VB Blog

VB2019 paper: Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry

Posted by   Martijn Grooten on   Oct 28, 2019

Today we publish the VB2019 paper by RiskIQ researcher Yonathan Klijnsma, who looked at the Magecart web-skimming attacks.

Read more  

VB2019 videos: partner presentations

Posted by   Martijn Grooten on   Oct 25, 2019

Today, we publish the videos of the VB2019 partner presentations by Michael Maltsev (Reason Cybersecurity) on webcam interception and protection, and by Jean-Ian Boutin and Anton Cherepanov (ESET) on the Buhtrap group.

Read more  

VB tests the web security products that play an important role in fending off web-based threats

Posted by   Martijn Grooten on   Oct 24, 2019

The web continues to be a major infection vector for malware and credential-stealing threats. In the VBWeb tests, we measure products' ability to block such threats and certify products that perform a good job at doing so.

Read more  

VB2019 papers: Emotet and Ryuk

Posted by   Martijn Grooten on   Oct 23, 2019

Today we publish VB2019 papers by Luca Nagy (Sophos) on Emotet and Gabriela Nicolao and Luciano Martins (Deloitte) on Ryuk, as well as the corresponding videos of their presentations.

Read more  

Responsible madness?

Posted by   Virus Bulletin on   Oct 22, 2019

The debate on responsible disclosure is about as old as IT security itself. In a guest post for Virus Bulletin Robert Neumann suggests we need to reconsider a one-size-fits-all solution and instead look for a well-respected independent organization to handle security issues.

Read more  

VB2019 paper: Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error

Posted by   Martijn Grooten on   Oct 21, 2019

OpSec mistakes are what lead to many malware discoveries, and in the case of the Geost Android botnet the mistake was a really interesting one. Today we publish the VB2019 paper by Sebastian García, Maria Jose Erquiaga and Anna Shirokova on the Geost botnet, as well as the recording of Sebastian and Anna presenting their research in London.

Read more  

Analysis of malware responsible for sextortion spam that mines for Monero on the side

Posted by   Virus Bulletin on   Oct 14, 2019

VB2019 Platinum partner Reason Cybersecurity presents a threat analysis report on the Save Yourself malware.

Read more  

Guest blog: Threat intelligence – a unifying force of the future

Posted by   Virus Bulletin on   Oct 4, 2019

In a guest blog post VB2019 Platinum partner Reason Cybersecurity looks to the future of threat intelligence.

Read more  

Guest blog: Why we should be paying more attention to Linux threats

Posted by   Virus Bulletin on   Sep 25, 2019

In a guest blog post VB2019 Silver partner Intezer outlines the importance of paying attention to Linux threats.

Read more  

New Emotet spam campaign continues to bypass email security products

Posted by   Martijn Grooten on   Sep 18, 2019

On Monday, the infamous Emotet malware resumed its spam campaign to spread the latest version of the malware. As before, the malware successfully bypasses many email security products.

Read more  
Previous1...89101112...215Next

Search blog

Will DIME eventually replace email?

Protocol has all the advantages of email, yet is orders of magnitude more secure.
Protocol has all the advantages of email, yet is orders of magnitude more secure. In the current Internet era sometimes referred to as 'post-Snowden', it is often said that email… https://www.virusbulletin.com/blog/2015/03/will-dime-eventually-replace-email/

Paper: Windows 10 patching process may leave enterprises vulnerable to zero-day attacks

Aryeh Goretsky gives advice on how to adapt to Windows 10's patching strategy.
Aryeh Goretsky gives advice on how to adapt to Windows 10's patching strategy. Patching is hard, especially when the code base is old and the bugs are buried deeply. This was… https://www.virusbulletin.com/blog/2015/03/paper-windows-10-patching-process-may-leave-enterprises-vulnerable-zero-day-attacks/

The ghost of Stuxnet past

Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete.
Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete. Mention Stuxnet and you'll have many a security researcher's attention. The worm, which was… https://www.virusbulletin.com/blog/2015/03/ghost-stuxnet-past/

Canadian firm fined $1.1m for breaching anti-spam law

First success story for long-awaited CASL.
First success story for long-awaited CASL. The Canadian Radio-television and Telecommunications Commission (CRTC), the agency responsible for enforcing Canada's anti-spam law… https://www.virusbulletin.com/blog/2015/03/canadian-firm-fined-1-1m-breaching-anti-spam-law/

Virus Bulletin seeks hackers, network researchers for VB2015

One week left to submit an abstract for the 25th Virus Bulletin conference.
One week left to submit an abstract for the 25th Virus Bulletin conference. A few weeks ago, I made a short visit to the Clarion Congress Hotel in Prague, where VB2015 will take… https://www.virusbulletin.com/blog/2015/03/seeks-hackers-network-researchers/

VB2014 paper: Leaving our ZIP undone: how to abuse ZIP to deliver malware apps

Gregory Panakkal explains that there are different ways of looking at APK files - and that sometimes that can have unintended consequences.
Gregory Panakkal explains that there are different ways of looking at APK files - and that sometimes that can have unintended consequences.Since the close of the VB2014 conference… https://www.virusbulletin.com/blog/2015/03/paper-leaving-our-zip-undone-how-abuse-zip-deliver-malware-apps/

FREAK attack takes HTTPS connections back to 1990s security

Golden keys from the (first) crypto wars have come back to haunt us.
Golden keys from the (first) crypto wars have come back to haunt us. When a web client makes a secure connection to a web server (using HTTPS), it starts by sending a 'Hello'… https://www.virusbulletin.com/blog/2015/03/freak-attack-takes-https-connections-back-1990s-security/

Paper: Script in a lossy stream

Dénes Óvári explains how to store code in lossily compressed JPEG data.
Dénes Óvári explains how to store code in lossily compressed JPEG data. Malformed PDFs have become a common way to deliver malware. Naturally, when this started to happen,… https://www.virusbulletin.com/blog/2015/03/paper-script-lossy-stream/

TorrentLocker spam has DMARC enabled

Use of email authentication technique unlikely to bring any advantage.
Use of email authentication technique unlikely to bring any advantage. Last week, Trend Micro researcher Jon Oliver (who presented a paper on Twitter abuse at VB2014) wrote an… https://www.virusbulletin.com/blog/2015/03/torrentlocker-spam-has-dmarc-enabled/

March

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2015/03/

M3AAWG releases BCP document on dealing with child sexual abuse material

Subject may make many feel uncomfortable, but it is essential that we know how to deal with it.
Subject may make many feel uncomfortable, but it is essential that we know how to deal with it. The mere mention of "child pornography" on the Internet makes many a security expert… https://www.virusbulletin.com/blog/2015/02/m3aawg-releases-bcp-document-dealing-child-sexual-abuse-material/

VB2014 paper: Caphaw - the advanced persistent pluginer

Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.
Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.Since the close of the VB2014 conference in Seattle in October, we have been sharing… https://www.virusbulletin.com/blog/2015/02/paper-caphaw-advanced-persistent-pluginer/

Hacker group takes over Lenovo's DNS

As emails were sent to wrong servers, DNSSEC might be worth looking into.
As emails were sent to wrong servers, DNSSEC might be worth looking into. Although, after some initial hesitation, Lenovo was rather frank in its admission of messing up regarding… https://www.virusbulletin.com/blog/2015/02/hacker-group-takes-over-lenovo-s-dns/

Coordinated action takes down Ramnit botnet infrastructure

Malware remains present on infected machines; 2012 Virus Bulletin paper worth studying.
Malware remains present on infected machines; 2012 Virus Bulletin paper worth studying. A coordinated action from Anubisnetworks, Microsoft and Symantec, together with Europol has… https://www.virusbulletin.com/blog/2015/02/coordinated-action-takes-down-ramnit-botnet-infrastructure/

Almost 50% increase in reported vulnerabilities as non-Windows operating systems lead the table

Each discovered vulnerability is actually a good news story.
Each discovered vulnerability is actually a good news story. Last week, security firm GFI published some research in which it looked at the number of vulnerabilities reported last… https://www.virusbulletin.com/blog/2015/02/almost-50-increase-reported-vulnerabilities-non-windows-operating-systems-lead-table/

Vawtrak trojan spread through malicious Office macros

Users easily tricked, but plenty of opportunity for the malware to be blocked.
Users easily tricked, but plenty of opportunity for the malware to be blocked. Researchers at Trend Micro report that the 'Vawtrak' banking trojan now also spreads through Office… https://www.virusbulletin.com/blog/2015/02/vawtrak-trojan-spread-through-malicious-office-macros/

Lenovo laptops pre-installed with software that adds its own root CA certificate

Shared root certificate makes for easy man-in-the-middle attacks.
Shared root certificate makes for easy man-in-the-middle attacks.What is Superfish?Superfish is a product that offers 'Visual Search'. Say, for example, you are looking at cat… https://www.virusbulletin.com/blog/2015/02/lenovo-laptops-pre-installed-software-adds-its-own-root-ca-certificate/

Google relaxes disclosure policy following criticism

Grace period added for vulnerabilities that are about to be patched.
Grace period added for vulnerabilities that are about to be patched. Last year, Google announced a new disclosure policy, where details of a vulnerability discovered by the… https://www.virusbulletin.com/blog/2015/02/google-relaxes-disclosure-policy-following-criticism/

VB2014 video: .NET malware dynamic instrumentation for automated and manual analysis

Hexiang Hu used tool to detect Bladabindi backdoor.
Hexiang Hu used tool to detect Bladabindi backdoor. The .NET framework is a popular way to write software. As applications built with the framework compile into a Common… https://www.virusbulletin.com/blog/2015/02/video-net-malware-dynamic-instrumentation-automated-and-manual-analysis/

Facebook launches platform for sharing of threat intelligence

Twitter, Yahoo! amongst early participants in 'ThreatExchange'.
Twitter, Yahoo! amongst early participants in 'ThreatExchange'. When I took my first steps in the security industry, I was surprised by just how much information was shared between… https://www.virusbulletin.com/blog/2015/02/facebook-launches-platform-sharing-threat-intelligence/

« Previous 1...3233343536...120 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.