McAfee Labs

McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog for more information.
This post is one in a series of articles that expand on the recently released McAfee Labs 2014 Threats Predictions. In this and related posts, McAfee Labs researchers offer their views of new and evolving threats we expect to see in the coming year. This article was written by Ramnath Venugopalan. We foresee three broad threat ...
Read Blog
On November 5, Microsoft posted Security Advisory 2896666. This vulnerability, discovered by Haifei Li of McAfee Labs, affects multiple versions of Microsoft Office, Windows, and Lync. Successful exploitation could result in the ability to execute arbitrary code on a vulnerable host (a remote code execution vulnerability). The issue (an integer overflow) lies in the handling of maliciously ...
Read Blog
  In conjunction with our investigation into Operation Troy, we will be releasing IOC data in the open and highly flexible OpenIOC Framework format.       In addition to various open/free tools, OpenIOC data can be consumed by:             McAfee Network Security Platform             ...
Read Blog
This blog was written by Sanchit Karve. Last week, we noticed thousands of malware files in the wild that employ a simple phishing attack by modifying the hosts file on Windows systems. What's interesting, however, is the technique chosen by the malware authors to distribute their payload. The samples in question (Example MD5: 34d9b42bfd64c6f752fe27eef8d80c5f) are ...
Read Blog
As promised in our previous blog entry for the recent Adobe Reader PDF zero-day attack, we now offer more technical details on this Reader "sandbox-escape" plan. In order to help readers understand what’s going on there, we first need to provide some background. Adobe Reader’s Sandbox Architecture The Adobe Reader sandbox consists of two processes: ...
Read Blog
Late last week, reports began to surface that the Israeli police (along with other regional law enforcement) were targeted by a malware attack.  The entry vector was described as a phishing campaign sent from Benny Gantz (head of the Israeli Defense Forces).  Initially, details and indicators around the malware were beyond sparse. Aside from the FROM: address, ...
Read Blog
See March 15 and 16 updates at the end of this blog. ----------------------------------------------------   The March Security Bulletin release from Microsoft was relatively light in volume. Out of the six bulletins released, only one was rated as Critical. And for good reason. MS12-020 includes CVE-2012-0002. This flaw is specific to the Remote Desktop Protocol (RDP) present on ...
Read Blog