Jim Walter

Jim Walter currently serves as manager of the McAfee Threat Intelligence Service (MTIS) for McAfee Labs, and focuses on new threat research as well as the cataloging and maintenance of vulnerabilities and associated countermeasures. He has been with McAfee for over 12 years and works extensively with the internal sales and support teams to provide knowledge and guidance around vulnerability and malware threats. Day-to-day, Jim leads a global team of Threat Analysts, and presides over the content generated by this team (Security Advisories, Countermeasure/detector feeds, Global Threat Intelligence apps, and more). Jim is a frequent speaker at industry events and conferences, and co-host of AudioParasitics – The Official Podcast of McAfee Labs.

Urchins, LizaMoons, Tigers, and Bears

In early April, I wrote about the famed “LizaMoon” SQL-injection attacks. I said it then, and I’ll say it again now: SQL-injection (SQLi) attacks are a constant. Some of these attacks are more visible than others.  Some adversaries find intelligent ways to hide their tracks so as not to splatter evidence of their misdeeds all over various search Read more…

Tags: Cybercrime, Data Protection, database security, enterprise, lizamoon, malware, mass sql injection, Network Security, sql attacks, SQL Injection, urchin.js

Steve Jobs’ Impact on One Fan

Where does one start? I’m not sure if I would consider this a research blog post. In the sea of comments and chatter today, it just feels right to say something. It feels right to “Think Different.” Like many others, I was raised an Apple faithful. Later I came to embrace and believe in not just the products but Read more…

Tags: Apple, Family Safety, mac, Mac OS X, McAfee Identity Protection, Steve Jobs

‘Cookiejacking’ Poses Minimal Danger
if You Keep Good Habits

“Cookiejacking,” anyone? In the last few days, a new vulnerability in Microsoft Internet Explorer has made its way through the media. Disclosed at the Hack on the Box conference by the independent researcher Rosario Valotta, this flaw takes advantage of a property of HTML5 to steal the cookies from its victim. This kind of attack, Read more…

Tags: internet privacy, online safety, safe surfing

Blue-Light Special on Zeus

With much fanfare and much to the chagrin of ne’er-do-wells far and wide, the Zeus Toolkit source code has been released to the public. This is notable because normally it would cost quite a bit to purchase the kit and associated services (in excess of of US$10,000). With a release of this sort, the most Read more…

Tags: counter identity theft, Cybercrime, global threat intelligence, malware, McAfee, McAfee Labs, Network Security, Risk and Compliance

LizaMoon the Latest SQL-Injection Attack

Working in the security industry brings about a myriad of challenges. This is especially true for vendors. We must do our best to educate and inform. At the same time, we want to avoid laying on the FUD–or scaring customers into making poorly educated security decisions. Which brings us to the recent LizaMoon attacks. There Read more…

Tags: enterprise, global threat intelligence, malware, McAfee, Network Security, Web 2.0

Making Sense of McAfee Risk Advisor

The second Tuesday of every month (“Patch Tuesday”) is a very busy day for information security warriors. They have to digest a flood of information from affected vendors (primarily Microsoft and Adobe) and then cross-check and correlate that against whatever their security vendors say. They have to take into account their actual environments, the assets and resources Read more…

Tags: McAfee, Network Security, Risk and Compliance