Author: Jim Walter

Jim Walter Jim Walter is the Director of Advanced Threat Research for Intel Security. The Advanced Threat Research team focuses on critical platform security issues (BIOS, Firmware, Secure Boot, etc.) as well as core areas such as virtualization, crypto, IoT, and mobile communications. His threat intelligence team focuses on new threat research as well as the cataloging and maintenance of vulnerabilities and associated countermeasures. Jim has been with McAfee for more than 16 years and works extensively with the internal sales and support teams to provide knowledge and guidance around emerging threats. His global team generates Security Advisories, countermeasure/detector feeds, Global Threat Intelligence apps, podcasts and more.

Malicious attacks with firmware privileges can compromise an entire system, so it is especially important to apply measures to reduce the risks. Breaking hypervisor isolation and attacking — or exploiting — neighbouring virtual machines is a prominent goal of cyber criminals. At the Black Hat USA 2015 and DEF CON 23 conferences, a group of […]

The packaging of malware and malware-construction kits for cybercrime “consumers” has been a long-running trend. Various turnkey kits that cover remote access plus botnet plus stealth functions are available just about anywhere. Ransomware, though very prevalent, has not yet appeared in force in easy-to-deploy kits. But now we have Tox–and it’s free.       […]

In recent days, much has been said and written around the recently disclosed “Venom” vulnerability. It is important to fully understand the real-world severity of vulnerabilities such as Venom. Although the threat is potentially severe and certainly interesting¬†(it is in a class of relatively rare guest escapes from virtual machines), one has to take into […]

McAfee product coverage and mitigations for malware or indicators associated with the recent attacks (a.k.a. Dragonfly, Energetic Bear, Havex/SYSMain) on industrial control systems (ICS’s) are listed below. The Havex remote access tool is common across these associated attacks or campaigns–including Dragonfly. We have seen Havex in ICS-specific targeted campaigns. It can detect and affect ICS- […]

On April 26, Microsoft released Security Advisory 2963983 for Microsoft Internet Explorer. In-the-wild exploitation of this vulnerability has been observed across limited, targeted attacks. The flaw is specific to a use-after-free vulnerability in VGX.DLL (memory corruption). Successful exploitation can give an attacker the ability to run arbitrary code (via remote code execution). The flaw affects […]