VB Blog

VB2017 paper and update: Browser attack points still abused by banking trojans

Posted by Martijn Grooten on Jul 25, 2018

At VB2017, ESET researchers Peter Kálnai and Michal Poslušný looked at how banking malware interacts with browsers. Today we publish their paper, share the video of their presentation, and also publish a guest blog post from Peter, in which he summarises the recent developments in this space.

Posted by Martijn Grooten on Jul 16, 2018

It is likely that, by now, everyone in computer science has at least heard of the Spectre attack, and many excellent explanations of the attack already exist. But what is the likelihood of finding Spectre being exploited on Android smartphones?

Posted by Martijn Grooten on Jul 11, 2018

We are excited to announce several more companies that have partnered with VB2018.

Posted by Martijn Grooten on Jul 10, 2018

A new malware campaign that uses two stolen code-signing certificates shows that such certificates continue to be popular among malware authors. But there is a positive side to malware authors' use of stolen certificates.

Posted by Martijn Grooten on Jul 6, 2018

Though the location will remain under wraps for a few more months, we are pleased to announce the dates for VB2019, the 29th Virus Bulletin International Conference.

Posted by Martijn Grooten on Jul 6, 2018

The operators of the Necurs botnet, best known for being one of the most prolific spam botnets of the past few years, have pushed out updates to its client, which provide some important lessons about why malware infections matter.

Posted by Martijn Grooten on Jul 3, 2018

Virus Bulletin has opened nominations for the fifth annual Péter Szőr Award, for the best piece of technical security research published between 1 July 2017 and 30 June 2018.

Posted by Martijn Grooten on Jul 3, 2018

Security researcher Matt Nelson has discovered how .SettingContent-ms files can be embedded into Office files to deliver malware.

Posted by Martijn Grooten on Jun 26, 2018

The New York Times reports that smart home devices are increasingly used in cases of domestic abuse.

Posted by Martijn Grooten on Jun 25, 2018

If you want to come to VB2018 in Montreal this year (and why wouldn't you?) and want to save a bit on the ticket price (and why wouldn't you?), remember that early bird discounts will be available until 30 June.

Previous1...1920212223...215Next

Search blog

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!
Have you analysed a brand new online threat? Are you involved in cutting edge security research? Are you tasked with securing systems and fending off attacks and developing new… https://www.virusbulletin.com/blog/2021/08/vb2021-localhost-call-last-minute-papers/

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.
Office documents have over many decades been used to launch malware, often through macros, embedded content or exploits. Researcher Kurt Natvig wanted to understand whether… https://www.virusbulletin.com/blog/2021/04/new-article-run-your-malicious-vba-macros-anywhere/

April

https://www.virusbulletin.com/blog/2021/04/

New article: Dissecting the design and vulnerabilities in AZORult C&C panels

In a new article, Aditya K Sood looks at the command-and-control (C&C) design of the AZORult malware, discussing his team's findings related to the C&C design and some security issues they identified.
Dissecting the Design and Vulnerabilities in AZORult C&C Panels Read the paper (HTML) Download the paper (PDF) If you have some research you'd like to share with the… https://www.virusbulletin.com/blog/2021/04/new-article-dissecting-design-and-vulnerabilities-azorult-cc-panels/

March

https://www.virusbulletin.com/blog/2021/03/

VB2021 localhost call for papers: a great opportunity

VB2021 localhost presents an exciting opportunity to share your research with an even wider cross section of the IT security community around the world than usual, without having to take time out of your work schedule (or budget) to travel.
Earlier this week VB took the tough decision to cancel the in-person version of VB2021 in Prague. We had really hoped to be able to host an in-person event this year, but with… https://www.virusbulletin.com/blog/2021/03/vb2021-localhost-call-papers-great-opportunity/

New article: Excel Formula/Macro in .xlsb?

In a follow-up to an article published last week, Kurt Natvig takes us through the analysis of a new malicious sample using the .xlsb file format.
Excel Formula/Macro in .xlsb? Read the paper (HTML) Download the paper (PDF) Excel Formula, or XLM – does it ever stop giving pain to researchers? So asks Forcepoint… https://www.virusbulletin.com/blog/2021/02/new-article-excel-formulamacro-xlsb/

February

https://www.virusbulletin.com/blog/2021/02/

New article: Decompiling Excel Formula (XF) 4.0 malware

In a new article, researcher Kurt Natvig takes a close look at XF 4.0 malware.
Decompiling Excel Formula (XF) 4.0 malware Read the paper (HTML) Download the paper (PDF) Office malware has been around for a long time, but until recently Excel Formula… https://www.virusbulletin.com/blog/2021/02/new-article-decompiling-excel-formula-xf-40-malware/

The Bagsu banker case - presentation

At VB2019, CSIS researcher Benoît Ancel spoke about a quiet banking trojan actor that has been targeting German users since at least 2014.
Some time ago, researchers at CSIS Security Group discovered the infrastructure of a "quiet" banking trojan actor that had been targeting German users since at least 2014. At… https://www.virusbulletin.com/blog/2021/01/bagsu-banker-case-presentation/

VB2021 call for papers - now open, to all!

The call for papers for VB2021 is now open and we want to hear from you - we're planning for flexible presentation formats, so everyone is encouraged to submit, regardless of whether or not you know at this stage whether you'll be able to travel to Prague…
2020 proved to be an extraordinary – in the true sense of the word – year for everyone, and 2021 has already thrown some curveballs in the short few weeks since it began.… https://www.virusbulletin.com/blog/2021/01/vb2021-call-papers-now-open-all/

In memoriam: Yonathan Klijnsma

We were very sorry to learn of the passing of researcher Yonathan Klijnsma last week. Here, former VB Editor Martijn Grooten shares his memories of a talented researcher and a very kind person: this month, infosec lost a really good one.
We were very sorry to learn of the passing of researcher Yonathan Klijnsma last week and we offer our deepest condolences to his family and friends. Here, former VB Editor Martijn… https://www.virusbulletin.com/blog/2021/01/memoriam-yonathan-klijnsma/

2021

https://www.virusbulletin.com/blog/2021/

January

https://www.virusbulletin.com/blog/2021/01/

VB2020 localhost videos available on YouTube

VB has made all VB2020 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.
Today, VB has made all VB2020 localhost presentations available on VB's YouTube channel, so you can now watch – and share – any part of the conference freely and without… https://www.virusbulletin.com/blog/2021/01/vb2020-localhost-videos-available-youtube/

VB2020 presentation & paper: 2030: backcasting the potential rise and fall of cyber threat intelligence

At VB2020 localhost, threat intelligence consultant Jamie Collier used the analytical technique of backcasting to look at the rise and fall of the cyber threat intelligence industry.
Backcasting is an analytical technique that establishes an imagined future scenario and then works backwards to understand what caused that outcome. At VB2020, FireEye's Jamie… https://www.virusbulletin.com/blog/2020/12/vb2020-presentation-paper-2030-backcasting-potential-rise-and-fall-cyber-threat-intelligence/

VB2020 presentation: Behind the Black Mirror: simulating attacks with mock C2 servers

At VB2020 localhost, Carbon Black's Scott Knight presented an approach he and his colleagues have taken to more realistically simulate malware attacks.
Dynamic analysis of a malicious sample in a lab setup can be hampered by the absence of the malware's C2 server listening and providing responses – potentially resulting in only a… https://www.virusbulletin.com/blog/2020/12/vb2020-presentation-behind-black-mirror-simulating-attacks-mock-c2-servers/

December

https://www.virusbulletin.com/blog/2020/12/

VB2020 presentation & paper: Advanced Pasta Threat: mapping threat actor usage of open-source offensive security tools

At VB2020, researcher Paul Litvak revealed how he put together a comprehensive map of threat actor use of open-source offensive security tools.
The development and publication of offensive security tools (OSTs) is a point of great controversy in the information security community: while some argue that releasing such… https://www.virusbulletin.com/blog/2020/12/vb2020-presentation-paper-advanced-pasta-threat-mapping-threat-actor-usage-open-source-offensive-security-tools/

VB2020 presentation: Evolution of Excel 4.0 macro weaponization

At VB2020 localhost James Haughom, Stefano Ortolani and Baibhav Singh gave a presentation in which they described how XL4 macros are being weaponised and the evolution of the techniques used.
The use by attackers of legitimate Excel 4.0 (XL4) macros as a simple and reliable method to gain a foothold on a target network is becoming increasingly popular and presents a… https://www.virusbulletin.com/blog/2020/11/vb2020-presentation-evolution-excel-40-macro-weaponization/

« Previous 1234567...121 Next »