Posts Tagged 'advanced persistent threats'

Update of October 25: Some comments posted after we published this report suggest that our proof-of-concept exploit will trigger the UAC (User Account Control) on Windows. We did not observe this during our analysis.   During the last few days researchers at McAfee Labs have been actively investigating Sandworm, the Windows packager zero-day attack (CVE-2014-4114). […]

Last year, we blogged about the actor known as Quarian, who is involved in targeted attacks. This individual or group has been active since at least 2011 and has targeted government agencies. The attacks use spear phishing campaigns with crafted .pdf and .doc files as bait for unsuspecting users. Recently, we found a new sample […]

It’s hard enough to keep pace with network demands and be able to detect threats in real time. It’s even harder to stay on top of all the information generated about those threats, intrusions and suspicious network behavior. Enter SIEM, Security Information and Event Management, which in an age of big data has become essential […]

Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables “attached” to the documents. Usually, some words in the documents try to convince users to click and run the attachments. The following figure shows the point at which a user clicks on the attachment. […]

The security world, as many specialty fields, is full of acronyms. Those of us in the business know a SIEM from an IPS from a NGFW, and we’re happy to explain the difference to customers, many of whom know exactly what we’re talking about. There’s one set of acronyms, though, that can be confusing: APTs […]