The year three report covers 2019 and aims to highlight the achievements and efforts made by the Active Cyber Defence programe.
On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora,... The post Beyond Clubhouse: Vulnerable Agora SDKs Still...
The McAfee Advanced Threat Research (ATR) team is committed to uncovering security issues in both software and hardware to help... The post Don’t Call Us We’ll Call You: McAfee ATR Finds...
The concept of a trail of breadcrumbs in the offensive security community is nothing new; for many years, researchers on... The post Researchers Follow the Breadcrumbs: The Latest Vulnerabilities...
The vendor has published an advisory on vulnerabilities in multifunctional gateway devices designed to integrate different types of sensors and PLCs into industrial environments
On 2021-02-09, a research was reported, involving , gaining initial access via Supply chain vector, while using Package dependency confusion, to achieve None.
On 2021-02-09, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, while using Escape to host via cgroups release_agent, targeting Docker to achieve...
Years ago I learnt docker basics because I just couldn’t get that $ruby_tool to install. The bits of progress I’d make usually left my host’s ruby install in shambles. With docker though, I had...
Vulnerabilities have been identified in the IPv6 component in the Treck TCP/IP stack implementation. It is recommended that vendors of IoT devices using that implementation issue security advisories.
This is a write-up for solving the devils-swapper RE challenge. It was mostly intended for my personal archive, but since it may be interesting to all of you. This especially applies if you're...
On 2021-02-03, a campaign was reported, involving TeamTNT, gaining initial access via ,. The following tools were observed: Peirates, Hildegard.
Cloud identity permissions are complex. So complex that innocent looking permissions provided to 3rd party vendors can lead to unintended exposure of all of your data.
With an estimated 90% of cloud workloads running Linux based OS, with sudo being common across distributions, many Linux cloud assets are at risk and may be affected. Versions released as far back...
Siemens has released a security alert which describes some cases of SCALANCE X-200/X-200IRT/X-300 switches using hardcoded encryption keys, making them prone to man-in-the-middle attacks
SolarWinds attack explained by Wiz CTO Ami Luttwak
In this post I want to share two things. First, a quick primer on how you would you go about navigating the source code when contributing to objection, and secondly an application specific proxy...
Weak implementation of cryptographic data protection allows various types of attacks and enables attackers to identify the key in captured traffic
It’s too easy when hacking, to assume something is invulnerable and not interrogate it. This was the case for me when it came to Duo’s two-factor authentication solution. However, we were able to...
McAfee’s Advanced Threat Research team just completed its second annual capture the flag (CTF) contest for internal employees. Based on tremendous... The post McAfee ATR Launches...
Vulnerabilities in Schneider Electric’s low-voltage distribution system configuration software could enable attackers to upload arbitrary files defining electrical system parameters
Sсhneider Electric has published an advisory on a critical vulnerability in the web server used in TM3 I/O expansion modules
The vulnerability could cause a Windows local user privilege escalation when using EcoStruxure™ Operator Terminal Expert and Pro-face BLUE software and WinGP runtime environment by Schneider Electric.
DoS vulnerabilities have been disclosed in the integrated web server of Siemens SCALANCE X-200 / X-200IRT / X-300 switches. Measures proposed by the vendor do not prevent all possible attacks.
How many industrial organizations had installed backdoored SolarWinds versions? We present the results of our analysis.
See Dreambus operator for more information.
Technical report on best practice use of this fundamental data routing protocol.
Depending on your life experiences, the phrase (or country song by Eric Church) “two pink lines” may bring up a... The post Two Pink Lines appeared first on McAfee Blog.
As we gratefully move forward into the year 2021, we have to recognise that 2020 was as tumultuous in the... The post A Year in Review: Threat Landscape for 2020 appeared first on McAfee Blog.
The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector –... The post 2021 Threat Predictions Report appeared first...
It has been a while since I did some hardware hacking, and this time I want to review the basics. The LinkSys EA6100 router intrigued me since I was only able to find encrypted firmware images (or...