Category: blog
-
Hot FinSpy research completes VB2017 programme
The infamous FinSpy (or FinFisher) government spyware has managed to keep a low profile in recent years, though its use of two Microsoft zero-days ( CVE-2017-0199 and CVE-2017-8759 ) this year shows that it is still active. Today, researchers from ESET have published new research which points to the spyware using a different infection method:…
-
Transparency is essential when monitoring your users’ activities
The inspection of HTTPS traffic is a sensitive issue among security experts. On the one hand, there are those who argue that this breaks the important end-to-end principle of secure connections, while others argue that it is essential if one wants to block malicious network traffic, which is increasingly using HTTPS. I tend to side…
-
Transparency is essential when monitoring your users’ activities
The inspection of HTTPS traffic is a sensitive issue among security experts. On the one hand, there are those who argue that this breaks the important end-to-end principle of secure connections, while others argue that it is essential if one wants to block malicious network traffic, which is increasingly using HTTPS. I tend to side…
-
VB2017 preview: Android reverse engineering tools: not the usual suspects
Six years ago (coincidentally the last time the VB conference was held in Spain) saw the first VB conference paper presented on Android malware, which at that time was still an esoteric and mostly theoretical threat. Things have changed a lot in the last six years – something that is perhaps best illustrated by Google ‘s…
-
VB2017 preview: Android reverse engineering tools: not the usual suspects
Six years ago (coincidentally the last time the VB conference was held in Spain) saw the first VB conference paper presented on Android malware, which at that time was still an esoteric and mostly theoretical threat. Things have changed a lot in the last six years – something that is perhaps best illustrated by Google ‘s…
-
Malicious CCleaner update points to a major weakness in our infrastructure
For the security community, 2017 might well be called the year of the update: two of the biggest security stories – the WannaCry outbreak and the Equifax breach – involved organizations being hit badly as a consequence of not having installed (security) updates, while another major story, that of (Not)Petya , concerned a threat that…
-
Malicious CCleaner update points to a major weakness in our infrastructure
For the security community, 2017 might well be called the year of the update: two of the biggest security stories – the WannaCry outbreak and the Equifax breach – involved organizations being hit badly as a consequence of not having installed (security) updates, while another major story, that of (Not)Petya , concerned a threat that…
-
Despite the profitability of ransomware there is a good reason why mining malware is thriving
When, a few years ago, a friend and I were analysing a rather large botnet and we saw some network traffic indicating that it was engaged in Bitcoin mining, we felt rather disappointed: using malware to mine for cryptocurrencies is about as basic as it gets. It is the digital equivalent of breaking into someone’s house,…
-
Despite the profitability of ransomware there is a good reason why mining malware is thriving
When, a few years ago, a friend and I were analysing a rather large botnet and we saw some network traffic indicating that it was engaged in Bitcoin mining, we felt rather disappointed: using malware to mine for cryptocurrencies is about as basic as it gets. It is the digital equivalent of breaking into someone’s house,…
-
VB2017 preview: Crypton – exposing malware’s deepest secrets
Ask a programmer to perform the same task twice and they will write a tool that automates it. Malware analysts are no different, and the Virus Bulletin Conference has a long history of including papers on tools and tricks that make the task of analysing malware a lot easier. ‘Crypton’ is such a tool. It…