HackDig : Dig high-quality web security articles for hackers

Babuk Ransomware

Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises, with one already paying the criminals $85,000 after negotiations. As with other variants, this ransomware is deployed in the network of enterprises that the criminals carefully target and compromise. Using MVISION Insights, McAfee
Publish At:2021-02-24 05:47 | Read:74 | Comments:0 | Tags:McAfee Labs ransomware

Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use

On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc.  As we disclosed the findings to Agora in April 2020, this lengthy disclosure timeline represents a nonstandard process for McAfee but was a joint agreement with the vendor to allow sufficient time for the development
Publish At:2021-02-19 00:59 | Read:103 | Comments:0 | Tags:McAfee Labs

Vulnerability Discovery in Open Source Libraries: Analyzing CVE-2020-11863

Open Source projects are the building blocks of any software development process. As we indicated in our previous blog, as more and more products use open source code, the increase in the overall attack surface is inevitable, especially when open source code is not audited before use. Hence it is recommended to thoroughly test it for potential vulnerabilitie
Publish At:2021-02-18 21:07 | Read:101 | Comments:0 | Tags:McAfee Labs Vulnerability

Securing Space 4.0 – One Small Step or a Giant Leap? Part 1

McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and the National Space Center (NSC) in Cork, Ireland The essence of Space 4.0 is the introduction of smaller, cheaper, faster-to-the-market satellites in low-earth-orbit into the value chain and the exploitation of the da
Publish At:2021-02-18 21:06 | Read:102 | Comments:0 | Tags:McAfee Labs

Our Experiences Participating in Microsoft’s Azure Sphere Bounty Program

From June to August, part of the McAfee Advanced Threat Research (ATR) team participated in Microsoft’s Azure Sphere Research Challenge.  Our research resulted in reporting multiple vulnerabilities classified by Microsoft as “important” or “critical” in the platform that, to date, have qualified for over $160,000 USD in bounty awards scheduled to be contribu
Publish At:2021-02-18 21:06 | Read:20 | Comments:0 | Tags:McAfee Labs

CVE-2020-16898: “Bad Neighbor”

CVE-2020-16898: “Bad Neighbor” CVSS Score: 8.8 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Overview Today, Microsoft announced a critical vulnerability in the Windows IPv6 stack, which allows an attacker to send maliciously crafted packets to potentially execute arbitrary code on a remote system. The proof-of-concept shared with MAPP (
Publish At:2021-02-18 21:06 | Read:23 | Comments:0 | Tags:McAfee Labs

McAfee Labs Report Reveals Continuing Surge of COVID-19 Threats and Malware

The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: November 2020. In this edition, we follow our preceding McAfee Labs COVID-19 Threats Report with more research and data designed to help you better protect your enterprise’s productivity and viability during challenging times. What a year so far! The first quarter of 202
Publish At:2021-02-18 21:06 | Read:48 | Comments:0 | Tags:McAfee Labs

Operation North Star: Summary Of Our Latest Analysis

McAfee’s Advanced Threat Research (ATR) today released research that uncovers previously undiscovered information on how Operation North Star evaluated its prospective victims and launched attacks on organizations in Australia, India, Israel and Russia, including defense contractors based in India and Russia. McAfee’s initial research into Operation North St
Publish At:2021-02-18 21:06 | Read:97 | Comments:0 | Tags:McAfee Labs

Operation North Star: Behind The Scenes

Executive Summary It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within the digital realm. The only transparency afforded is a limited view of victims, a malware sample, and perhaps the IP addresses of historical command and control (C2) infrastructure. The Operation North Star campaign we detailed earlier this
Publish At:2021-02-18 21:06 | Read:42 | Comments:0 | Tags:McAfee Labs

CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server

CVSS Score: 9.8  Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C  Overview  Microsoft released a patch today for a critical vulnerability (CVE-2020-17051) in the Windows NFSv3 (Network File System) server. NFS is typically used in heterogenous environments of Windows and Unix/Linux for file sharing. The vulnerability can be reproduced to c
Publish At:2021-02-18 21:06 | Read:13 | Comments:0 | Tags:McAfee Labs

SUNBURST Malware and SolarWinds Supply Chain Compromise

Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s Orion IT monitoring and management software with a trojanized version of SoalrWinds.Orion.Core.BusinessLayer.dll. The trojanized file delivers the SUNBURST malware through a backdoor as part of a digitally-signed Windows Installer Patch.
Publish At:2021-02-18 21:06 | Read:74 | Comments:0 | Tags:McAfee Labs

Additional Analysis into the SUNBURST Backdoor

Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoCs associated with the Sunburst trojan, the focus within the Advanced Threat Research (ATR) team has been to determine the possibility of additional persiste
Publish At:2021-02-18 21:06 | Read:85 | Comments:0 | Tags:McAfee Labs

How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise

In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s Orion IT monitoring and management software with a trojanized version of SoalrWinds.Orion.Core.BusinessLayer.dll delivered as part of a digitally-signed Windows Installer Patch. The trojanized file delivers a backdoor, dubbed SUNBURST by FireEye (and Solorigate
Publish At:2021-02-18 21:06 | Read:82 | Comments:0 | Tags:McAfee Labs Cloud

2021 Threat Predictions Report

The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector – the supply chain – that will continue to be exploited. The ever-increasing use of connected devices, apps and web services in our homes will also make us more susceptible to digital home break-ins. This threat is compounded
Publish At:2021-02-18 21:06 | Read:7 | Comments:0 | Tags:McAfee Labs

A Year in Review: Threat Landscape for 2020

As we gratefully move forward into the year 2021, we have to recognise that 2020 was as tumultuous in the digital realm as it has in the physical world. From low level fraudsters leveraging the pandemic as a vehicle to trick victims into parting with money for non-existent PPE, to more capable actors using malware that has considerably less prevalence in tar
Publish At:2021-02-18 21:06 | Read:17 | Comments:0 | Tags:McAfee Labs

Tools

Tag Cloud