VB Blog

VB2017 paper: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server

Posted by   Martijn Grooten on   Nov 29, 2017

At VB2017 in Madrid, macOS malware researcher Patrick Wardle presented the details of a specific piece of Mac malware, FruitFly, which he analysed through a custom C&C server - a technique that will also be of interest for researchers of malware on other platforms. Today we publish both Patrick's paper and the recording of his presentation.

Read more  

Tizi Android malware highlights the importance of security patches for high-risk users

Posted by   Martijn Grooten on   Nov 28, 2017

Researchers from Google have taken down 'Tizi', an Android malware family, that used nine already patched vulnerabilities to obtain root on infected devices.

Read more  

Virus Bulletin to attend AMTSO, AVAR and Botconf

Posted by   Martijn Grooten on   Nov 27, 2017

Next week, Virus Bulletin researchers will be attending the AMTSO meeting and AVAR conference in Beijing, China, as well as the 5th edition of the Botconf conference in Montpellier, France.

Read more  

VB2017 video: FinFisher: New techniques and infection vectors revealed

Posted by   Martijn Grooten on   Nov 24, 2017

Today, we publish the video of the VB2017 presentation by ESET researcher Filip Kafka, who looked at recent changes in the FinFisher government malware, including its infection vectors.

Read more  

Throwback Thursday: The beginning of the end(point): where we are now and where we'll be in five years

Posted by   Martijn Grooten on   Nov 23, 2017

We look back at the VB2016 presentation by Adrian Sanabria on the state of endpoint security, both now and in the future.

Read more  

VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale

Posted by   Martijn Grooten on   Nov 22, 2017

At VB2017 in Madrid, Cisco Umbrella (OpenDNS) researchers Dhia Mahjoub and David Rodriguez presented a new approach to detecting infected machines using graphs to detect botnet traffic at scale. Today we publish both Dhia and David's paper and the recording of their presentation.

Read more  

Firefox 59 to make it a lot harder to use data URIs in phishing attacks

Posted by   Martijn Grooten on   Nov 21, 2017

Firefox developer Mozilla has announced that, as of version 59 of the browser, many kinds of data URIs, which provide a way to create "domainless web content", will not be rendered in the browser, thus making this trick - used in various phishing campaigns - a lot less attractive.

Read more  

Standalone product test: FireEye Endpoint

Posted by   Martijn Grooten on   Nov 16, 2017

Virus Bulletin ran a standalone test on FireEye's Endpoint Security solution.

Read more  

VB2017 video: Consequences of bad security in health care

Posted by   Martijn Grooten on   Nov 13, 2017

Jelena Milosevic, a nurse with a passion for IT security, is uniquely placed to witness poor security practices in the health care sector, and to fully understand the consequences. Today, we publish the recording of a presentation given by Jelena at VB2017 in Madrid, in which she shared her inside view of security in hospitals.

Read more  

Vulnerabilities play only a tiny role in the security risks that come with mobile phones

Posted by   Martijn Grooten on   Nov 9, 2017

Both bad news (all devices were pwnd) and good news (pwning is increasingly difficult) came from the most recent mobile Pwn2Own competition. But the practical security risks that come with using mobile phones have little to do with vulnerabilities.

Read more  
Previous1...2728293031...215Next

Search blog

Free VB2019 tickets for students

Virus Bulletin is excited to announce that, thanks to generous sponsorship from Google Android, we are able to offer 20 free tickets to students who want to attend VB2019.
Update 02 August 2019: Applications for free student tickets have now closed. Virus Bulletin is excited to announce that, thanks to generous sponsorship from Google Android, we… https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis library

Today, we publish a VB2018 paper by Google researcher Maddie Stone in which she looks at one of the most interesting anti-analysis native libraries in the Android ecosystem. We also release the recording of Maddie's presentation.
Though still relatively new (the first VB conference paper on Android malware was presented in 2011), malware targeting the Android mobile operating system has evolved quickly, in… https://www.virusbulletin.com/blog/2019/01/vb2018-paper-unpacking-packed-unpacker-reversing-android-anti-analysis-library/

VB2018 video: Triada: the past, the present and the (hopefully not existing) future

Today we publish the video of the VB2018 presentation by Google researcher Lukasz Siewierski on the Triada Android malware and Google's work with OEMs to remove it from infected devices.
From NotPetya to Shadowpad, supply chain attacks have become a serious and hard-to-fight security problem. One prominent type of supply chain attack involves the pre-installation… https://www.virusbulletin.com/blog/2018/11/vb2018-video-triada-past-present-and-hopefully-not-existing-future/

VB2018 preview: Unpacking the packed unpacker: reversing an Android anti-analysis library

At VB2018, Google researcher Maddie Stone will present an analysis of the multi-layered 'WeddingCake' anti-analysis library used by many Android malware families.
Seven years ago, the first VB conference paper on Android malware looked at what was then a new, but growing trend. Since then both the threat and the research community have… https://www.virusbulletin.com/blog/2018/08/vb2018-preview-unpacking-packed-unpacker-reversing-android-anti-analysis-library/

Subtle change could see a reduction in installation of malicious Chrome extensions

Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.
As modern browsers have become harder to attack, malware authors have found a simple way around this: by working with the browser rather than against it. More particularly, by… https://www.virusbulletin.com/blog/2018/06/subtle-change-could-see-reduction-installation-malicious-chrome-extensions/

VB2017 paper: VirusTotal tips, tricks and myths

At VB2017 in Madrid, security researcher Randy Abrams presented an overview of the VirusTotal service and then went on to bust several of the persistent myths that surround it. Today we publish both Randy's paper and the recording of his presentation.
In a surprise announcement, Google's parent company Alphabet has introduced Chronicle, a threat intelligence offering in which Google-owned VirusTotal will play an important role.… https://www.virusbulletin.com/blog/2018/01/vb2017-paper-virustotal-tips-tricks-and-myths/

Tizi Android malware highlights the importance of security patches for high-risk users

Researchers from Google have taken down 'Tizi', an Android malware family, that used nine already patched vulnerabilities to obtain root on infected devices.
A well-known security researcher once said: "if you purposely choose Android you are either Poor, Cheap, or really hate Apple." Android has a bad reputation in security… https://www.virusbulletin.com/blog/2017/11/tizi-android-malware-highlights-importance-security-patches-high-risk-users/

WireX DDoS botnet takedown shows the best side of the security industry

Collaboration between a number of security companies has led to the takedown of the WireX Android DDoS botnet. Efforts like these, and the fact that the companies involved all decided to publish the very same blog post, show the best side of the security …
It is easy to be cynical about the security industry and its tendency to make ever bigger mountains out of molehills, but behind a thin layer of marketing, there are a great many… https://www.virusbulletin.com/blog/2017/08/wirex-ddos-botnet-takedown-shows-best-side-security-industry/

The SHA-1 hashing algorithm has been 'shattered'

Researchers from Google and CWI Amsterdam have created the first known collision of the SHA-1 hashing algorithm, making a very strong case to ditch it.
Researchers from Google and CWI Amsterdam have created the first publicly known SHA-1 collision. SHA-1 is a hashing algorithm: it turns data of arbitrary size (such as a string… https://www.virusbulletin.com/blog/2017/02/sha-1-hashing-algorithm-has-been-shattered/

VB2015 video: Making a dent in Russian mobile banking phishing

Sebastian Porst explains what Google has done to protect users from phishing apps targeting Russian banks.
Sebastian Porst explains what Google has done to protect users from phishing apps targeting Russian banks. In the last few years, mobile malware has evolved from a mostly… https://www.virusbulletin.com/blog/2015/12/video-making-dent-russian-mobile-banking-phishing/

Google 'suspends' CNNIC from Chrome's certificate store

Chinese certificate authority told to re-apply.
Chinese certificate authority told to re-apply. When a web client, such as a browser, attempts to make an HTTPS connection, it needs to know that no man-in-the-middle attack is… https://www.virusbulletin.com/blog/2015/04/google-suspends-cnnic-chrome-s-certificate-store/

Google relaxes disclosure policy following criticism

Grace period added for vulnerabilities that are about to be patched.
Grace period added for vulnerabilities that are about to be patched. Last year, Google announced a new disclosure policy, where details of a vulnerability discovered by the… https://www.virusbulletin.com/blog/2015/02/google-relaxes-disclosure-policy-following-criticism/

Microsoft no longer publishes advance notifications for its Patch Tuesdays

Company unhappy with Google going full disclosure on privilege escalation vulnerability.
Company unhappy with Google going full disclosure on privilege escalation vulnerability. Tomorrow is the second Tuesday of the month and, as most people reading this blog will… https://www.virusbulletin.com/blog/2015/01/microsoft-no-longer-publishes-advance-notifications-its-patch-tuesdays/

POODLE attack forces the Internet to move away from SSL 3.0

Users and administrators urged to stop supporting the protocol, or at least to prevent downgrade attacks.
Users and administrators urged to stop supporting the protocol, or at least to prevent downgrade attacks. After Heartbleed and Shellshock, or the SSL/TLS attacks CRIME and BEAST,… https://www.virusbulletin.com/blog/2014/10/poodle-attack-forces-internet-move-away-ssl-3-0/

Google's Project Zero to hunt for zero-days

Bugs to be reported to the vendor only, and to become public once patched.
Bugs to be reported to the vendor only, and to become public once patched.Google has created a new team, called Project Zero, whose task is to find vulnerabilities in any kind of… https://www.virusbulletin.com/blog/2014/07/google-s-project-zero-hunt-zero-days/

OpenSSL vulnerability lets attackers quietly steal servers' private keys

Security firm advises regenerating keys and replacing certificates on vulnerable servers.
Security firm advises regenerating keys and replacing certificates on vulnerable servers. A very serious vulnerability in OpenSSL has caused panic among network administrators:… https://www.virusbulletin.com/blog/2014/04/openssl-vulnerability-lets-attackers-quietly-steal-servers-private-keys/

VirusTotal support integrated into new version of Process Explorer

Sysadmins can check hashes of processes against file-checking service database.
Sysadmins can check hashes of processes against file-checking service database.Microsoft and Google are known for their fierce competition, but when it comes to security, the tech… https://www.virusbulletin.com/blog/2014/01/virustotal-support-integrated-new-version-process-explorer/

Should software vendors extend support for their products on Windows XP?

Is Google making the Internet more or less secure by extending support for Chrome on XP?
Is Google making the Internet more or less secure by extending support for Chrome on XP? A software vendor's decision to release updates to its product is generally seen as a good… https://www.virusbulletin.com/blog/2013/10/should-software-vendors-extend-support-their-products-windows-xp/

Weak cryptography keys allow others to add valid DKIM signatures to fake emails

512-bit key cracked within 72 hours.
512-bit key cracked within 72 hours. A Florida-based mathematician has caused a stir in the email community by adding a valid DKIM signature for google.com to an email after… https://www.virusbulletin.com/blog/2012/10/weak-cryptography-keys-allow-others-add-valid-dkim-signatures-fake-emails/

Spammers using Google open redirect

Vulnerability 'not worthy of bug bounty program'.
Vulnerability 'not worthy of bug bounty program'. Researchers at Solera Labs have discovered spammers using an open redirect at Google to hide the final destination of their link… https://www.virusbulletin.com/blog/2011/12/spammers-using-google-open-redirect/

« Previous 123 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.