VB Blog

VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis library

Posted by   Martijn Grooten on   Jan 14, 2019

Today, we publish a VB2018 paper by Google researcher Maddie Stone in which she looks at one of the most interesting anti-analysis native libraries in the Android ecosystem. We also release the recording of Maddie's presentation.

Read more  

VB2018 paper: Draw me like one of your French APTs – expanding our descriptive palette for cyber threat actors

Posted by   Martijn Grooten on   Jan 7, 2019

Today, we publish the VB2018 paper by Chronicle researcher Juan Andres Guerrero-Saade, who argues we should change the way we talk about APT actors.

Read more  

Book Review: Cyber Wars

Posted by   Martijn Grooten on   Dec 19, 2018

VB Editor Martijn Grooten reviews Charles Arthur's Cyber Wars, which looks at seven prominent hacks and attacks, and the lessons we can learn from them.

Read more  

VB2018 paper: Office bugs on the rise

Posted by   Martijn Grooten on   Dec 14, 2018

At VB2018 Sophos researcher Gábor Szappanos provided a detailed overview of Office exploit builders, and looked in particular at the widely exploited CVE-2017-0199. Today we publish his paper and release the video of his presentation.

Read more  

VB2018 video: The Big Bang Theory by APT-C-23

Posted by   Martijn Grooten on   Dec 12, 2018

Today, we release the video of the VB2018 presentation by Check Point researcher Aseel Kayal, who connected the various dots relating to campaigns by the APT-C-23 threat group.

Read more  

VB2019 London - join us for the most international threat intelligence conference!

Posted by   Martijn Grooten on   Dec 11, 2018

VB calls on organisations and individuals involved in threat intelligence from around the world to participate in next year's Virus Bulletin conference.

Read more  

VB2018 paper: Tracking Mirai variants

Posted by   Martijn Grooten on   Dec 7, 2018

Today, we publish the VB2018 paper by Qihoo 360 researchers Ya Liu and Hui Wang, on extracting data from variants of the Mirai botnet to classify and track variants.

Read more  

VB2018 paper: Hide'n'Seek: an adaptive peer-to-peer IoT botnet

Posted by   Martijn Grooten on   Dec 6, 2018

2018 has seen an increase in the variety of botnets living on the Internet of Things - such as Hide'N'Seek, which is notable for its use of peer-to-peer for command-and-control communication. Today, we publish the VB2018 paper by Bitdefender researchers Adrian Șendroiu and Vladimir Diaconescu, who studied the Hide'N'Seek IoT botnet. We also release the recording of their presentation.

Read more  

New paper: Botception: botnet distributes script with bot capabilities

Posted by   Martijn Grooten on   Dec 4, 2018

In a new paper, Avast researchers Jan Sirmer and Adolf Streda look at how a spam campaign sent via the Necurs botnet was delivering the Flawed Ammyy RAT. As well as publishing the paper, we have also released the video of the reseachers' VB2018 presentation on the same topic.

Read more  

VB2018 video: Behind the scenes of the SamSam investigation

Posted by   Martijn Grooten on   Nov 29, 2018

Today we have published the video of the VB2018 presentation by Andrew Brandt (Sophos) on the SamSam ransomware, which became hot news following the indictment of its two suspected authors yesterday.

Read more  
Previous1...1415161718...215Next

Search blog

VB2019 presentation: Targeted attacks through ISPs

In 2019 we saw a rise in the number of targeted malware infections spread via ISPs and service providers. In a last-minute paper presented at VB2019 in London, Kaspersky researcher Denis Legezo discussed the details of a number of such cases. Today we rel…
In 2019 we saw an increase in the number of targeted malware infections spread via ISPs and service providers. Some notable cases included the installation of digital certificates… https://www.virusbulletin.com/blog/2020/01/vb2019-presentation-targeted-attacks-through-isps/

VB2019 paper: Operation Soft Cell - a worldwide campaign against telecommunication providers

Today we publish the VB2019 paper by Cybereason researchers Mor Levi, Amit Serper and Assaf Dahan on Operation Soft Cell, a targeted attack against telecom providers around the world.
Operation Soft Cell - a worldwide campaign against telecommunication providers Read the paper (HTML) Download the paper (PDF)   In June this year, Cybereason published a blog… https://www.virusbulletin.com/blog/2019/12/vb2019-paper-operation-soft-cell-worldwide-campaign-against-telecommunication-providers/

VB2019 paper: A vine climbing over the Great Firewall: a long-term attack against China

Today we publish a VB2019 paper from Lion Gu and Bowen Pan from the Qi An Xin Threat Intelligence Center in China in which they analysed an APT group dubbed 'Poison Vine', which targeted various government, military and research institutes in China.
A vine climbing over the Great Firewall: a long-term attack against China Read the paper (HTML) Download the paper (PDF)       The global nature of both the Virus… https://www.virusbulletin.com/blog/2019/11/vb2019-paper-vine-climbing-over-great-firewall-long-term-attack-against-china/

Emotet trojan starts stealing full emails from infected machines

The infamous Emotet trojan has added the capability to steal full email bodies from infected machines, opening the possibilities for more targeted spam and phishing campaigns.
Researchers at Kryptos Logic have discovered that the Emotet banking trojan is exfiltrating entire email bodies as opposed to merely email addresses. Emotet was first discovered… https://www.virusbulletin.com/blog/2018/10/emotet-trojan-starts-stealing-full-emails-infected-machines/

Attack on Fox-IT shows how a DNS hijack can break multiple layers of security

Dutch security firm Fox-IT deserves praise for being open about an attack on its client network. There are some important lessons to be learned about DNS security from its post-mortem.
Every company will, sooner or later, get hacked and we should judge them by how they respond. With that in mind, Fox-IT, which writes in great detail about how a DNS hijack was… https://www.virusbulletin.com/blog/2017/12/attack-fox-it-shows-how-dns-hijack-can-break-multiple-layers-security/

VB2017 paper: Modern reconnaissance phase on APT – protection layer

During recent research, Cisco Talos researchers observed the ways in which APT actors are evolving and how a reconnaissance phase is included in the infection vector in order to protect valuable zero-day exploits or malware frameworks. At VB2017 in Madrid…
Targeted attack campaigns involve multiple stages, the first of which consists of collecting information about the target: the reconnaissance phase. It's an essential part of any… https://www.virusbulletin.com/blog/2017/12/vb2017-paper-modern-reconnaissance-phase-apt-protection-layer/

Tizi Android malware highlights the importance of security patches for high-risk users

Researchers from Google have taken down 'Tizi', an Android malware family, that used nine already patched vulnerabilities to obtain root on infected devices.
A well-known security researcher once said: "if you purposely choose Android you are either Poor, Cheap, or really hate Apple." Android has a bad reputation in security… https://www.virusbulletin.com/blog/2017/11/tizi-android-malware-highlights-importance-security-patches-high-risk-users/

VB2016 paper: BlackEnergy – what we really know about the notorious cyber attacks

According to some researchers, there is some evidence linking the recent (Not)Petya attacks with the BlackEnergy group - which became infamous for its targeted attacks against the Ukraine. At VB2016, ESET researchers Anton Cherepanov and Robert Lipovsky s…
In a blog post published on Friday, ESET researcher Anton Cherepanov provides evidence linking last week's (Not)Petya attacks to the BlackEnergy group; Kaspersky researchers also… https://www.virusbulletin.com/blog/2017/07/vb2016-paper-blackenergy-what-we-really-know-about-notorious-cyber-attacks/

VB2016 paper: Modern attacks on Russian financial institutions

Today, we publish the VB2016 paper and presentation (recording) by ESET researchers Jean-Ian Boutin and Anton Cherepanov, in which they look at sophisticated attacks against Russian financial institutions.
Today, we publish the VB2016 paper "Modern attacks on Russian financial institutions" (here in HTML format and here in PDF format) by ESET researchers Jean-Ian Boutin and Anton… https://www.virusbulletin.com/blog/2016/december/vb2016-paper-modern-attacks-russian-financial-institutions/

VB2016 paper: Wave your false flags! Deception tactics muddying attribution in targeted attacks

Today, we publish the VB2016 paper and presentation (recording) by Kaspersky Lab researchers Juan Andrés Guerrero-Saade and Brian Bartholomew, in which they look at some of the deception tactics used in targeted attacks.
Security researchers have a complicated relationship with attribution. On the one hand, for technical analyses, it doesn't matter whether an attack was performed by a Bear, a… https://www.virusbulletin.com/blog/2016/november/vb2016-paper-wave-your-false-flags-deception-tactics-muddying-attribution-targeted-attacks/

VB2015 preview: advanced persistent threats

Several conference papers to deal with targeted attacks.
Several conference papers to deal with targeted attacks. There was a time when analyses of malware and viruses at the Virus Bulletin conference used the number of infections as a… https://www.virusbulletin.com/blog/2015/08/preview-advanced-persistent-threats/

Volatile Cedar campaign - cyber espionage isn't just for large nation states

Details of malware to be discussed at VB2015.
Details of malware to be discussed at VB2015. Researchers at Check Point have revealed details of a cyber-espionage campaign, dubbed 'Volatile Cedar', that has been active since at… https://www.virusbulletin.com/blog/2015/04/volatile-cedar-campaign-cyber-espionage-isn-t-just-large-nation-states/

VB2014 paper: Apple without a shell - iOS under targeted attack

Developer Enterprise Program recently found to be used by WireLurker.
Developer Enterprise Program recently found to be used by WireLurker.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the… https://www.virusbulletin.com/blog/2014/11/paper-apple-without-shell-ios-under-targeted-attack/

VB2014 preview: Apple without a shell - iOS under targeted attack

FireEye researchers show a large attack vector for Apple's mobile operating system.
FireEye researchers show a large attack vector for Apple's mobile operating system.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we are… https://www.virusbulletin.com/blog/2014/09/preview-apple-without-shell-ios-under-targeted-attack/

Windows Error Reporting used to discover new attacks

No excuse for sending error reports in cleartext.
No excuse for sending error reports in cleartext. All happy programs are the same. But each unhappy program crashes in its own way. In a report published yesterday, security firm… https://www.virusbulletin.com/blog/2014/02/windows-error-reporting-used-discover-new-attacks/

Macro viruses make a return in targeted attacks

Macros disabled in modern versions of Office, but enabled within many organisations.
Macros disabled in modern versions of Office, but enabled within many organisations. A report by the National Cyber Security Center (NCSC, the Dutch CERT) points to a resurgence of… https://www.virusbulletin.com/blog/2014/01/macro-viruses-make-return-targeted-attacks/

Good and bad news for victims of targeted attacks against Microsoft products

Bug bounty program extended; TIFF zero-day used in the wild.
Bug bounty program extended; TIFF zero-day used in the wild. This week, Microsoft has good news and bad news for those targeted by zero-day exploits in its products. The bad… https://www.virusbulletin.com/blog/2013/11/good-and-bad-news-victims-targeted-attacks-against-microsoft-products/

Is publishing your employees' email addresses such a big deal?

Beware of a false sense of security.
Beware of a false sense of security. Security blogger Graham Cluley points to hypocrisy in a KPMG press release in which it criticises FTSE 350 companies for 'leaking data that can… https://www.virusbulletin.com/blog/2013/07/publishing-your-employees-email-addresses-such-big-deal/

India believed to be source of sophisticated surveillance campaigns

In-depth investigations find widespread worldwide snooping, Pakistan primary target.
In-depth investigations find widespread worldwide snooping, Pakistan primary target. Several reports have emerged recently covering a highly organised campaign of targeted… https://www.virusbulletin.com/blog/2013/05/india-believed-be-source-sophisticated-surveillance-campaigns/

Sykipot trojan used to target smart cards

Defence companies among small number of targets.
Defence companies among small number of targets. Researchers at Alienvault have discovered a version of the 'Sykipot' trojan that is being used to target organisations that make… https://www.virusbulletin.com/blog/2012/01/sykipot-trojan-used-target-smart-cards/

« Previous 12 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.