VB Blog

Throwback Thursday: What DDoS it all Mean?

Posted by   Virus Bulletin on   Nov 12, 2015

This Throwback Thursday, we turn the clock back to March 2000, when DDoS attacks were a newly emerging menace.

Read more  

The Internet of Bad Things, Observed

Posted by   Virus Bulletin on   Nov 10, 2015

In his VB2015 keynote address, Ross Anderson described attacks against EMV cards.

Read more  

Throwback Thursday: Inside Sony's rootkit

Posted by   Virus Bulletin on   Nov 5, 2015

This Throwback Thursday, we turn the clock back ten years, when the discovery of a rootkit ignited a firestorm of criticism for Sony.

Read more  

Full house in VB's latest spam filter test

Posted by   Virus Bulletin on   Nov 5, 2015

All participating full solutions earn VBSpam certification, while little delay is observed in spam filters.

Read more  

Paper: Shifu — the rise of a self-destructive banking trojan

Posted by   Virus Bulletin on   Nov 3, 2015

Thorough analysis of this new kid on the malware block.

Read more  

Hack.lu 2015

Posted by   Virus Bulletin on   Nov 2, 2015

Great research presented in a stimulating environment.

Read more  

Throwback Thursday: Memetic Mass Mailers: Time to Classify Hoaxes as Malware?

Posted by   Virus Bulletin on   Oct 29, 2015

This Throwback Thursday, we turn the clock back to July 2002, when virus hoaxes were wreaking havoc in homes and organizations worldwide.

Read more  

Throwback Thursday: The real virus problem

Posted by   Virus Bulletin on   Oct 15, 2015

Anti-virus and security related articles provided by independent anti-virus advisors, Virus Bulletin

Read more  

Paper: MWI-5: Operation HawkEye

Posted by   Virus Bulletin on   Oct 14, 2015

Gabor Szappanos looks at how macro malware campaigns spread a commercial keylogger to harvest banking details.

Read more  

Throwback Thursday: Misguided or malevolent? New trends in virus writing

Posted by   Virus Bulletin on   Oct 8, 2015

This Throwback Thursday, we turn the clock back to February 2004 when Stuart Taylor wondered whether there was truly a criminal element entering virus writing.

Read more  
Previous1...4849505152...215Next

Search blog

Adobe issues patch for yet another Flash Player zero-day

CVE-2015-0313 used in the wild as long ago as December.
CVE-2015-0313 used in the wild as long ago as December. Adobe has just issued an out-of-band patch for its Flash Player to fix a zero-day vulnerability that is actively being… https://www.virusbulletin.com/blog/2015/02/adobe-issues-patch-yet-another-flash-player-zero-day/

Linux systems affected by 'GHOST' vulnerability

Proof-of-concept email gives remote access to Exim mail server.
Proof-of-concept email gives remote access to Exim mail server. If you administer Linux-based systems, you'd better schedule some time for patching, as a serious buffer overflow… https://www.virusbulletin.com/blog/2015/01/linux-systems-affected-ghost-vulnerability/

Microsoft no longer publishes advance notifications for its Patch Tuesdays

Company unhappy with Google going full disclosure on privilege escalation vulnerability.
Company unhappy with Google going full disclosure on privilege escalation vulnerability. Tomorrow is the second Tuesday of the month and, as most people reading this blog will… https://www.virusbulletin.com/blog/2015/01/microsoft-no-longer-publishes-advance-notifications-its-patch-tuesdays/

CVE-2012-0158 continues to be used in targeted attacks

30-month old vulnerability still a popular way to infect systems.
30-month old vulnerability still a popular way to infect systems. If all you have to worry about are zero-day vulnerabilities, you have got things pretty well sorted. Although it… https://www.virusbulletin.com/blog/2014/10/cve-2012-0158-continues-be-used-targeted-attacks/

VB2014 preview: keynote and closing panel

Vulnerability disclosure one of the hottest issues in security.
Vulnerability disclosure one of the hottest issues in security. In the proceedings of the 24th Virus Bulletin conference, the words 'vulnerabilty' and 'vulnerabilities' occur more… https://www.virusbulletin.com/blog/2014/09/preview-keynote-and-closing-panel/

VB2014 preview: The three levels of exploit testing

Richard Ford and Marco Carvalho present an idea for how to test products that claim to detect the unknown.
Richard Ford and Marco Carvalho present an idea for how to test products that claim to detect the unknown.In the weeks running up to VB2014 (the 24th Virus Bulletin International… https://www.virusbulletin.com/blog/2014/09/preview-three-levels-exploit-testing/

Google's Project Zero to hunt for zero-days

Bugs to be reported to the vendor only, and to become public once patched.
Bugs to be reported to the vendor only, and to become public once patched.Google has created a new team, called Project Zero, whose task is to find vulnerabilities in any kind of… https://www.virusbulletin.com/blog/2014/07/google-s-project-zero-hunt-zero-days/

A week of Heartbleed

OpenSSL vulnerability has kept the security community busy.
OpenSSL vulnerability has kept the security community busy. The 'Heartbleed' vulnerability has kept everyone on their toes over the last week or so - hitting the mainstream media,… https://www.virusbulletin.com/blog/2014/04/week-heartbleed/

OpenSSL vulnerability lets attackers quietly steal servers' private keys

Security firm advises regenerating keys and replacing certificates on vulnerable servers.
Security firm advises regenerating keys and replacing certificates on vulnerable servers. A very serious vulnerability in OpenSSL has caused panic among network administrators:… https://www.virusbulletin.com/blog/2014/04/openssl-vulnerability-lets-attackers-quietly-steal-servers-private-keys/

Privilege escalation vulnerability targets Windows XP and Server 2003

Vulnerability being used in the wild in combination with exploit of patched Adobe Reader vulnerability.
Vulnerability being used in the wild in combination with exploit of patched Adobe Reader vulnerability. Researchers at FireEye have discovered a new privilege escalation… https://www.virusbulletin.com/blog/2013/11/privilege-escalation-vulnerability-targets-windows-xp-and-server-2003/

Good and bad news for victims of targeted attacks against Microsoft products

Bug bounty program extended; TIFF zero-day used in the wild.
Bug bounty program extended; TIFF zero-day used in the wild. This week, Microsoft has good news and bad news for those targeted by zero-day exploits in its products. The bad… https://www.virusbulletin.com/blog/2013/11/good-and-bad-news-victims-targeted-attacks-against-microsoft-products/

Ruby on Rails vulnerability exploited in the wild

Code executed on web servers to cause them to join IRC botnet.
Code executed on web servers to cause them to join IRC botnet. A critical vulnerability in Ruby on Rails is currently being exploited to make web servers join an IRC botnet, Ars… https://www.virusbulletin.com/blog/2013/05/ruby-rails-vulnerability-exploited-wild/

Microsoft offers fix-it for IE 8 zero-day

CVE-2013-1347 used in watering hole attacks.
CVE-2013-1347 used in watering hole attacks. Following this weekend's discovery of a new zero-day vulnerability in version 8 of Microsoft's Internet Explorer browser, the company… https://www.virusbulletin.com/blog/2013/05/microsoft-offers-fix-it-ie-8-zero-day/

Vulnerabilities could trigger payload in emails upon receiving or opening

Flaws in IBM Notes and Exim/Dovecot easy to mitigate.
Flaws in IBM Notes and Exim/Dovecot easy to mitigate. Two recently discovered vulnerabilities in mail processing software could give an attacker access to a targeted system without… https://www.virusbulletin.com/blog/2013/05/vulnerabilities-could-trigger-payload-emails-upon-receiving-or-opening/

Avast launches bug bounty programme

Security firm offers reward for info on bugs.
Security firm offers reward for info on bugs. Security firm Avast Software, producer of the popular avast! free anti-virus solution, has announced a bug bounty programme to… https://www.virusbulletin.com/blog/2013/01/avast-launches-bug-bounty-programme/

Do we need stronger email addresses?

Skype vulnerability allowed for account hijacking using only email address.
Skype vulnerability allowed for account hijacking using only email address. A worryingly trivial vulnerability in VoIP service Skype became public this morning, which allowed… https://www.virusbulletin.com/blog/2012/11/do-we-need-stronger-email-addresses/

Microsoft releases advisory offering workarounds for IE vulnerability

German government advises users to use alternative browser.
German government advises users to use alternative browser.Microsoft has released a security advisory to address the zero-day vulnerability in its Internet Explorer browser that we… https://www.virusbulletin.com/blog/2012/09/microsoft-releases-advisory-offering-workarounds-ie-vulnerability/

Internet Explorer zero-day used in the wild

Dropped PoisonIvy trojan linked to 'Nitro' attacks.
Dropped PoisonIvy trojan linked to 'Nitro' attacks. Security researcher Eric Romang has discovered a new zero-day vulnerability in Internet Explorer that is currently being used in… https://www.virusbulletin.com/blog/2012/09/internet-explorer-zero-day-used-wild/

From spear phishing to watering holes

Symantec reports increase in 'watering hole attacks'.
Symantec reports increase in 'watering hole attacks'. Imagine that for some reason you wanted to gain access to my computer. One thing you could do is send me an email with some… https://www.virusbulletin.com/blog/2012/09/spear-phishing-watering-holes/

Vulnerability turns McAfee's anti-malware solution into open relay

Flaw allows for spam to be sent through customers' PCs.
Flaw allows for spam to be sent through customers' PCs. A vulnerability discovered in McAfee's SaaS for Total Protection, the company's hosted anti-malware solution, effectively… https://www.virusbulletin.com/blog/2012/01/vulnerability-turns-mcafee-s-anti-malware-solution-open-relay/

« Previous 1234567 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.