VB Blog

VB2019 presentation: Attor: spy platform with curious GSM fingerprinting

Posted by   Virus Bulletin on   Feb 11, 2020

Attor is a newly discovered cyber-espionage platform, use of which dates back to at least 2014 and which focuses on diplomatic missions and governmental institutions. Details of Attor were presented at VB2019 in London by ESET researcher Zuzana Hromcová. Today we release the recording of Zuzana's presentation.

Read more  

Why we encourage newcomers and seasoned presenters alike to submit a paper for VB2020

Posted by   Virus Bulletin on   Feb 6, 2020

With the call for papers for VB2020 currently open, we explain why, whether you've never presented before or you're a conference circuit veteran, if you have some interesting research to share with the community we want to hear from you!

Read more  

VB2019 paper: The cake is a lie! Uncovering the secret world of malware-like cheats in video games

Posted by   Helen Martin on   Feb 5, 2020

At VB2019 in London, Kaspersky researcher Santiago Pontiroli presented a paper on the growing illegal economy around video game cheats and its parallels with the malware industry. Today we publish both Santiago's paper and the recording of his presentation.

Read more  

VB2019 paper: Rich headers: leveraging the mysterious artifact of the PE format

Posted by   Virus Bulletin on   Jan 31, 2020

In a paper presented at VB2019 in London, ESET researchers Peter Kálnai and Michal Poslušný discussed the subject of rich headers and how it can be useful in malware research. Today we publish both their paper and the recording of their presentation.

Read more  

VB2019 paper: Medical IoT for diabetes and cybercrime

Posted by   Helen Martin on   Jan 28, 2020

At VB2019 in London, Fortinet researcher Axelle Apvrille presented a paper co-written with Aamir Lakhani that looked at the threats faced by those who use medical IoT devices to help manage their diabetes. Today we publish the researchers' paper, as well as the recording of Axelle's presentation.

Read more  

VB2019 paper: Spoofing in the reeds with Rietspoof

Posted by   Virus Bulletin on   Jan 24, 2020

In a VB2019 paper Avast researchers Jan Sirmer, Luigino Camastra and Adolf Středa revealed full details of the Rietspoof malware. Today we publish their paper and the recording of the presentation given by Jan and Luigino in London.

Read more  

New paper: Behind the scenes of GandCrab's operation

Posted by   Helen Martin on   Jan 20, 2020

The GandCrab ransomware regularly updated itself to newer versions to stay ahead of decryptors released by security researchers, and regularly included taunts, jokes and references to security organizations in its code. In a new paper, the AhnLab Security Analysis Team reveal the full details of the battle that went on between GandCrab and AhnLab.

Read more  

VB2019 paper: King of the hill: nation-state counterintelligence for victim deconfliction

Posted by   Virus Bulletin on   Jan 16, 2020

At VB2019 Juan Andres Guerrero-Saade looked at nation-state actors using threat intelligence for victim deconfliction. Today we publish both his paper and the recording of his presentation.

Read more  

The VB2020 call for papers - how it works

Posted by   Virus Bulletin on   Jan 14, 2020

With the VB2020 Call for Papers now open, we explain how the selection procedure works, which may help you during your abstract submission.

Read more  

VB2019 presentation: Targeted attacks through ISPs

Posted by   Virus Bulletin on   Jan 13, 2020

In 2019 we saw a rise in the number of targeted malware infections spread via ISPs and service providers. In a last-minute paper presented at VB2019 in London, Kaspersky researcher Denis Legezo discussed the details of a number of such cases. Today we release the recording of Denis' presentation.

Read more  
Previous1...45678...215Next

Search blog

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.
Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects Read the paper (HTML) Download the paper (PDF)   Android botnets are a formidable… https://www.virusbulletin.com/blog/2023/10/new-paper-nexus-android-banking-botnet-compromising-cc-panels-and-dissecting-mobile-appinjects/

There is no evidence in-the-wild malware is using Meltdown or Spectre

Reports of malware using the Meltdown or Spectre attacks are likely based on proof-of-concept code rather than files written for a malicious purpose.
Almost a month after the Meltdown and Spectre attacks against various CPUs were discovered and revealed to the public, there have been reports of the existence of malware that… https://www.virusbulletin.com/blog/2018/02/there-no-evidence-wild-malware-using-meltdown-or-spectre/

Vulnerability disclosure and botnet takedown not to be hindered by Wassenaar Arrangement

Clarification in the language of the Wassenaar Arrangement, a multilateral export control regime for conventional arms and dual-use goods and technologies, means those involved in vulnerability disclosure or botnet takedown won't have to worry about acqui…
I have never been too keen on making comparisons between (advanced) cyber attacks and conventional war, as such comparisons tend to ignore the enormous human cost that comes with… https://www.virusbulletin.com/blog/2017/12/vulnerability-disclosure-and-botnet-takedown-not-be-hindered-wassenaar-arrangement/

Tizi Android malware highlights the importance of security patches for high-risk users

Researchers from Google have taken down 'Tizi', an Android malware family, that used nine already patched vulnerabilities to obtain root on infected devices.
A well-known security researcher once said: "if you purposely choose Android you are either Poor, Cheap, or really hate Apple." Android has a bad reputation in security… https://www.virusbulletin.com/blog/2017/11/tizi-android-malware-highlights-importance-security-patches-high-risk-users/

Vulnerabilities play only a tiny role in the security risks that come with mobile phones

Both bad news (all devices were pwnd) and good news (pwning is increasingly difficult) came from the most recent mobile Pwn2Own competition. But the practical security risks that come with using mobile phones have little to do with vulnerabilities.
Last week saw yet another successful edition of Mobile Pwn2Own, the contest in which participants are challenged to attack fully patched mobile devices using previously unknown… https://www.virusbulletin.com/blog/2017/11/vulnerabilities-play-only-tiny-role-security-risks-come-mobile-phones/

Patching is important even when it only shows the maturity of your security process

A lot of vulnerabilities that are discovered are never exploited in the wild. It is still important to patch them though.
Sometimes a Tweet says more than a 50-minute conference presentation: Bad TLS as an externally measurable metric for whether an organisation has a mature security process,… https://www.virusbulletin.com/blog/2017/09/patching-important-even-when-it-only-shows-maturity-your-security-process/

Is CVE-2017-0199 the new CVE-2012-0158?

After five years of exploitation in a wide variety of attacks, CVE-2012-0158 may have found a successor in CVE-2017-0199, which is taking the Office exploit scene by storm.
There are two good reasons not to be concerned about CVE-2012-0158, an RTF handling vulnerability in Microsoft Office. First, the vulnerability was patched more than five years… https://www.virusbulletin.com/blog/2017/06/cve-2017-0199-new-cve-2012-0158/

Paper: The journey and evolution of God Mode in 2016: CVE-2016-0189

In a new paper published by Virus Bulletin, FireEye researchers Ankit Anubhav and Manish Sardiwal analyse the 'God Mode' vulnerability CVE-2016-0189 in Microsoft Internet Explorer.
While avoiding the use of Flash is good advice for helping to fend off exploit kits, some of the vulnerabilities exploited by these kits actually target the browsers themselves.… https://www.virusbulletin.com/blog/2017/01/paper-journey-and-evolution-god-mode-2016-cve-2016-0189/

It's fine for vulnerabilities to have names — we just need not to take them too seriously

The PR campaign around the Badlock vulnerability backfired when it turned out that the vulnerability wasn't as serious as had been suggested. But naming vulnerabilities can actually be helpful and certainly shouldn't hurt.
“What's in a name? That which we call Heartbleed by any other name would be just as malicious.” — William Shakespeare (paraphrased) When OpenSSL vulnerability… https://www.virusbulletin.com/blog/2016/04/it-fine-vulnerabilities-have-names-we-just-need-not-take-them-too-seriously/

Paper: All Your Meetings Are Belong to Us: Remote Code Execution in Apache OpenMeetings

Security researcher Andreas Lindh recently found a vulnerability in Apache OpenMeetings that could allow remote code execution on a vulnerable server. Andreas reported the vulnerability to the OpenMeetings developers and, once it had been patched, he wrot…
The rise of bug bounties in recent years has created an incentive for hackers to hunt for vulnerabilities in a lot of software and services. But what about those software projects… https://www.virusbulletin.com/blog/2016/03/paper-all-your-meetings-are-belong-us-remote-code-execution-apache-openmeetings/

Security vendors should embrace those hunting bugs in their products

When interviewed by the Risky Business podcast last week, VB Editor Martijn Grooten talked about the security of security products and said that many vendors are embracing the work done by Tavis Ormandy and others - as they should.
Security software is software too — and it will have flaws. Last week, I was interviewed for the Risky Business podcast. I really enjoyed the experience, not just because I've… https://www.virusbulletin.com/blog/2016/02/security-vendors-should-embrace-those-hunting-bugs-their-products/

File-stealing vulnerability found in Firefox PDF reader

Both Windows and Linux users actively being targeted.
Both Windows and Linux users actively being targeted. If, like me, you are suffering from vulnerability fatigue after so many flaws and weaknesses having been disclosed in Las… https://www.virusbulletin.com/blog/2015/08/file-stealing-vulnerability-found-firefox-pdf-reader/

Stagefright vulnerability leaves 950 million Android devices vulnerable to remote code execution

The operating system has been patched, but it is unclear whether users will receive those patches.
The operating system has been patched, but it is unclear whether users will receive those patches. Researchers at mobile security firm Zimperium have discovered a remote code… https://www.virusbulletin.com/blog/2015/07/stagefright-vulnerability-leaves-950-million-android-devices-vulnerable-remote-code-execution/

Weak keys and prime reuse make Diffie-Hellman implementations vulnerable

'Logjam' attack possibly used by the NSA to decrypt VPN traffic.
'Logjam' attack possibly used by the NSA to decrypt VPN traffic. A group of researchers have discovered a number of vulnerabilities in the way the Diffie-Hellman key exchange… https://www.virusbulletin.com/blog/2015/05/weak-keys-and-prime-reuse-make-diffie-hellman-implementations-vulnerable/

POODLE is the brown M&Ms of security

Just because it won't be exploited, doesn't mean you shouldn't patch it.
Just because it won't be exploited, doesn't mean you shouldn't patch it. There is a famous story about the rock band Van Halen whose lists of requirements when performing a show… https://www.virusbulletin.com/blog/2015/04/poodle-brown-m-amp-ms-security/

The ghost of Stuxnet past

Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete.
Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete. Mention Stuxnet and you'll have many a security researcher's attention. The worm, which was… https://www.virusbulletin.com/blog/2015/03/ghost-stuxnet-past/

FREAK attack takes HTTPS connections back to 1990s security

Golden keys from the (first) crypto wars have come back to haunt us.
Golden keys from the (first) crypto wars have come back to haunt us. When a web client makes a secure connection to a web server (using HTTPS), it starts by sending a 'Hello'… https://www.virusbulletin.com/blog/2015/03/freak-attack-takes-https-connections-back-1990s-security/

Paper: Script in a lossy stream

Dénes Óvári explains how to store code in lossily compressed JPEG data.
Dénes Óvári explains how to store code in lossily compressed JPEG data. Malformed PDFs have become a common way to deliver malware. Naturally, when this started to happen,… https://www.virusbulletin.com/blog/2015/03/paper-script-lossy-stream/

Almost 50% increase in reported vulnerabilities as non-Windows operating systems lead the table

Each discovered vulnerability is actually a good news story.
Each discovered vulnerability is actually a good news story. Last week, security firm GFI published some research in which it looked at the number of vulnerabilities reported last… https://www.virusbulletin.com/blog/2015/02/almost-50-increase-reported-vulnerabilities-non-windows-operating-systems-lead-table/

Google relaxes disclosure policy following criticism

Grace period added for vulnerabilities that are about to be patched.
Grace period added for vulnerabilities that are about to be patched. Last year, Google announced a new disclosure policy, where details of a vulnerability discovered by the… https://www.virusbulletin.com/blog/2015/02/google-relaxes-disclosure-policy-following-criticism/

« Previous 1234567 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.