VB Blog

Partner with VB2018 for extra visibility among industry peers

Posted by   Martijn Grooten on   Mar 8, 2018

Partnering with the VB conference links your company to a successful and well-established event, demonstrates your commitment to moving the industry forward, allows you to meet potential clients, be visible to industry peers and build lasting connections.

Read more  

VB2017 paper: The router of all evil

Posted by   Martijn Grooten on   Mar 7, 2018

At VB2017 in Madrid, security researcher Himanshu Anand presented a paper on malware that targets routers, looking both at the topic in general and at some individual case studies. Today we publish both the paper (co-written with Chastine Menrige) and the recording of Himanshu's presentation.

Read more  

Using Mailchimp makes malware campaigns a little bit more successful

Posted by   Martijn Grooten on   Mar 6, 2018

In recent months, some malicious spam campaigns have been spreading via the systems of Mailchimp, a well-known email service provider - a tactic which may give the campaigns a slightly higher success rate.

Read more  

VB2017 video: The state of cybersecurity in Africa: Kenya

Posted by   Martijn Grooten on   Mar 1, 2018

Though many of the IT security issues we face are global, there is a noticeable difference in the threats faced in various countries and regions, as well as in the ways they are dealt with. At VB2017, we heard from Tyrus Kamau about the state of cybersecurity in Kenya. Today, we publish the video of Tyrus's talk.

Read more  

A crime against statistics that is probably worse than the cyber attacks faced in County Durham

Posted by   Martijn Grooten on   Feb 21, 2018

A report on the number of cyber attacks faced by UK local authorities is a good example of how the large numbers seen in many reports on security are rather meaningless.

Read more  

NCSC gives important advice on lateral movement

Posted by   Martijn Grooten on   Feb 20, 2018

The UK's National Cyber Security Centre (NCSC) has provided helpful and practical advice on preventing and detecting lateral movement by an attacker within a network.

Read more  

What kind of people attend Virus Bulletin conferences?

Posted by   Martijn Grooten on   Feb 17, 2018

If you are considering submitting a proposal for a talk to VB2018 and you're not familiar with the event, you may find it useful to know what kind of people attend the conference.

Read more  

Olympic Games target of malware, again

Posted by   Martijn Grooten on   Feb 15, 2018

An unattributed malware attack has disrupted some computer systems of the 2018 Winter Olympics. In 1994, a computer virus also targeted the Winter Olympics.

Read more  

There are lessons to be learned from government websites serving cryptocurrency miners

Posted by   Martijn Grooten on   Feb 12, 2018

Thousands of websites, including many sites of government organisations in the UK, the US and Sweden, were recently found to have been serving a cryptocurrency miner. More interesting than the incident itself, though, are the lessons that can be learned from it.

Read more  

We need to continue the debate on the ethics and perils of publishing security research

Posted by   Martijn Grooten on   Feb 9, 2018

An article by security researcher Collin Anderson reopens the debate on whether publishing threat analyses is always in the public interest.

Read more  
Previous1...2324252627...215Next

Search blog

Paper: Windows 10 patching process may leave enterprises vulnerable to zero-day attacks

Aryeh Goretsky gives advice on how to adapt to Windows 10's patching strategy.
Aryeh Goretsky gives advice on how to adapt to Windows 10's patching strategy. Patching is hard, especially when the code base is old and the bugs are buried deeply. This was… https://www.virusbulletin.com/blog/2015/03/paper-windows-10-patching-process-may-leave-enterprises-vulnerable-zero-day-attacks/

Will DIME eventually replace email?

Protocol has all the advantages of email, yet is orders of magnitude more secure.
Protocol has all the advantages of email, yet is orders of magnitude more secure. In the current Internet era sometimes referred to as 'post-Snowden', it is often said that email… https://www.virusbulletin.com/blog/2015/03/will-dime-eventually-replace-email/

The ghost of Stuxnet past

Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete.
Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete. Mention Stuxnet and you'll have many a security researcher's attention. The worm, which was… https://www.virusbulletin.com/blog/2015/03/ghost-stuxnet-past/

Canadian firm fined $1.1m for breaching anti-spam law

First success story for long-awaited CASL.
First success story for long-awaited CASL. The Canadian Radio-television and Telecommunications Commission (CRTC), the agency responsible for enforcing Canada's anti-spam law… https://www.virusbulletin.com/blog/2015/03/canadian-firm-fined-1-1m-breaching-anti-spam-law/

Virus Bulletin seeks hackers, network researchers for VB2015

One week left to submit an abstract for the 25th Virus Bulletin conference.
One week left to submit an abstract for the 25th Virus Bulletin conference. A few weeks ago, I made a short visit to the Clarion Congress Hotel in Prague, where VB2015 will take… https://www.virusbulletin.com/blog/2015/03/seeks-hackers-network-researchers/

VB2014 paper: Leaving our ZIP undone: how to abuse ZIP to deliver malware apps

Gregory Panakkal explains that there are different ways of looking at APK files - and that sometimes that can have unintended consequences.
Gregory Panakkal explains that there are different ways of looking at APK files - and that sometimes that can have unintended consequences.Since the close of the VB2014 conference… https://www.virusbulletin.com/blog/2015/03/paper-leaving-our-zip-undone-how-abuse-zip-deliver-malware-apps/

FREAK attack takes HTTPS connections back to 1990s security

Golden keys from the (first) crypto wars have come back to haunt us.
Golden keys from the (first) crypto wars have come back to haunt us. When a web client makes a secure connection to a web server (using HTTPS), it starts by sending a 'Hello'… https://www.virusbulletin.com/blog/2015/03/freak-attack-takes-https-connections-back-1990s-security/

TorrentLocker spam has DMARC enabled

Use of email authentication technique unlikely to bring any advantage.
Use of email authentication technique unlikely to bring any advantage. Last week, Trend Micro researcher Jon Oliver (who presented a paper on Twitter abuse at VB2014) wrote an… https://www.virusbulletin.com/blog/2015/03/torrentlocker-spam-has-dmarc-enabled/

Paper: Script in a lossy stream

Dénes Óvári explains how to store code in lossily compressed JPEG data.
Dénes Óvári explains how to store code in lossily compressed JPEG data. Malformed PDFs have become a common way to deliver malware. Naturally, when this started to happen,… https://www.virusbulletin.com/blog/2015/03/paper-script-lossy-stream/

March

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2015/03/

VB2014 paper: Caphaw - the advanced persistent pluginer

Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.
Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.Since the close of the VB2014 conference in Seattle in October, we have been sharing… https://www.virusbulletin.com/blog/2015/02/paper-caphaw-advanced-persistent-pluginer/

M3AAWG releases BCP document on dealing with child sexual abuse material

Subject may make many feel uncomfortable, but it is essential that we know how to deal with it.
Subject may make many feel uncomfortable, but it is essential that we know how to deal with it. The mere mention of "child pornography" on the Internet makes many a security expert… https://www.virusbulletin.com/blog/2015/02/m3aawg-releases-bcp-document-dealing-child-sexual-abuse-material/

Coordinated action takes down Ramnit botnet infrastructure

Malware remains present on infected machines; 2012 Virus Bulletin paper worth studying.
Malware remains present on infected machines; 2012 Virus Bulletin paper worth studying. A coordinated action from Anubisnetworks, Microsoft and Symantec, together with Europol has… https://www.virusbulletin.com/blog/2015/02/coordinated-action-takes-down-ramnit-botnet-infrastructure/

Hacker group takes over Lenovo's DNS

As emails were sent to wrong servers, DNSSEC might be worth looking into.
As emails were sent to wrong servers, DNSSEC might be worth looking into. Although, after some initial hesitation, Lenovo was rather frank in its admission of messing up regarding… https://www.virusbulletin.com/blog/2015/02/hacker-group-takes-over-lenovo-s-dns/

Almost 50% increase in reported vulnerabilities as non-Windows operating systems lead the table

Each discovered vulnerability is actually a good news story.
Each discovered vulnerability is actually a good news story. Last week, security firm GFI published some research in which it looked at the number of vulnerabilities reported last… https://www.virusbulletin.com/blog/2015/02/almost-50-increase-reported-vulnerabilities-non-windows-operating-systems-lead-table/

Vawtrak trojan spread through malicious Office macros

Users easily tricked, but plenty of opportunity for the malware to be blocked.
Users easily tricked, but plenty of opportunity for the malware to be blocked. Researchers at Trend Micro report that the 'Vawtrak' banking trojan now also spreads through Office… https://www.virusbulletin.com/blog/2015/02/vawtrak-trojan-spread-through-malicious-office-macros/

Lenovo laptops pre-installed with software that adds its own root CA certificate

Shared root certificate makes for easy man-in-the-middle attacks.
Shared root certificate makes for easy man-in-the-middle attacks.What is Superfish?Superfish is a product that offers 'Visual Search'. Say, for example, you are looking at cat… https://www.virusbulletin.com/blog/2015/02/lenovo-laptops-pre-installed-software-adds-its-own-root-ca-certificate/

Google relaxes disclosure policy following criticism

Grace period added for vulnerabilities that are about to be patched.
Grace period added for vulnerabilities that are about to be patched. Last year, Google announced a new disclosure policy, where details of a vulnerability discovered by the… https://www.virusbulletin.com/blog/2015/02/google-relaxes-disclosure-policy-following-criticism/

VB2014 video: .NET malware dynamic instrumentation for automated and manual analysis

Hexiang Hu used tool to detect Bladabindi backdoor.
Hexiang Hu used tool to detect Bladabindi backdoor. The .NET framework is a popular way to write software. As applications built with the framework compile into a Common… https://www.virusbulletin.com/blog/2015/02/video-net-malware-dynamic-instrumentation-automated-and-manual-analysis/

Facebook launches platform for sharing of threat intelligence

Twitter, Yahoo! amongst early participants in 'ThreatExchange'.
Twitter, Yahoo! amongst early participants in 'ThreatExchange'. When I took my first steps in the security industry, I was surprised by just how much information was shared between… https://www.virusbulletin.com/blog/2015/02/facebook-launches-platform-sharing-threat-intelligence/

« Previous 1...3233343536...120 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.