VirusTotal's "Basic Properties" tab alone lists eight different hashes and supports even more to use them for queries and hunt signatures. Hashes are important for malware analysis, as well as identification, description and detection. But why do so many of them exist and when should you use which…

The annual Virus Bulletin International Conference has been running since 1991 and is one of the highlights in the calendar of events for IT security experts. I attended the Virus Bulletin Conference for the first time 26 years ago, this year it’s time again to participate with an interesting paper…

Microsoft has recently seen many attacks by hackers using so-called web shells. The number of web shell attacks between August 2020 and January 2021 doubled compared to the same period a year earlier. But what are they exactly and how can you fight them?

What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP. How did this happen?

Instead of the yellow vaccination card, the digital proof of vaccination on the smartphone is supposed to serve as proof of vaccination. However, there are some glaring weaknesses behind the scenes that could potentially render the entire concept obsolete and raise some more than uncomfortable…

I was thrilled when I was approached and asked to give a talk at TEDx in Leuven - in this talk I am sharing some anecdotes that have influenced my own career significantly.

Apple has announced some innovations for iOS 15 that are a cause for concern among victims of abuse and organizations that support survivors. Among other things, it will be possible to locate devices that are switched off. This is a disaster for people who are being spied on by their own partner.

There has been a lot said about data scraping. Here is a breakdown of what it is, why it might be problematic and how we might deal with it going forward.

SteamHide abuses the gaming platform Steam to serve payloads for malware downloaders. Malware operators can also update already infected machines by adding new profile images to Steam. The developers seem to have a few more ambitious goals.

EternalPetya has more than 10 different names. Many do not realize that CryptoLocker is long dead. These are not isolated cases but symptoms of a systemic problem: The way we name malware does not work. Why does it happen and how can we solve it?