McAfee coverage for stolen FireEye Red Team tools
Technical Articles ID:
KB93830
Last Modified: 12/28/2020
Last Modified: 12/28/2020
McAfee coverage for stolen FireEye Red Team tools
Technical Articles ID:
KB93830
Last Modified: 12/28/2020 Environment
McAfee Endpoint Security (ENS) Threat Prevention 10.x McAfee Host Intrusion Prevention (Host IPS) 8.0 McAfee Network Security Platform (NSP) 10.x, 9.x SummaryRecent changes to this article
McAfee is aware of a FireEye white paper that describes stolen Red Team tools from FireEye and the notice to the public of those tools being potentially used maliciously. McAfee assessment of this issue is ongoing.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
SolutionNSP
NSP coverage is confirmed for all 16 CVEs.
The December 15, 2020, NSP Signature Set contains the
To view registered articles:
Solution
McAfee DAT / Antivirus Scanner Content Coverage for known binaries in this threat campaign is included in production DATs. More generic coverage that was formerly provided by Global Threat Intelligence (GTI) Cloud also provides detection capability. Detection names are subject to change. But at the time of publication, they include the following:
Solution
Exploit Prevention / Host IPS Coverage for ENS Threat Prevention Exploit Prevention and Host IPS is under evaluation. The following CVEs have been confirmed.
Expert Rule for CVE-2020-10189 - RCE for
Expert Rule for CVE-2019-8394 - Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload:
Expert Rule for CVE-2020-0688 and CVE-2019-060. This rule is an enveloping signature that prevents attacks on the IIS process using deserialization type vulnerabilities:
Related Information
McAfee MVISION Insights Customers using McAfee MVISION Insights can track this campaign by searching for "FireEye Red Team Tools Stolen in Cyber Attack" in the Campaign field. FireEye Blog Post https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html Affected ProductsGlossary of Technical Terms |
|