VB Blog

Security advice in the wake of WannaCry and Not(Petya)

Posted by   Martijn Grooten on   Jun 30, 2017

As WannaCry and (Not)Petya have shown, malware attacks can do a lot of damage. So is staying safe just a case of following good security advice?

Read more  

48 hours after initial reports, many mysteries remain around the latest ransomware/wiper threat

Posted by   Martijn Grooten on   Jun 29, 2017

Whether you call it Petya, NotPetya, Nyetya or Petna, there are still many mysteries surrounding the malware that has been causing havoc around the world.

Read more  

VB2017 Early Bird discount to expire this week

Posted by   Martijn Grooten on   Jun 28, 2017

This week, the Early Bird discount for VB2017 comes to an end - so, for a 10% saving on the cost of full price registration, make sure you register now!

Read more  

VB2016 paper: Steam stealers: it's all fun and games until someone's account gets hijacked

Posted by   Martijn Grooten on   Jun 23, 2017

Last year, Kaspersky Lab researcher Santiago Pontiroli and PwC's Bart Parys presented a VB2016 paper analysing the malicious threats faced by users of the Steam online gaming platform, and highlighting how organized criminals are making money with these profitable schemes. Today, we publish the paper.

Read more  

Research paper shows it may be possible to distinguish malware traffic using TLS

Posted by   Martijn Grooten on   Jun 22, 2017

Researchers at Cisco have published a paper describing how it may be possible to use machine learning to distinguish malware command-and-control traffic using TLS from regular enterprise traffic, and to classify malware families based on their encrypted C&C traffic.

Read more  

Is CVE-2017-0199 the new CVE-2012-0158?

Posted by   Martijn Grooten on   Jun 20, 2017

After five years of exploitation in a wide variety of attacks, CVE-2012-0158 may have found a successor in CVE-2017-0199, which is taking the Office exploit scene by storm.

Read more  

Review: BSides London 2017

Posted by   Martijn Grooten on   Jun 19, 2017

Virus Bulletin was a proud sponsor of BSides London 2017 - Martijn Grooten reports on a great event.

Read more  

VB2017: one of the most international security conferences

Posted by   Martijn Grooten on   Jun 15, 2017

It is well known that the problem of cybersecurity is a global one that affects users worldwide - but it's also one that has some unique local flavours. With speakers representing at least 24 countries, VB2017 is one of the most international security conferences on the circuit, allowing attendees to hear the viewpoints of experts from around the world. Register before 1 July and receive a 10% Early Bird discount.

Read more  

VB2016 paper: Diving into Pinkslipbot's latest campaign

Posted by   Martijn Grooten on   Jun 12, 2017

Qakbot or Qbot, is a banking trojan that makes the news every once in a while and was the subject of a VB2016 paper by Intel Security researchers Sanchit Karve, Guilherme Venere and Mark Olea. In it, they provided a detailed analysis of the Pinkslipbot/Qakbot trojan and its then latest campaign. Their full paper is now available to download or read online.

Read more  

Book review: Spam: A Shadow History of the Internet

Posted by   Martijn Grooten on   Jun 2, 2017

VB Editor Martijn Grooten reviews Finn Brunton's book 'Spam: A Shadow History of the Internet'.

Read more  
Previous1...3435363738...215Next

Search blog

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.
Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects Read the paper (HTML) Download the paper (PDF)   Android botnets are a formidable… https://www.virusbulletin.com/blog/2023/10/new-paper-nexus-android-banking-botnet-compromising-cc-panels-and-dissecting-mobile-appinjects/

There is no evidence in-the-wild malware is using Meltdown or Spectre

Reports of malware using the Meltdown or Spectre attacks are likely based on proof-of-concept code rather than files written for a malicious purpose.
Almost a month after the Meltdown and Spectre attacks against various CPUs were discovered and revealed to the public, there have been reports of the existence of malware that… https://www.virusbulletin.com/blog/2018/02/there-no-evidence-wild-malware-using-meltdown-or-spectre/

Vulnerability disclosure and botnet takedown not to be hindered by Wassenaar Arrangement

Clarification in the language of the Wassenaar Arrangement, a multilateral export control regime for conventional arms and dual-use goods and technologies, means those involved in vulnerability disclosure or botnet takedown won't have to worry about acqui…
I have never been too keen on making comparisons between (advanced) cyber attacks and conventional war, as such comparisons tend to ignore the enormous human cost that comes with… https://www.virusbulletin.com/blog/2017/12/vulnerability-disclosure-and-botnet-takedown-not-be-hindered-wassenaar-arrangement/

Tizi Android malware highlights the importance of security patches for high-risk users

Researchers from Google have taken down 'Tizi', an Android malware family, that used nine already patched vulnerabilities to obtain root on infected devices.
A well-known security researcher once said: "if you purposely choose Android you are either Poor, Cheap, or really hate Apple." Android has a bad reputation in security… https://www.virusbulletin.com/blog/2017/11/tizi-android-malware-highlights-importance-security-patches-high-risk-users/

Vulnerabilities play only a tiny role in the security risks that come with mobile phones

Both bad news (all devices were pwnd) and good news (pwning is increasingly difficult) came from the most recent mobile Pwn2Own competition. But the practical security risks that come with using mobile phones have little to do with vulnerabilities.
Last week saw yet another successful edition of Mobile Pwn2Own, the contest in which participants are challenged to attack fully patched mobile devices using previously unknown… https://www.virusbulletin.com/blog/2017/11/vulnerabilities-play-only-tiny-role-security-risks-come-mobile-phones/

Patching is important even when it only shows the maturity of your security process

A lot of vulnerabilities that are discovered are never exploited in the wild. It is still important to patch them though.
Sometimes a Tweet says more than a 50-minute conference presentation: Bad TLS as an externally measurable metric for whether an organisation has a mature security process,… https://www.virusbulletin.com/blog/2017/09/patching-important-even-when-it-only-shows-maturity-your-security-process/

Is CVE-2017-0199 the new CVE-2012-0158?

After five years of exploitation in a wide variety of attacks, CVE-2012-0158 may have found a successor in CVE-2017-0199, which is taking the Office exploit scene by storm.
There are two good reasons not to be concerned about CVE-2012-0158, an RTF handling vulnerability in Microsoft Office. First, the vulnerability was patched more than five years… https://www.virusbulletin.com/blog/2017/06/cve-2017-0199-new-cve-2012-0158/

Paper: The journey and evolution of God Mode in 2016: CVE-2016-0189

In a new paper published by Virus Bulletin, FireEye researchers Ankit Anubhav and Manish Sardiwal analyse the 'God Mode' vulnerability CVE-2016-0189 in Microsoft Internet Explorer.
While avoiding the use of Flash is good advice for helping to fend off exploit kits, some of the vulnerabilities exploited by these kits actually target the browsers themselves.… https://www.virusbulletin.com/blog/2017/01/paper-journey-and-evolution-god-mode-2016-cve-2016-0189/

It's fine for vulnerabilities to have names — we just need not to take them too seriously

The PR campaign around the Badlock vulnerability backfired when it turned out that the vulnerability wasn't as serious as had been suggested. But naming vulnerabilities can actually be helpful and certainly shouldn't hurt.
“What's in a name? That which we call Heartbleed by any other name would be just as malicious.” — William Shakespeare (paraphrased) When OpenSSL vulnerability… https://www.virusbulletin.com/blog/2016/04/it-fine-vulnerabilities-have-names-we-just-need-not-take-them-too-seriously/

Paper: All Your Meetings Are Belong to Us: Remote Code Execution in Apache OpenMeetings

Security researcher Andreas Lindh recently found a vulnerability in Apache OpenMeetings that could allow remote code execution on a vulnerable server. Andreas reported the vulnerability to the OpenMeetings developers and, once it had been patched, he wrot…
The rise of bug bounties in recent years has created an incentive for hackers to hunt for vulnerabilities in a lot of software and services. But what about those software projects… https://www.virusbulletin.com/blog/2016/03/paper-all-your-meetings-are-belong-us-remote-code-execution-apache-openmeetings/

Security vendors should embrace those hunting bugs in their products

When interviewed by the Risky Business podcast last week, VB Editor Martijn Grooten talked about the security of security products and said that many vendors are embracing the work done by Tavis Ormandy and others - as they should.
Security software is software too — and it will have flaws. Last week, I was interviewed for the Risky Business podcast. I really enjoyed the experience, not just because I've… https://www.virusbulletin.com/blog/2016/02/security-vendors-should-embrace-those-hunting-bugs-their-products/

File-stealing vulnerability found in Firefox PDF reader

Both Windows and Linux users actively being targeted.
Both Windows and Linux users actively being targeted. If, like me, you are suffering from vulnerability fatigue after so many flaws and weaknesses having been disclosed in Las… https://www.virusbulletin.com/blog/2015/08/file-stealing-vulnerability-found-firefox-pdf-reader/

Stagefright vulnerability leaves 950 million Android devices vulnerable to remote code execution

The operating system has been patched, but it is unclear whether users will receive those patches.
The operating system has been patched, but it is unclear whether users will receive those patches. Researchers at mobile security firm Zimperium have discovered a remote code… https://www.virusbulletin.com/blog/2015/07/stagefright-vulnerability-leaves-950-million-android-devices-vulnerable-remote-code-execution/

Weak keys and prime reuse make Diffie-Hellman implementations vulnerable

'Logjam' attack possibly used by the NSA to decrypt VPN traffic.
'Logjam' attack possibly used by the NSA to decrypt VPN traffic. A group of researchers have discovered a number of vulnerabilities in the way the Diffie-Hellman key exchange… https://www.virusbulletin.com/blog/2015/05/weak-keys-and-prime-reuse-make-diffie-hellman-implementations-vulnerable/

POODLE is the brown M&Ms of security

Just because it won't be exploited, doesn't mean you shouldn't patch it.
Just because it won't be exploited, doesn't mean you shouldn't patch it. There is a famous story about the rock band Van Halen whose lists of requirements when performing a show… https://www.virusbulletin.com/blog/2015/04/poodle-brown-m-amp-ms-security/

The ghost of Stuxnet past

Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete.
Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete. Mention Stuxnet and you'll have many a security researcher's attention. The worm, which was… https://www.virusbulletin.com/blog/2015/03/ghost-stuxnet-past/

FREAK attack takes HTTPS connections back to 1990s security

Golden keys from the (first) crypto wars have come back to haunt us.
Golden keys from the (first) crypto wars have come back to haunt us. When a web client makes a secure connection to a web server (using HTTPS), it starts by sending a 'Hello'… https://www.virusbulletin.com/blog/2015/03/freak-attack-takes-https-connections-back-1990s-security/

Paper: Script in a lossy stream

Dénes Óvári explains how to store code in lossily compressed JPEG data.
Dénes Óvári explains how to store code in lossily compressed JPEG data. Malformed PDFs have become a common way to deliver malware. Naturally, when this started to happen,… https://www.virusbulletin.com/blog/2015/03/paper-script-lossy-stream/

Almost 50% increase in reported vulnerabilities as non-Windows operating systems lead the table

Each discovered vulnerability is actually a good news story.
Each discovered vulnerability is actually a good news story. Last week, security firm GFI published some research in which it looked at the number of vulnerabilities reported last… https://www.virusbulletin.com/blog/2015/02/almost-50-increase-reported-vulnerabilities-non-windows-operating-systems-lead-table/

Google relaxes disclosure policy following criticism

Grace period added for vulnerabilities that are about to be patched.
Grace period added for vulnerabilities that are about to be patched. Last year, Google announced a new disclosure policy, where details of a vulnerability discovered by the… https://www.virusbulletin.com/blog/2015/02/google-relaxes-disclosure-policy-following-criticism/

« Previous 1234567 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.