VB Blog

VB2019 presentation: Targeted attacks through ISPs

Posted by   Virus Bulletin on   Jan 13, 2020

In 2019 we saw a rise in the number of targeted malware infections spread via ISPs and service providers. In a last-minute paper presented at VB2019 in London, Kaspersky researcher Denis Legezo discussed the details of a number of such cases. Today we release the recording of Denis' presentation.

Read more  

VB2019 presentation: A deep dive into iPhone exploit chains

Posted by   Virus Bulletin on   Jan 10, 2020

In a last-minute presentation at VB2019 in London, John Bambenek of the University of Illinois at Urbana-Champaign discussed details of campaigns that used advanced iOS and Android exploit chains against China’s Uighur minority. Today we release the recording of John's presentation.

Read more  

Latest VBWeb report describes current state of the web-based threat landscape

Posted by   Helen Martin on   Jan 8, 2020

Today we released the Winter 2020 VBWeb report, detailing the performance of web security products against live web threats and looking at the current state of the web-based threat landscape.

Read more  

VB2019 paper: Catch me if you can: detection of injection exploitation by validating query and API integrity

Posted by   Virus Bulletin on   Jan 6, 2020

In a paper presented at VB2019 in London, Prismo Systems researchers Abhishek Singh and Ramesh Mani discussed code injection vulnerabilities and presented a tool that could detect this vulnerability class. Today we publish their paper and the recording of their presentation.

Read more  

Virus Bulletin says a fond farewell and thank you to Martijn Grooten

Posted by   Helen Martin on   Dec 31, 2019

As VB Editor Martijn Grooten steps down from his role to move on to new challenges, the team wish him a fond farewell and the very best of luck in his future endeavours.

Read more  

VB2019 paper: Never before had Stierlitz been so close to failure (or: what is a Soviet super-spy doing in a popular bundleware for Mac?)

Posted by   Martijn Grooten on   Dec 27, 2019

Today, we publish the VB2019 paper and video by Sophos researcher Sergei Shevchenko in which he analyses a popular yet unnamed piece of macOS ‘bundleware’.

Read more  

Parting thoughts 5: bringing the good news

Posted by   Martijn Grooten on   Dec 23, 2019

In the final of a five-part series of blog posts, departing VB Editor Martijn Grooten argues for more emphasis on the good news in security, especially that which is more subtle.

Read more  

Parting thoughts 4: the big picture

Posted by   Virus Bulletin on   Dec 20, 2019

In the fourth of a five-part series of blog posts, departing VB Editor Martijn Grooten explains why security researchers should refer to other people's work.

Read more  

Parting thoughts 3: taking security seriously

Posted by   Martijn Grooten on   Dec 19, 2019

In the third of a five-part series of blog posts, departing VB Editor Martijn Grooten explains why he believes security vendors should take their products' security more seriously.

Read more  

VB2019 paper: Exploring the Chinese DDoS landscape

Posted by   Martijn Grooten on   Dec 19, 2019

China has long been a hotbed of DDoS activities, and today we publish a VB2019 paper by Intezer researcher Nacho Sanmillan who looked at Chinese threat groups engaged in performing DDoS attacks. We have also uploaded the recording of his presentation.

Read more  
Previous1...56789...215Next

Search blog

VB2019 presentation: Targeted attacks through ISPs

In 2019 we saw a rise in the number of targeted malware infections spread via ISPs and service providers. In a last-minute paper presented at VB2019 in London, Kaspersky researcher Denis Legezo discussed the details of a number of such cases. Today we rel…
In 2019 we saw an increase in the number of targeted malware infections spread via ISPs and service providers. Some notable cases included the installation of digital certificates… https://www.virusbulletin.com/blog/2020/01/vb2019-presentation-targeted-attacks-through-isps/

VB2019 paper: Operation Soft Cell - a worldwide campaign against telecommunication providers

Today we publish the VB2019 paper by Cybereason researchers Mor Levi, Amit Serper and Assaf Dahan on Operation Soft Cell, a targeted attack against telecom providers around the world.
Operation Soft Cell - a worldwide campaign against telecommunication providers Read the paper (HTML) Download the paper (PDF)   In June this year, Cybereason published a blog… https://www.virusbulletin.com/blog/2019/12/vb2019-paper-operation-soft-cell-worldwide-campaign-against-telecommunication-providers/

VB2019 paper: A vine climbing over the Great Firewall: a long-term attack against China

Today we publish a VB2019 paper from Lion Gu and Bowen Pan from the Qi An Xin Threat Intelligence Center in China in which they analysed an APT group dubbed 'Poison Vine', which targeted various government, military and research institutes in China.
A vine climbing over the Great Firewall: a long-term attack against China Read the paper (HTML) Download the paper (PDF)       The global nature of both the Virus… https://www.virusbulletin.com/blog/2019/11/vb2019-paper-vine-climbing-over-great-firewall-long-term-attack-against-china/

Emotet trojan starts stealing full emails from infected machines

The infamous Emotet trojan has added the capability to steal full email bodies from infected machines, opening the possibilities for more targeted spam and phishing campaigns.
Researchers at Kryptos Logic have discovered that the Emotet banking trojan is exfiltrating entire email bodies as opposed to merely email addresses. Emotet was first discovered… https://www.virusbulletin.com/blog/2018/10/emotet-trojan-starts-stealing-full-emails-infected-machines/

Attack on Fox-IT shows how a DNS hijack can break multiple layers of security

Dutch security firm Fox-IT deserves praise for being open about an attack on its client network. There are some important lessons to be learned about DNS security from its post-mortem.
Every company will, sooner or later, get hacked and we should judge them by how they respond. With that in mind, Fox-IT, which writes in great detail about how a DNS hijack was… https://www.virusbulletin.com/blog/2017/12/attack-fox-it-shows-how-dns-hijack-can-break-multiple-layers-security/

VB2017 paper: Modern reconnaissance phase on APT – protection layer

During recent research, Cisco Talos researchers observed the ways in which APT actors are evolving and how a reconnaissance phase is included in the infection vector in order to protect valuable zero-day exploits or malware frameworks. At VB2017 in Madrid…
Targeted attack campaigns involve multiple stages, the first of which consists of collecting information about the target: the reconnaissance phase. It's an essential part of any… https://www.virusbulletin.com/blog/2017/12/vb2017-paper-modern-reconnaissance-phase-apt-protection-layer/

Tizi Android malware highlights the importance of security patches for high-risk users

Researchers from Google have taken down 'Tizi', an Android malware family, that used nine already patched vulnerabilities to obtain root on infected devices.
A well-known security researcher once said: "if you purposely choose Android you are either Poor, Cheap, or really hate Apple." Android has a bad reputation in security… https://www.virusbulletin.com/blog/2017/11/tizi-android-malware-highlights-importance-security-patches-high-risk-users/

VB2016 paper: BlackEnergy – what we really know about the notorious cyber attacks

According to some researchers, there is some evidence linking the recent (Not)Petya attacks with the BlackEnergy group - which became infamous for its targeted attacks against the Ukraine. At VB2016, ESET researchers Anton Cherepanov and Robert Lipovsky s…
In a blog post published on Friday, ESET researcher Anton Cherepanov provides evidence linking last week's (Not)Petya attacks to the BlackEnergy group; Kaspersky researchers also… https://www.virusbulletin.com/blog/2017/07/vb2016-paper-blackenergy-what-we-really-know-about-notorious-cyber-attacks/

VB2016 paper: Modern attacks on Russian financial institutions

Today, we publish the VB2016 paper and presentation (recording) by ESET researchers Jean-Ian Boutin and Anton Cherepanov, in which they look at sophisticated attacks against Russian financial institutions.
Today, we publish the VB2016 paper "Modern attacks on Russian financial institutions" (here in HTML format and here in PDF format) by ESET researchers Jean-Ian Boutin and Anton… https://www.virusbulletin.com/blog/2016/december/vb2016-paper-modern-attacks-russian-financial-institutions/

VB2016 paper: Wave your false flags! Deception tactics muddying attribution in targeted attacks

Today, we publish the VB2016 paper and presentation (recording) by Kaspersky Lab researchers Juan Andrés Guerrero-Saade and Brian Bartholomew, in which they look at some of the deception tactics used in targeted attacks.
Security researchers have a complicated relationship with attribution. On the one hand, for technical analyses, it doesn't matter whether an attack was performed by a Bear, a… https://www.virusbulletin.com/blog/2016/november/vb2016-paper-wave-your-false-flags-deception-tactics-muddying-attribution-targeted-attacks/

VB2015 preview: advanced persistent threats

Several conference papers to deal with targeted attacks.
Several conference papers to deal with targeted attacks. There was a time when analyses of malware and viruses at the Virus Bulletin conference used the number of infections as a… https://www.virusbulletin.com/blog/2015/08/preview-advanced-persistent-threats/

Volatile Cedar campaign - cyber espionage isn't just for large nation states

Details of malware to be discussed at VB2015.
Details of malware to be discussed at VB2015. Researchers at Check Point have revealed details of a cyber-espionage campaign, dubbed 'Volatile Cedar', that has been active since at… https://www.virusbulletin.com/blog/2015/04/volatile-cedar-campaign-cyber-espionage-isn-t-just-large-nation-states/

VB2014 paper: Apple without a shell - iOS under targeted attack

Developer Enterprise Program recently found to be used by WireLurker.
Developer Enterprise Program recently found to be used by WireLurker.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the… https://www.virusbulletin.com/blog/2014/11/paper-apple-without-shell-ios-under-targeted-attack/

VB2014 preview: Apple without a shell - iOS under targeted attack

FireEye researchers show a large attack vector for Apple's mobile operating system.
FireEye researchers show a large attack vector for Apple's mobile operating system.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we are… https://www.virusbulletin.com/blog/2014/09/preview-apple-without-shell-ios-under-targeted-attack/

Windows Error Reporting used to discover new attacks

No excuse for sending error reports in cleartext.
No excuse for sending error reports in cleartext. All happy programs are the same. But each unhappy program crashes in its own way. In a report published yesterday, security firm… https://www.virusbulletin.com/blog/2014/02/windows-error-reporting-used-discover-new-attacks/

Macro viruses make a return in targeted attacks

Macros disabled in modern versions of Office, but enabled within many organisations.
Macros disabled in modern versions of Office, but enabled within many organisations. A report by the National Cyber Security Center (NCSC, the Dutch CERT) points to a resurgence of… https://www.virusbulletin.com/blog/2014/01/macro-viruses-make-return-targeted-attacks/

Good and bad news for victims of targeted attacks against Microsoft products

Bug bounty program extended; TIFF zero-day used in the wild.
Bug bounty program extended; TIFF zero-day used in the wild. This week, Microsoft has good news and bad news for those targeted by zero-day exploits in its products. The bad… https://www.virusbulletin.com/blog/2013/11/good-and-bad-news-victims-targeted-attacks-against-microsoft-products/

Is publishing your employees' email addresses such a big deal?

Beware of a false sense of security.
Beware of a false sense of security. Security blogger Graham Cluley points to hypocrisy in a KPMG press release in which it criticises FTSE 350 companies for 'leaking data that can… https://www.virusbulletin.com/blog/2013/07/publishing-your-employees-email-addresses-such-big-deal/

India believed to be source of sophisticated surveillance campaigns

In-depth investigations find widespread worldwide snooping, Pakistan primary target.
In-depth investigations find widespread worldwide snooping, Pakistan primary target. Several reports have emerged recently covering a highly organised campaign of targeted… https://www.virusbulletin.com/blog/2013/05/india-believed-be-source-sophisticated-surveillance-campaigns/

Sykipot trojan used to target smart cards

Defence companies among small number of targets.
Defence companies among small number of targets. Researchers at Alienvault have discovered a version of the 'Sykipot' trojan that is being used to target organisations that make… https://www.virusbulletin.com/blog/2012/01/sykipot-trojan-used-target-smart-cards/

« Previous 12 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.