Marc RiveroLopez. In collaboration with Northwave As we highlighted previously across two blogs, targeted ransomware attacks have increased massively over the past...

Ransomware Maze

ARCHIVED STORY Ransomware Maze Alexandre Mundo · MAR 26, 2020 Overview The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura1. The main goal of the ransomware is to crypt all files that it can in an infected system and...

Ransomware Maze

ARCHIVED STORY Ransomware Maze Alexandre Mundo · MAR 26, 2020 Overview The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura1. The main goal of the ransomware is to crypt all files that it can in an infected system and...