VB Blog

VB2017 paper: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server

Posted by   Martijn Grooten on   Nov 29, 2017

At VB2017 in Madrid, macOS malware researcher Patrick Wardle presented the details of a specific piece of Mac malware, FruitFly, which he analysed through a custom C&C server - a technique that will also be of interest for researchers of malware on other platforms. Today we publish both Patrick's paper and the recording of his presentation.

Read more  

Tizi Android malware highlights the importance of security patches for high-risk users

Posted by   Martijn Grooten on   Nov 28, 2017

Researchers from Google have taken down 'Tizi', an Android malware family, that used nine already patched vulnerabilities to obtain root on infected devices.

Read more  

Virus Bulletin to attend AMTSO, AVAR and Botconf

Posted by   Martijn Grooten on   Nov 27, 2017

Next week, Virus Bulletin researchers will be attending the AMTSO meeting and AVAR conference in Beijing, China, as well as the 5th edition of the Botconf conference in Montpellier, France.

Read more  

VB2017 video: FinFisher: New techniques and infection vectors revealed

Posted by   Martijn Grooten on   Nov 24, 2017

Today, we publish the video of the VB2017 presentation by ESET researcher Filip Kafka, who looked at recent changes in the FinFisher government malware, including its infection vectors.

Read more  

Throwback Thursday: The beginning of the end(point): where we are now and where we'll be in five years

Posted by   Martijn Grooten on   Nov 23, 2017

We look back at the VB2016 presentation by Adrian Sanabria on the state of endpoint security, both now and in the future.

Read more  

VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale

Posted by   Martijn Grooten on   Nov 22, 2017

At VB2017 in Madrid, Cisco Umbrella (OpenDNS) researchers Dhia Mahjoub and David Rodriguez presented a new approach to detecting infected machines using graphs to detect botnet traffic at scale. Today we publish both Dhia and David's paper and the recording of their presentation.

Read more  

Firefox 59 to make it a lot harder to use data URIs in phishing attacks

Posted by   Martijn Grooten on   Nov 21, 2017

Firefox developer Mozilla has announced that, as of version 59 of the browser, many kinds of data URIs, which provide a way to create "domainless web content", will not be rendered in the browser, thus making this trick - used in various phishing campaigns - a lot less attractive.

Read more  

Standalone product test: FireEye Endpoint

Posted by   Martijn Grooten on   Nov 16, 2017

Virus Bulletin ran a standalone test on FireEye's Endpoint Security solution.

Read more  

VB2017 video: Consequences of bad security in health care

Posted by   Martijn Grooten on   Nov 13, 2017

Jelena Milosevic, a nurse with a passion for IT security, is uniquely placed to witness poor security practices in the health care sector, and to fully understand the consequences. Today, we publish the recording of a presentation given by Jelena at VB2017 in Madrid, in which she shared her inside view of security in hospitals.

Read more  

Vulnerabilities play only a tiny role in the security risks that come with mobile phones

Posted by   Martijn Grooten on   Nov 9, 2017

Both bad news (all devices were pwnd) and good news (pwning is increasingly difficult) came from the most recent mobile Pwn2Own competition. But the practical security risks that come with using mobile phones have little to do with vulnerabilities.

Read more  
Previous1...2728293031...215Next

Search blog

VB2017 preview: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server

We preview Patrick Wardle's VB2017 paper, in which the Synack researcher analyses the mysterious OSX/FruitFly malware by setting up a custom C&C server.
Apart from the odd taxi driver loudly making the claim, the idea that "Macs don't get malware" has become something of the past. Nevertheless, most security researchers focus on… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-offensive-malware-analysis-dissecting-osxfruitfly-custom-cc-server/

VB2017 - information for press

More than 50 security industry experts will present conference papers to their peers at VB2017 next week, and there are several papers on the programme with a certain newsworthiness. There is still time for cybersecurity journalists to apply for a press p…
Next week, security researchers from around the world will gather in Madrid for VB2017, the 27th International Virus Bulletin Conference. More than 50 security industry experts… https://www.virusbulletin.com/blog/2017/09/vb2017-information-press/

VB2017 preview: BPH exposed - RBN never left they just adapted and evolved. Did you?

We preview the VB2017 paper by Dhia Mahjoub (OpenDNS) and Jason Passwaters (Intel471) who combine an actor-centric and a network-centric approach to analysing bulletproof hosting operations.
Running a cybercriminal enterprise isn't all that easy. Try, for instance, setting up a site hosting malware and you'll find that sooner or later the provider will suspend your… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-bph-exposed-rbn-never-left-they-just-adapted-and-evolved-did-you/

Test your technical and mental limits in the VB2017 foosball tournament

As has become tradition, VB2017 will once again see a security industry table football tournament. Register your team now for some great fun and adrenaline-filled matches in between sessions in Madrid!
We all know the scenario. You're using multiple layers of defence, combined with a fast response time, to prevent a skilled attacker from reaching the goal. Or maybe you are that… https://www.virusbulletin.com/blog/2017/09/join-vb2017-foosball-tournament/

The case against running Windows XP is more subtle than we think it is

Greater Manchester Police is one of many organizations still running Windows XP on some of its systems. This is bad practice, but the case against running XP is far more subtle than we often pretend it is.
Greater Manchester Police has admitted to the BBC that some 1,500 of its PCs (20% of the total) are still running Windows XP, an operating system that was considered end-of-life… https://www.virusbulletin.com/blog/2017/09/case-against-running-windows-xp-more-subtle-we-think-it/

Hot FinSpy research completes VB2017 programme

Researchers from ESET have found a new way in which the FinSpy/FinFisher 'government spyware' can infect users, details of which they will present at VB2017 in Madrid.
The infamous FinSpy (or FinFisher) government spyware has managed to keep a low profile in recent years, though its use of two Microsoft zero-days (CVE-2017-0199 and… https://www.virusbulletin.com/blog/2017/09/hot-finspy-research-makes-vb2017-programme-complete/

Transparency is essential when monitoring your users' activities

Activity monitoring by security products in general, and HTTPS traffic inspection in particular, are sensitive issues in the security community. There is a time and a place for them, VB's Martijn Grooten argues, but only when they are done right.
The inspection of HTTPS traffic is a sensitive issue among security experts. On the one hand, there are those who argue that this breaks the important end-to-end principle of… https://www.virusbulletin.com/blog/2017/09/transparency-essential-when-monitoring-someone-elses-activities/

VB2017 preview: Android reverse engineering tools: not the usual suspects

We preview the VB2017 paper by Fortinet researcher Axelle Apvrille, in which she looks at some less obvious tools for reverse engineering Android malware.
Six years ago (coincidentally the last time the VB conference was held in Spain) saw the first VB conference paper presented on Android malware, which at that time was still an… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-android-reverse-engineering-tools-not-usual-suspects/

Malicious CCleaner update points to a major weakness in our infrastructure

Researchers from Cisco Talos have found that a recent version of the widely used CCleaner tool installed malware on the machine.
For the security community, 2017 might well be called the year of the update: two of the biggest security stories – the WannaCry outbreak and the Equifax breach – involved… https://www.virusbulletin.com/blog/2017/09/malicious-ccleaner-update-points-major-weakness-our-infrastructure/

Despite the profitability of ransomware there is a good reason why mining malware is thriving

Though ransomware is far more profitable than using a compromised PC to mine bitcoins, the global distribution of malware means that there are many botnets for which mining is the most efficient way to extract money out of a PC.
When, a few years ago, a friend and I were analysing a rather large botnet and we saw some network traffic indicating that it was engaged in Bitcoin mining, we felt rather… https://www.virusbulletin.com/blog/2017/09/despite-profitability-ransomware-there-good-reason-why-mining-malware-thriving/

VB2017 preview: Crypton - exposing malware's deepest secrets

We preview the VB2017 paper by Julia Karpin and Anna Dorfman (F5 networks), in which they present a tool to decrypt encrypted parts of malware.
Ask a programmer to perform the same task twice and they will write a tool that automates it. Malware analysts are no different, and the Virus Bulletin Conference has a long… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-crypton-exposing-malwares-deepest-secrets/

VB2017 preview: Hacktivism and website defacement: motivations, capabilities and potential threats

We preview the VB2017 paper by Marco Romagna and Niek Jan van den Hout (The Hague University of Applied Sciences), in which they thoroughly analyse the motivations and modus operandy of hacktivists.
In March this year, following a political row between the Netherlands and Turkey, a large number of Dutch websites were defaced to display messages in support of the Turkish… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-hacktivism-and-website-defacement-motivations-capabilities-and-potential-threats/

Three questions to ask about security product bypasses

Proof-of-concepts for bypasses of security products always sound scary, but how seriously should we take them? VB Editor Martijn Grooten lists three questions one should ask about any such bypass to determine how serious a threat it represents.
Techniques for bypassing security products feature prominently at security conferences and on security blogs these days. Indeed, with so many people relying implicitly or… https://www.virusbulletin.com/blog/2017/09/three-questions-ask-about-security-product-bypasses/

VB2017: WHOIS and EICAR Small Talks added

Today, we announce two more 'Small Talks' for the VB2017 programme. In one of them, Neil Schwarzman will discuss the consequences of the GDPR for WHOIS and abuse research, while the other will be hosted by three members of EICAR, who will discuss its work…
In addition to the nine 'last-minute' papers that were announced and added to the VB2017 programme yesterday, we have also added two more 'Small Talks'. The 'Small Talks' take… https://www.virusbulletin.com/blog/2017/09/vb2017-whois-and-eicar-small-talks-added/

VB2017: nine last-minute papers announced

From attacks on Ukraine's power grid to web shells, and from car hacking to ransomware: we announce the first nine 'last-minute' papers on the VB2017 programme.
At Virus Bulletin we try not to follow the daily security hype, focusing instead on the bigger trends. This means that the topics covered on the VB2017 conference programme – the… https://www.virusbulletin.com/blog/2017/09/vb2017-nine-last-minute-papers-announced/

Patching is important even when it only shows the maturity of your security process

A lot of vulnerabilities that are discovered are never exploited in the wild. It is still important to patch them though.
Sometimes a Tweet says more than a 50-minute conference presentation: Bad TLS as an externally measurable metric for whether an organisation has a mature security process,… https://www.virusbulletin.com/blog/2017/09/patching-important-even-when-it-only-shows-maturity-your-security-process/

September

https://www.virusbulletin.com/blog/2017/09/

Massive data breach confirms what you already knew: you are getting spam

A security researcher found more than 700 million email addresses stored on a server used by a spam botnet, which gives us some insight into what the email lists used by spammers look like.
The security community spends a lot of time and effort researching the infrastructure used by spammers to send billions of unwanted and often malicious emails every day – but… https://www.virusbulletin.com/blog/2017/09/massive-data-breach-confirms-what-you-already-knew-you-are-getting-spam/

VB2017 preview: State of cybersecurity in Africa: Kenya

We preview the VB2017 presentation by Tyrus Kamau (Euclid Security), who will talk about the state of cybersecurity in Africa, with a particular focus on his home country, Kenya.
The Internet is very much a global phenomenon, and for that reason, so is cybersecurity. A remote code execution vulnerability is as much of a problem on a server in Afghanistan… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-state-cyber-security-africa-kenya/

VB2017 preview: Calling all PUA fighters

We preview the VB2017 Small Talk to be given by AppEsteem's Dennis Batchelder that should help security vendors make decisions about apps whose behaviours sit right on the limits of what is acceptable from a security point of view.
While a lot of attention is focused on the fight against advanced malware, a different kind of threat is providing just as big a headache for security companies: that of apps… https://www.virusbulletin.com/blog/2017/08/vb2017-preview-calling-all-pua-fighters/

« Previous 1...1718192021...121 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.