An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.
On 4 May 2000, VBS/LoveLetter.A, also known as LovLet, ILOVEYOU and Love Bug, wreaked havoc across the globe and pushed the anti-virus industry to new limits. Nick FitzGerald has a full analysis of the virus that crippled businesses worldwide and…
Read moreOn 4 May 2000, VBS/LoveLetter.A, also known as LovLet, ILOVEYOU and Love Bug, wreaked havoc across the globe and pushed the anti-virus industry to new limits. Joe Wells reflects on the day the industry failed to protect many of those who depended on…
Read moreIn November 1995, self-confessed virus writer Christopher Pile - author of the viruses Pathogen and Queeg and the encryption engine known as SMEG (Simulated Metamorphic Encryption Generator) - became the first person in the UK to be given a custodial…
Read moreIn November 1995, self-confessed virus writer Christopher Pile - author of the viruses Pathogen and Queeg and the encryption engine known as SMEG (Simulated Metamorphic Encryption Generator) - became the first person in the UK to be given a custodial…
Read moreIn June1997, Phil Crewe brought us 'Through the Administrator's Eye' - a detailed guide for administrators on how to approach virus protection and recovery, in which he notes that "A policy of virus detection and protection which is known and…
Read moreBack in 1996, the memory limits of the DOS environment posed issues for anti-malware developers that we wouldn't give a second thought to today. While scanners were already "groaning" under the load of the ever-increasing number of viruses (the…
Read moreHong Kei Chan (Fortinet)
Liang Huang (Fortinet)
Point-of-sale (PoS) malware campaigns have been hitting the headlines recently. While PoS memory-parsing malware is not a new phenomenon - earlier variants with basic functionality having been detected by AV vendors since 2008 - over the years this…
Read moreWith the recent explosion in smartphone usage, malware authors have increasingly focused their attention on mobile devices, leading to a steep rise in mobile malware over the past couple of years. In this paper, Ruchna Nigam focuses on mobile…
Read morePatrick Wardle (Synack)
DLL hijacking is a well known class of attack which, until now, was believed only to affect Windows. However, in this paper, Patrick Wardle shows that OS X is similarly vulnerable to dynamic library hijack attacks.
Read moreMicrosoft recently announced its new patch roll-out strategy for the latest incarnation of the Windows operating system. Aryeh Goretsky considers how the Windows 10 patching process might affect both the enterprise and the home user.
Read more