Blog keyword search

VB2019 presentation: Targeted attacks through ISPs

In 2019 we saw a rise in the number of targeted malware infections spread via ISPs and service providers. In a last-minute paper presented at VB2019 in London, Kaspersky researcher Denis Legezo discussed the details of a number of such cases. Today we rel…
In 2019 we saw an increase in the number of targeted malware infections spread via ISPs and service providers. Some notable cases included the installation of digital certificates… https://www.virusbulletin.com/blog/2020/01/vb2019-presentation-targeted-attacks-through-isps/

VB2019 paper: Operation Soft Cell - a worldwide campaign against telecommunication providers

Today we publish the VB2019 paper by Cybereason researchers Mor Levi, Amit Serper and Assaf Dahan on Operation Soft Cell, a targeted attack against telecom providers around the world.
Operation Soft Cell - a worldwide campaign against telecommunication providers Read the paper (HTML) Download the paper (PDF)   In June this year, Cybereason published a blog… https://www.virusbulletin.com/blog/2019/12/vb2019-paper-operation-soft-cell-worldwide-campaign-against-telecommunication-providers/

VB2019 paper: A vine climbing over the Great Firewall: a long-term attack against China

Today we publish a VB2019 paper from Lion Gu and Bowen Pan from the Qi An Xin Threat Intelligence Center in China in which they analysed an APT group dubbed 'Poison Vine', which targeted various government, military and research institutes in China.
A vine climbing over the Great Firewall: a long-term attack against China Read the paper (HTML) Download the paper (PDF)       The global nature of both the Virus… https://www.virusbulletin.com/blog/2019/11/vb2019-paper-vine-climbing-over-great-firewall-long-term-attack-against-china/

Emotet trojan starts stealing full emails from infected machines

The infamous Emotet trojan has added the capability to steal full email bodies from infected machines, opening the possibilities for more targeted spam and phishing campaigns.
Researchers at Kryptos Logic have discovered that the Emotet banking trojan is exfiltrating entire email bodies as opposed to merely email addresses. Emotet was first discovered… https://www.virusbulletin.com/blog/2018/10/emotet-trojan-starts-stealing-full-emails-infected-machines/

Attack on Fox-IT shows how a DNS hijack can break multiple layers of security

Dutch security firm Fox-IT deserves praise for being open about an attack on its client network. There are some important lessons to be learned about DNS security from its post-mortem.
Every company will, sooner or later, get hacked and we should judge them by how they respond. With that in mind, Fox-IT, which writes in great detail about how a DNS hijack was… https://www.virusbulletin.com/blog/2017/12/attack-fox-it-shows-how-dns-hijack-can-break-multiple-layers-security/

VB2017 paper: Modern reconnaissance phase on APT – protection layer

During recent research, Cisco Talos researchers observed the ways in which APT actors are evolving and how a reconnaissance phase is included in the infection vector in order to protect valuable zero-day exploits or malware frameworks. At VB2017 in Madrid…
Targeted attack campaigns involve multiple stages, the first of which consists of collecting information about the target: the reconnaissance phase. It's an essential part of any… https://www.virusbulletin.com/blog/2017/12/vb2017-paper-modern-reconnaissance-phase-apt-protection-layer/

Tizi Android malware highlights the importance of security patches for high-risk users

Researchers from Google have taken down 'Tizi', an Android malware family, that used nine already patched vulnerabilities to obtain root on infected devices.
A well-known security researcher once said: "if you purposely choose Android you are either Poor, Cheap, or really hate Apple." Android has a bad reputation in security… https://www.virusbulletin.com/blog/2017/11/tizi-android-malware-highlights-importance-security-patches-high-risk-users/

VB2016 paper: BlackEnergy – what we really know about the notorious cyber attacks

According to some researchers, there is some evidence linking the recent (Not)Petya attacks with the BlackEnergy group - which became infamous for its targeted attacks against the Ukraine. At VB2016, ESET researchers Anton Cherepanov and Robert Lipovsky s…
In a blog post published on Friday, ESET researcher Anton Cherepanov provides evidence linking last week's (Not)Petya attacks to the BlackEnergy group; Kaspersky researchers also… https://www.virusbulletin.com/blog/2017/07/vb2016-paper-blackenergy-what-we-really-know-about-notorious-cyber-attacks/

VB2016 paper: Modern attacks on Russian financial institutions

Today, we publish the VB2016 paper and presentation (recording) by ESET researchers Jean-Ian Boutin and Anton Cherepanov, in which they look at sophisticated attacks against Russian financial institutions.
Today, we publish the VB2016 paper "Modern attacks on Russian financial institutions" (here in HTML format and here in PDF format) by ESET researchers Jean-Ian Boutin and Anton… https://www.virusbulletin.com/blog/2016/december/vb2016-paper-modern-attacks-russian-financial-institutions/

VB2016 paper: Wave your false flags! Deception tactics muddying attribution in targeted attacks

Today, we publish the VB2016 paper and presentation (recording) by Kaspersky Lab researchers Juan Andrés Guerrero-Saade and Brian Bartholomew, in which they look at some of the deception tactics used in targeted attacks.
Security researchers have a complicated relationship with attribution. On the one hand, for technical analyses, it doesn't matter whether an attack was performed by a Bear, a… https://www.virusbulletin.com/blog/2016/november/vb2016-paper-wave-your-false-flags-deception-tactics-muddying-attribution-targeted-attacks/

VB2015 preview: advanced persistent threats

Several conference papers to deal with targeted attacks.
Several conference papers to deal with targeted attacks. There was a time when analyses of malware and viruses at the Virus Bulletin conference used the number of infections as a… https://www.virusbulletin.com/blog/2015/08/preview-advanced-persistent-threats/

Volatile Cedar campaign - cyber espionage isn't just for large nation states

Details of malware to be discussed at VB2015.
Details of malware to be discussed at VB2015. Researchers at Check Point have revealed details of a cyber-espionage campaign, dubbed 'Volatile Cedar', that has been active since at… https://www.virusbulletin.com/blog/2015/04/volatile-cedar-campaign-cyber-espionage-isn-t-just-large-nation-states/

VB2014 paper: Apple without a shell - iOS under targeted attack

Developer Enterprise Program recently found to be used by WireLurker.
Developer Enterprise Program recently found to be used by WireLurker.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the… https://www.virusbulletin.com/blog/2014/11/paper-apple-without-shell-ios-under-targeted-attack/

VB2014 preview: Apple without a shell - iOS under targeted attack

FireEye researchers show a large attack vector for Apple's mobile operating system.
FireEye researchers show a large attack vector for Apple's mobile operating system.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we are… https://www.virusbulletin.com/blog/2014/09/preview-apple-without-shell-ios-under-targeted-attack/

Windows Error Reporting used to discover new attacks

No excuse for sending error reports in cleartext.
No excuse for sending error reports in cleartext. All happy programs are the same. But each unhappy program crashes in its own way. In a report published yesterday, security firm… https://www.virusbulletin.com/blog/2014/02/windows-error-reporting-used-discover-new-attacks/

Macro viruses make a return in targeted attacks

Macros disabled in modern versions of Office, but enabled within many organisations.
Macros disabled in modern versions of Office, but enabled within many organisations. A report by the National Cyber Security Center (NCSC, the Dutch CERT) points to a resurgence of… https://www.virusbulletin.com/blog/2014/01/macro-viruses-make-return-targeted-attacks/

Good and bad news for victims of targeted attacks against Microsoft products

Bug bounty program extended; TIFF zero-day used in the wild.
Bug bounty program extended; TIFF zero-day used in the wild. This week, Microsoft has good news and bad news for those targeted by zero-day exploits in its products. The bad… https://www.virusbulletin.com/blog/2013/11/good-and-bad-news-victims-targeted-attacks-against-microsoft-products/

Is publishing your employees' email addresses such a big deal?

Beware of a false sense of security.
Beware of a false sense of security. Security blogger Graham Cluley points to hypocrisy in a KPMG press release in which it criticises FTSE 350 companies for 'leaking data that can… https://www.virusbulletin.com/blog/2013/07/publishing-your-employees-email-addresses-such-big-deal/

India believed to be source of sophisticated surveillance campaigns

In-depth investigations find widespread worldwide snooping, Pakistan primary target.
In-depth investigations find widespread worldwide snooping, Pakistan primary target. Several reports have emerged recently covering a highly organised campaign of targeted… https://www.virusbulletin.com/blog/2013/05/india-believed-be-source-sophisticated-surveillance-campaigns/

Sykipot trojan used to target smart cards

Defence companies among small number of targets.
Defence companies among small number of targets. Researchers at Alienvault have discovered a version of the 'Sykipot' trojan that is being used to target organisations that make… https://www.virusbulletin.com/blog/2012/01/sykipot-trojan-used-target-smart-cards/

« Previous 12 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.