VB Blog

VB2019 paper: Absolutely routed!! Why routers are the new bullseye in cyber attacks

Posted by   Martijn Grooten on   Dec 18, 2019

Today we publish the VB2019 paper by Anurag Shandilya (K7 Computing) who looked at recent malware attacks against routers, as well as the video of his presentation in London.

Read more  

Parting thoughts 1: cybersecurity as a social science

Posted by   Martijn Grooten on   Dec 17, 2019

In the first of a five-part series of blog post, departing VB Editor Martijn Grooten explains why he believes cybersecurity isn't as much as technical field as we like to believe.

Read more  

VB2020 call for papers - now open!

Posted by   Martijn Grooten on   Dec 16, 2019

Have you analysed a new online threat? Do you know a new way to defend against such threats? Are you tasked with securing systems and fending off attacks? The call for papers for VB2020 is now open and we want to hear from you!

Read more  

VB2019 paper: Operation Soft Cell - a worldwide campaign against telecommunication providers

Posted by   Martijn Grooten on   Dec 13, 2019

Today we publish the VB2019 paper by Cybereason researchers Mor Levi, Amit Serper and Assaf Dahan on Operation Soft Cell, a targeted attack against telecom providers around the world.

Read more  

VB2019 paper: A study of Machete cyber espionage operations in Latin America

Posted by   Martijn Grooten on   Dec 10, 2019

At VB2019 in London a group of researchers from the Stratosphere Lab at the Czech Technical University in Prague presented a paper in which they analysed and dissected the cyber espionage activities of an APT group in Latin America through the analysis of one of its tools, known as Machete. Today we publish their paper and the recording of their presentation.

Read more  

VB2019 paper: The push from fiction for increased surveillance, and its impact on privacy

Posted by   Helen Martin on   Dec 5, 2019

In a paper presented at VB2019 in London, researchers Miriam Cihodariu (Heimdal Security) and Andrei Bogdan Brad (Code4Romania) looked at how surveillance is represented in fiction and how these representations are shaping people's attitudes to surveillance in current legal debates. Today we publish both their paper and the recording of Miriam presenting the paper in London.

Read more  

VB2019 paper: Oops! It happened again!

Posted by   Helen Martin on   Dec 3, 2019

At VB2019 in London industry veterans Righard Zwienenberg and Eddy Willems took a detailed look at the relationship between past and current cyber threats. Today, we publish both their paper and the recording of their presentation.

Read more  

Job vacancy at VB: Security Evangelist

Posted by   Martijn Grooten on   Nov 29, 2019

Virus Bulletin is recruiting for a person to be the public face of the company

Read more  

VB2019 video: Thwarting Emotet email conversation thread hijacking with clustering

Posted by   Martijn Grooten on   Nov 29, 2019

At VB2019 in London, ZEROSPAM researchers Pierre-Luc Vaudry and Olivier Coutu discussed how email clustering could be used to detect malicious Emotet emails that hijacked existing email threads. Today we publish the recording of their presentation.

Read more  

VB2019 paper: A vine climbing over the Great Firewall: a long-term attack against China

Posted by   Martijn Grooten on   Nov 28, 2019

Today we publish a VB2019 paper from Lion Gu and Bowen Pan from the Qi An Xin Threat Intelligence Center in China in which they analysed an APT group dubbed 'Poison Vine', which targeted various government, military and research institutes in China.

Read more  
Previous1...678910...215Next

Search blog

Netflix issue shows email verification really does matter

A clever trick taking advantage of the fact that Gmail ignores dots in email addresses could be used to trick someone into paying for your Netflix subscription - demonstrating the importance of confirmed opt-in.
In the email security community, the use of confirmed opt-in has long been a recommended practice: an email address given to you can't be used until the account owner has… https://www.virusbulletin.com/blog/2018/04/netflix-issue-shows-email-verification-does-matter/

VB2017 paper: Exploring the virtual worlds of advergaming

At VB2017 in Madrid, Malwarebytes' Chris Boyd presented a paper in which he looked at various aspects of advergaming, from unreadable EULAs to fake programs that promise to block ads. Today, we publish both the paper and the recording of Chris's presentat…
At VB2016 in Denver, Malwarebytes researchers Jérôme Segura and Chris Boyd presented a paper on malicious advertising, or malvertising. At the end of the paper, as they looked at… https://www.virusbulletin.com/blog/2018/04/vb2017-paper-exploring-virtual-worlds-advergaming/

New paper: Distinguishing between malicious app collusion and benign app collaboration: a machine-learning approach

Two or more mobile apps, viewed independently, may not appear to be malicious - but in combination, they could become harmful by exchanging information with one another and by performing malicious activities together. Today, we publish a new paper by a gr…
Yesterday, we published a paper (that was presented at VB2016) on Android app collusions: the situation in which two or more apps work together to exfiltrate data from a device… https://www.virusbulletin.com/blog/2018/03/new-paper-distinguishing-between-malicious-app-collusion-and-benign-app-collaboration-machine-learning-approach/

VB2016 paper: Wild Android collusions

At VB2016 in Denver, Jorge Blasco presented a paper (co-written with Thomas M. Chen, Igor Muttik and Markus Roggenbach), in which he discussed the concept of app collusion - where two (or more) apps installed on the same device work together to collect an…
Playing out in the sidelines of the Cambridge Analytica scandal was the discovery that Facebook had been collecting metadata on the calls and SMS conversations of many of the… https://www.virusbulletin.com/blog/2018/03/vb2016-paper-wild-android-collusions/

VB2017 paper: The life story of an IPT - Inept Persistent Threat actor

At VB2017 in Madrid, Polish security researcher and journalist Adam Haertlé presented a paper about a very inept persistent threat. Today, we publish both the paper and the recording of Adam's presentation.
Last Wednesday, Belgium-based Polish hacker Thomasz T. was arrested during a visit to his home country. Thomasz is believed to be the author of the Polski, Vortex, and Flotera… https://www.virusbulletin.com/blog/2018/03/vb2017-paper-life-story-ipt-inept-persistent-threat-actor/

Five reasons to submit a VB2018 paper this weekend

The call for papers for VB2018 closes on 18 March, and while we've already received many great submissions, we still want more! Here are five reasons why you should submit a paper this weekend.
The call for papers for VB2018 will close this Sunday, 18 March (in fact, to ensure we cover the entirety of the deadline day across all time zones, we'll close submissions first… https://www.virusbulletin.com/blog/2018/03/five-reasons-submit-vb2018-paper-weekend/

First partners of VB2018 announced

We are excited to announce the first six companies to partner with VB2018.
We are excited to announce that all four Platinum partnerships of VB2018, the 28th Virus Bulletin International Conference, have been filled. Both ESET and Tencent have… https://www.virusbulletin.com/blog/2018/03/first-partners-vb2018-announced/

VB2018: looking for technical and non-technical talks

We like to pick good, solid technical talks for the VB conference programme, but good talks don't have to be technical and we welcome less technical submissions just as much.
Nine days from today, the call for papers for VB2018 will close. We've already received many great submissions (in fact, we already have more proposals than we have places to… https://www.virusbulletin.com/blog/2018/03/vb2018-looking-technical-and-non-technical-talks/

Partner with VB2018 for extra visibility among industry peers

Partnering with the VB conference links your company to a successful and well-established event, demonstrates your commitment to moving the industry forward, allows you to meet potential clients, be visible to industry peers and build lasting connections.…
Preparations are under way for VB2018, or to give it its full name, the 28th Virus Bulletin International Conference – it truly is a global event, attracting speakers and… https://www.virusbulletin.com/blog/2018/03/partner-vb2018-extra-visibility-among-industry-peers/

VB2017 paper: The router of all evil

At VB2017 in Madrid, security researcher Himanshu Anand presented a paper on malware that targets routers, looking both at the topic in general and at some individual case studies. Today we publish both the paper (co-written with Chastine Menrige) and the…
In recent years, we have seem a significant increase in malware targeting routers. Given that, unlike most endpoint devices, routers are often connected directly to the internet,… https://www.virusbulletin.com/blog/2018/03/vb2017-paper-router-all-evil/

Using Mailchimp makes malware campaigns a little bit more successful

In recent months, some malicious spam campaigns have been spreading via the systems of Mailchimp, a well-known email service provider - a tactic which may give the campaigns a slightly higher success rate.
Sending one email is easy. Sending thousands or millions of emails is hard: one effect of the anti-spam infrastructure we have collectively built is that the process of sending… https://www.virusbulletin.com/blog/2018/03/using-mailchimp-makes-malware-campaigns-little-bit-more-successful/

March

https://www.virusbulletin.com/blog/2018/03/

VB2017 video: The state of cybersecurity in Africa: Kenya

Though many of the IT security issues we face are global, there is a noticeable difference in the threats faced in various countries and regions, as well as in the ways they are dealt with. At VB2017, we heard from Tyrus Kamau about the state of cybersecu…
IT security, or the lack thereof, affects Internet users around the world, and though many of the issues we face are global, there is a noticeable difference in the threats faced… https://www.virusbulletin.com/blog/2018/03/vb2017-video-state-cybersecurity-africa-kenya/

A crime against statistics that is probably worse than the cyber attacks faced in County Durham

A report on the number of cyber attacks faced by UK local authorities is a good example of how the large numbers seen in many reports on security are rather meaningless.
Tomorrow, I will give a talk entitled "Don't know much about security" at the offices of ENISA, the EU's agency for network and information security. Despite the title, the… https://www.virusbulletin.com/blog/2018/02/crime-against-statistics-probably-worse-cyber-attacks-faced-county-durham/

NCSC gives important advice on lateral movement

The UK's National Cyber Security Centre (NCSC) has provided helpful and practical advice on preventing and detecting lateral movement by an attacker within a network.
Though not even a year and a half old, the UK's National Cyber Security Centre (NCSC) has already managed to make a name for itself through its practical advice and guidance on… https://www.virusbulletin.com/blog/2018/02/ncsc-gives-important-advice-lateral-movement/

What kind of people attend Virus Bulletin conferences?

If you are considering submitting a proposal for a talk to VB2018 and you're not familiar with the event, you may find it useful to know what kind of people attend the conference.
The Call for Papers for VB2018, the 28th Virus Bulletin International Conference, which will take place in Montreal, 3-5 October 2018, opened last month. It will remain open until… https://www.virusbulletin.com/blog/2018/02/what-kind-people-attend-virus-bulletin-conferences/

Olympic Games target of malware, again

An unattributed malware attack has disrupted some computer systems of the 2018 Winter Olympics. In 1994, a computer virus also targeted the Winter Olympics.
The organisers of the Pyeongchang Winter Olympics have confirmed a malware attack against their computer systems. Though the attack affected the Wi-Fi during Friday's opening… https://www.virusbulletin.com/blog/2018/02/olympic-games-target-malware-again/

There are lessons to be learned from government websites serving cryptocurrency miners

Thousands of websites, including many sites of government organisations in the UK, the US and Sweden, were recently found to have been serving a cryptocurrency miner. More interesting than the incident itself, though, are the lessons that can be learned f…
This was awkward. On Sunday, the Information Commissioner's Office (ICO), the UK's data protection regulator and thus the public body that issues fines for data breaches, was… https://www.virusbulletin.com/blog/2018/02/there-are-lessons-be-learned-government-websites-serving-cryptocurrency-miners/

We need to continue the debate on the ethics and perils of publishing security research

An article by security researcher Collin Anderson reopens the debate on whether publishing threat analyses is always in the public interest.
At VB2015 in Prague, Juan Andrés Guerro-Saade, then of Kaspersky Lab, presented an important paper on the transformation of security researchers into intelligence brokers and how… https://www.virusbulletin.com/blog/2018/02/we-need-continue-debate-ethics-and-perils-publishing-security-research/

WordPress users urged to manually update to fix bug that prevents automatic updating

Users of the popular WordPress content management system are urged to manually update their installation to version 4.9.4, as a bug in the previous version broke the ability to automatically install updates.
WordPress has long had a bad reputation in the security community. While this is understandable – compromised installations of the popular content management system are regularly… https://www.virusbulletin.com/blog/2018/02/wordpress-users-urged-manually-update-fix-bug-prevents-automatic-updating/

« Previous 1...1314151617...120 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.