VB Blog

Paying a malware ransom is bad, but telling people never to do it is unhelpful advice

Posted by   Martijn Grooten on   Apr 26, 2016

The current ransomware plague is one of the worst threats the Internet has seen and it is unlikely to go away any time soon. But telling people to never pay the ransom is unhelpful advice.

Read more  

VB2015 paper: VolatilityBot: Malicious Code Extraction Made by and for Security Researchers

Posted by   Martijn Grooten on   Apr 22, 2016

In his VB2015 paper, Martin Korman presented his 'VolatilyBot' tool, which extracts malicious code from packed binaries, leveraging the functionality of the Volatility Framework.

Read more  

VB2016 programme announced, registration opened

Posted by   Martijn Grooten on   Apr 21, 2016

We have announced 37 papers (and four reserve papers) that will be presented at VB2016 in Denver, Colorado, USA in October. Registration for the conference has opened; make sure you register before 1 July to benefit from a 10% early bird discount.

Read more  

New tool helps ransomware victims indentify the malware family

Posted by   Martijn Grooten on   Apr 15, 2016

The people behind the MalwareHunterTeam have released a tool that helps victims of ransomware identify which of more than 50 families has infected their system, something which could help them find a tool to decrypt their files.

Read more  

It's fine for vulnerabilities to have names — we just need not to take them too seriously

Posted by   Martijn Grooten on   Apr 13, 2016

The PR campaign around the Badlock vulnerability backfired when it turned out that the vulnerability wasn't as serious as had been suggested. But naming vulnerabilities can actually be helpful and certainly shouldn't hurt.

Read more  

Throwback Thursday: The Number of the Beasts

Posted by   Helen Martin on   Apr 7, 2016

The Virus Bulletin Virus Prevalence Table, which ran from 1992 until 2013, gave users a regular snapshot of what was really going on in the virus (and later malware) world, recording the number of incidents of each virus reported to VB in the preceding month. In August 2000, Denis Zenkin, a self-confessed virus prevalence table junkie, shared his findings following a study of the virus prevalence tables over the preceding few years, allowing him to determine the top ten viruses of the period, the top viruses by type and the viruses of the year.

Read more  

Paper: All Your Meetings Are Belong to Us: Remote Code Execution in Apache OpenMeetings

Posted by   Martijn Grooten on   Mar 30, 2016

Security researcher Andreas Lindh recently found a vulnerability in Apache OpenMeetings that could allow remote code execution on a vulnerable server. Andreas reported the vulnerability to the OpenMeetings developers and, once it had been patched, he wrote up the details.

Read more  

Throwback Thursday: 'In the Beginning was the Word...'

Posted by   Helen Martin on   Mar 24, 2016

Word and Excel’s internal file formats used to be something in which few were interested – until macro viruses came along and changed all that. In 1996, Andrew Krukov provided an overview of the new breed of viruses.

Read more  

VB2016 Call for Papers Deadline

Posted by   Martijn Grooten on   Mar 18, 2016

You have until the early hours (GMT) of Monday 21 March to submit an abstract for VB2016! The VB2016 programme will be announced in the first week of April.

Read more  

How broken is SHA-1 really?

Posted by   Martijn Grooten on   Mar 15, 2016

SHA-1 collisions may be found in the next few months, but that doesn't mean that fake SHA-1-based certificates will be created in the near future. Nevertheless, it is time for everyone, and those working in security in particular, to move away from outdated hash functions.

Read more  
Previous1...4445464748...215Next

Search blog

The ghost of Stuxnet past

Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete.
Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete. Mention Stuxnet and you'll have many a security researcher's attention. The worm, which was… https://www.virusbulletin.com/blog/2015/03/ghost-stuxnet-past/

Microsoft no longer publishes advance notifications for its Patch Tuesdays

Company unhappy with Google going full disclosure on privilege escalation vulnerability.
Company unhappy with Google going full disclosure on privilege escalation vulnerability. Tomorrow is the second Tuesday of the month and, as most people reading this blog will… https://www.virusbulletin.com/blog/2015/01/microsoft-no-longer-publishes-advance-notifications-its-patch-tuesdays/

Microsoft to publish security bulletins in CVRF format

Standard will streamline process of reviewing patches.
Standard will streamline process of reviewing patches. Software giant Microsoft has announced that it has started to publish its monthly security bulletins in the CVRF format.… https://www.virusbulletin.com/blog/2012/05/microsoft-publish-security-bulletins-cvrf-format/

Hefty Patch Tuesday bulletin rounds off bumper year

No sign of an end to vulnerability glut.
No sign of an end to vulnerability glut.Microsoft released its monthly Patch Tuesday security bulletin yesterday, with details of a hefty 17 alerts covering 40 separate… https://www.virusbulletin.com/blog/2010/12/hefty-patch-tuesday-bulletin-rounds-bumper-year/

Security fixes from Apple and Microsoft

100 security fixes in latest OS X update; three MS security updates in this month's patch release.
100 security fixes in latest OS X update; three MS security updates in this month's patch release. The latest release of Mac operating system OS X (Mac OS X v10.6.5) contains over… https://www.virusbulletin.com/blog/2010/11/security-fixes-apple-and-microsoft/

Giant patch release from Microsoft, Oracle

Record Patch Tuesday combines with swathe of extra fixes for corporates.
Record Patch Tuesday combines with swathe of extra fixes for corporates. It's a busy week for corporate admins as Microsoft's monthly Patch Tuesday security bulletin, containing a… https://www.virusbulletin.com/blog/2010/10/giant-patch-release-microsoft-oracle/

Extra-large crop of updates for Patch Tuesday

Fourteen security alerts from Microsoft join two from Adobe.
Fourteen security alerts from Microsoft join two from Adobe.Microsoft's monthly Patch Tuesday security bulletins came out this week, featuring a chunky 14 separate alerts with many… https://www.virusbulletin.com/blog/2010/08/extra-large-crop-updates-patch-tuesday/

Patches come thick and fast in major update spree

Monthly and out-of-band issues flood admins' to-do lists.
Monthly and out-of-band issues flood admins' to-do lists. The release of this month's Patch Tuesday security bulletins from Microsoft, with a fairly average 10 alerts covering 34… https://www.virusbulletin.com/blog/2010/06/patches-come-thick-and-fast-major-update-spree/

Patch Tuesday release includes 13 bulletins

26 vulnerabilities featured in sizeable update set.
26 vulnerabilities featured in sizeable update set. After a relatively quiet January, administrators are faced with a hefty workload this week as Microsoft's monthly Patch Tuesday… https://www.virusbulletin.com/blog/2010/02/patch-tuesday-release-includes-13-bulletins/

IE zero-day bug fixed in Patch Tuesday updates

Serious browser bug main feature of monthly alerts, Adobe Flash issue also patched.
Serious browser bug main feature of monthly alerts, Adobe Flash issue also patched.Microsoft has released the December Patch Tuesday security bulletin, with a total of six alerts.… https://www.virusbulletin.com/blog/2009/12/ie-zero-day-bug-fixed-patch-tuesday-updates/

Bumper crop of October patch releases

Busy weeks for admins as Patch Tuesday joined by Adobe fixes, and Mozilla announces plug-in checking plans.
Busy weeks for admins as Patch Tuesday joined by Adobe fixes, and Mozilla announces plug-in checking plans. This week has seen Microsoft's monthly Patch Tuesday release of security… https://www.virusbulletin.com/blog/2009/10/bumper-crop-october-patch-releases/

Patch Tuesday brings little relief from browser exploits

Six fixes issued, but new IE zero day emerges along with Firefox flaw.
Six fixes issued, but new IE zero day emerges along with Firefox flaw.Microsoft has issued its monthly 'Patch Tuesday' security update, with some serious browser flaws patched, but… https://www.virusbulletin.com/blog/2009/07/patch-tuesday-brings-little-relief-browser-exploits/

Eight fixes for April Patch Tuesday release

Five critical updates in latest monthly patch release.
Five critical updates in latest monthly patch release. The April Patch Tuesday release from Microsoft, revealed this week, contained five updates rated 'critical', as well as two… https://www.virusbulletin.com/blog/2009/04/eight-fixes-april-patch-tuesday-release/

March Patch Tuesday followed by PDF viewer patches

Major kernel issue and PDF problems fixed, spreadsheet software remains vulnerable.
Major kernel issue and PDF problems fixed, spreadsheet software remains vulnerable.Microsoft released the March security bulletin this week, with the monthly Patch Tuesday updates… https://www.virusbulletin.com/blog/2009/03/march-patch-tuesday-followed-pdf-viewer-patches/

IE fixed as usual in Patch Tuesday release

Browser should be treated as special case, say some.
Browser should be treated as special case, say some. The February 'Patch Tuesday' security bulletin from Microsoft this week contained four patches, two of them marked 'Critical',… https://www.virusbulletin.com/blog/2009/02/ie-fixed-usual-patch-tuesday-release/

MS to release out-of-band patch for critical IE vulnerability

Users advised to patch ASAP.
Users advised to patch ASAP.Microsoft is set to release an emergency out-of-band patch for the vulnerability in its Internet Explorer browser reported last week. Attacks via the… https://www.virusbulletin.com/blog/2008/12/ms-release-out-band-patch-critical-ie-vulnerability/

IE zero-day danger growing

Large numbers of users vulnerable to unpatched problem.
Large numbers of users vulnerable to unpatched problem. The as-yet unpatched vulnerability in Microsoft's Internet Explorer browser, reported last week and coinciding with the… https://www.virusbulletin.com/blog/2008/12/ie-zero-day-danger-growing/

FTC goes after scareware scammers

Courts crack down on pushers of rogue anti-malware.
Courts crack down on pushers of rogue anti-malware. The US Federal Trade Commission (FTC) has announced a successful move to persuade a US district court to shut down a major… https://www.virusbulletin.com/blog/2008/12/ftc-goes-after-scareware-scammers/

Patch Tuesday released closely followed by emergency update

Bumper crop of patches plus further fix leave known holes open.
Bumper crop of patches plus further fix leave known holes open. This month's 'Patch Tuesday' security bulletin from Microsoft contained eight separate updates, two more than… https://www.virusbulletin.com/blog/2008/12/patch-tuesday-released-closely-followed-emergency-update/

Two updates in Microsoft's November's patch release

Just two updates released by Microsoft this month: one rated critical, one important.
Just two updates released by Microsoft this month: one rated critical, one important.Microsoft has issued two updates in the November round of its monthly patch release cycle, one… https://www.virusbulletin.com/blog/2008/11/two-updates-microsoft-s-november-s-patch-release/

« Previous 12 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.