The percentage of computers attacked globally is decreasing. At the same time, threats are becoming more localized, more focused, and, as a result, more diverse and sophisticated.

In 2020 ARC Advisory Group on behalf of Kaspersky conducted a survey on the state of industrial cybersecurity, as well as the current priorities and challenges of industrial organizations. More...

A while ago Jonas Lykkegaard disclosed a zeroday that could be used to create files in the SYSTEM folder. CVE-2020-16885 got assigned for this vulnerability, and was since patched with KB4580346....

The end of the year is getting closer, fast, so I figured it was a perfect time to talk about my side project from last year. In this post I want to walk you through setting up a Raspberry Pi as a...

Open Source projects are the building blocks of any software development process. As we indicated in our previous blog, as... The post Vulnerability Discovery in Open Source Libraries: Analyzing...

In Q1 2020 in Europe, Kaspersky products were triggered on 20.4% of ICS computers in the energy sector. A total of 1,485 malware modifications from 633 different families were blocked.

On 2020-08-27, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, targeting Docker to achieve Resource hijacking. The following tools were observed: Cetus.

Background Are you tired of working from home due to COVID? While this is quite a unique situation we find ourselves in, it also provides some fresh opportunities. Lately we have assessed several...

If you’ve ever cracked a hash with hashcat, you’ll know that sometimes it will give you a $HEX[0011223344] style clear. This is done to preserve the raw byte value of the clear when the encoding...

Intro In a U.S. government cyber security advisory released today, the National Security Agency and Federal Bureau of Investigation warn... The post On Drovorub: Linux Kernel Security Best...

Executive Summary Open source has become the foundation for modern software development. Vendors use open source software to stay competitive... The post Vulnerability Discovery in Open Source...

Retired Marine fighter pilot and Top Gun instructor Dave Berke said “Every single thing you do in your life, every... The post Robot Character Analysis Reveals Trust Issues appeared first on McAfee Blog.

Overview As part of our continued goal of helping developers provide safer products for businesses and consumers, we here at... The post Call an Exorcist! My Robot’s Possessed! appeared first on...

Co-authored with Jesse Chick, OSU Senior and Former McAfee Intern, Primary Researcher. Special thanks to Dr. Catherine Huang, McAfee Advanced... The post Dopple-ganging up on Facial Recognition...

This document has been prepared by McAfee Advanced Threat Research in collaboration with JSOF who discovered and responsibly disclosed the... The post Ripple20 Critical Vulnerabilities – Detection...

This is a summary of our BlackHat USA 2020 talk. Introduction On some of our engagements, Szymon and I found ourselves on various networks vulnerable to; insecure, misconfigured, and often...

Building Adaptable Security Architecture Against NetWalker NetWalker Overview The NetWalker ransomware, initially known as Mailto, was first detected in August... The post McAfee Defender’s Blog:...

Executive Summary The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were... The post Take a “NetWalk” on the Wild Side appeared first...

From the 1st of August 2020, SensePost will be changing, from the name of our company, to the name of our ethical hacking team and related services. Our company name will change to Orange...

Executive Summary We are in the midst of an economic slump [1], with more candidates than there are jobs, something... The post Operation (노스 스타) North Star A Job Offer That’s Too Good to be True?...

Building Adaptable Security Architecture Against the Operation North Star Campaign Operation North Star Overview Over the last few months, we... The post McAfee Defender’s Blog: Operation North...

Joint report between the NCSC and KPMG UK is the first in a series to benchmark and track levels of diversity and inclusion in the cyber security industry.

Drizly, an online alcohol delivery service, recently notified customers of a data breach in which a hacker accessed customer information. This breach reportedly affected up to 2.5 million...

On 2020-07-28, a campaign was reported, involving Doki operator, gaining initial access via Software misconfig, while using Exploiting host mount to escape to host, targeting Docker to achieve...

Over the July 4th holiday weekend Expel’s SOC spotted a coin-mining attack in a customer’s Amazon Web Services (AWS) environment. The attacker compromised the root IAM user access key and used it...

Happy Birthday! Today we mark the fourth anniversary of the NoMoreRansom initiative with over 4.2 million visitors, from 188 countries,... The post Six Hundred Million Reasons to Celebrate: No...

Recently I had the need to explore coverage guided fuzzing in Go. Whilst there is a bit of information scattered around on multiple different sites, as someone who is fairly new to Go, I couldn’t...

Background

In the first part we talked about the basics of Qiling, you can find it here.

On 2020-07-25, a campaign was reported, involving Meow, gaining initial access via Software misconfig, while using FTP access, Misconfigured DB abuse, targeting MongoDB, Elasticsearch, Apache...