Abstract We introduced the “Royal Road RTF Weaponizer” in our previous blog [1] (and presented at Japan Security Analyst Conference 2020 and CPX 360 CPRCon 2020). Royal Road is a tool shared by...

Inspired by Kevin Backhouse’s great work on finding XNU remote vulnerabilities I decided to spend some time looking at CodeQL and performing some variant analysis. This lead to the discovery of a...

In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s Orion IT monitoring and management... The post How A Device to Cloud Architecture Defends Against...

Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the... The post Additional Analysis into the SUNBURST...

Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s... The post SUNBURST Malware and SolarWinds Supply Chain Compromise...

What seemed to be at first a targeted attack against FireEye, turned out to be a much worse espionage campaign associated with APT29 that the United State has suffered from.The SolarWinds...

Today, we’re announcing a milestone in that journey: a $100M Series A funding round led by Index Ventures, Sequoia Capital, Insight Partners, and Cyberstarts.

The Islamic hacker Ardit Ferizi, who is serving 20 years for giving his support to Islamic State group has been granted compassionate release. Ardit Ferizi, aka Th3Dir3ctorY, is the hacker that...

We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.

Kaspersky ICS CERT experts virtually provided ICS Training for Executives

Kaspersky’s mission incorporates education on all levels, including collaborations with universities. As part of this mission, we have been working with the Deggendorf Institute of Technology...

Much like other events in 2020, our annual internal hackathon took a remote format this year, sporting over 120 hackers from across the globe. We had many challenges available during the...

After rigorous assessment, Kaspersky’s Industrial Systems Emergency Response Team (ICS CERT) has officially joined FIRST – the global Forum of Incident Response and Security Teams.

The European Union Agency for Cybersecurity (ENISA) has published its guidelines for securing the internet of things supply chain. Kaspersky ICS CERT experts were among the contributors to the...

Ciao belli! On the 19th of November 2020, SONY finally released the new PlayStation 5 in the UK. A few days earlier in the US, Japan, and Canada. Of course, Play Station 5 came together with a new...

Attack by Ryuk ransomware disrupts nearly all municipal services in Canadian city of Saint John

On 2020-11-16, a campaign was reported, involving Abcbot operator, gaining initial access via , to achieve Resource hijacking. The following tools were observed: Loggerminer.

When we finally decided on a date, sensecon 2020 was little over a month away. Unlike our public client events, internally sensecon is a three day conference filled with trainings, a hackathon and...

Around the world, companies in every industry rely on our cloud services to run their businesses, and we take that responsibility seriously. That’s why we’re focused on providing industry-leading...

CVSS Score: 9.8 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Overview Microsoft released a patch today for a critical vulnerability (CVE-2020-17051) in the Windows NFSv3...

We have written a lot about SenseCon by now, but there is one more thing we can talk about! In this post I want to detail the Discord bot and associated challenges that we built. We were going to...

Executive Summary It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within... The post Operation North Star: Behind The Scenes appeared first on McAfee Blog.

McAfee’s Advanced Threat Research (ATR) today released research that uncovers previously undiscovered information on how Operation North Star evaluated its... The post Operation North Star:...

The attacks use remote administration utilities whose graphical user interface is hidden by the malware, enabling the attackers to control the infected system without the user’s knowledge.

Something I have found myself doing more and more often is using Exchange Web Services (EWS) to bypass 2FA. I do this so that I could look through mail for accounts I have compromised. The 2FA...

Editor’s note: For retailers, predicting consumers’ desires and demand is the holy grail. For retail IT, the goal is understanding the performance of your ecommerce applications. Here, Japanese...

While the IoT offers tremendous benefits, such as allowing users to monitor their homes or check the contents of their refrigerators remotely, it also presents a significant risk. For hackers,...

As developers we work on source code, but production systems don't run source, they need a runnable thing. Starting many years ago, most enterprises were using Java EE (aka J2EE) and the runnable...

Short-URL services have emerged as a crucial part of the way we use the Internet. With the increasing use of... The post Short-URL Services May Hide Threats appeared first on McAfee Blog.

A smart coffee maker, like other smart appliances, connects to your home network, offering convenience features such as scheduling brew times, remote start, and customization of your coffee...