Category: blog
-
VB2017 video: FinFisher: New techniques and infection vectors revealed
Over the last few years, the infamous FinFisher government spyware (already the subject of a VB2013 paper ) has done a good job of staying under the radar. Recently, however, it made the news because of its use of the then zero-day CVE-2017-8759 and the likely involvement of ISPs in targets getting infected. In a…
-
Throwback Thursday: The beginning of the end(point): where we are now and where we’ll be in five years
Over the coming weeks and months, we plan to use the Throwback Thursday slot to look back at and publish some great VB conference presentations from our archives. We start this week by publishing the recording of a VB2016 presentation by Adrian Sanabria, then at 451 Research , who gave a thought-provoking talk on the…
-
Throwback Thursday: The beginning of the end(point): where we are now and where we’ll be in five years
Over the coming weeks and months, we plan to use the Throwback Thursday slot to look back at and publish some great VB conference presentations from our archives. We start this week by publishing the recording of a VB2016 presentation by Adrian Sanabria, then at 451 Research , who gave a thought-provoking talk on the…
-
VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale
Malicious Internet traffic, such as botnet C&C traffic, is easily recognized if it uses known bad domain names, or known bad IP addresses. This is why botnets constantly change the domain names, and often also the IP addresses they use, thus trying to stay one step ahead of the defenders. Enter big data: infected devices…
-
VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale
Malicious Internet traffic, such as botnet C&C traffic, is easily recognized if it uses known bad domain names, or known bad IP addresses. This is why botnets constantly change the domain names, and often also the IP addresses they use, thus trying to stay one step ahead of the defenders. Enter big data: infected devices…
-
Firefox 59 to make it a lot harder to use data URIs in phishing attacks
While a domain name is really just a short string, this string comes with a large amount of implicit metadata: the registration date; the IP address(es) the domain currently points to and has pointed to in the past; the associated name servers; past activity observed using the domain. For this reason, domain names play an…
-
Firefox 59 to make it a lot harder to use data URIs in phishing attacks
While a domain name is really just a short string, this string comes with a large amount of implicit metadata: the registration date; the IP address(es) the domain currently points to and has pointed to in the past; the associated name servers; past activity observed using the domain. For this reason, domain names play an…
-
Standalone product test: FireEye Endpoint
FireEye is well known within the security community, both for its advanced protection products and for its regular research reports. Recently, the company launched a new version of its Endpoint Security product and, to demonstrate its commitment to being tested publicly, asked Virus Bulletin to run a short test on it. The product A public…
-
Standalone product test: FireEye Endpoint
FireEye is well known within the security community, both for its advanced protection products and for its regular research reports. Recently, the company launched a new version of its Endpoint Security product and, to demonstrate its commitment to being tested publicly, asked Virus Bulletin to run a short test on it. The product A public…
-
VB2017 video: Consequences of bad security in health care
” You are probably asking yourselves what a nurse is doing at a cybersecurity conference. Trust me, my colleagues are even more surprised, because they truly believe that hospitals have the best security ever. ” Thus Jelena Milosevic , a nurse with a passion for IT security, began her VB2017 presentation , ‘Consequences of bad…