Editor’s note: An earlier version of this feature originally appeared on Next TV and TV Technology.From the explosion of new programming to the launch of high-profile streaming services, 2020 was...

An information exposure vulnerability exists in PcVue 12, allowing a non-authorized user to access session data of legitimate users.

A Denial of service vulnerability exists in PcVue 12, due to the ability for a non-authorized user to modify information used to validate messages sent by legitimate web clients.

An attacker with network access to the target workstation can send specially crafted packets with serialized data, which may cause remote code execution upon deserialization.

The hacker who shared with the ISIS personal data of more than 1,300 U.S. government and military personnel will remain in a federal prison. Ardit Ferizi, aka Th3Dir3ctorY, is the hacker that...

In Summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018.

This is an update on this previous post on foreign NT hashes where I got things a little wrong by believing the source encoding matters for an NT hash. It doesn’t really, let me show you why. I...

Between July and October 2020, researchers discovered multiple web vulnerabilities affecting Apple’s network, some of which could have allowed exfiltration of AWS access keys.

From June to August, part of the McAfee Advanced Threat Research (ATR) team participated in Microsoft’s Azure Sphere Research Challenge. Our research resulted... The post Our Experiences...

Thanks to a tweet Dominic responded to, I saw someone mention Passing-the-hash when I think they actually meant relay. The terminology can be confusing for sure, however, it made me realise that I...

McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and... The post Securing Space 4.0 – One Small Step or a...

McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and... The post Securing Space 4.0 – One Small Step or a...

The percentage of computers attacked globally is decreasing. At the same time, threats are becoming more localized, more focused, and, as a result, more diverse and sophisticated.

In 2020 ARC Advisory Group on behalf of Kaspersky conducted a survey on the state of industrial cybersecurity, as well as the current priorities and challenges of industrial organizations. More...

A while ago Jonas Lykkegaard disclosed a zeroday that could be used to create files in the SYSTEM folder. CVE-2020-16885 got assigned for this vulnerability, and was since patched with KB4580346....

The end of the year is getting closer, fast, so I figured it was a perfect time to talk about my side project from last year. In this post I want to walk you through setting up a Raspberry Pi as a...

Open Source projects are the building blocks of any software development process. As we indicated in our previous blog, as... The post Vulnerability Discovery in Open Source Libraries: Analyzing...

In Q1 2020 in Europe, Kaspersky products were triggered on 20.4% of ICS computers in the energy sector. A total of 1,485 malware modifications from 633 different families were blocked.

On 2020-08-27, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, targeting Docker to achieve Resource hijacking. The following tools were observed: Cetus.

Background Are you tired of working from home due to COVID? While this is quite a unique situation we find ourselves in, it also provides some fresh opportunities. Lately we have assessed several...

If you’ve ever cracked a hash with hashcat, you’ll know that sometimes it will give you a $HEX[0011223344] style clear. This is done to preserve the raw byte value of the clear when the encoding...

Intro In a U.S. government cyber security advisory released today, the National Security Agency and Federal Bureau of Investigation warn... The post On Drovorub: Linux Kernel Security Best...

Executive Summary Open source has become the foundation for modern software development. Vendors use open source software to stay competitive... The post Vulnerability Discovery in Open Source...

Retired Marine fighter pilot and Top Gun instructor Dave Berke said “Every single thing you do in your life, every... The post Robot Character Analysis Reveals Trust Issues appeared first on McAfee Blog.

Overview As part of our continued goal of helping developers provide safer products for businesses and consumers, we here at... The post Call an Exorcist! My Robot’s Possessed! appeared first on...

Co-authored with Jesse Chick, OSU Senior and Former McAfee Intern, Primary Researcher. Special thanks to Dr. Catherine Huang, McAfee Advanced... The post Dopple-ganging up on Facial Recognition...

This document has been prepared by McAfee Advanced Threat Research in collaboration with JSOF who discovered and responsibly disclosed the... The post Ripple20 Critical Vulnerabilities – Detection...

This is a summary of our BlackHat USA 2020 talk. Introduction On some of our engagements, Szymon and I found ourselves on various networks vulnerable to; insecure, misconfigured, and often...

Building Adaptable Security Architecture Against NetWalker NetWalker Overview The NetWalker ransomware, initially known as Mailto, was first detected in August... The post McAfee Defender’s Blog:...

Executive Summary The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were... The post Take a “NetWalk” on the Wild Side appeared first...