VB Blog

VB2018 preview: hacking cars

Posted by   Martijn Grooten on   Sep 21, 2018

In recent years, car hacking has evolved from a mostly theoretical research field involving giggling researchers and scared journalists, to one that actually concerns car owners and manufacturers. On today's blog we preview two VB2018 papers, by Inbar Raz and Spencer Hsieh, that look at the subject of hacking cars.

Read more  

Where are all the ‘A’s in APT?

Posted by   Virus Bulletin on   Sep 20, 2018

In a guest blog post by VB2018 gold partner Kaspersky Lab, Costin Raiu, Director of the company's Global Research and Analysis Team, looks critically at the 'A' in APT.

Read more  

VB2018 preview: commercial spyware and its use by governments

Posted by   Martijn Grooten on   Sep 19, 2018

Today, we preview three VB2018 presentations that look at threats against civil society in general and the use of commercial spyware by governments for this purpose in particular.

Read more  

VB2018 preview: Wipers in the wild

Posted by   Martijn Grooten on   Sep 18, 2018

Today we preview the VB2018 paper by Saher Naumaan (BAE Systems Applied Intelligence) on the use of wipers in APT attacks.

Read more  

VB2018 preview: IoT botnets

Posted by   Martijn Grooten on   Sep 17, 2018

The VB2018 programme is packed with a wide range of security topics featuring speakers from all around the world. Today we preview two of them: one by Qihoo 360 researchers on tracking variants of Mirai and one by researchers from Bitdefender on the peer-to-peer Hide'n'Seek botnet.

Read more  

VB2018: last-minute talks announced

Posted by   Martijn Grooten on   Sep 10, 2018

We are excited to announce the final additions to the VB2018 programme in the form of 10 'last-minute' papers covering up-to-the-minute research and hot topics and two more invited talks.

Read more  

VB2018 preview: Since the hacking of Sony Pictures

Posted by   Martijn Grooten on   Sep 7, 2018

At VB2018, AhnLab researcher Minseok Cha will look at activities of the Lazarus Group on the Korean peninsula going back as early as April 2011.

Read more  

Book review: Click Here to Kill Everybody

Posted by   Virus Bulletin on   Sep 6, 2018

Paul Baccas reviews Bruce Schneier's latest thought-provoking book, 'Click Here to Kill Everybody'.

Read more  

Spam is mostly noise and that makes measuring it very difficult

Posted by   Martijn Grooten on   Sep 3, 2018

A brief analysis by Recorded Future suggests that the volume of spam and new domain registrations hasn't increased since the GDPR came into effect.

Read more  

Virus Bulletin announces programme of the first International Threat Intelligence Summit

Posted by   Martijn Grooten on   Aug 29, 2018

VB is thrilled to announce the programme of the first International Threat Intelligence Summit that will form an integral part of the VB2018 conference programme.

Read more  
Previous1...1718192021...215Next

Search blog

Adobe issues patch for yet another Flash Player zero-day

CVE-2015-0313 used in the wild as long ago as December.
CVE-2015-0313 used in the wild as long ago as December. Adobe has just issued an out-of-band patch for its Flash Player to fix a zero-day vulnerability that is actively being… https://www.virusbulletin.com/blog/2015/02/adobe-issues-patch-yet-another-flash-player-zero-day/

Linux systems affected by 'GHOST' vulnerability

Proof-of-concept email gives remote access to Exim mail server.
Proof-of-concept email gives remote access to Exim mail server. If you administer Linux-based systems, you'd better schedule some time for patching, as a serious buffer overflow… https://www.virusbulletin.com/blog/2015/01/linux-systems-affected-ghost-vulnerability/

Microsoft no longer publishes advance notifications for its Patch Tuesdays

Company unhappy with Google going full disclosure on privilege escalation vulnerability.
Company unhappy with Google going full disclosure on privilege escalation vulnerability. Tomorrow is the second Tuesday of the month and, as most people reading this blog will… https://www.virusbulletin.com/blog/2015/01/microsoft-no-longer-publishes-advance-notifications-its-patch-tuesdays/

CVE-2012-0158 continues to be used in targeted attacks

30-month old vulnerability still a popular way to infect systems.
30-month old vulnerability still a popular way to infect systems. If all you have to worry about are zero-day vulnerabilities, you have got things pretty well sorted. Although it… https://www.virusbulletin.com/blog/2014/10/cve-2012-0158-continues-be-used-targeted-attacks/

VB2014 preview: keynote and closing panel

Vulnerability disclosure one of the hottest issues in security.
Vulnerability disclosure one of the hottest issues in security. In the proceedings of the 24th Virus Bulletin conference, the words 'vulnerabilty' and 'vulnerabilities' occur more… https://www.virusbulletin.com/blog/2014/09/preview-keynote-and-closing-panel/

VB2014 preview: The three levels of exploit testing

Richard Ford and Marco Carvalho present an idea for how to test products that claim to detect the unknown.
Richard Ford and Marco Carvalho present an idea for how to test products that claim to detect the unknown.In the weeks running up to VB2014 (the 24th Virus Bulletin International… https://www.virusbulletin.com/blog/2014/09/preview-three-levels-exploit-testing/

Google's Project Zero to hunt for zero-days

Bugs to be reported to the vendor only, and to become public once patched.
Bugs to be reported to the vendor only, and to become public once patched.Google has created a new team, called Project Zero, whose task is to find vulnerabilities in any kind of… https://www.virusbulletin.com/blog/2014/07/google-s-project-zero-hunt-zero-days/

A week of Heartbleed

OpenSSL vulnerability has kept the security community busy.
OpenSSL vulnerability has kept the security community busy. The 'Heartbleed' vulnerability has kept everyone on their toes over the last week or so - hitting the mainstream media,… https://www.virusbulletin.com/blog/2014/04/week-heartbleed/

OpenSSL vulnerability lets attackers quietly steal servers' private keys

Security firm advises regenerating keys and replacing certificates on vulnerable servers.
Security firm advises regenerating keys and replacing certificates on vulnerable servers. A very serious vulnerability in OpenSSL has caused panic among network administrators:… https://www.virusbulletin.com/blog/2014/04/openssl-vulnerability-lets-attackers-quietly-steal-servers-private-keys/

Privilege escalation vulnerability targets Windows XP and Server 2003

Vulnerability being used in the wild in combination with exploit of patched Adobe Reader vulnerability.
Vulnerability being used in the wild in combination with exploit of patched Adobe Reader vulnerability. Researchers at FireEye have discovered a new privilege escalation… https://www.virusbulletin.com/blog/2013/11/privilege-escalation-vulnerability-targets-windows-xp-and-server-2003/

Good and bad news for victims of targeted attacks against Microsoft products

Bug bounty program extended; TIFF zero-day used in the wild.
Bug bounty program extended; TIFF zero-day used in the wild. This week, Microsoft has good news and bad news for those targeted by zero-day exploits in its products. The bad… https://www.virusbulletin.com/blog/2013/11/good-and-bad-news-victims-targeted-attacks-against-microsoft-products/

Ruby on Rails vulnerability exploited in the wild

Code executed on web servers to cause them to join IRC botnet.
Code executed on web servers to cause them to join IRC botnet. A critical vulnerability in Ruby on Rails is currently being exploited to make web servers join an IRC botnet, Ars… https://www.virusbulletin.com/blog/2013/05/ruby-rails-vulnerability-exploited-wild/

Microsoft offers fix-it for IE 8 zero-day

CVE-2013-1347 used in watering hole attacks.
CVE-2013-1347 used in watering hole attacks. Following this weekend's discovery of a new zero-day vulnerability in version 8 of Microsoft's Internet Explorer browser, the company… https://www.virusbulletin.com/blog/2013/05/microsoft-offers-fix-it-ie-8-zero-day/

Vulnerabilities could trigger payload in emails upon receiving or opening

Flaws in IBM Notes and Exim/Dovecot easy to mitigate.
Flaws in IBM Notes and Exim/Dovecot easy to mitigate. Two recently discovered vulnerabilities in mail processing software could give an attacker access to a targeted system without… https://www.virusbulletin.com/blog/2013/05/vulnerabilities-could-trigger-payload-emails-upon-receiving-or-opening/

Avast launches bug bounty programme

Security firm offers reward for info on bugs.
Security firm offers reward for info on bugs. Security firm Avast Software, producer of the popular avast! free anti-virus solution, has announced a bug bounty programme to… https://www.virusbulletin.com/blog/2013/01/avast-launches-bug-bounty-programme/

Do we need stronger email addresses?

Skype vulnerability allowed for account hijacking using only email address.
Skype vulnerability allowed for account hijacking using only email address. A worryingly trivial vulnerability in VoIP service Skype became public this morning, which allowed… https://www.virusbulletin.com/blog/2012/11/do-we-need-stronger-email-addresses/

Microsoft releases advisory offering workarounds for IE vulnerability

German government advises users to use alternative browser.
German government advises users to use alternative browser.Microsoft has released a security advisory to address the zero-day vulnerability in its Internet Explorer browser that we… https://www.virusbulletin.com/blog/2012/09/microsoft-releases-advisory-offering-workarounds-ie-vulnerability/

Internet Explorer zero-day used in the wild

Dropped PoisonIvy trojan linked to 'Nitro' attacks.
Dropped PoisonIvy trojan linked to 'Nitro' attacks. Security researcher Eric Romang has discovered a new zero-day vulnerability in Internet Explorer that is currently being used in… https://www.virusbulletin.com/blog/2012/09/internet-explorer-zero-day-used-wild/

From spear phishing to watering holes

Symantec reports increase in 'watering hole attacks'.
Symantec reports increase in 'watering hole attacks'. Imagine that for some reason you wanted to gain access to my computer. One thing you could do is send me an email with some… https://www.virusbulletin.com/blog/2012/09/spear-phishing-watering-holes/

Vulnerability turns McAfee's anti-malware solution into open relay

Flaw allows for spam to be sent through customers' PCs.
Flaw allows for spam to be sent through customers' PCs. A vulnerability discovered in McAfee's SaaS for Total Protection, the company's hosted anti-malware solution, effectively… https://www.virusbulletin.com/blog/2012/01/vulnerability-turns-mcafee-s-anti-malware-solution-open-relay/

« Previous 1234567 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.