Posts Tagged 'advanced persistent threats'

During the last few days researchers at McAfee Labs have been actively investigating Sandworm, the Windows packager zero-day attack (CVE-2014-4114). McAfee has already released various updates through our products to protect our customers, and we continue to analyze this attack. During our investigation, we found that the Microsoft’s official patch (MS14-060, KB3000869) is not robust […]

Last year, we blogged about the actor known as Quarian, who is involved in targeted attacks. This individual or group has been active since at least 2011 and has targeted government agencies. The attacks use spear phishing campaigns with crafted .pdf and .doc files as bait for unsuspecting users. Recently, we found a new sample […]

It’s hard enough to keep pace with network demands and be able to detect threats in real time. It’s even harder to stay on top of all the information generated about those threats, intrusions and suspicious network behavior. Enter SIEM, Security Information and Event Management, which in an age of big data has become essential […]

Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables “attached” to the documents. Usually, some words in the documents try to convince users to click and run the attachments. The following figure shows the point at which a user clicks on the attachment. […]

The security world, as many specialty fields, is full of acronyms. Those of us in the business know a SIEM from an IPS from a NGFW, and we’re happy to explain the difference to customers, many of whom know exactly what we’re talking about. There’s one set of acronyms, though, that can be confusing: APTs […]