Results for virus bulletin

Business and Technology

Effectiveness, Performance, and Value: The Role of Third Party Security Testing

Third party testing of security products and solutions plays a critical role in thwarting cybercriminals. The reason is simple: organizations need effective security solutions that meet an evolving set of requirements, and far too many security vendors don’t do a very good job of providing data that enables a fair comparison between competing solutions. It’s like comparison-shopping at the grocery store. Items next to each other appear similar at a glance, but when you look closely at the labels you find that one is priced per ounce, while the next is labeled with price per unit. Another calls itself “healthy,” yet contains too many grams of fat.

By David FingerFebruary 15, 2018

Threat Research

Security Research News in Brief - October 2017 Edition

Welcome back to our monthly review of some of the most interesting security research publications.

By Axelle ApvrilleNovember 09, 2017

Industry Trends

Virus Bulletin 2016 Denver Wraps Up

VB 2016 Conference was held this year at the Hyatt Regency Hotel in Denver, CO, USA. This conference is an annual event where IT security researchers from around world gather to share their knowledge, learn, and discuss trends in the global threat landscape. This year we had the privilege to attend as well as meet, hang out with, and share ideas with some of the field’s top researchers. The conference scheduled a great lineup of speakers and presentations, so it was tough to pick which topic to attend. We are going to share some here some...

Industry Trends

Pebble Smartwatch Talk at Virus Bulletin 2016

My personal favorite talk was on exploiting Pebble smartwatches ("Exploit Millions of Pebble Smartwatches for Fun and Profit" by Zhang and Wei). Our expectations are usually higher in one's own field of expertise, but this one is really great work. Pebble smartwatch talk at VB 2016 Basically, the authors found an inner assembly routine in Pebble's operating system which allows to elevate one's privileges. If you are familiar with ROP, this is a privilege elevation gadget. Normally, this routine is called by Pebble...

By Axelle ApvrilleOctober 14, 2016

Threat Research

We’re Up All Night to Get Locky

VB 2016 Presentation – Oct 5-7, Denver When we first saw and analyzed Locky back in February, we immediately had a hunch that it was the work of seasoned criminals. The tell-tale signs were strong: massive spam runs were used to spread the ransomware, the malware used domain generation algorithm, the HTTP C2 communication was encrypted (the first version, that is), and the ransomware note was multilingual. The conclusion of our first Locky blog reads: “We also predict that Locky ransomware will be a major player in the ransomware...

Industry Trends

How Fortinet Customers Benefit From Open Third-party Evaluation

Adaptive and comprehensive protection against an evolving threat landscape can be a complex discussion. When you add in layers of marketing hype, footnoted claims, and qualified conditions, then it’s not surprising to hear that customers get confused when it comes to choosing security for their business. If what a customer sees after deployment doesn’t measure up to the promises, that creates understandable trust issues and frustration for someone who thought they were buying a proven and reputable solution. Changes to network...

By John MaddisonFebruary 29, 2016