TED talk: A Tale of Two Floppies - The Basics of Cyber Security
I was thrilled when I was approached and asked to give a talk at TEDx in Leuven - in this talk I am sharing some anecdotes that have influenced my own career significantly.
11 Biggest cyber security threats in 2021
Cyber security threats persist and continue to emerge during the last years. By now you probably heard about phishing, but did you know about polyglot files yet? This article covers a unique insight to the 11 biggest cyber security threats in 2021.
ServHelper: Hidden Miners
It is always a good idea to have multiple options when it comes to making a profit. This is especially true for criminals. Having a backdoor is nice, but having the backdoored system directly make money is even better.
Techniques: Current Use of Virtual Machine Detection Methods
A common approach to analyse potentially malicious software is dynamic analysis in a virtual machine. Therefore, malware authors use techniques to alter the malware's behavior when being run in a VM. But how do they actually do it?
Code-Signed malware: What's all the buzz about? Looking at the "Ryuk" ransomware as an example.
Certificates are an established method for verifying the legitimacy of an application. If malicious actors succeed in undermining a certificate authority (CA) by either stealing a valid certificate or compromising the CA, the entire model unravels. We have taken a look at a case where this has…
Analysis: Server-side polymorphism & PowerShell backdoors
Malware actors very rarely stick to the same script for extended periods of time. They constantly modify and update their attack methods. Recently we have observed malware that uses server-side polymorphism to hide its payload, which consists of a backdoor fully written in PowerShell.
Vulnerability in WhatsApp: Targeting human rights activists
According to his own statements, a London human rights lawyer has become the target of an attack with an espionage tool. A security vulnerability in Whatsapp made it possible to taget data on a compromised device.
Distributing Malware - one "Word" at a Time
Using Microsoft Word to distribute malware is a common tactic used by criminals. Given the popularity of Word, criminals can often "live off the land" and use mechanisms that are already in place to do their dirty work.
Group chats: Apple's Facetime turns iPhone into a bug
A security flaw in Apple's Facetime can turn the iPhone into an eavesdropping device. It will transmit a live feed from the device's camera and microphone to the eavesdropper. The affected feature has been cut off for now.
Security tip for this holiday season: Uninstall Flash
During the holiday season, users can do themselves a big favor by ditching Adobe Flash, a software notorious for its frequent security flaws. The reason: A zero-day-exploit, which has been spotted at Hacking Team.
Karsten Hahn
Virus Analyst
Tim Berghoff
Security Evangelist
