VB Blog

VB2019 presentation: A deep dive into iPhone exploit chains

Posted by Virus Bulletin on Jan 10, 2020

In a last-minute presentation at VB2019 in London, John Bambenek of the University of Illinois at Urbana-Champaign discussed details of campaigns that used advanced iOS and Android exploit chains against China’s Uighur minority. Today we release the recording of John's presentation.

Posted by Helen Martin on Jan 8, 2020

Today we released the Winter 2020 VBWeb report, detailing the performance of web security products against live web threats and looking at the current state of the web-based threat landscape.

Posted by Virus Bulletin on Jan 6, 2020

In a paper presented at VB2019 in London, Prismo Systems researchers Abhishek Singh and Ramesh Mani discussed code injection vulnerabilities and presented a tool that could detect this vulnerability class. Today we publish their paper and the recording of their presentation.

Posted by Helen Martin on Dec 31, 2019

As VB Editor Martijn Grooten steps down from his role to move on to new challenges, the team wish him a fond farewell and the very best of luck in his future endeavours.

Posted by Martijn Grooten on Dec 27, 2019

Today, we publish the VB2019 paper and video by Sophos researcher Sergei Shevchenko in which he analyses a popular yet unnamed piece of macOS ‘bundleware’.

Posted by Martijn Grooten on Dec 23, 2019

In the final of a five-part series of blog posts, departing VB Editor Martijn Grooten argues for more emphasis on the good news in security, especially that which is more subtle.

Posted by Virus Bulletin on Dec 20, 2019

In the fourth of a five-part series of blog posts, departing VB Editor Martijn Grooten explains why security researchers should refer to other people's work.

Posted by Martijn Grooten on Dec 19, 2019

In the third of a five-part series of blog posts, departing VB Editor Martijn Grooten explains why he believes security vendors should take their products' security more seriously.

Posted by Martijn Grooten on Dec 19, 2019

China has long been a hotbed of DDoS activities, and today we publish a VB2019 paper by Intezer researcher Nacho Sanmillan who looked at Chinese threat groups engaged in performing DDoS attacks. We have also uploaded the recording of his presentation.

Posted by Martijn Grooten on Dec 18, 2019

In the second of a five-part series of blog posts, departing VB Editor Martijn Grooten explains why he believes cybersecurity professionals need to educate themselves on the complexities of the real-world situations in which security is applied.

Previous1...56789...215Next

Search blog

MnuBot banking trojan communicates via SQL server

Researchers at IBM X-Force have discovered MnuBot, a banking trojan targeting users in Brazil, which is noteworthy for using SQL Server for command and control communication.
Researchers at IBM X-Force have discovered a new banking trojan, dubbed 'MnuBot', which is targeting Internet users in Brazil. The trojan performs tasks common to banking… https://www.virusbulletin.com/blog/2018/05/mnubot-banking-trojan-communicates-sql-server/

Throwback Thursday: Giving the EICAR test file some teeth

The 68-byte EICAR test file plays as important a role today as it did 19 years ago. In this week's Throwback Thursday we look back at a VB99 conference paper in which Randy Abrams described how this 'miracle tool' worked and how it could be used.
When in our VB100 test lab we set up an anti-virus product, one of the first things we do is to see if it works by making it scan the EICAR test file. This 68-byte file is… https://www.virusbulletin.com/blog/2018/05/throwback-thursday-giving-eicar-test-file-some-teeth/

XMRig used in new macOS cryptominer

A new piece of cryptocurrency-mining malware on macOS has been found to use the popular XMRig miner.
Users complaining on Apple's official discussion forum about processes that use a lot of CPU have led to the discovery of a new piece of cryptocurrency-mining malware on macOS… https://www.virusbulletin.com/blog/2018/05/xmrig-used-new-macos-cryptominer/

Tendency for DDoS attacks to become less volumetric fits in a wider trend

CDN provider Cloudflare reports an increase in DDoS attacks targeting layer 7 and focusing on exhausting server resources rather than sending large volumes of data. This fits in a wider trend.
A current trend sees DDoS attacks focusing less on large volume attacks and more on attacks that exhaust server resources, Cloudflare reports. The number of layer 7 attacks per… https://www.virusbulletin.com/blog/2018/05/tendency-ddos-attacks-become-less-volumetric-fits-wider-trend/

Turkish Twitter users targeted with mobile FinFisher spyware

Through fake social media accounts, users were tricked into installing an Android application that was actually a mobile version of the FinFisher spyware.
A new research paper by digital rights organization Access Now looks at how FinFisher has been used against people interested in anti-government protests in Turkey. Through… https://www.virusbulletin.com/blog/2018/05/turkish-twitter-users-targeted-mobile-finfisher-spyware/

Hide'n'Seek IoT botnet adds persistence

The Hide'n'Seek IoT botnet has received an update to make its infection persist on infected devices beyond a restart.
The Hide'n'Seek IoT botnet has received an update to make its infection persist on infected devices beyond a restart, Bitdefender reports. Though persistence is fairly common… https://www.virusbulletin.com/blog/2018/05/hidenseek-iot-botnet-adds-persistence/

Registration for VB2018 now open!

Registration for VB2018, the 28th International Virus Bulletin conference, is now open, with an early bird rate available until 1 July.
Registration for VB2018, the 28th Virus Bulletin Conference, which will take place in Montreal 3-5 October this year, is now open. Last month, we announced an exciting and… https://www.virusbulletin.com/blog/2018/05/registration-vb2018-now-open/

May

https://www.virusbulletin.com/blog/2018/05/

RSA 2018: the good, the bad, the ugly, the great and the fantastic

In April, VB's Martijn Grooten attended the RSA Expo in San Francisco. He shares his views on the expo and the industry.
Two weeks ago, I was one of the more than 50,000 people who attended the RSA expo in San Francisco. I deliberately say 'expo', for while I spoke at the event two years ago, this… https://www.virusbulletin.com/blog/2018/05/rsa-2018-good-bad-ugly-great-and-fantastic/

Standalone product test: Kaspersky Security for Microsoft Office 365

There are a number of security solutions on the market that are designed to increase the default protection provided by Office 365. One such product is the newly launched Kaspersky Security for Microsoft Office 365. Virus Bulletin was commissioned to meas…
The Office 365 productivity software has become one of Microsoft's flagship products, providing organizations around the world with collaboration tools, office applications and an… https://www.virusbulletin.com/blog/2018/04/standalone-product-test-kaspersky-security-microsoft-office-365/

GravityRAT malware takes your system's temperature

The GravityRAT malware, discovered by Cisco Talos researchers, gives some interesting insight into modern malware development.
Cisco Talos researchers Warren Mercer and Paul Rascagnères recently discovered and analysed 'GravityRAT', an advanced Remote Access Trojan (RAT) that appears to have been used in… https://www.virusbulletin.com/blog/2018/04/gravityrat-malware-takes-your-systems-temperature/

$150k in cryptocurrency stolen through combined BGP-DNS hijack

A BGP hijack was used to take over some of Amazon's DNS infrastructure, which was then used to serve a phishing site to users of the MyEtherWallet service.
If the Internet is, as is often said, held together with elastic bands and pieces of Sellotape, BGP is essentially a bunch of post-it notes that serve as traffic signs. BGP… https://www.virusbulletin.com/blog/2018/04/150-k-cryptocurrency-stolen-through-cominbed-bgp-dns-hijack/

Security-focused routers may help to mitigate IoT threats

Various security companies are offering security-focused routers. This is a good trend and may help mitigate a lot of the issues that come with the IoT.
Walking around the RSA show floor last week, it was clear that the Internet of Things, or IoT, is a hot topic in security. Indeed, the number of connected devices continues to… https://www.virusbulletin.com/blog/2018/04/security-focused-routers-may-help-mitigate-iot-threats/

The road to IPv6 is generally smooth but contains a few potholes

Most of the switch from IPv4 to IPv6 will happen seamlessly. But we cannot assume it won't introduce new security issues.
"The report of my death was an exaggeration," Mark Twain famously said in 1897. It was indeed: Twain went on to live for another 13 years but did eventually die. The same is… https://www.virusbulletin.com/blog/2018/04/road-ipv6-generally-smooth-contains-few-potholes/

New paper: Powering the distribution of Tesla stealer with PowerShell and VBA macros

Since their return four years ago, Office macros have been one of the most common ways to spread malware. Today, we publish a research paper which looks in detail at a campaign in which VBA macros are used to execute PowerShell code, which in turn downloa…
Ever since their return more than four years ago, initially in targeted attacks and later in large-scale malware campaigns, Office macros have been one of the most prominent ways… https://www.virusbulletin.com/blog/2018/04/new-paper-powering-distribution-tesla-stealer-powershell-and-vba-macros/

VB2017 paper: Android reverse engineering tools: not the usual suspects

Within a few years, Android malware has grown from a relatively small threat to a huge problem involving more than three million new malware samples a year. Axelle Apvrille, one of the world's leading Android malware researchers, will deliver a workshop o…
Within a few years, Android malware has grown from a relatively small threat – the first VB conference talk on Android, in 2011, mentioned fewer than 100 malware families – to a… https://www.virusbulletin.com/blog/2018/04/vb2017-paper-android-reverse-engineering-tools-not-usual-suspects/

Patch early, patch often, but don't blindly trust every 'patch'

Compromised websites are being used to serve fake Flash Player uploads that come with a malicious payload.
Patching is important, but not everything that presents itself as a security patch is safe to install. Malwarebytes researcher Jérôme Segura has written a detailed analysis of… https://www.virusbulletin.com/blog/2018/04/patch-early-patch-often-dont-blindly-trust-every-patch/

Virus Bulletin at RSA

Next week, VB Editor Martijn Grooten will be at the RSA Conference in San Francisco.
Next week, I will be joining the international security community to attend the RSA Conference in San Francisco. Though it lacks the intimate atmosphere of so many smaller… https://www.virusbulletin.com/blog/2018/04/virus-bulletin-rsa/

Broad-ranging and international VB2018 programme announced

VB is excited to reveal the details of an interesting and diverse programme for VB2018, the 28th Virus Bulletin International Conference, which takes place 3-5 October in Montreal, Canada.
Today, we are very excited to announce the programme for VB2018, the 28th Virus Bulletin International Conference, which is to take place in Montreal, 3-5 October 2018. Putting… https://www.virusbulletin.com/blog/2018/04/broad-and-international-vb2018-programme-announced/

April

https://www.virusbulletin.com/blog/2018/04/

« Previous 1...1213141516...120 Next »