Malware vaccines can prevent pandemics, yet are rarely used
Vaccines have distinct advantages over detection based defense mechanisms, so we developed a vaccine to protect from one of the most notorious ransomware families—STOP/DJVU. But unlike vaccines against biological viruses, malware vaccines are not particularly common. This article explains why.
Germanys National Cybersecurity Agency declares red alert: Wave of attacks possibly imminent due to Log4Shell vulnerability
The remaining days before Christmas will not be relaxing ones for IT and IT security managers in companies around the world: The Log4Shell security vulnerability is currently keeping the IT world on tenterhooks.
All your hashes are belong to us: An overview of malware hashing algorithms
VirusTotal's "Basic Properties" tab alone lists eight different hashes and supports even more to use them for queries and hunt signatures. Hashes are important for malware analysis, as well as identification, description and detection. But why do so many of them exist and when should you use which…
Web shells: How can we get rid of them and why law enforcement is not really the answer
Microsoft has recently seen many attacks by hackers using so-called web shells. The number of web shell attacks between August 2020 and January 2021 doubled compared to the same period a year earlier. But what are they exactly and how can you fight them?
Microsoft signed a malicious Netfilter rootkit
What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP. How did this happen?
TED talk: A Tale of Two Floppies - The Basics of Cyber Security
I was thrilled when I was approached and asked to give a talk at TEDx in Leuven - in this talk I am sharing some anecdotes that have influenced my own career significantly.
Picture this: Malware Hides in Steam Profile Images
SteamHide abuses the gaming platform Steam to serve payloads for malware downloaders. Malware operators can also update already infected machines by adding new profile images to Steam. The developers seem to have a few more ambitious goals.
Malware family naming hell is our own fault
EternalPetya has more than 10 different names. Many do not realize that CryptoLocker is long dead. These are not isolated cases but symptoms of a systemic problem: The way we name malware does not work. Why does it happen and how can we solve it?
To patch or not to patch
As the infosec world was in turmoil following a total of seven zero-day vulnerabilities in MS Exchange and the so-called Hafnium attack, one thing came to my mind - and it sort of left me thinking: For the past 20 years, patches have been a constantly recurring topic of discussion. And as we all…
SectopRAT: New version adds encrypted communication
SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version capable of?
Hauke Gierow
Head of Corporate Communications
Karsten Hahn
Virus Analyst
Tim Berghoff
Security Evangelist
