McAfee Advanced Threat Research (ATR), a leading source for threat research, threat intelligence, and cyber security thought leadership, has announced a joint research effort with JSOF, who discovered and responsibly disclosed 19 zero-day vulnerabilities known by the name of Ripple20. Through this research collaboration, McAfee ATR has produced signatures and the industry’s first comprehensive detection logic, designed for network administrators and security personnel looking to further understand these vulnerabilities and defend against exploitation.
“At McAfee Advanced Threat Research we often advocate for collaboration; with this research effort we’ve highlighted just how effective it can be when we work together,” said Steve Povolny, head of McAfee ATR. “Shortly after the initial Ripple20 disclosure McAfee ATR and JSOF connected with a shared goal: combine the depth and breadth of McAfee’s expertise, as one of the world’s largest cybersecurity companies, with the talented vulnerability research team at JSOF to deliver substantive and actionable mitigations for the most critical disclosed vulnerabilities.
Developed for network administrators, the detection logic and signatures were thoughtfully created to help address the most impactful vulnerabilities with a great amount of specificity, detecting problems at the root and taking into account practical situations and real-world considerations.”
“At JSOF we always strive to engage in cutting edge research, that will have a direct impact on the security community and the security of vendors and asset owners. We are happy to have been able to collaborate to achieve this goal and produce high-quality exploit detection signatures and logic that can be used by the entire community,” said Shlomi Oberman, CEO of JSOF. “These signatures and detection logic will help organizations better understand and protect against the Ripple20 vulnerabilities.
The Ripple20 vulnerabilities affect a variety of traditional and IoT devices manufactured by multiple vendors, the impact of which ranges from denial of service to full remote code exploitation over the internet.
McAfee ATR focused on developing signatures and detection logic for the four most critical and likely to be exploited vulnerabilities, with the goal of supporting network administrators in determining if their environment contains the conditions required for an attack.
(Image Courtesy: www.a360-24×7.s3.amazonaws.com)