Blog keyword search

VB2019 video: Discretion in APT: recent APT attack on crypto exchange employees

At VB2019 in London, LINE's HeungSoo Kang explained how cryptocurrency exchanges had been attacked using Firefox zero-days. Today, we publish the video of his presentation.
In June, employees at cryptocurrency exchange Coinbase were targeted by emails linking to a website that used two zero-day vulnerabilities in the Firefox browser to deliver macOS… https://virusbulletin.com/blog/2019/11/vb2019-video-discretion-apt-recent-apt-attack-crypto-exchange-employees/

Duqu 2.0 found to target security company

Advanced malware also targeted venues linked to Iranian nuclear negotiations.
Advanced malware also targeted venues linked to Iranian nuclear negotiations. There are some security stories you couldn't make up. The authors of an advanced malware tool have… https://virusbulletin.com/blog/2015/06/duqu-2-0-found-target-security-company/

Paper: Windows 10 patching process may leave enterprises vulnerable to zero-day attacks

Aryeh Goretsky gives advice on how to adapt to Windows 10's patching strategy.
Aryeh Goretsky gives advice on how to adapt to Windows 10's patching strategy. Patching is hard, especially when the code base is old and the bugs are buried deeply. This was… https://virusbulletin.com/blog/2015/03/paper-windows-10-patching-process-may-leave-enterprises-vulnerable-zero-day-attacks/

Adobe issues patch for yet another Flash Player zero-day

CVE-2015-0313 used in the wild as long ago as December.
CVE-2015-0313 used in the wild as long ago as December. Adobe has just issued an out-of-band patch for its Flash Player to fix a zero-day vulnerability that is actively being… https://virusbulletin.com/blog/2015/02/adobe-issues-patch-yet-another-flash-player-zero-day/

Adobe to patch Flash Player zero-day next week

Patch due next week as malvertising leads to Bedep trojan downloader.
Patch due next week as malvertising leads to Bedep trojan downloader. As the news of a zero-day vulnerability in Adobe's Flash Player actively being exploited reached the security… https://virusbulletin.com/blog/2015/01/adobe-patch-flash-player-zero-day-next-week/

Alleged Flash Player zero-day used in Angler exploit kit

Adobe 'investigating reports'.
Adobe 'investigating reports'.Vulnerable browser plug-ins are one of the most important infection vectors, which is why it is so important to keep them up to date. If you don't,… https://virusbulletin.com/blog/2015/01/alleged-flash-player-zero-day-used-angler-exploit-kit/

Windows zero-day used in targeted attacks

Vulnerability used to download BlackEnergy trojan - as discussed during VB2014.
Vulnerability used to download BlackEnergy trojan - as discussed during VB2014. Today is going to be a busy day for system administrators: they were already on high alert following… https://virusbulletin.com/blog/2014/10/windows-zero-day-used-targeted-attacks/

VB2014 preview: The three levels of exploit testing

Richard Ford and Marco Carvalho present an idea for how to test products that claim to detect the unknown.
Richard Ford and Marco Carvalho present an idea for how to test products that claim to detect the unknown.In the weeks running up to VB2014 (the 24th Virus Bulletin International… https://virusbulletin.com/blog/2014/09/preview-three-levels-exploit-testing/

Google's Project Zero to hunt for zero-days

Bugs to be reported to the vendor only, and to become public once patched.
Bugs to be reported to the vendor only, and to become public once patched.Google has created a new team, called Project Zero, whose task is to find vulnerabilities in any kind of… https://virusbulletin.com/blog/2014/07/google-s-project-zero-hunt-zero-days/

Privilege escalation vulnerability targets Windows XP and Server 2003

Vulnerability being used in the wild in combination with exploit of patched Adobe Reader vulnerability.
Vulnerability being used in the wild in combination with exploit of patched Adobe Reader vulnerability. Researchers at FireEye have discovered a new privilege escalation… https://virusbulletin.com/blog/2013/11/privilege-escalation-vulnerability-targets-windows-xp-and-server-2003/

Good and bad news for victims of targeted attacks against Microsoft products

Bug bounty program extended; TIFF zero-day used in the wild.
Bug bounty program extended; TIFF zero-day used in the wild. This week, Microsoft has good news and bad news for those targeted by zero-day exploits in its products. The bad… https://virusbulletin.com/blog/2013/11/good-and-bad-news-victims-targeted-attacks-against-microsoft-products/

Microsoft offers fix-it for IE 8 zero-day

CVE-2013-1347 used in watering hole attacks.
CVE-2013-1347 used in watering hole attacks. Following this weekend's discovery of a new zero-day vulnerability in version 8 of Microsoft's Internet Explorer browser, the company… https://virusbulletin.com/blog/2013/05/microsoft-offers-fix-it-ie-8-zero-day/

Internet Explorer zero-day used in the wild

Dropped PoisonIvy trojan linked to 'Nitro' attacks.
Dropped PoisonIvy trojan linked to 'Nitro' attacks. Security researcher Eric Romang has discovered a new zero-day vulnerability in Internet Explorer that is currently being used in… https://virusbulletin.com/blog/2012/09/internet-explorer-zero-day-used-wild/

From spear phishing to watering holes

Symantec reports increase in 'watering hole attacks'.
Symantec reports increase in 'watering hole attacks'. Imagine that for some reason you wanted to gain access to my computer. One thing you could do is send me an email with some… https://virusbulletin.com/blog/2012/09/spear-phishing-watering-holes/

RSA gives insight into anatomy of attack on its systems

Publicly available information used to spear phish employees.
Publicly available information used to spear phish employees. Security company RSA has released some information about how hackers gained access to its systems, giving a good… https://virusbulletin.com/blog/2011/04/rsa-gives-insight-anatomy-attack-its-systems/

Yahoo! jukebox flaw exploits in wild

Zero day vulnerability in music system rapidly targeted.
Zero day vulnerability in music system rapidly targeted.Vulnerabilities in Yahoo! Jukebox, a free music-management system provided by Yahoo!, have been exploited by in-the-wild… https://virusbulletin.com/blog/2008/02/yahoo-jukebox-flaw-exploits-wild/

Microsoft alert on Excel vulnerability

Targeted exploitation of zero-day flaw seen in wild.
Targeted exploitation of zero-day flaw seen in wild.Microsoft has issued a security advisory on an unresolved vulnerability in its Excel software, which has been reported as a… https://virusbulletin.com/blog/2008/01/microsoft-alert-excel-vulnerability/

RealPlayer zero-day flaw exploited

Manufacturer responds rapidly to serious security hole.
Manufacturer responds rapidly to serious security hole. A zero-day vulnerability in the popular media playing system RealPlayer was spotted being exploited in the wild late last… https://virusbulletin.com/blog/2007/10/realplayer-zero-day-flaw-exploited/

Webcam zero-day in Yahoo! Messenger

Video chat invites pose vulnerability danger.
Video chat invites pose vulnerability danger. A zero-day vulnerability has been reported in the webcam module of Yahoo! Messenger, allowing attackers remote access to systems open… https://virusbulletin.com/blog/2007/08/webcam-zero-day-yahoo-messenger/

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.