Exposed session token in Honeywell ControlEdge PLC and RTU.

Unencrypted password transmission on the network in Honeywell ControlEdge PLC and RTU.

On June 16th, the Department of Homeland Security and CISA ICS-CERT issued a critical security advisory warning covering multiple newly discovered vulnerabilities affecting... The post Ripple20...

SmokeLoader is a well known bot that is been around since 2011. It’s mainly used to drop other malware families. SmokeLoader has been under development and is constantly changing with multiple...

On 2020-06-19, a research was reported, involving , gaining initial access via Software misconfig, to achieve Resp. disclosure.

In 2019, McAfee Advanced Threat Research (ATR) disclosed a vulnerability in a product called BoxLock. Sometime after this, the CEO... The post My Adventures Hacking the iParcelBox appeared first...

Package delivery is just one of those things we take for granted these days. This is especially true in the... The post What’s in the Box? Part II: Hacking the iParcelBox appeared first on McAfee Blog.

According to Kaspersky ICS CERT data, a number of industrial companies are currently experiencing targeted attacks involving the Snake encryption ransomware.

Kaspersky ICS CERT has identified a series of attacks targeting, among others, organizations in various industrial sectors. Victims include suppliers of equipment and software for industrial enterprises.

EXECUTIVE SUMMARY The RagnarLocker ransomware first appeared in the wild at the end of December 2019 as part of a... The post RagnarLocker Ransomware Threatens to Release Confidential Information...

There are number of ways scammers use to target personal information and, currently, one example is, they are taking advantage... The post OneDrive Phishing Awareness appeared first on McAfee Blog.

Kent and Jordan are back to continue their journey to make the world a better place. This time around, they will be reviewing a series of tools commonly used on […] The post Webcast: A Blue Team’s...

Intro The last few months I’ve been studying Chrome’s v8 internals and exploits with the focus of finding a type confusion bug. The good news is that I found one, so the fuzzing and analysis...

Vulnerabilities that can lead to unsanctioned account access or remote code execution.

Kaspersky ICS CERT has discovered vulnerabilities that may allow threat actors to modify configuration files, execute arbitrary code remotely or access user passwords.

On May 28, 2020, the NSA released a cybersecurity advisory on Russian APT group Sandworm exploiting CVE-2019-10149, a vulnerability in Exim Mail Transfer Agent (MTA) software. An unauthenticated...

Intro Last year I wrote how to weaponize CVE-2018-19204. This blog post will continue and elaborate on the finding and analysis of two additional vulnerabilities that were discovered during the...

Victims included a railway stock manufacturer, an electric utility company and a steel producer. One incident brought operations to a halt

Missing Authentication in Emerson OpenEnterprise SCADA versions before 3.3.4 might lead to arbitrary code execution. The affected components may allow an attacker to run an arbitrary commands with...

Inadequate Encryption Strength in Emerson OpenEnterprise SCADA versions before 3.3.4.

Improper Ownership Management in Emerson OpenEnterprise SCADA versions before 3.3.4.

Introduction This blog describes how McAfee ATP (Adaptive Threat Protection) rules are used within McAfee Endpoint Security products. It will... The post How To Use McAfee ATP to Protect Against...

As part of our preparations for our upcoming RingZer0 “Q Division” Training, I have been working on making a software image for the FriendlyArm NanoPi R1S Single Board Computer (SBC) that we’ll be...

Ransomware protection and incident response is a constant battle for IT, security engineers and analysts under normal circumstances, but with... The post ENS 10.7 Rolls Back the Curtain on...

The COVID-19 pandemic has prompted many companies to enable their employees to work remotely and, in a large number of... The post Cybercriminals Actively Exploiting RDP to Target Remote...

Special thanks to Prajwala Rao, Oliver Devane, Shannon Cole, Ankit Goel and members of Malware Research for their contribution and... The post COVID-19 – Malware Makes Hay During a Pandemic...

PrefaceHey there! After quite some time the second part will be finally published :) !Sorry for the delay, real life can be overwhelming..Last time I have introduced this series by covering Data...

NCSC technical paper about the privacy and security design of the NHS contact tracing app developed to help slow the spread of coronavirus.

Co-authored by Marc RiveroLopez. In collaboration with Northwave As we highlighted previously across two blogs, targeted ransomware attacks have increased... The post Tales From the Trenches; a...

Do security issues associated with working remotely affect critical infrastructure enterprises? Should organizations take additional protective measures? A view of regulators in the area of...