An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.
In August 1996, Sarah Gordon explored attitudes to virus distribution facilitated by the Internet, predicting that our increased reliance on the Internet for communication, and the retrieval of information from untrusted systems, would bring more…
Read moreVolatilityBot is a new automation tool for researchers which cuts all the guesswork and manual tasks out of the binary extraction phase of malware analysis. Not only does it automatically extract the executable (exe), but it also fetches all new…
Read moreWilliam Lee (Sophos)
Rowland Yu (Sophos)
Android 5.0 is trying to set itself up as a safe corporate mobile operating system by touting SEAndroid and containerization. The enforcement of SEAndroid and containerization has been changing the way OEMs and security vendors respond to security…
Read moreIn 1994, UK Fraud Squad detectives started making inroads into the most puzzling 'Whodunnit' since the Great Train Robbery. Had an outbreak of computer crime swept Britain? No, it was all part of a police training program.
Read moreSimon PG Edwards (Dennis Technology Labs)
Richard Ford (Florida Institute of Technology)
Gabor Szappanos (Sophos)
As targeted attacks gain more attention, and protection developers pay more attention to the implementation of new defensive technologies, the need arises for the testing of product efficacy with respect to this new kind of threat. However, compared…
Read moreHow much does a user really need to know in order to defend his computer from computer viruses? In 1993, the latest news from the anti-viral battle-front was that if the user wanted to defend the contents of his computer from viral attack, he should…
Read moreJuan Andrés Guerrero-Saade (Kaspersky Lab)
Information security researchers are increasingly finding themselves involved in investigating state-sponsored or geopolitically significant threats. In his VB2015 paper, Juan Andrés Guerrero-Saade looks at the perils and ethical conundrums involved…
Read moreCurrent malware traffic detection solutions work mostly by using static fingerprints, white and black lists and crowd-sourced threat intelligence analytics. These methods are useful for detecting known malware in real time, but are insufficient…
Read moreChun Feng (Microsoft)
Tal Be'ery (Microsoft)
Stewart McIntyre (Dell SecureWorks)
When the Skeleton Key malware is installed on a domain controller, the attacker can play a face-changing trick on the domain by logging in as any user it chooses and performing any number of actions on the system including, but not limited to,…
Read moreIn January 1998, VB Technical Editor Jakub Kaminski asked: If trojans seem to be more dangerous than viruses, why don’t anti-virus vendors tackle those too?
Read more