VB Blog

We need to continue the debate on the ethics and perils of publishing security research

Posted by   Martijn Grooten on   Feb 9, 2018

An article by security researcher Collin Anderson reopens the debate on whether publishing threat analyses is always in the public interest.

Read more  

WordPress users urged to manually update to fix bug that prevents automatic updating

Posted by   Martijn Grooten on   Feb 8, 2018

Users of the popular WordPress content management system are urged to manually update their installation to version 4.9.4, as a bug in the previous version broke the ability to automatically install updates.

Read more  

New paper: A review of the evolution of Andromeda over the years

Posted by   Martijn Grooten on   Feb 7, 2018

The Andromeda botnet (aka Gamarue or Wauchos) has plagued Internet users for more than half a decade but, following a takedown effort and the arrest of the suspected botnet owner in December 2017, it is likely we have seen the end of it. In a new paper by Fortinet researchers Bahare Sabouri and He Xu, we look back at the evolution of Andromeda from version 2.06 to 2.10 and demonstrate both how it improved its loader to evade automatic analysis/detection and how the payload varied among the different versions.

Read more  

There is no evidence in-the-wild malware is using Meltdown or Spectre

Posted by   Martijn Grooten on   Feb 2, 2018

Reports of malware using the Meltdown or Spectre attacks are likely based on proof-of-concept code rather than files written for a malicious purpose.

Read more  

Throwback Thursday: Malware taking a bit(coin) more than we bargained for

Posted by   Martijn Grooten on   Feb 1, 2018

This Throwback Thursday, we republish the VB2012 paper by Microsoft researcher Amir Fouda, one of the earliest papers to look at malware targeting Bitcoin.

Read more  

First time speaker? Don't be afraid of submitting to the VB2018 CFP

Posted by   Martijn Grooten on   Jan 31, 2018

We especially encourage those less experienced in speaking in public to submit to the call for papers for VB2018, where we aim to provide a friendly and welcoming environment in which people can both present their own research and learn from what others have been working on.

Read more  

VB2017 paper: VirusTotal tips, tricks and myths

Posted by   Martijn Grooten on   Jan 25, 2018

At VB2017 in Madrid, security researcher Randy Abrams presented an overview of the VirusTotal service and then went on to bust several of the persistent myths that surround it. Today we publish both Randy's paper and the recording of his presentation.

Read more  

Healthcare CERTs highlight the need for security guidance for specific sectors

Posted by   Martijn Grooten on   Jan 24, 2018

A new computer emergency response team has been launched in the Netherlands to provide guidance specifically tailored to the healthcare sector. Martijn Grooten welcomes the development.

Read more  

VB2018 call for papers now open!

Posted by   Martijn Grooten on   Jan 23, 2018

Have you analysed a new online threat? Do you know a new way to defend against such threats? Are you tasked with securing systems and fending off attacks? The call for papers for VB2018 is now open and we want to hear from you!

Read more  

Book review: Serious Cryptography

Posted by   Martijn Grooten on   Jan 22, 2018

VB Editor Martijn Grooten recommends Jean-Philippe Aumasson's 'Serious Cryptography' as a very solid but practically focused introduction to cryptography.

Read more  
Previous1...2425262728...215Next

Search blog

VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale

At VB2017 in Madrid, Cisco Umbrella (OpenDNS) researchers Dhia Mahjoub and David Rodriguez presented a new approach to detecting infected machines using graphs to detect botnet traffic at scale. Today we publish both Dhia and David's paper and the recordi…
Malicious Internet traffic, such as botnet C&C traffic, is easily recognized if it uses known bad domain names, or known bad IP addresses. This is why botnets constantly change… https://www.virusbulletin.com/blog/2017/11/vb2017-paper-beyond-lexical-and-pdns-using-signals-graphs-uncover-online-threats-scale/

Firefox 59 to make it a lot harder to use data URIs in phishing attacks

Firefox developer Mozilla has announced that, as of version 59 of the browser, many kinds of data URIs, which provide a way to create "domainless web content", will not be rendered in the browser, thus making this trick - used in various phishing campaign…
While a domain name is really just a short string, this string comes with a large amount of implicit metadata: the registration date; the IP address(es) the domain currently… https://www.virusbulletin.com/blog/2017/11/firefox-59-make-it-lot-harder-use-data-uris-phishing-attacks/

Standalone product test: FireEye Endpoint

Virus Bulletin ran a standalone test on FireEye's Endpoint Security solution.
FireEye is well known within the security community, both for its advanced protection products and for its regular research reports. Recently, the company launched a new version… https://www.virusbulletin.com/blog/2017/11/standaline-test-fireeye-endpoint/

VB2017 video: Consequences of bad security in health care

Jelena Milosevic, a nurse with a passion for IT security, is uniquely placed to witness poor security practices in the health care sector, and to fully understand the consequences. Today, we publish the recording of a presentation given by Jelena at VB201…
"You are probably asking yourselves what a nurse is doing at a cybersecurity conference. Trust me, my colleagues are even more surprised, because they truly believe that hospitals… https://www.virusbulletin.com/blog/2017/11/vb2017-video-consequences-bad-security-health-care/

Vulnerabilities play only a tiny role in the security risks that come with mobile phones

Both bad news (all devices were pwnd) and good news (pwning is increasingly difficult) came from the most recent mobile Pwn2Own competition. But the practical security risks that come with using mobile phones have little to do with vulnerabilities.
Last week saw yet another successful edition of Mobile Pwn2Own, the contest in which participants are challenged to attack fully patched mobile devices using previously unknown… https://www.virusbulletin.com/blog/2017/11/vulnerabilities-play-only-tiny-role-security-risks-come-mobile-phones/

VB2017 paper: The (testing) world turned upside down

At VB2017 in Madrid, industry veteran and ESET Senior Research Fellow David Harley presented a paper on the state of security software testing. Today we publish David's paper in both HTML and PDF format.
Few subjects are as hotly debated within the security community as the testing of security software. Virus Bulletin has been at the core of many of these debates, both as a… https://www.virusbulletin.com/blog/2017/11/vb2017-paper-testing-world-turned-upside-down/

VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel

Trickbot, a banking trojan which appeared this year, seems to be a new, more modular, and more extensible malware descendant of the notorious Dyre botnet trojan. At VB2017, Symantec researcher Andrew Brandt presented a walkthrough of a typical Trickbot in…
Trickbot, first reported a year ago by Malwarebytes researcher Jérôme Segura as the successor of Dyre/Dyreza, has become perhaps the most important banking trojan of 2017. It is… https://www.virusbulletin.com/blog/2017/11/vb2017-video-turning-trickbot-decoding-encrypted-command-and-control-channel/

November

https://www.virusbulletin.com/blog/2017/11/

Paper: FAME - Friendly Malware Analysis Framework

Today, we publish a short paper in which CERT Société Générale presents FAME, its open source malware analysis framework.
As someone who spends most of his time talking to people who work for security vendors, I am always impressed by the amount of security research that takes place in the real… https://www.virusbulletin.com/blog/2017/11/paper-fame-friendly-malware-analysis-framework/

Ebury and Mayhem server malware families still active

Ebury and Mayhem, two families of Linux server malware, about which VB published papers back in 2014, are still active and have received recent updates.
Whether it is to send spam or to redirect web traffic to malicious payloads, compromised (Linux) web servers are the glue in many a malware campaign. Two such networks of… https://www.virusbulletin.com/blog/2017/10/ebury-and-mayhem-server-malware-families-still-active/

VB2017 paper: Crypton - exposing malware's deepest secrets

Crypton, a tool developed by F5 Networks researchers Julia Karpin and Anna Dorfman, aims to speed up the reverse engineering process by decrypting encrypted content found in a (malicious) binary. The researchers described the tool in a paper which they pr…
Computer scientists are notorious for a specific kind of laziness: the kind of laziness that makes them work really hard in order to avoid some other, often more boring, hard… https://www.virusbulletin.com/blog/2017/10/vb2017-paper/

VB2017 paper: The sprawling market of consumer spyware

For many people, the threat of an abusive partner or ex-partner is very real - and the market for consumer spyware worryingly large. Today, we publish the recording of a presentation on the subject of consumer spyware given at VB2017 by The Daily Beast re…
Nation states, criminals and bored teenagers are the various kinds of adversaries the security community is used to facing, and they are all well understood. There is one type of… https://www.virusbulletin.com/blog/2017/10/vb2017-paper-sprawling-market-consumer-spyware/

Gábor Szappanos wins fourth Péter Szőr Award

At the VB2017 gala dinner, the fourth Péter Szőr Award was presented to Sophos researcher Gábor Szappanos for his paper "AKBuilder – the crowdsourced exploit kit".
Every year, during the Virus Bulletin Conference gala dinner, we celebrate the life and works of Péter Szőr, the brilliant security researcher who passed away so sadly in 2013. We… https://www.virusbulletin.com/blog/2017/10/gabor-szappanos-wins-fourth-peter-szor-award/

VB2017 paper: Walking in your enemy's shadow: when fourth-party collection becomes attribution hell

We publish the VB2017 paper and video by Kaspersky Lab researchers Juan Andres Guerrero-Saade and Costin Raiu, in which they look at fourth-party collection (spies spying on other spies' campaigns) and its implications for attribution.
Of all the possible targets for digital spies, there is one particularly attractive target that doesn't get a lot of attention: that of other espionage campaigns. Yet this kind… https://www.virusbulletin.com/blog/2017/10/vb2017-paper-walking-your-enemys-shadow-when-fourth-party-collection-becomes-attribution-hell/

Didn't come to VB2017? Tell us why!

Virus Bulletin is a company - and a conference - with a mission: to further the research in and facilitate the fight against digital threats. To help us in this mission, we want to hear from those who didn't come to Madrid. What is your impression of the …
Last week, hundreds of security researchers from around the world gathered in Madrid for VB2017, the 27th Virus Bulletin International Conference.     Every year, we… https://www.virusbulletin.com/blog/2017/10/didnt-come-vb2017-tell-us-why/

Montreal will host VB2018

Last week, we announced the full details of VB2018, which will take place 3-5 October 2018 at the Fairmont The Queen Elizabeth hotel in Montreal, Quebec, Canada.
Last week, at the end of the very successful 27th Virus Bulletin conference, we announced the location for VB2018, the 28th Virus Bulletin conference, which will take place 3 to 5… https://www.virusbulletin.com/blog/2017/10/montreal-announced-location-vb2018/

VB2017 preview: Beyond lexical and PDNS (guest blog)

In a special guest blog post, VB2017 Silver sponsor Cisco Umbrella writes about a paper that researchers Dhia Mahjoub and David Rodriguez will present at the conference this Friday.
In this special guest blog post, VB2017 Silver sponsor Cisco Umbrella writes about a paper that researchers Dhia Mahjoub and David Rodriguez will present at the conference this… https://www.virusbulletin.com/blog/2017/10/vb2017-preview-beyond-lexical-and-pdns-guest-blog/

Avast to present technical details of CCleaner hack at VB2017

The recently discovered malicious CCleaner version has become one of the biggest security stories of 2017. Two researchers from Avast, the company that had recently acquired CCleaner developer Piriform, will share the results of their investigations at VB…
The recently discovered malicious CCleaner version has become one of the biggest security stories of 2017. It is the story of a mysterious attacker who managed to put a backdoor… https://www.virusbulletin.com/blog/2017/10/avast-present-technical-details-ccleaner-hack-vb2017/

VB2017 preview: Walking in your enemy's shadow: when fourth-party collection becomes attribution hell

We preview the VB2017 paper by Kaspersky Lab researchers Juan Andrés Guerrero-Saade and Costin Raiu on fourth-party collection and its implications for attack attribution.
"We heard you like popping boxes, so we popped your box so we can watch while you watch" Two years ago, Juan Andrés Guerrero-Saade of Kaspersky Lab's GReAT team gave a… https://www.virusbulletin.com/blog/2017/10/vb2017-preview-walking-your-enemys-shadow-when-fourth-party-collection-becomes-attribution-hell/

October

https://www.virusbulletin.com/blog/2017/10/

« Previous 1...1617181920...121 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.