Bulletin

An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.

VB2019 paper: Medical IoT for diabetes and cybercrime

Axelle Apvrille (Fortinet)
Aamir Lakhani (Fortinet)

This paper evaluates the threats diabetic patients face when they use smart glucose monitoring devices.

Read more  

VB2019 paper: Spoofing in the reeds with Rietspoof

Jan Sirmer (Avast Software)
Adolf Streda (Avast Software)
Luigino Camastra (Avast Software)

Rietspoof is a piece of malware that is multi-staged, using different file types throughout its infection chain. It contains several types of stages – both extractors and downloaders; the fourth stage also contains support for remote-control…

Read more  

Behind the scenes of GandCrab’s operation

AhnLab Security Analysis Team (AhnLab)

The GandCrab ransomware was active from January 2018 to May 2019. During its active state, numerous variants were distributed worldwide, causing much damage. This report examines the battle that went on between security vendor AhnLab and the GandCrab…

Read more  

VB2019 paper: King of the hill: nation-state counterintelligence for victim deconfliction

Juan Andres Guerrero-Saade (Chronicle)

While allied organizations engage in a bureaucratic process of victim deconfliction, adversarial organizations have turned to embedding anti-virus-like techniques into their malware in order to do the same. This paper focuses on in-the-wild examples…

Read more  

VB2019 paper: Catch me if you can: detection of injection exploitation by validating query and API integrity

Abhishek Singh (Prismo Systems)
Ramesh Mani (Prismo Systems)

Injection flaws are one of the topmost risks and have ruled as such for a decade. The research community has extensively discussed exploitation details for SQL, NoSQL, OS command and LDAP injection exploits. This paper will dive into the technical…

Read more  

VB2019 paper: Never before had Stierlitz been so close to failure (or: what is a Soviet super-spy doing in a popular bundleware for Mac?)

Sergei Shevchenko (Sophos)

This paper looks at a popular macOS bundleware that employs some surprising techniques. Not only does it employ anti-debugging, strings/API encryption and Mach-O runtime decompression techniques, its developers went as far as embedding a full…

Read more  

VB2019 paper: Exploring the Chinese DDoS threat landscape

Nacho Sanmillan (Intezer)

Chinese threat actors have been shown to be predominant in the DDoS ecosystem, there being a high volume of known cross-platform DDoS botnets with alleged Chinese origin operating in Linux as well as Windows systems and exercising long-term…

Read more  

VB2019 paper: Absolutely routed!! Why routers are the new bullseye in cyber attacks

Anurag Shandilya (K7 Computing)

Routers are ubiquitous and highly vulnerable to attack. Despite being the central nervous system of any network, routers are disregarded when it comes to security, as can be proven by the fact that, although vulnerabilities in routers are identified…

Read more  

VB2019 paper: Operation Soft Cell – a worldwide campaign against telecommunication providers

Mor Levi (Cybereason)
Amit Serper (Cybereason)
Assaf Dahan (Cybereason)

In this paper researchers from Cybereason look at Operation Soft Cell – a worldwide campaign against telecommunication providers.

Read more  

VB2019 paper: A study of Machete cyber espionage operations in Latin America

Veronica Valeros (Czech Technical University in Prague)
Maria Rigaki (Czech Technical University in Prague)
Kamila Babayeva (Czech Technical University in Prague)
Sebastian García (Czech Technical University in Prague)

Reports on cyber espionage operations have been on the rise in the last decade. However, operations in Latin America are heavily under-researched and potentially underestimated. This paper analyses and dissects a cyber espionage tool known as…

Read more  

Search the Bulletin


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.