VB Blog

VB2017 paper: Nine circles of Cerber

Posted by   Martijn Grooten on   Dec 15, 2017

Cerber is one of the major names in the world of ransomware, and last year, Check Point released a decryption service for the malware. Today, we publish a VB2017 paper by Check Point's Stanislav Skuratovich describing how the Cerber decryption tool worked; we have also uploaded the video of the presentation of this paper, by Or Eshed and Yaniv Balmas.

Read more  

Attack on Fox-IT shows how a DNS hijack can break multiple layers of security

Posted by   Martijn Grooten on   Dec 14, 2017

Dutch security firm Fox-IT deserves praise for being open about an attack on its client network. There are some important lessons to be learned about DNS security from its post-mortem.

Read more  

Throwback Thursday: BGP - from route hijacking to RPKI: how vulnerable is the Internet?

Posted by   Martijn Grooten on   Dec 14, 2017

For this week's Throwback Thursday, we look back at the video of a talk Level 3's Mike Benjamin gave at VB2016 in Denver, on BGP and BGP hijacks.

Read more  

Security Planner gives security advice based on your threat model

Posted by   Martijn Grooten on   Dec 13, 2017

Citizen Lab's Security Planner helps you improve your online safety, based on the specific threats you are facing.

Read more  

VB2017 video: Spora: the saga continues a.k.a. how to ruin your research in a week

Posted by   Martijn Grooten on   Dec 11, 2017

Today, we publish the video of the VB2017 presentation by Avast researcher Jakub Kroustek and his former colleague Előd Kironský, now at ESET, who told the story of Spora, one of of the most prominent ransomware families of 2017.

Read more  

VB2017 paper: Modern reconnaissance phase on APT – protection layer

Posted by   Martijn Grooten on   Dec 7, 2017

During recent research, Cisco Talos researchers observed the ways in which APT actors are evolving and how a reconnaissance phase is included in the infection vector in order to protect valuable zero-day exploits or malware frameworks. At VB2017 in Madrid, two of those researchers, Paul Rascagneres and Warren Mercer, presented a paper detailing five case studies that demonstrate how the infection vector is evolving. Today we publish both Paul and Warren's paper and the recording of their presentation.

Read more  

VB2017 paper: Peering into spam botnets

Posted by   Martijn Grooten on   Dec 1, 2017

At VB2017 in Madrid, CERT Poland researchers Maciej Kotowicz and Jarosław Jedynak presented a paper detailing their low-level analysis of five spam botnets. Today we publish their full paper.

Read more  

Throwback Thursday: Anti-malware testing undercover

Posted by   Martijn Grooten on   Nov 30, 2017

We look back at the VB2016 presentation by Righard Zwienenberg (ESET) and Luis Corrons (Panda Security), in which they discussed various issues relating to anti-malware testing.

Read more  

Virus Bulletin relaunches VB Security Jobs Market for both employers and job seekers

Posted by   Martijn Grooten on   Nov 30, 2017

As an independent body in the IT security industry, Virus Bulletin is in an ideal position to act as a global source of information both about jobs currently available in the field and about those candidates currently seeking to start or progress their career in the industry - which is why we have relaunched the VB Security Jobs Market.

Read more  

VB2017 paper: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server

Posted by   Martijn Grooten on   Nov 29, 2017

At VB2017 in Madrid, macOS malware researcher Patrick Wardle presented the details of a specific piece of Mac malware, FruitFly, which he analysed through a custom C&C server - a technique that will also be of interest for researchers of malware on other platforms. Today we publish both Patrick's paper and the recording of his presentation.

Read more  
Previous1...2627282930...215Next

Search blog

Save the dates: VB2018 to take place 3-5 October 2018

Though the location will remain a secret for a few more months, we are pleased to announce the dates for VB2018, the 28th Virus Bulletin International Conference.
While we hope that you have already circled the dates of 4-6 October 2017 in your agendas, and that you will join us and security experts from around the world for VB2017 in Spain… https://www.virusbulletin.com/blog/2017/07/save-dates-vb2018-take-place-3-5-october-2018/

Review: BSides Athens 2017

The second edition of BSides Athens saw a great and varied programme presented in the Greek capital. VB's Martijn Grooten was pleased to attend.
BSides London has been a regular fixture on the Virus Bulletin agenda for the past few years, but its international audience (thanks to the event being held in parallel with… https://www.virusbulletin.com/blog/2017/07/review-bsides-athens-2017/

Let's not help attackers by spreading fear, uncertainty and doubt

Spreading 'FUD' in the wake of cyber-attacks is never a good idea. But it's even worse when this might be one of the attackers' implicit goals.
A week and a half after the outbreak of (Not)Petya, we are still not 100% certain about the motivation of the attackers. Was it a (failed) attempt to extort money from a large… https://www.virusbulletin.com/blog/2017/07/lets-not-help-attackers-spreading-fear-uncertainty-and-doubt/

Calling next-gen security researchers: student discount for VB2017 announced

For the third year in a row, we have set aside a limited number of student tickets for the Virus Bulletin conference, to allow 'next-generation' security researchers to experience one of the most important gatherings of security researchers around the wor…
Next-gen firewalls, next-gen anti-virus. At Virus Bulletin, we follow the 'next-gen' trends with interest, if only because behind the marketing there is often very interesting… https://www.virusbulletin.com/blog/2017/07/calling-next-gen-security-researchers-student-discount-vb2017-announced/

Nominations opened for fourth Péter Szőr Award

Virus Bulletin has opened nominations for the fourth annual Péter Szőr Award, for the best piece of technical security research published between 1 July 2016 and 30 June 2017.
Virus Bulletin is seeking nominations for the fourth annual Péter Szőr Award. The award was inaugurated during the VB2014 conference, in honour of late security researcher and… https://www.virusbulletin.com/blog/2017/07/nominations-opened-fourth-peter-szor-award/

July

https://www.virusbulletin.com/blog/2017/07/

VB2016 paper: BlackEnergy – what we really know about the notorious cyber attacks

According to some researchers, there is some evidence linking the recent (Not)Petya attacks with the BlackEnergy group - which became infamous for its targeted attacks against the Ukraine. At VB2016, ESET researchers Anton Cherepanov and Robert Lipovsky s…
In a blog post published on Friday, ESET researcher Anton Cherepanov provides evidence linking last week's (Not)Petya attacks to the BlackEnergy group; Kaspersky researchers also… https://www.virusbulletin.com/blog/2017/07/vb2016-paper-blackenergy-what-we-really-know-about-notorious-cyber-attacks/

Security advice in the wake of WannaCry and Not(Petya)

As WannaCry and (Not)Petya have shown, malware attacks can do a lot of damage. So is staying safe just a case of following good security advice?
The recent outbreaks of WannaCry and (Not)Petya have left many users and organizations understandably confused about what to do and how to fend off such attacks. Thankfully,… https://www.virusbulletin.com/blog/2017/06/security-advice-wake-wannacry-and-notpetya/

48 hours after initial reports, many mysteries remain around the latest ransomware/wiper threat

Whether you call it Petya, NotPetya, Nyetya or Petna, there are still many mysteries surrounding the malware that has been causing havoc around the world.
"What's in a name? that which we call a rose By any other name would smell as sweet" Shakespeare's philosophising can equally be applied to malware, and whether you call it… https://www.virusbulletin.com/blog/2017/06/48-hours-after-initial-reports-many-mysteries-around-latest-ransomwarewiper-threat-remain/

VB2017 Early Bird discount to expire this week

This week, the Early Bird discount for VB2017 comes to an end - so, for a 10% saving on the cost of full price registration, make sure you register now!
"Hundreds of businesses, both large and small, have suffered from the handiwork of the virus writers. It is now clear that a sabotage mentality exists and new computer viruses… https://www.virusbulletin.com/blog/2017/06/vb2017-early-bird-discount-expire-week/

VB2016 paper: Steam stealers: it's all fun and games until someone's account gets hijacked

Last year, Kaspersky Lab researcher Santiago Pontiroli and PwC's Bart Parys presented a VB2016 paper analysing the malicious threats faced by users of the Steam online gaming platform, and highlighting how organized criminals are making money with these p…
The online games market is huge, and the Steam platform is a huge player in that market. Users registered on the Steam platform use their credit cards to buy content, and… https://www.virusbulletin.com/blog/2017/06/vb2016-paper-steam-stealers-its-all-fun-and-games-until-someones-account-gets-hijacked/

Research paper shows it may be possible to distinguish malware traffic using TLS

Researchers at Cisco have published a paper describing how it may be possible to use machine learning to distinguish malware command-and-control traffic using TLS from regular enterprise traffic, and to classify malware families based on their encrypted C…
Researchers at Cisco have published a paper (PDF) describing how it may be possible to use machine learning to distinguish malware command-and-control (C&C) traffic using TLS from… https://www.virusbulletin.com/blog/2017/06/research-paper-shows-it-may-be-possible-distinguish-malware-traffic-using-tls/

Is CVE-2017-0199 the new CVE-2012-0158?

After five years of exploitation in a wide variety of attacks, CVE-2012-0158 may have found a successor in CVE-2017-0199, which is taking the Office exploit scene by storm.
There are two good reasons not to be concerned about CVE-2012-0158, an RTF handling vulnerability in Microsoft Office. First, the vulnerability was patched more than five years… https://www.virusbulletin.com/blog/2017/06/cve-2017-0199-new-cve-2012-0158/

Review: BSides London 2017

Virus Bulletin was a proud sponsor of BSides London 2017 - Martijn Grooten reports on a great event.
This month, for the first time in its 28-year history, Virus Bulletin became the sponsor of another industry conference: BSides London. I have to admit to having been more than a… https://www.virusbulletin.com/blog/2017/06/review-bsides-london-2017/

VB2017: one of the most international security conferences

It is well known that the problem of cybersecurity is a global one that affects users worldwide - but it's also one that has some unique local flavours. With speakers representing at least 24 countries, VB2017 is one of the most international security con…
The 40 talks confirmed thus far for the VB2017 conference programme will be delivered by speakers that are based in 18 different countries across five continents. If you also… https://www.virusbulletin.com/blog/2017/06/vb2017-one-most-international-security-conferences/

VB2016 paper: Diving into Pinkslipbot's latest campaign

Qakbot or Qbot, is a banking trojan that makes the news every once in a while and was the subject of a VB2016 paper by Intel Security researchers Sanchit Karve, Guilherme Venere and Mark Olea. In it, they provided a detailed analysis of the Pinkslipbot/Qa…
Pinkslipbot, also known as Qakbot or Qbot, is a banking trojan that makes the news every once in a while, yet never seems to get the attention of the world's Zbots and Dridexes. I… https://www.virusbulletin.com/blog/2017/06/vb2016-paper-diving-pinkslipbots-latest-campaign/

Book review: Spam: A Shadow History of the Internet

VB Editor Martijn Grooten reviews Finn Brunton's book 'Spam: A Shadow History of the Internet'.
This review, by VB Editor Martijn Grooten, was originally published in the Journal of the International Committee for the History of Technology (ICON). It is republished with… https://www.virusbulletin.com/blog/2017/06/book-review-spam-shadow-history-internet/

June

https://www.virusbulletin.com/blog/2017/06/

Virus Bulletin to sponsor BSides London

Virus Bulletin is proud to be a Silver sponsor of BSides London next week; we look forward to the event and to meeting many security professionals.
When VB'91, the inaugural Virus Bulletin conference, took place (in 1991), there were few security conferences on the scene and there were more virus researchers than computer… https://www.virusbulletin.com/blog/2017/06/virus-bulletin-sponsor-bsides-london/

VB2016 video: Last-minute paper: Malicious proxy auto-configs: an easy way to harvest banking credentials

In a VB2016 last-minute presentation, Jaromír Horejší and Jan Širmer looked at Retefe, a trojan that has targeted banks in several European countries and used malicious proxy auto-config filesto redirect users' traffic to a server controlled by the attack…
"Much media attention is given to imminent and visible threats, like ransomware. Other threats remain under the radar and often go unnoticed." This part of Jaromír Horejší and Jan… https://www.virusbulletin.com/blog/2017/may/vb2016-video-last-minute-paper-malicious-proxy-auto-configs-easy-way-harvest-banking-credentials/

« Previous 1...1920212223...120 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.