VB Blog

Tizi Android malware highlights the importance of security patches for high-risk users

Posted by   Martijn Grooten on   Nov 28, 2017

Researchers from Google have taken down 'Tizi', an Android malware family, that used nine already patched vulnerabilities to obtain root on infected devices.

Read more  

Virus Bulletin to attend AMTSO, AVAR and Botconf

Posted by   Martijn Grooten on   Nov 27, 2017

Next week, Virus Bulletin researchers will be attending the AMTSO meeting and AVAR conference in Beijing, China, as well as the 5th edition of the Botconf conference in Montpellier, France.

Read more  

VB2017 video: FinFisher: New techniques and infection vectors revealed

Posted by   Martijn Grooten on   Nov 24, 2017

Today, we publish the video of the VB2017 presentation by ESET researcher Filip Kafka, who looked at recent changes in the FinFisher government malware, including its infection vectors.

Read more  

Throwback Thursday: The beginning of the end(point): where we are now and where we'll be in five years

Posted by   Martijn Grooten on   Nov 23, 2017

We look back at the VB2016 presentation by Adrian Sanabria on the state of endpoint security, both now and in the future.

Read more  

VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale

Posted by   Martijn Grooten on   Nov 22, 2017

At VB2017 in Madrid, Cisco Umbrella (OpenDNS) researchers Dhia Mahjoub and David Rodriguez presented a new approach to detecting infected machines using graphs to detect botnet traffic at scale. Today we publish both Dhia and David's paper and the recording of their presentation.

Read more  

Firefox 59 to make it a lot harder to use data URIs in phishing attacks

Posted by   Martijn Grooten on   Nov 21, 2017

Firefox developer Mozilla has announced that, as of version 59 of the browser, many kinds of data URIs, which provide a way to create "domainless web content", will not be rendered in the browser, thus making this trick - used in various phishing campaigns - a lot less attractive.

Read more  

Standalone product test: FireEye Endpoint

Posted by   Martijn Grooten on   Nov 16, 2017

Virus Bulletin ran a standalone test on FireEye's Endpoint Security solution.

Read more  

VB2017 video: Consequences of bad security in health care

Posted by   Martijn Grooten on   Nov 13, 2017

Jelena Milosevic, a nurse with a passion for IT security, is uniquely placed to witness poor security practices in the health care sector, and to fully understand the consequences. Today, we publish the recording of a presentation given by Jelena at VB2017 in Madrid, in which she shared her inside view of security in hospitals.

Read more  

Vulnerabilities play only a tiny role in the security risks that come with mobile phones

Posted by   Martijn Grooten on   Nov 9, 2017

Both bad news (all devices were pwnd) and good news (pwning is increasingly difficult) came from the most recent mobile Pwn2Own competition. But the practical security risks that come with using mobile phones have little to do with vulnerabilities.

Read more  

VB2017 paper: The (testing) world turned upside down

Posted by   Martijn Grooten on   Nov 8, 2017

At VB2017 in Madrid, industry veteran and ESET Senior Research Fellow David Harley presented a paper on the state of security software testing. Today we publish David's paper in both HTML and PDF format.

Read more  
Previous1...2728293031...215Next

Search blog

New article: Dissecting the design and vulnerabilities in AZORult C&C panels

In a new article, Aditya K Sood looks at the command-and-control (C&C) design of the AZORult malware, discussing his team's findings related to the C&C design and some security issues they identified.
Dissecting the Design and Vulnerabilities in AZORult C&C Panels Read the paper (HTML) Download the paper (PDF)   If you have some research you'd like to share with the… https://www.virusbulletin.com/blog/2021/04/new-article-dissecting-design-and-vulnerabilities-azorult-cc-panels/

March

https://www.virusbulletin.com/blog/2021/03/

VB2021 localhost call for papers: a great opportunity

VB2021 localhost presents an exciting opportunity to share your research with an even wider cross section of the IT security community around the world than usual, without having to take time out of your work schedule (or budget) to travel.
Earlier this week VB took the tough decision to cancel the in-person version of VB2021 in Prague. We had really hoped to be able to host an in-person event this year, but with… https://www.virusbulletin.com/blog/2021/03/vb2021-localhost-call-papers-great-opportunity/

New article: Excel Formula/Macro in .xlsb?

In a follow-up to an article published last week, Kurt Natvig takes us through the analysis of a new malicious sample using the .xlsb file format.
Excel Formula/Macro in .xlsb? Read the paper (HTML) Download the paper (PDF)   Excel Formula, or XLM – does it ever stop giving pain to researchers? So asks Forcepoint… https://www.virusbulletin.com/blog/2021/02/new-article-excel-formulamacro-xlsb/

February

https://www.virusbulletin.com/blog/2021/02/

New article: Decompiling Excel Formula (XF) 4.0 malware

In a new article, researcher Kurt Natvig takes a close look at XF 4.0 malware.
Decompiling Excel Formula (XF) 4.0 malware Read the paper (HTML) Download the paper (PDF)   Office malware has been around for a long time, but until recently Excel Formula… https://www.virusbulletin.com/blog/2021/02/new-article-decompiling-excel-formula-xf-40-malware/

The Bagsu banker case - presentation

At VB2019, CSIS researcher Benoît Ancel spoke about a quiet banking trojan actor that has been targeting German users since at least 2014.
Some time ago, researchers at CSIS Security Group discovered the infrastructure of a "quiet" banking trojan actor that had been targeting German users since at least 2014. At… https://www.virusbulletin.com/blog/2021/01/bagsu-banker-case-presentation/

VB2021 call for papers - now open, to all!

The call for papers for VB2021 is now open and we want to hear from you - we're planning for flexible presentation formats, so everyone is encouraged to submit, regardless of whether or not you know at this stage whether you'll be able to travel to Prague…
2020 proved to be an extraordinary – in the true sense of the word – year for everyone, and 2021 has already thrown some curveballs in the short few weeks since it began.… https://www.virusbulletin.com/blog/2021/01/vb2021-call-papers-now-open-all/

In memoriam: Yonathan Klijnsma

We were very sorry to learn of the passing of researcher Yonathan Klijnsma last week. Here, former VB Editor Martijn Grooten shares his memories of a talented researcher and a very kind person: this month, infosec lost a really good one.
We were very sorry to learn of the passing of researcher Yonathan Klijnsma last week and we offer our deepest condolences to his family and friends. Here, former VB Editor Martijn… https://www.virusbulletin.com/blog/2021/01/memoriam-yonathan-klijnsma/

2021

https://www.virusbulletin.com/blog/2021/

January

https://www.virusbulletin.com/blog/2021/01/

VB2020 localhost videos available on YouTube

VB has made all VB2020 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.
Today, VB has made all VB2020 localhost presentations available on VB's YouTube channel, so you can now watch – and share – any part of the conference freely and without… https://www.virusbulletin.com/blog/2021/01/vb2020-localhost-videos-available-youtube/

VB2020 presentation & paper: 2030: backcasting the potential rise and fall of cyber threat intelligence

At VB2020 localhost, threat intelligence consultant Jamie Collier used the analytical technique of backcasting to look at the rise and fall of the cyber threat intelligence industry.
Backcasting is an analytical technique that establishes an imagined future scenario and then works backwards to understand what caused that outcome. At VB2020, FireEye's Jamie… https://www.virusbulletin.com/blog/2020/12/vb2020-presentation-paper-2030-backcasting-potential-rise-and-fall-cyber-threat-intelligence/

VB2020 presentation: Behind the Black Mirror: simulating attacks with mock C2 servers

At VB2020 localhost, Carbon Black's Scott Knight presented an approach he and his colleagues have taken to more realistically simulate malware attacks.
Dynamic analysis of a malicious sample in a lab setup can be hampered by the absence of the malware's C2 server listening and providing responses – potentially resulting in only a… https://www.virusbulletin.com/blog/2020/12/vb2020-presentation-behind-black-mirror-simulating-attacks-mock-c2-servers/

December

https://www.virusbulletin.com/blog/2020/12/

VB2020 presentation & paper: Advanced Pasta Threat: mapping threat actor usage of open-source offensive security tools

At VB2020, researcher Paul Litvak revealed how he put together a comprehensive map of threat actor use of open-source offensive security tools.
The development and publication of offensive security tools (OSTs) is a point of great controversy in the information security community: while some argue that releasing such… https://www.virusbulletin.com/blog/2020/12/vb2020-presentation-paper-advanced-pasta-threat-mapping-threat-actor-usage-open-source-offensive-security-tools/

VB2020 presentation: Evolution of Excel 4.0 macro weaponization

At VB2020 localhost James Haughom, Stefano Ortolani and Baibhav Singh gave a presentation in which they described how XL4 macros are being weaponised and the evolution of the techniques used.
The use by attackers of legitimate Excel 4.0 (XL4) macros as a simple and reliable method to gain a foothold on a target network is becoming increasingly popular and presents a… https://www.virusbulletin.com/blog/2020/11/vb2020-presentation-evolution-excel-40-macro-weaponization/

Cybersecurity Assessment Tool launched by Ford Foundation

The Ford Foundation has launched a tool designed to help nonprofit organizations assess their own cybersecurity efforts.
The Ford Foundation has launched a tool designed to help nonprofit organizations assess their own cybersecurity efforts. The Cybersecurity Assessment Tool is specifically aimed… https://www.virusbulletin.com/blog/2020/11/cybersecurity-assessment-tool-launched-ford-foundation/

VB2020 presentation: Another threat actor day…

At VB2020 localhost Paul Jung, of Excellium Services, detailed an incident response that he and his team faced when, in December 2019, a Belgian hospital required their help to manage a breach of their informations system.
Hospitals can be attractive places for hackers. With access to critical medical records and personally identifiable information, there is great opportunity to exploit patients.… https://www.virusbulletin.com/blog/2020/11/vb2020-presentation-another-threat-actor-day/

VB2020 presentation: Ramsay: a cyber-espionage toolkit tailored for air-gapped networks

At VB2020 localhost, ESET researcher Ignacio Sanmillan spoke about Ramsay, a toolkit specifically designed to steal documents and operate within air-gapped networks.
Air gapping is a network security measure commonly used in military/governmental, financial and industrial control systems networks that is applied to one or more computers in… https://www.virusbulletin.com/blog/2020/11/vb2020-presentation-ramsay-cyber-espionage-toolkit-tailored-air-gapped-networks/

« Previous 1234567...120 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.