VB Blog

First sponsors of VB2017 announced

Posted by   Martijn Grooten on   Mar 6, 2017

We are excited to announce the first five sponsors of VB2017, companies based in Europe, Asia and North America.

Read more  

Security products and HTTPS: let's do it better

Posted by   Martijn Grooten on   Feb 27, 2017

A recent paper showed that many HTTPS-intercepting security solutions have implemented TLS rather poorly. Does that mean we should avoid such solutions altogether?

Read more  

The SHA-1 hashing algorithm has been 'shattered'

Posted by   Martijn Grooten on   Feb 23, 2017

Researchers from Google and CWI Amsterdam have created the first known collision of the SHA-1 hashing algorithm, making a very strong case to ditch it.

Read more  

Throwback Thursday: Once a researcher...

Posted by   Helen Martin on   Feb 23, 2017

VB was saddened to learn this week of the passing of one of the pioneers of the AV industry, Ross Greenberg. This Throwback Thursday we look back at an interview with Ross in November 1995.

Read more  

VB2017: What is happening in the threat landscape and what are we doing against it? Submit a proposal in the VB2017 CFP!

Posted by   Martijn Grooten on   Feb 20, 2017

Have you analysed a new online threat? Do you know a new way to defend against such threats? Then submit an abstract in the CFP for VB2017!

Read more  

VB2016 paper: APT reports and OPSEC evolution, or: these are not the APT reports you are looking for

Posted by   Martijn Grooten on   Feb 17, 2017

APT reports are great for gaining an understanding of how advanced attack groups operate - however, they can also provide free QA for the threat actors. Today, we publish a VB2016 paper by Gadi Evron (Cymmetria) and Inbar Raz (Perimeter X), who discuss what they think is wrong with many APT reports and what can be done to improve them.

Read more  

Security for your ears: recommended infosec podcasts

Posted by   Martijn Grooten on   Feb 14, 2017

Industry veteran Mikko Hyppönen recently urged would-be security researchers to ditch their favourite pop music and listen to security podcasts on their commute to work instead. Virus Bulletin Editor Martijn Grooten shares his favourite security podcasts.

Read more  

VB2016 video: Getting duped: piggybacking on webcam streams for surreptitious recordings

Posted by   Martijn Grooten on   Feb 10, 2017

In a presentation at VB2016, Patrick Wardle, Director of Research at Synack, discussed the possibilities of Mac malware recording the user via the webcam. Today, we publish the video of Patrick's presentation.

Read more  

We shouldn't forget those most vulnerable in our digital world

Posted by   Martijn Grooten on   Feb 9, 2017

Virus Bulletin Editor Martijn Grooten calls for the security community not to forget those most vulnerable in the digital world, including political activists living under oppressive regimes, and victims of abuse.

Read more  

Throwback Thursday: A troubled world

Posted by   Helen Martin on   Feb 9, 2017

In early 1991, the world was a troubled place and conflict and violence were being reported globally on a daily basis. With this as a backdrop, the world of "indiscriminate" computer viruses which "victimise in a random and unpredictable manner" seemed relatively trivial to then Editor of VB, Edward Wilding.

Read more  
Previous1...3738394041...215Next

Search blog

VirusTotal project aims to remediate false positives

Security vendors to receive alerts when legitimate files are detected as malicious.
Security vendors to receive alerts when legitimate files are detected as malicious.False positives are a huge problem for the IT industry in general and for security products in… https://www.virusbulletin.com/blog/2015/02/virustotal-project-aims-remediate-false-positives/

VB2014 paper: P0wned by a barcode: stealing money from offline users

Fabio Assolini explains how cybercriminals are targeting boletos.
Fabio Assolini explains how cybercriminals are targeting boletos.Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as… https://www.virusbulletin.com/blog/2015/02/paper-p0wned-barcode-stealing-money-offline-users/

Adobe issues patch for yet another Flash Player zero-day

CVE-2015-0313 used in the wild as long ago as December.
CVE-2015-0313 used in the wild as long ago as December. Adobe has just issued an out-of-band patch for its Flash Player to fix a zero-day vulnerability that is actively being… https://www.virusbulletin.com/blog/2015/02/adobe-issues-patch-yet-another-flash-player-zero-day/

VB2014 paper: We know it before you do: predicting malicious domains

Wei Xu and his colleagues attempt to block domains before they're used for bad purposes.
Wei Xu and his colleagues attempt to block domains before they're used for bad purposes.Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014… https://www.virusbulletin.com/blog/2015/02/paper-we-know-it-you-do-predicting-malicious-domains/

Praise for the unsung heroes of email

Many decent performances in VB's latest comparative spam filter test.
Many decent performances in VB's latest comparative spam filter test. A decade ago, there were optimists who thought that the spam problem would soon be eradicated. At the same… https://www.virusbulletin.com/blog/2015/02/praise-unsung-heroes-email/

Low VirusTotal detection rates for new malware, do they matter?

It is not as important as is often suggested — and doesn't mean the malware is allowed to execute.
It is not as important as is often suggested — and doesn't mean the malware is allowed to execute. It is fairly common these days for security researchers to write about new… https://www.virusbulletin.com/blog/2015/02/low-virustotal-detection-rates-new-malware-do-they-matter/

From roadie to security rock star: it can happen

To break into security, start by getting a job in the industry.
To break into security, start by getting a job in the industry. You don't have to be a regular reader of this blog to know that computer security is very important in our… https://www.virusbulletin.com/blog/2015/02/roadie-security-rock-star-it-can-happen/

'RansomWeb' ransomware targets companies' databases

Encryption first added as a patch, key only removed when all backups are encrypted.
Encryption first added as a patch, key only removed when all backups are encrypted. Make backups, they said. Then you won't have to worry about ransomware, they said. Ransomware… https://www.virusbulletin.com/blog/2015/02/ransomweb-ransomware-targets-companies-databases/

February

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2015/02/

VB2014 paper: Ubiquitous Flash, ubiquitous exploits and ubiquitous mitigation

Chun Feng and Elia Florio analyse two Flash Player vulnerabilities and an IE one where Flash provides a helping hand.
Chun Feng and Elia Florio analyse two Flash Player vulnerabilities and an IE one where Flash provides a helping hand.Since the close of the VB2014 conference in Seattle in October,… https://www.virusbulletin.com/blog/2015/01/paper-ubiquitous-flash-ubiquitous-exploits-and-ubiquitous-mitigation/

Frequently asked questions about VB2015 conference submissions

No, it doesn't have to be about malware and no, it doesn't have to be deeply technical either!
No, it doesn't have to be about malware and no, it doesn't have to be deeply technical either! Last month, we opened the call for papers for VB2015, the 25th Virus Bulletin… https://www.virusbulletin.com/blog/2015/01/frequently-asked-questions-about-conference-submissions/

Linux systems affected by 'GHOST' vulnerability

Proof-of-concept email gives remote access to Exim mail server.
Proof-of-concept email gives remote access to Exim mail server. If you administer Linux-based systems, you'd better schedule some time for patching, as a serious buffer overflow… https://www.virusbulletin.com/blog/2015/01/linux-systems-affected-ghost-vulnerability/

VB2014 paper: Design to discover: security analytics with 3D visualization engine

Thibault Reuille and Dhia Mahjoub use DNS data to look for clusters of malicious domains.
Thibault Reuille and Dhia Mahjoub use DNS data to look for clusters of malicious domains.Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014… https://www.virusbulletin.com/blog/2015/01/paper-design-discover-security-analytics-3d-visualization-engine/

Adobe to patch Flash Player zero-day next week

Patch due next week as malvertising leads to Bedep trojan downloader.
Patch due next week as malvertising leads to Bedep trojan downloader. As the news of a zero-day vulnerability in Adobe's Flash Player actively being exploited reached the security… https://www.virusbulletin.com/blog/2015/01/adobe-patch-flash-player-zero-day-next-week/

Alleged Flash Player zero-day used in Angler exploit kit

Adobe 'investigating reports'.
Adobe 'investigating reports'.Vulnerable browser plug-ins are one of the most important infection vectors, which is why it is so important to keep them up to date. If you don't,… https://www.virusbulletin.com/blog/2015/01/alleged-flash-player-zero-day-used-angler-exploit-kit/

Research paper profiles victims of targeted attacks

Large organisations working in national security and international affairs run highest risk.
Large organisations working in national security and international affairs run highest risk. Anyone can be a target of cybercriminal attacks these days. But some are bigger targets… https://www.virusbulletin.com/blog/2015/01/research-paper-profiles-victims-targeted-attacks/

Paper: Nesting doll: unwrapping Vawtrak

Raul Alvarez unwraps the many layers of an increasingly prevalent banking trojan.
Raul Alvarez unwraps the many layers of an increasingly prevalent banking trojan. Banking trojans remain one of the most prevalent kinds of malware. Among them, trojans based on… https://www.virusbulletin.com/blog/2015/01/paper-nesting-doll-unwrapping-vawtrak/

VB2014 paper: OPSEC for security researchers

Vicente Diaz teaches researchers the basics of OPSEC.
Vicente Diaz teaches researchers the basics of OPSEC.Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video… https://www.virusbulletin.com/blog/2015/01/paper-opsec-security-researchers/

WhatsApp spam on the rise

End-to-end encryption makes spam filtering more difficult.
End-to-end encryption makes spam filtering more difficult. Spam sent through the WhatsApp messaging service is on the rise, mobile security firm AdaptiveMobile reports. This news… https://www.virusbulletin.com/blog/2015/01/whatsapp-spam-rise/

What would Cameron's 'anti-terrorism' proposals mean for the UK?

Proposals could cause serious damage to business and the economy, and are unlikely to stop terrorism.
Proposals could cause serious damage to business and the economy, and are unlikely to stop terrorism. This week, in the aftermath of the terrorist attacks on the French offices of… https://www.virusbulletin.com/blog/2015/01/what-would-cameron-s-anti-terrorism-proposals-mean-uk/

« Previous 1...3334353637...120 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.