HVACking: Understanding the Delta Between Security and Reality
The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help...
Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware
Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies...
Clop Ransomware
This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This...
Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423
In September 2018, the Zero Day Initiative published a proof of concept for a vulnerability in Microsoft’s Jet Database Engine....
McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder
Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an...
RDP Security Explained
RDP on the Radar Recently, McAfee released a blog related to the wormable RDP vulnerability referred to as CVE-2019-0708 or...
McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs
*This blog is originally from August 2018 and was updated April 2019* From connected baby monitors to smart speakers —...
Ryuk, Exploring the Human Connection
In collaboration with Bill Siegel and Alex Holdtman from Coveware. At the beginning of 2019, McAfee ATR published an...
IE Scripting Flaw Still a Threat to Unpatched Systems: Analyzing CVE-2018-8653
Microsoft recently patched a critical flaw in Internet Explorer’s scripting engine that could lead to remote code execution. The vulnerability...
Ryuk Ransomware Attack: Rush to Attribution Misses the Point
Senior analyst Ryan Sherstobitoff contributed to this report. During the past week, an outbreak of Ryuk ransomware that impeded newspaper...
