VB Blog

VB2018 preview: Anatomy of an attack: detecting and defeating CRASHOVERRIDE

Posted by Martijn Grooten on Sep 26, 2018

In today's blog post, we preview the VB2018 paper by Dragos Inc.'s Joe Slowik, who looks at the CRASHOVERRIDE malware, the first (publicly known) malware designed to impact electric grid operations.

Posted by Martijn Grooten on Sep 25, 2018

In today's blog post we look at a report on illicit cryptocurrency mining by the Cyber Threat Alliance and also look forward to the VB2018 talk by the CTA's CEO Michael Daniel.

Posted by Martijn Grooten on Sep 21, 2018

In recent years, car hacking has evolved from a mostly theoretical research field involving giggling researchers and scared journalists, to one that actually concerns car owners and manufacturers. On today's blog we preview two VB2018 papers, by Inbar Raz and Spencer Hsieh, that look at the subject of hacking cars.

Posted by Virus Bulletin on Sep 20, 2018

In a guest blog post by VB2018 gold partner Kaspersky Lab, Costin Raiu, Director of the company's Global Research and Analysis Team, looks critically at the 'A' in APT.

Posted by Martijn Grooten on Sep 19, 2018

Today, we preview three VB2018 presentations that look at threats against civil society in general and the use of commercial spyware by governments for this purpose in particular.

Posted by Martijn Grooten on Sep 18, 2018

Today we preview the VB2018 paper by Saher Naumaan (BAE Systems Applied Intelligence) on the use of wipers in APT attacks.

Posted by Martijn Grooten on Sep 17, 2018

The VB2018 programme is packed with a wide range of security topics featuring speakers from all around the world. Today we preview two of them: one by Qihoo 360 researchers on tracking variants of Mirai and one by researchers from Bitdefender on the peer-to-peer Hide'n'Seek botnet.

Posted by Martijn Grooten on Sep 10, 2018

We are excited to announce the final additions to the VB2018 programme in the form of 10 'last-minute' papers covering up-to-the-minute research and hot topics and two more invited talks.

Posted by Martijn Grooten on Sep 7, 2018

At VB2018, AhnLab researcher Minseok Cha will look at activities of the Lazarus Group on the Korean peninsula going back as early as April 2011.

Posted by Virus Bulletin on Sep 6, 2018

Paul Baccas reviews Bruce Schneier's latest thought-provoking book, 'Click Here to Kill Everybody'.

Previous1...1718192021...215Next

Search blog

We need to continue the debate on the ethics and perils of publishing security research

An article by security researcher Collin Anderson reopens the debate on whether publishing threat analyses is always in the public interest.
At VB2015 in Prague, Juan Andrés Guerro-Saade, then of Kaspersky Lab, presented an important paper on the transformation of security researchers into intelligence brokers and how… https://www.virusbulletin.com/blog/2018/02/we-need-continue-debate-ethics-and-perils-publishing-security-research/

Throwback Thursday: Ten memorable Virus Bulletin conference presentations - part 2

In the second part of this two-part blog series, we look at five more memorable Virus Bulletin conference presentations.
With an excellent conference programme featuring some of the top experts in the IT security industry and covering some of the most important topics, we have much to look forward… https://www.virusbulletin.com/blog/2017/08/throwback-thursday-ten-memorable-virus-bulletin-conference-presentations-part-2/

A Christmas present for the security community

As a Christmas present for the security community, we have uploaded most of the papers and videos from the VB2015 conference which took place in Prague almost 15 months ago. The Virus Bulletin crew wishes you all the best for 2017!
A botnet of Internet-connected cameras causing the largest DDoS ever; the ransomware threat that appears to get worse every day; a state-sponsored hacker group that attempted to… https://www.virusbulletin.com/blog/2016/december/christmas-present-security-community/

More on the Moose botnet at Botconf

At Botconf 2016 this week, GoSecure researchers Masarah Paquet-Clouston and Olivier Bilodeau presented their research on the Moose botnet - something Olivier Bilodeau previously spoke about at VB2015.
This week, several members of the Virus Bulletin team are attending Botconf 2016 in Lyon, France. Security conferences provide good opportunities to meet fellow researchers and to… https://www.virusbulletin.com/blog/2016/december/more-moose-botnet-botconf/

VB2015 paper: VolatilityBot: Malicious Code Extraction Made by and for Security Researchers

In his VB2015 paper, Martin Korman presented his 'VolatilyBot' tool, which extracts malicious code from packed binaries, leveraging the functionality of the Volatility Framework.
Given the sheer volume of new malware samples discovered every day, security researchers eagerly make use of tools that will help automate their research and analysis. IBM… https://www.virusbulletin.com/blog/2016/02/vb2015-paper-volatilitybot-malicious-code-extraction-made-and-security-researchers/

VB2015 paper: Mobile Banking Fraud via SMS in North America: Who's Doing it and How

Though SMS may have been claimed dead many time, it is still very much alive, and quite popular among mobile phishers. At VB2015, Adaptive Mobile researcher Cathal Mc Daid presented a paper various mobile phishing campaigns targeting North American banks.
While SMS has been declared dead many times, the service remains frequently used - and abused. In a paper presented at VB2015 in Prague, Adaptive Mobile researcher Cathal Mc… https://www.virusbulletin.com/blog/2016/03/vb2015-paper-mobile-banking-fraud-sms-north-america-whos-doing-it-and-how/

VB2015 paper: Will Android Trojans, Worms or Rootkits Survive in SEAndroid and Containerization?

Sophos researchers Rowland Yu and William Lee look at whether recent security enhancements to Android, such as SEAndroid and containerization, will be enough to defeat future malware threats.
Google's Android operating system may have a bit of a bad reputation when it comes to security, but it's worth noting that recent versions of the operating system have been… https://www.virusbulletin.com/blog/2016/02/vb2015-paper-will-android-trojans-worms-or-rootkits-survive-seandroid-and-containerization/

VB2015 paper: Sizing cybercrime: incidents and accidents, hints and allegations

Cybercrime is big. But how big is it really? In a paper presented at VB2015 and together with the presentation video published on our website today, ESET researcher Stephen Cobb looks at previous studies that attempt the size of cybercrime and asks why we…
How big is cybercrime? Various attempts have been made to measure the size of cybercrime around the world, or in individual countries, but how reliable are the methodologies… https://www.virusbulletin.com/blog/2016/02/vb2015-paper-sizing-cybercrime-incidents-and-accidents-hints-and-allegations/

VB2015 video: TurlaSat: The Fault in our Stars

In a presentation at VB2015 in Prague, Kaspersky Lab researcher Kurt Baumgartner talked about Turla's extraplanetary activities: the malware used (and abused) satellite Internet connections for command and control communication.
Kurt Baumgartner talks about Turla's extraplanetary activities. Despite the hype around the subject, the tools used by most so-called APT groups are surprisingly mundane. But… https://www.virusbulletin.com/blog/2016/02/vb2015-video-fault-our-stars/

Security vendors should embrace those hunting bugs in their products

When interviewed by the Risky Business podcast last week, VB Editor Martijn Grooten talked about the security of security products and said that many vendors are embracing the work done by Tavis Ormandy and others - as they should.
Security software is software too — and it will have flaws. Last week, I was interviewed for the Risky Business podcast. I really enjoyed the experience, not just because I've… https://www.virusbulletin.com/blog/2016/02/security-vendors-should-embrace-those-hunting-bugs-their-products/

VB2015 paper: Effectively testing APT defences

Simon Edwards discusses how to test the potentially untestable.
Simon Edwards discusses how to test the potentially untestable. Like the term or loathe it, APTs have given rise to a new generation of security products that protect against these… https://www.virusbulletin.com/blog/2016/01/paper-effectively-testing-apt-defences/

VB2015 paper: The ethics and perils of APT research: an unexpected transition into intelligence brokerage

Juan Andrés Guerrero-Saade discusses the perils and ethical conundrums that arise as the industry enters a new playing field.
Juan Andrés Guerrero-Saade discusses the perils and ethical conundrums that arise as the industry enters a new playing field. Many security researchers have been part of the… https://www.virusbulletin.com/blog/2016/01/paper-ethics-and-perils-apt-research-unexpected-transition-intelligence-brokerage/

VB2015 paper: Digital 'Bian Lian' (face changing): the Skeleton Key malware

Microsoft, Dell SecureWorks researchers analyse malware targeting Active Directory servers.
Microsoft, Dell SecureWorks researchers analyse malware targeting Active Directory servers. A year ago, researchers from Dell SecureWorks discovered a new kind of malware, dubbed… https://www.virusbulletin.com/blog/2016/01/paper-digital-bian-lian-face-changing-skeleton-key-malware/

VB2015 video: Making a dent in Russian mobile banking phishing

Sebastian Porst explains what Google has done to protect users from phishing apps targeting Russian banks.
Sebastian Porst explains what Google has done to protect users from phishing apps targeting Russian banks. In the last few years, mobile malware has evolved from a mostly… https://www.virusbulletin.com/blog/2015/12/video-making-dent-russian-mobile-banking-phishing/

The Internet of Bad Things, Observed

In his VB2015 keynote address, Ross Anderson described attacks against EMV cards.
In his VB2015 keynote address, Ross Anderson described attacks against EMV cards. The VB2015 opening keynote by Ross Anderson could hardly have been more timely. In his talk "The… https://www.virusbulletin.com/blog/2015/11/internet-bad-things-observed/

VB2015 'Steganoprague' competition

Use your steganography-detection skills and win a pile of books.
Use your steganography-detection skills and win a pile of books. As VB2015 is about to begin, we announce the second part of the 'Steganoprague' competition. In this part, you will… https://www.virusbulletin.com/blog/2015/09/steganoprague-competition/

Researchers seek ransomware samples for their generic solution

VB2015 presentation to include demonstration of technique against recent samples.
VB2015 presentation to include demonstration of technique against recent samples. 'The scary hack that's on the rise' is how Wired's Kim Zetter described ransomware in an overview… https://www.virusbulletin.com/blog/2015/09/researchers-seek-ransomware-samples-their-generic-solution/

VB2015 last-minute papers announced

Ten talks covering hot research added to the VB2015 programme.
Ten talks covering hot research added to the VB2015 programme. There are just over two weeks to go until more than 400 security professionals descend on Prague for VB2015, the 25th… https://www.virusbulletin.com/blog/2015/09/last-minute-papers-announced/

VB2015: some important information

Last-minute papers, steganography competition and foosball tournament.
Last-minute papers, steganography competition and foosball tournament. We're just a little over a month away from the beginning of VB2015, the 25th Virus Bulletin International… https://www.virusbulletin.com/blog/2015/08/some-important-information/

VB2015 preview: advanced persistent threats

Several conference papers to deal with targeted attacks.
Several conference papers to deal with targeted attacks. There was a time when analyses of malware and viruses at the Virus Bulletin conference used the number of infections as a… https://www.virusbulletin.com/blog/2015/08/preview-advanced-persistent-threats/

« Previous 12 Next »