VB Blog

Vulnerability disclosure and botnet takedown not to be hindered by Wassenaar Arrangement

Posted by   Martijn Grooten on   Dec 19, 2017

Clarification in the language of the Wassenaar Arrangement, a multilateral export control regime for conventional arms and dual-use goods and technologies, means those involved in vulnerability disclosure or botnet takedown won't have to worry about acquiring an export licence.

Read more  

VB2017 paper: Nine circles of Cerber

Posted by   Martijn Grooten on   Dec 15, 2017

Cerber is one of the major names in the world of ransomware, and last year, Check Point released a decryption service for the malware. Today, we publish a VB2017 paper by Check Point's Stanislav Skuratovich describing how the Cerber decryption tool worked; we have also uploaded the video of the presentation of this paper, by Or Eshed and Yaniv Balmas.

Read more  

Attack on Fox-IT shows how a DNS hijack can break multiple layers of security

Posted by   Martijn Grooten on   Dec 14, 2017

Dutch security firm Fox-IT deserves praise for being open about an attack on its client network. There are some important lessons to be learned about DNS security from its post-mortem.

Read more  

Throwback Thursday: BGP - from route hijacking to RPKI: how vulnerable is the Internet?

Posted by   Martijn Grooten on   Dec 14, 2017

For this week's Throwback Thursday, we look back at the video of a talk Level 3's Mike Benjamin gave at VB2016 in Denver, on BGP and BGP hijacks.

Read more  

Security Planner gives security advice based on your threat model

Posted by   Martijn Grooten on   Dec 13, 2017

Citizen Lab's Security Planner helps you improve your online safety, based on the specific threats you are facing.

Read more  

VB2017 video: Spora: the saga continues a.k.a. how to ruin your research in a week

Posted by   Martijn Grooten on   Dec 11, 2017

Today, we publish the video of the VB2017 presentation by Avast researcher Jakub Kroustek and his former colleague Előd Kironský, now at ESET, who told the story of Spora, one of of the most prominent ransomware families of 2017.

Read more  

VB2017 paper: Modern reconnaissance phase on APT – protection layer

Posted by   Martijn Grooten on   Dec 7, 2017

During recent research, Cisco Talos researchers observed the ways in which APT actors are evolving and how a reconnaissance phase is included in the infection vector in order to protect valuable zero-day exploits or malware frameworks. At VB2017 in Madrid, two of those researchers, Paul Rascagneres and Warren Mercer, presented a paper detailing five case studies that demonstrate how the infection vector is evolving. Today we publish both Paul and Warren's paper and the recording of their presentation.

Read more  

VB2017 paper: Peering into spam botnets

Posted by   Martijn Grooten on   Dec 1, 2017

At VB2017 in Madrid, CERT Poland researchers Maciej Kotowicz and Jarosław Jedynak presented a paper detailing their low-level analysis of five spam botnets. Today we publish their full paper.

Read more  

Throwback Thursday: Anti-malware testing undercover

Posted by   Martijn Grooten on   Nov 30, 2017

We look back at the VB2016 presentation by Righard Zwienenberg (ESET) and Luis Corrons (Panda Security), in which they discussed various issues relating to anti-malware testing.

Read more  

Virus Bulletin relaunches VB Security Jobs Market for both employers and job seekers

Posted by   Martijn Grooten on   Nov 30, 2017

As an independent body in the IT security industry, Virus Bulletin is in an ideal position to act as a global source of information both about jobs currently available in the field and about those candidates currently seeking to start or progress their career in the industry - which is why we have relaunched the VB Security Jobs Market.

Read more  
Previous1...2627282930...215Next

Search blog

June

https://www.virusbulletin.com/blog/2017/06/

Virus Bulletin to sponsor BSides London

Virus Bulletin is proud to be a Silver sponsor of BSides London next week; we look forward to the event and to meeting many security professionals.
When VB'91, the inaugural Virus Bulletin conference, took place (in 1991), there were few security conferences on the scene and there were more virus researchers than computer… https://www.virusbulletin.com/blog/2017/06/virus-bulletin-sponsor-bsides-london/

VB2016 video: Last-minute paper: Malicious proxy auto-configs: an easy way to harvest banking credentials

In a VB2016 last-minute presentation, Jaromír Horejší and Jan Širmer looked at Retefe, a trojan that has targeted banks in several European countries and used malicious proxy auto-config filesto redirect users' traffic to a server controlled by the attack…
"Much media attention is given to imminent and visible threats, like ransomware. Other threats remain under the radar and often go unnoticed." This part of Jaromír Horejší and Jan… https://www.virusbulletin.com/blog/2017/may/vb2016-video-last-minute-paper-malicious-proxy-auto-configs-easy-way-harvest-banking-credentials/

WannaCry shows we need to understand why organizations don't patch

Perhaps the question we should be asking about WannaCry is not "why do so many organizations allow unpatched machines to exist on their networks?" but "why doesn't patching work reasonably well most of the time?"
For the past few days, the world of Infosec on Twitter has tried to find as many ways as possible of saying "we told you so". To be fair, it's true – we did tell you so: for… https://www.virusbulletin.com/blog/2017/may/wannacry-shows-we-need-understand-why-organisations-dont-patch/

Modern security software is not necessarily powerless against threats like WannaCry

The WannaCry ransomware has affected many organisations around the world, making it probably the worst and most damaging of its kind. But modern security is not necessarily powerless against such threats.
We have become used to the idea of cybersecurity stories sometimes making the mainstream news, but the UK's newspapers across the spectrum, from broadsheets to tabloids, all… https://www.virusbulletin.com/blog/2017/may/modern-security-software-not-powerless-against-threats-wannacry/

Throwback Thursday: CARO: A personal view

This week sees the 11th International CARO Workshop taking place in Krakow, Poland – a prestigious annual meeting of anti-malware and security experts. As a founding member of CARO, Fridrik Skulason was well placed, in August 1994, to shed some light on t…
This week sees the 11th International CARO Workshop taking place in Krakow, Poland – a prestigious annual meeting of anti-malware and security experts which, this year, is themed… https://www.virusbulletin.com/blog/2017/may/throwback-thursday-caro-personal-view/

VB2016 paper: Uncovering the secrets of malvertising

Malicious advertising, a.k.a. malvertising, has evolved tremendously over the past few years to take a central place in some of today’s largest web-based attacks. It is by far the tool of choice for attackers to reach the masses but also to target them wi…
In his VB2014 paper, Bromium researcher Vadim Kotov sketched the possibilities for malicious actors to use web ads to spread exploit kits. Unsurprisingly, malicious actors also… https://www.virusbulletin.com/blog/2017/may/vb2016-paper-uncovering-secrets-malvertising/

Throwback Thursday: Tools of the DDoS Trade

As DDoS attacks become costlier to fix and continue to increase in both number and diversity, we turn back the clock to 2000, when Aleksander Czarnowski took a look at the DDoS tools of the day.
According to a recent report by analytics firm Neustar (summarized in a Threatpost blog post here), DDoS attacks are on the increase, are taking longer to detect, and are costing… https://www.virusbulletin.com/blog/2017/may/throwback-thursday-tools-ddos-trade/

May

https://www.virusbulletin.com/blog/2017/may/

VB2016 paper: Building a local passiveDNS capability for malware incident response

At VB2016, Splunk researchers Kathy Wang and Steve Brant presented a Splunk app that can be used to locally collect passive DNS data. A recording of their presentation is now available to view on our YouTube channel.
Anyone who has ever investigated a malware or phishing attack will know the feeling: "if only I could find out what IP address this domain pointed to when the attack took place".… https://www.virusbulletin.com/blog/2017/may/vb2016-paper-building-local-passivedns-capabilityfor-malware-incident-response/

VB2016 video: Last-minute paper: A malicious OS X cocktail served from a tainted bottle

In a VB2016 last-minute presentation, ESET researchers Peter Kalnai and Martin Jirkal looked at the OS X malware threats KeRanger and Keydnap, that both spread through a compromised BitTorrent client. A recording of their presentation is now available to …
Though nowhere near as exotic as it was a few years ago, malware for OS X continues to attract researchers' attention. This was certainly the case for the KeyRanger ransomware and… https://www.virusbulletin.com/blog/2017/04/vb2016-video-last-minute-paper-malicious-os-x-cocktail-served-tainted-bottle/

Consumer spyware: a serious threat with a different threat model

Consumer spyware is a growing issue and one that can have serious consequences: its use is increasingly common in domestic violence. But do our threat models consider the attacker with physical access to, and inside knowledge of the victim?
We all know the risks of having a device infected with malware: an anonymous adversary far away can encrypt your files and hold them to ransom; they can steal your personal data… https://www.virusbulletin.com/blog/2017/04/consumer-spyware-serious-threat-different-threat-model/

VB2016 paper: Debugging and monitoring malware network activities with Haka

In their VB2016 paper, Stormshield researchers Benoît Ancel and Mehdi Talbi introduced Haka, an open-source language to monitor, debug and control malicious network traffic. Both their paper and the video recording of their presentation are now available …
Anyone who has ever analysed malware through its network communications will knows that this often involves ad-hoc scripts in languages like Python or Perl to decode the traffic.… https://www.virusbulletin.com/blog/2017/04/vb2016-paper-debugging-and-monitoring-malware-network-activities-haka/

VB2017: a wide ranging and international conference programme

We are proud to announce a very broad and very international programme for VB2017, which will take place in Madrid, 4-6 October 2017.
Packets don't do borders, which makes computer security a very global problem and one that can only be tackled if we work together. For 26 years, the Virus Bulletin conference has… https://www.virusbulletin.com/blog/2017/04/vb2017-very-international-conference-programme/

April

Index of blog posts published in April 2017.
https://www.virusbulletin.com/blog/2017/04/

John Graham-Cumming and Brian Honan to deliver keynote addresses at VB2017

Virus Bulletin is excited to announce John-Graham Cumming and Brian Honan as the two keynote speakers for VB2017 in Madrid.
Later this week, we'll be announcing the programme for VB2017, the 27th Virus Bulletin International Conference - a programme that we think is the best yet, and about which we are… https://www.virusbulletin.com/blog/2017/04/john-graham-cumming-and-brian-honan-deliver-keynote-addresses-vb2017/

Virus Bulletin says a fond farewell to John Hawes

As VB's COO John Hawes moves on to new challenges, the team wish him a fond farewell and good luck in his future endeavours.
Ten years ago, when I joined the very small Virus Bulletin team, the risk of computer viruses accidentally spreading to millions of PCs was still considered very real. Hence my… https://www.virusbulletin.com/blog/2017/03/virus-bulletin-says-fond-farewell-john-hawes/

VB2016 paper: One-Click Fileless Infection

Symantec researchers Himanshu Anand and Chastine Menrige explain how a single click can lead to a compromised machine, without malware ever being stored on disk.
Over the last few years, we have seen a sharp increase in 'fileless' infections, where a machine is compromised without a malicious file ever being written to disk. Though not… https://www.virusbulletin.com/blog/2017/03/vb2016-paper-one-click-fileless-infection/

Mostly blocked, but still good enough: Necurs sending pump-and-dump spam

The Necurs botnet has started sending pump-and-dump spam. Almost all of these emails are blocked by spam filters, yet the stock price still increased.
Over the past few days, the Necurs spam botnet has increased its activity, sending large amounts of pump-and-dump spam, in which a cheap stock is pushed with the aim of making a… https://www.virusbulletin.com/blog/2017/03/mostly-blocked-still-good-enough-necurs-sending-pump-and-dump-spam/

Why the SHA-1 collision means you should stop using the algorithm

Realistically speaking, if your software or system uses the SHA-1 hashing algorithm, it is unlikely that it will be exploited in the foreseeable future. But it is also extremely difficult to be certain that your system won't be the exception.
Unexpected though it may have been, the SHA-1 collision found by researchers at CWI Amsterdam and Google earlier this year is one of the biggest security stories of 2017 thus far.… https://www.virusbulletin.com/blog/2017/03/why-sha-1-collision-means-you-should-stop-using-algorithm/

« Previous 1...2021222324...121 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.