Car hacking has become a hot subject in recent years, and at VB2018 in Montreal, Argus Cyber Security's Inbar Raz presented a paper that provides an introduction to the subject, looking at the complex problem, examples of car hacks, and the challenges ahe…
Under the hood - the automotive challenge
Read the paper (HTML)
Download the paper (PDF)
During last week's Pwn2Own 2019 hacking contest, a Senegalese-Chinese duo… https://www.virusbulletin.com/blog/2019/03/vb2018-paper-under-hood-automotive-challenge/
A former reporter by profession, Andrew Brandt's curiosity was piqued when he came across what appeared at first glance to be the website of a small-town newspaper based in Illinois, but under scrutiny, things didn’t add up. At VB2018 he presented a paper…
Andrew Brandt will also speak at VB2019 in London. This time, in a Small Talk session, he will share his experience of analysing "retromalware" – some of the oldest… https://www.virusbulletin.com/blog/2019/04/vb2018-paper-fake-news-inc/
Domains play a crucial role in most cyber attacks, from the very advanced to the very mundane. Today, we publish a VB2018 paper by Paul Vixie (Farsight Security) who undertook the first systematic study into the lifetimes of newly registered domains.
The modality of mortality in domain names
Read the paper (HTML)
Download the paper (PDF)
Have you carried out research that furthers our understanding of… https://www.virusbulletin.com/blog/2019/02/vb2018-paper-modality-mortality-domain-names/
Constraint programming is a lesser-known technique that is becoming increasingly popular among malware analysts. In a paper presented at VB2018 Thaís Moreira Hamasaki presented an overview of the technique and explained how it can be applied to the analys…
Analysing compiled binaries using logic
Read the paper (HTML)
Download the paper (PDF)
Static analysis of malware is usually "done by a person (a security analyst) who… https://www.virusbulletin.com/blog/2019/02/vb2018-paper-analysing-compiled-binaries-using-logic/
The cybersecurity skills gap has been described as one of the biggest challenges facing IT leaders today. At VB2018 in Montreal, ESET's Lysa Myers outlined some of the things the industry can do to help address the problem. Today we publish Lysa's paper a…
Did you see we have opened the Call for Papers for VB2019 in London? Submit your abstract before 17 March for a chance to make it onto the programme of one of the… https://www.virusbulletin.com/blog/2019/02/vb2018-paper-where-have-all-good-hires-gone/
The Formbook information-stealing trojan may not be APT-grade malware, but its continuing spread means it can still be effective. At VB2018 in Montreal, Gabriela Nicolao, a researcher from Deloitte in Argentina, presented a short paper in which she looked…
The Formbook information-stealing trojan has been spread by a number of recent spam campaigns. The malware was advertised in hacking forums as long ago as January 2016, but wasn't… https://www.virusbulletin.com/blog/2019/01/vb2018-paper-inside-formbook-infostealer/
Today we publish the VB2018 paper and video by ESET researcher Filip Kafka, who looked at the new malware by Hacking Team, after the company had recovered from the 2015 breach.
It is good practice not to mock or laugh at hacking victims. But when the victim is a company that itself is in the business of hacking and has a habit of selling its products and… https://www.virusbulletin.com/blog/2019/01/vb2018-paper-hacking-team-hacked-team/
At VB2018 Sophos researcher Gábor Szappanos provided a detailed overview of Office exploit builders, and looked in particular at the widely exploited CVE-2017-0199. Today we publish his paper and release the video of his presentation.
A large portion of today's malware infections use malicious Office documents as a first-stage payload. Typically, the user is tricked into enabling macros or disabling some… https://www.virusbulletin.com/blog/2018/12/vb2018-paper-office-bugs-rise/
Today, we release the video of the VB2018 presentation by Check Point researcher Aseel Kayal, who connected the various dots relating to campaigns by the APT-C-23 threat group.
The APT-C-23 group, which targets users in the Middle East and in particular in the State of Palestine, was named and first reported on by 360 in a Chinese language blog post in… https://www.virusbulletin.com/blog/2018/12/vb2018-video-big-bang-theory-apt-c-23/
Today, we publish the VB2018 paper by Qihoo 360 researchers Ya Liu and Hui Wang, on extracting data from variants of the Mirai botnet to classify and track variants.
The leaking or publishing of malware source code often leads to multiple spin-off families based on the code. Never has this been more clear than in the case of the Mirai Internet… https://www.virusbulletin.com/blog/2018/12/vb2018-paper-tracking-mirai-variants/
2018 has seen an increase in the variety of botnets living on the Internet of Things - such as Hide'N'Seek, which is notable for its use of peer-to-peer for command-and-control communication. Today, we publish the VB2018 paper by Bitdefender researchers A…
Until recently IoT botnets mostly consisted of Mirai and its many descendants. However, during 2018 we have seen an increase in the variety of botnets living on the Internet of… https://www.virusbulletin.com/blog/2018/12/vb2018-paper-hidenseek-adaptive-peer-peer-iot-botnet/
