VB Migration

Mindblown: a blog about philosophy.

  • New paper: Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

    Web application vulnerabilities are an important entry vector for threat actors. Indeed, according to the 2019 Verizon Data Breach Incident Report , web applications, privilege misuse and miscellaneous errors account for 81 per cent of breaches of retail organizations. In a paper presented at VB2019 in London, Prismo Systems researchers Abhishek Singh and Ramesh Mani…

  • VB2020 programme announced

    While VB is keeping a careful eye on the global situation surrounding the COVID-19 pandemic and the various travel and health advice, the planning and arrangements for VB2020 are going ahead as usual – and today we are very pleased to announce the programme for VB2020 , the 30th Virus Bulletin International Conference, due to…

  • VB2019 paper: Cyber espionage in the Middle East: unravelling OSX.WindTail

    The Middle East continues to be a hotbed of APT activity. The WindShift group is one of many APT groups active in the region. First described by Darkmatter ’s Taha Karim in 2018, the group’s toolset includes malware for both Windows and macOS . Building on that research, Jamf ’s Patrick Wardle analysed the WindTail…

  • VB2019 paper: 2,000 reactions to a malware attack – accidental study

    In an illuminating study – possible thanks to a unique perspective on a malicious email campagin – cybercrime journalist and researcher Adam Haertlé ( BadCyber.com / ZaufanaTrzeciaStrona.pl ) read, analysed and classified 1,976 responses sent by victims of a malicious email campaign. In taking revenge for Adam having written about them on his blog, the senders of…

  • VB2019 paper: Why companies need to focus on a problem they do not know they have

    It is one of the worst things on the Internet: child sexual abuse material (CSAM), sometimes referred to as ‘child porn’. Many misconceptions exist around CSAM, one of which is that it is only ever accessed from home. In fact, many company networks are used to download and store CSAM, often unbeknownst to network administrators.…

  • VB2020 update – currently business as usual

    Like everyone around the world, we at Virus Bulletin have been closely following the news about the COVID-19 outbreak. Our team is spread throughout Europe (UK, Italy, Hungary and Romania) and we are each experiencing the outbreak from our different viewpoints. We are deeply saddened by the many lives lost and humbled by the efforts…

  • VB2019 paper: Defeating APT10 compiler-level obfuscations

    Obfuscation in malware has long frustrated analysis, and obfuscation at the compiler level, such as opaque predicates and control flow flattening, has been particularly challenging. One group that has been using this kind of obfuscation is APT10, an APT group made famous through a 2018 indictment by the US government in which two Chinese individuals…

  • VB2019 paper: Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers

    Malicious RTF files, exploiting vulnerabilities in Microsoft Office , have long been a popular way to deliver malware, most often through (spear-)phishing attacks. Such files are often created using exploit builders, which were the subject of a VB2018 presentation by Sophos researcher Gábor Szappanos. One such builder (or weaponizer) is ‘Royal Road’, which has been…

  • VB2019 presentation: Nexus between OT and IT threat intelligence

    Cyber attacks on industrial control systems (ICS) include the well-known stories of Stuxnet and BlackEnergy and such attacks appear to be getting more prevalent. Late last year, a natural gas compression facility at a US pipeline operator was targeted with ransomware . Operational Technology (OT), the mission critical IT in ICS, shares many similarities with…

  • VB2019 paper: Kimsuky group: tracking the king of the spear-phishing

    In September 2013, Kaspersky reported a new APT group it dubbed ‘Kimsuky’, which it linked to North Korea. The group, whose interests include South Korean industry, journalists and North Korean defectors, continues to be active: recent activity was analysed by Yoroi earlier this month . Jaeki Kim. Kyoung-Ju Kwak and Min-Chang Jang from Financial Security…

Got any book recommendations?

Get In Touch