VB Blog

Tizi Android malware highlights the importance of security patches for high-risk users

Posted by Martijn Grooten on Nov 28, 2017

Researchers from Google have taken down 'Tizi', an Android malware family, that used nine already patched vulnerabilities to obtain root on infected devices.

Posted by Martijn Grooten on Nov 27, 2017

Next week, Virus Bulletin researchers will be attending the AMTSO meeting and AVAR conference in Beijing, China, as well as the 5th edition of the Botconf conference in Montpellier, France.

Posted by Martijn Grooten on Nov 24, 2017

Today, we publish the video of the VB2017 presentation by ESET researcher Filip Kafka, who looked at recent changes in the FinFisher government malware, including its infection vectors.

Posted by Martijn Grooten on Nov 23, 2017

We look back at the VB2016 presentation by Adrian Sanabria on the state of endpoint security, both now and in the future.

Posted by Martijn Grooten on Nov 22, 2017

At VB2017 in Madrid, Cisco Umbrella (OpenDNS) researchers Dhia Mahjoub and David Rodriguez presented a new approach to detecting infected machines using graphs to detect botnet traffic at scale. Today we publish both Dhia and David's paper and the recording of their presentation.

Posted by Martijn Grooten on Nov 21, 2017

Firefox developer Mozilla has announced that, as of version 59 of the browser, many kinds of data URIs, which provide a way to create "domainless web content", will not be rendered in the browser, thus making this trick - used in various phishing campaigns - a lot less attractive.

Posted by Martijn Grooten on Nov 16, 2017

Virus Bulletin ran a standalone test on FireEye's Endpoint Security solution.

Posted by Martijn Grooten on Nov 13, 2017

Jelena Milosevic, a nurse with a passion for IT security, is uniquely placed to witness poor security practices in the health care sector, and to fully understand the consequences. Today, we publish the recording of a presentation given by Jelena at VB2017 in Madrid, in which she shared her inside view of security in hospitals.

Posted by Martijn Grooten on Nov 9, 2017

Both bad news (all devices were pwnd) and good news (pwning is increasingly difficult) came from the most recent mobile Pwn2Own competition. But the practical security risks that come with using mobile phones have little to do with vulnerabilities.

Posted by Martijn Grooten on Nov 8, 2017

At VB2017 in Madrid, industry veteran and ESET Senior Research Fellow David Harley presented a paper on the state of security software testing. Today we publish David's paper in both HTML and PDF format.

Previous1...2728293031...215Next

Search blog

Patch Tuesday released closely followed by emergency update

Bumper crop of patches plus further fix leave known holes open.
Bumper crop of patches plus further fix leave known holes open. This month's 'Patch Tuesday' security bulletin from Microsoft contained eight separate updates, two more than… https://www.virusbulletin.com/blog/2008/12/patch-tuesday-released-closely-followed-emergency-update/

Worm targets MS08-067 vulnerability

Exploit attack patches flaw once system penetrated.
Exploit attack patches flaw once system penetrated. A worm has been seen taking advantage of the vulnerability in Microsoft's Windows Server Service, patched out-of-cycle last… https://www.virusbulletin.com/blog/2008/12/worm-targets-ms08-067-vulnerability/

Microsoft to replace OneCare with free AV product

OneCare retirement announced, new product will be lighter on systems and pockets.
OneCare retirement announced, new product will be lighter on systems and pockets.Microsoft has announced plans to put an end to its home-user security product Live OneCare, and to… https://www.virusbulletin.com/blog/2008/11/microsoft-replace-onecare-free-av-product/

Two updates in Microsoft's November's patch release

Just two updates released by Microsoft this month: one rated critical, one important.
Just two updates released by Microsoft this month: one rated critical, one important.Microsoft has issued two updates in the November round of its monthly patch release cycle, one… https://www.virusbulletin.com/blog/2008/11/two-updates-microsoft-s-november-s-patch-release/

Microsoft issues emergency patch

Out-of-cycle update fixes serious, wormable flaw.
Out-of-cycle update fixes serious, wormable flaw.Microsoft has issued an emergency update to cover a serious vulnerability in the Windows Server service, breaking its usual monthly… https://www.virusbulletin.com/blog/2008/10/microsoft-issues-emergency-patch/

Four critical updates this Patch Tuesday

11 updates to be issued by Microsoft in October's monthly patch release: 4 critical.
11 updates to be issued by Microsoft in October's monthly patch release: 4 critical.Microsoft has prepared a total of 11 updates for the October round of its monthly patch release… https://www.virusbulletin.com/blog/2008/10/four-critical-updates-patch-tuesday/

Four critical updates in Patch Tuesday release

Monthly security update small but vital.
Monthly security update small but vital.Microsoft has released its monthly 'Patch Tuesday' batch of security updates, with only four items on the list but all of them marked… https://www.virusbulletin.com/blog/2008/09/four-critical-updates-patch-tuesday-release/

Patch Tuesday sees serious DNS flaws fixed

Nothing marked critical, but some very important patches issued.
Nothing marked critical, but some very important patches issued.Microsoft's latest 'Patch Tuesday' round of security updates for once contains no bulletins marked as 'critical',… https://www.virusbulletin.com/blog/2008/07/patch-tuesday-sees-serious-dns-flaws-fixed/

Microsoft releases latest Patch Tuesday fixes

7 vulnerabilities, 3 critical, addressed in June security update.
7 vulnerabilities, 3 critical, addressed in June security update.Microsoft has issued its monthly 'Patch Tuesday' set of security fixes, with seven separate areas covered of which… https://www.virusbulletin.com/blog/2008/06/microsoft-releases-latest-patch-tuesday-fixes/

Microsoft increases pressure on Apple to fix Safari blended threat

'Carpet bombing' vulnerability more serious than Apple claims, MS warns.
'Carpet bombing' vulnerability more serious than Apple claims, MS warns.Microsoft, whose Internet Explorer has come under frequent criticism for security vulnerabilities, has… https://www.virusbulletin.com/blog/2008/06/microsoft-increases-pressure-apple-fix-safari-blended-threat/

Latest Patch Tuesday update released

Microsoft announces five 'critical' vulnerabilities need fixing.
Microsoft announces five 'critical' vulnerabilities need fixing.Microsoft has issued its monthly 'Patch Tuesday' security bulletin, with five 'critical' and three 'important'… https://www.virusbulletin.com/blog/2008/04/latest-patch-tuesday-update-released/

Microsoft acquires Komoku

Anti-rootkit software to become part of Forefront and OneCare.
Anti-rootkit software to become part of Forefront and OneCare. Just before Easter, Microsoft announced it had acquired Komoku, a Maryland-based company that builds anti-rootkit… https://www.virusbulletin.com/blog/2008/03/microsoft-acquires-komoku/

Access flaw exploited via Word

Microsoft's employees hunting vulnerabilities instead of Easter eggs.
Microsoft's employees hunting vulnerabilities instead of Easter eggs. A buffer overrun vulnerability in Microsoft's Jet Database Engine, the underlying database behind Microsoft… https://www.virusbulletin.com/blog/2008/03/access-flaw-exploited-word/

Latest Patch Tuesday release

March's Patch Tuesday sees four 'critical' updates.
March's Patch Tuesday sees four 'critical' updates.Microsoft has released its monthly 'Patch Tuesday' security bulletin. This month the bulletin features four 'critical' updates,… https://www.virusbulletin.com/blog/2008/03/latest-patch-tuesday-release/

'Olympic' emails contain malicious XLS attachments

Malware writers sprint to use vulnerabilities before next Patch Tuesday.
Malware writers sprint to use vulnerabilities before next Patch Tuesday. Security researchers have reported seeing emails containing XLS attachments designed to exploit a yet… https://www.virusbulletin.com/blog/2008/03/olympic-emails-contain-malicious-xls-attachments/

IE8 to include malware filtering

New features list includes upgrade to security provision.
New features list includes upgrade to security provision. The next version of Microsoft's Internet Explorer web browser, IE8, could include malware detection as standard, in an… https://www.virusbulletin.com/blog/2008/03/ie8-include-malware-filtering/

Vista SP1 clashing with AV products

Service Pack causing issues for several security suites.
Service Pack causing issues for several security suites.Microsoft has released details of several software products that are known to have problems running in conjunction with… https://www.virusbulletin.com/blog/2008/02/vista-sp1-clashing-av-products/

Microsoft research revives 'friendly worm' ideas

Malware techniques proposed as update-spreading method.
Malware techniques proposed as update-spreading method. A group of Microsoft researchers have put forward proposals to use worm techniques to spread patches and updates across… https://www.virusbulletin.com/blog/2008/02/microsoft-research-revives-friendly-worm-ideas/

Bumper Patch Tuesday short of one patch

Excel remains vulnerable as expected fix is dropped.
Excel remains vulnerable as expected fix is dropped.Microsoft has issued its monthly 'Patch Tuesday' set of security updates, with a larger than usual crop of patches for a variety… https://www.virusbulletin.com/blog/2008/02/bumper-patch-tuesday-short-one-patch/

Live Mail CAPTCHA system bypassed

Spammers use botnet to register accounts on popular free webmail service.
Spammers use botnet to register accounts on popular free webmail service.Spammers have written a program that cracks the CAPTCHAS used by the Windows Live Mail registration system.… https://www.virusbulletin.com/blog/2008/02/live-mail-captcha-system-bypassed/

« Previous 1234 Next »