Research Saturday

From secret images to encryption keys.

18 May 2024

Contributed by Lukas

This week, we are joined by Hosein Yavarzadeh from the University of California San Diego, as he is discussing his work on "Pathfinder: High-Resolutio...

The double-edged sword of cyber espionage.

11 May 2024

Contributed by Lukas

Dick O'Brien from Symantec Threat Hunter team is discussing their research on “Graph: Growing number of threats leveraging Microsoft API.” The te...

Geopolitical tensions rise with China.

04 May 2024

Contributed by Lukas

Adam Marré, CISO at Arctic Wolf, is diving deep into geopolitical tension with China including APT31, iSoon and TikTok with Dave this week. They also...

Cerber ransomware strikes Linux.

27 Apr 2024

Contributed by Lukas

Christopher Doman, Co-Founder and CTO at Cado Security, is talking about their research on "Cerber Ransomware: Dissecting the three heads." This resea...

The art of information gathering.

20 Apr 2024

Contributed by Lukas

Greg Lesnewich, senior threat researcher at Proofpoint, sits down to discuss "From Social Engineering to DMARC Abuse: TA427’s Art of Information Gat...

Breaking down a high-severity vulnerability in Kubernetes.

13 Apr 2024

Contributed by Lukas

Tomer Peled, a Security & Vulnerability Researcher from Akamai is sharing their work on "What a Cluster: Local Volumes Vulnerability in Kubernetes." T...

Leaking your AWS API keys, on purpose?

06 Apr 2024

Contributed by Lukas

Noah Pack, a SANS Internet Storm Center Intern, sits down to discuss research on "What happens when you accidentally leak your AWS API keys?" This res...

The supply chain in disarray.

30 Mar 2024

Contributed by Lukas

Elad, a Senior Security Researcher from Cycode is sharing their research on "Cycode Discovers a Supply Chain Vulnerability in Bazel." This security fl...

HijackLoader unleashed: Evolving threats and sneaky tactics.

23 Mar 2024

Contributed by Lukas

Liviu Arsene from CrowdStrike joins to discuss their research "HijackLoader Expands Techniques to Improve Defense Evasion." The research has found tha...

Inside SendGrid's phishy business.

16 Mar 2024

Contributed by Lukas

Robert Duncan from Netcraft is sharing their research on "Phishception - SendGrid abused to host phishing attacks impersonating itself." Netcraft has ...

Understanding the multi-tiered impact of ransomware.

09 Mar 2024

Contributed by Lukas

This week we are joined by Jamie MacColl and Dr. Pia Hüsch from RUSI discussing their work on "Ransomware: Victim Insights on Harms to Individuals, O...

The return of a malware menace.

02 Mar 2024

Contributed by Lukas

This week we are joined by, Selena Larson from Proofpoint, who is discussing their research, "Bumblebee Buzzes Back in Black." Bumblebee is a sophisti...

Web host havoc: Unveiling the Manic Menagerie campaign.

24 Feb 2024

Contributed by Lukas

Assaf Dahan and Daniel Frank from Palo Alto Networks Cortex sit down with Dave to talk about their research "Manic Menagerie 2.0: The Evolution of a H...

Hackers come hopping back.

17 Feb 2024

Contributed by Lukas

Ori David from Akamai is sharing their research "Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal." FritzFrog takes advantage of the fact ...

Ransomware is coming.

10 Feb 2024

Contributed by Lukas

Jon DiMaggio, Chief Security Strategist for Analyst1, is discussing his research on "Ransomware Diaries Volume 4: Ransomed and Exposed - The Story of ...

Weathering the internet storm.

03 Feb 2024

Contributed by Lukas

Johannes Ullrich from SANS talking about the Internet Storm Center and how they do research. Internet Storm Center was created as a mix of manual repo...

Hooked on pirated macOS applications.

27 Jan 2024

Contributed by Lukas

Jaron Bradley from Jamf Threat Labs is sharing their work on "Jamf Threat Labs discovers new malware embedded in pirated applications." Jamf Threat La...

A firewall wake up call.

20 Jan 2024

Contributed by Lukas

Jon Williams from Bishop Fox is sharing their research on "It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable." SonicWall publi...

Dual Russian cyber gangs hit 23 companies.

13 Jan 2024

Contributed by Lukas

Ryan Westman, Senior Manager, Threat Intelligence, eSentire's Threat Response Unit (TRU), is discussing their research "Two Russian-speaking cyber gan...

Diving deep into Phobos ransomware.

06 Jan 2024

Contributed by Lukas

Guilherme Venere from Cisco Talos joins to discuss their research on "A deep dive into Phobos ransomware, recently deployed by 8Base group." Cisco Tal...

Encore: What malicious campaign is lurking under the surface?

30 Dec 2023

Contributed by Lukas

Israel Barak, CISO from Cybereason, sits down with Dave to discuss their research, "Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellec...

Encore: Compromised military tech?

23 Dec 2023

Contributed by Lukas

Dick O'Brien from Symantec's threat hunter team, joins Dave to discuss their work on "Stonefly: North Korea-linked spying operation continues to hit h...

Shedding light on fighting Ursa.

16 Dec 2023

Contributed by Lukas

Host of the CyberWire Daily podcast segment Threat Vector, David Moulton sits down with Mike "Siko" Sikorski from Palo Alto Networks Unit 42 to discus...

On the hunt for popping up kernel drives.

09 Dec 2023

Contributed by Lukas

Dana Behling, researcher from Carbon Black, sharing their work on "Hunting Vulnerable Kernel Drivers." The Carbon Black Threat Analysis Unit (TAU) dis...

Exploits and vulnerabilities.

02 Dec 2023

Contributed by Lukas

Ryan from Bishop Fox joins to describe their work on "Building an Exploit for FortiGate Vulnerability CVE-2023-27997." After Lexfo published details o...

Encore: Another infection with new malware.

25 Nov 2023

Contributed by Lukas

Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The...

The malicious YoroTrooper in disguise.

18 Nov 2023

Contributed by Lukas

Asheer Malhotra from Cisco Talos discussing their research and findings on "Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaija...

Encore: Old malware returns in a new way.

11 Nov 2023

Contributed by Lukas

Jeremy Kennelly and Sulian Lebegue from Mandiant sit down with Dave to discuss their research "From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind? O...

Sandman doesn't slow malware down.

04 Nov 2023

Contributed by Lukas

Aleksandar Milenkoski and JAGS from SentinelOne sits down to share their work on "Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit...

No rest for the wicked HiatusRAT.

28 Oct 2023

Contributed by Lukas

Danny Adamitis from Lumen's Black Lotus Labs sits down to discuss their work on "No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return T...

AMBERSQUID hides in the depths.

21 Oct 2023

Contributed by Lukas

Sysdig's Alessandro Brucato and Michael Clark join Dave to discuss their work on "AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation...

Unwanted guests harvest your information.

14 Oct 2023

Contributed by Lukas

Amit Malik from Uptycs joins us to discuss their research titled "Unwanted Guests: Mitigating Remote Access Trojan Infection Risk." Uptycs threat rese...

Targets from DuckTail.

07 Oct 2023

Contributed by Lukas

Deepen Desai from Zscaler joins to take a look into their research about "DuckTail." In May of 2023, Zscaler ThreatLabz began an intelligence collecti...

Downloading cracked software.

30 Sep 2023

Contributed by Lukas

David Liebenberg from Cisco Talos joins to discussing Talos' discovery of cracked Microsoft Windows software being downloaded by enterprise users acro...

Behind the Google shopping ad masks.

23 Sep 2023

Contributed by Lukas

Maxim Zavodchik from Akamai joins Dave to discuss their research on "Xurum: New Magento Campaign Discovered." Akamai researchers have discovered an on...

A look into the emotions and anxieties of the highest levels of decision-making.

16 Sep 2023

Contributed by Lukas

Guest Manuel Hepfer from ISTARI shares his research on cyber resilience which includes discussions with 37 CEOs to gain insight into how they manage c...

No honor in being a criminal.

09 Sep 2023

Contributed by Lukas

This week, our guest is Reece Baldwin from Kasada discussing their work on "No Honour Amongst Thieves: Unpacking a New OpenBullet Malware Campaign." T...

Thwarting Muddled Libra.

02 Sep 2023

Contributed by Lukas

Kristopher Russo and Stephanie Regan from Palo Alto Networks Unit 42 join Dave to talk about Threat Group Assessment: Muddled Libra. With an intimate ...

Google's not being ghosted from vulnerabilities.

26 Aug 2023

Contributed by Lukas

Tal Skverer from Astrix Security joins to discuss their work on "GhostToken – Exploiting GCP application infrastructure to create invisible, unremov...

Politicians targeted by RomCom.

19 Aug 2023

Contributed by Lukas

Dmitry Bestuzhev from Blackberry joins to discuss their work on "RomCom Resurfaces: Targeting Politicians in Ukraine and U.S.-Based Healthcare Providi...

It's raining credentials.

12 Aug 2023

Contributed by Lukas

Alex Delamotte from SentinelLabs joins Dave to discuss their work on "Cloudy With a Chance of Credentials | AWS-Targeting Cred Stealer Expands to Azur...

Who is that stealing my credentials?

05 Aug 2023

Contributed by Lukas

Aleksandar Milenkoski from SentinelOne joins to discuss their work on "Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentia...

Phishing for leeches.

29 Jul 2023

Contributed by Lukas

Ashlee Benge from ReversingLabs discussing their research titled "Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attack...

Welcome to New York, it's been waitin' for you.

22 Jul 2023

Contributed by Lukas

Joshua Miller from Proofpoint joins Dave to discuss findings on "Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware." In mid May, ...

SCARLETEEL zaps back again.

15 Jul 2023

Contributed by Lukas

Michael Clark from Sysdig joins with Dave to discuss their research on SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. New research from Sysdig threa...

Creating PANDA-monium.

08 Jul 2023

Contributed by Lukas

Thomas Etheridge from CrowdStrike sits down to discuss their work on "Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoo...

The power behind artificial intelligence.

01 Jul 2023

Contributed by Lukas

Daniel dos Santos, Forescout's Head of Security Research is sharing insights from a recent exercise his team conducted on AI-assisted attacks for OT a...

Unleashing the crypto gold rush.

24 Jun 2023

Contributed by Lukas

Ian Ahl from Permiso's PØ Labs joins Dave to discuss their research on "Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor." First observing...

Managing machine learning risks.

17 Jun 2023

Contributed by Lukas

Our guest, Johannes Ullrich from SANS Institute, joins Dave to discuss their research on "Machine Learning Risks: Attacks Against Apache NiFi." Using...

A new botnet takes a frosty bite out of the gaming industry.

10 Jun 2023

Contributed by Lukas

Our guest, Allen West from Akamai's SIRT team, joins Dave to discuss their research on "The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Autho...

Lancefly screams bloody Merdoor.

03 Jun 2023

Contributed by Lukas

Brigid O Gorman from Symantec joins Dave to discuss their research, “Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Ot...

8 GoAnywhere MFT breaches and counting.

27 May 2023

Contributed by Lukas

This week, our guests are Emily Austin and Himaja Motheram from Censys and their sharing their research - "Months after first GoAnywhere MFT zero-day ...

Dangerous vulnerabilities in H.264 decoders.

20 May 2023

Contributed by Lukas

Willy R. Vasquez from The University of Texas at Austin discussing research on "The Most Dangerous Codec in the World - Finding and Exploiting Vulnera...

Running away from operation Tainted Love.

13 May 2023

Contributed by Lukas

Aleksandar Milenkoski and Juan Andres Guerrero-Saade from SentinelOne's SentinelLabs join Dave to discuss their research "Operation Tainted Love | Chi...

Phishing campaign takes the energy out of Chinese nuclear industry.

06 May 2023

Contributed by Lukas

Ryan Robinson from Intezer to discuss his team's work on "Phishing Campaign Targets Chinese Nuclear Energy Industry." The research team discovered act...

HinataBot focuses on DDoS attack.

29 Apr 2023

Contributed by Lukas

This week our guests are, Larry Cashdollar, Chad Seaman and Allen West from Akamai Technologies, and they are discussing their research on "Uncovering...

Don't let the Elon Musk crypto giveaway scam swindle you.

22 Apr 2023

Contributed by Lukas

Shiran Guez from Akamai sits down with Dave to discuss their research on "Chatbots, Celebrities, and Victim Retargeting and Why Crypto Giveaway Scams ...

New Dero cryptojacking operation concentrates on locating Kubernetes.

15 Apr 2023

Contributed by Lukas

Scott Fanning, Senior Director of Product Management, Cloud Security at CrowdStrike, sits down to talk about the first-ever Dero cryptojacking operati...

A dark side to LLMs.

08 Apr 2023

Contributed by Lukas

Sahar Abdelnabi from CISPA Helmholtz Center for Information Security sits down with Dave to discuss their work on "A Comprehensive Analysis of Novel P...

Blackfly flies back again.

01 Apr 2023

Contributed by Lukas

Dick O'Brien from Symantec’s Threat Hunter team discusses their research on "Blackfly - Espionage Group Targets Materials Technology." Researchers...

Popunders are not the good kind of ads.

25 Mar 2023

Contributed by Lukas

On this episode, Jérôme Segura, senior threat researcher at Malwarebytes, shares his team's work, "WordPress sites backdoored with ad fraud plugin."...

ChatGPT grants malicious wishes?

18 Mar 2023

Contributed by Lukas

Bar Block, Threat Intelligence Researcher at Deep Instinct, joins Dave to discuss their work on "ChatGPT and Malware - Making Your Malicious Wishes Co...

Files stolen from a sneaky SymStealer.

11 Mar 2023

Contributed by Lukas

Ron Masas of Imperva discusses their work, the "Google Chrome “SymStealer” Vulnerability. How to Protect Your Files from Being Stolen." By revi...

New exploits are tricking Chrome.

04 Mar 2023

Contributed by Lukas

Dor Zvi, Co-Founder and CEO from Red Access to discuss their work on "New Chrome Exploit Lets Attackers Completely Disable Browser Extensions." A rece...

The next hot AI scam.

25 Feb 2023

Contributed by Lukas

Andy Patel from WithSecure Labs joins with Dave to discuss their study that demonstrates how GPT-3 can be misused through malicious and creative promp...

Implementing and achieving security resilience.

18 Feb 2023

Contributed by Lukas

Wendy Nather from Cisco sits down with Dave to discuss their work on "Cracking the Code to Security Resilience: Lessons from the Latest Cisco Security...

Knocking down the legs of the industrial security triad.

11 Feb 2023

Contributed by Lukas

Pascal Ackerman, OT Security Strategist from Guidepoint Security, joins Dave to discuss his work on discovering a vulnerability in the integrity of co...

Can ransomware turn machines against us?

04 Feb 2023

Contributed by Lukas

Tom Bonner and Eoin Wickens from HiddenLayer's SAI Team to discuss their research on weaponizing machine learning models with ransomware. Researchers ...

Flagging firmware vulnerabilities.

28 Jan 2023

Contributed by Lukas

Roya Gordon from Nozomi Networks sits down with Dave to discuss their research on "Vulnerabilities in BMC Firmware Affect OT/IoT Device Security." Res...

Billbug infests government agencies.

21 Jan 2023

Contributed by Lukas

Brigid O. Gorman from Symantec's Threat Hunter Team joins Dave to discuss their report "Billbug - State-sponsored Actor Targets Cert Authority and Gov...

DUCKTAIL waddles back again.

14 Jan 2023

Contributed by Lukas

Mohammad Kazem Hassan Nejad from WithSecure joins Dave to discuss the team’s research, “DUCKTAIL returns - Underneath the ruffled feathers.” DUC...

Stealer malware from Russia.

07 Jan 2023

Contributed by Lukas

Marisa Atkinson, an analyst from Flashpoint, joins Dave to discuss a new blog post from Flashpoint’s research team about “RisePro” Stealer, m...

Encore: LemonDucks evading detection.

31 Dec 2022

Contributed by Lukas

Scott Fanning from CrowdStrike's research team, joins Dave to discuss their work on "LemonDuck Targets Docker for Cryptomining Operations." LemonDuck ...

Encore: Vulnerabilities in IoT devices.

24 Dec 2022

Contributed by Lukas

Dr. May Wang, CTO of IoT Security at Palo Alto Networks, joins Dave Bittner to discuss their findings detailed in Unit 42's "Know Your Infusion Pump V...

Hijacking holiday spirit with phishing scams.

17 Dec 2022

Contributed by Lukas

Or Katz from Akamai sits down with Dave to discuss research on highly sophisticated phishing scams and how they are abusing holiday sentiment. This pa...

Cybersecurity during the World Cup.

10 Dec 2022

Contributed by Lukas

AJ Nash from ZeroFox sits down with Dave to discuss Cybersecurity threats including social engineering attacks planned surrounding the Qatar 2022 Worl...

Old malware returns in a new way.

03 Dec 2022

Contributed by Lukas

Jeremy Kennelly and Sulian Lebegue from Mandiant sit down with Dave to discuss their research "From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind? O...

Encore: The secrets behind Docker.

26 Nov 2022

Contributed by Lukas

Alon Zahavi from CyberArk, joins Dave Bittner on this episode to discuss CyberArk's work in conjunction with Patch Tuesday. CyberArk published about h...

Another infection with new malware.

19 Nov 2022

Contributed by Lukas

Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The...

An in-depth look on the Crytox ransomware family.

12 Nov 2022

Contributed by Lukas

Deepen Desai from Zscaler sits down with Dave to talk about the Crytox ransomware family. First observed in 2020, Crytox is a ransomware family consis...

Over-the-air 0-day vulnerabilities.

05 Nov 2022

Contributed by Lukas

Roya Gordon from Nozomi Networks sits down with Dave to discuss their work "UWB Real Time Locating Systems: How Secure Radio Communications May Fail i...

Bugs and working from home.

29 Oct 2022

Contributed by Lukas

Federico Kirschbaum from Faraday Security sits down with Dave to discuss their research on "A vulnerability in Realtek's SDK for eCos OS: pwning thous...

New tools target governments in Middle East?

22 Oct 2022

Contributed by Lukas

Dick O'Brien from Symantec's Threat Hunter team sits down with Dave to discuss their work on "Witchetty - Group Uses Updated Toolset in Attacks on Gov...

Noberus ransomware: evolving tactics.

15 Oct 2022

Contributed by Lukas

Brigid O Gorman from Symantec's Threat Hunter team joins Dave to discuss their research on "Noberus Ransomware - Darkside and BlackMatter Successor Co...

Google Drive used for malware?

08 Oct 2022

Contributed by Lukas

Jen Miller-Osborn from Palo Alto Networks' Unit 42 joins Dave to discuss their work on the Cloaked Ursa group, with a recent report released called "R...

Targeting your browser bookmarks?

01 Oct 2022

Contributed by Lukas

David Prefer from SANS sits down with Dave to discuss how a new covert channel exfiltrates data via a browser's built-in bookmark sync. David goes on...

Keeping an eye on RDS vulnerabilities.

24 Sep 2022

Contributed by Lukas

Gafnit Amiga, Director of Security Research from Lightspin, joins Dave to discuss her team's research "AWS RDS Vulnerability Leads to AWS Internal Ser...

An increase in bypassing bot management?

17 Sep 2022

Contributed by Lukas

Sam Crowther, CEO of Kasada join's Dave to discuss their work on "The New Way Fraudsters Bypass Bot Management." Kasada researchers recently discovere...

Evilnum APT returns with new targets.

10 Sep 2022

Contributed by Lukas

Deepen Desai from Zscaler ThreatLabz joins Dave to discuss their work on "Return of the Evilnum APT with updated TTPs and new targets." Zscaler’s Th...

LockBit's contradiction on encryption speed.

03 Sep 2022

Contributed by Lukas

Ryan Kovar from Splunk sits down with Dave to discuss their findings in "Truth in Malvertising?" that contradict the LockBit group's encryption speed ...

How a wide scale Facebook campaign stole 1 million credentials.

27 Aug 2022

Contributed by Lukas

Nick Ascoli from ForeTrace in a partnership with PIXM sits down with Dave to provide insight on their team's work on "Phishing tactics: how a threat ...

Clipminer: Making millions off of malware.

20 Aug 2022

Contributed by Lukas

Dick O'Brien from Symantec, a part of Broadcom Software, joins Dave to discuss how the cyber-criminal operation, Clipminer Botnet, makes operators beh...

Fake job ads and how to spot them.

13 Aug 2022

Contributed by Lukas

Ashley Taylor from SANS.edu, joins Dave to discuss fake job ads and methods to proactively detect these scams. The research shares how job seekers ar...

Iran-linked Lyceum Group adds a new weapon to its arsenal.

06 Aug 2022

Contributed by Lukas

Deepen Desai from Zscaler's ThreatLabz joins Dave to discuss how APTs, like Lyceum Group, create tactics and malware to carry out attacks against thei...

What malicious campaign is lurking under the surface?

30 Jul 2022

Contributed by Lukas

Israel Barak, CISO from Cybereason, sits down with Dave to discuss their research, "Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellec...

Has GOLD SOUTHFIELD resumed operations?

23 Jul 2022

Contributed by Lukas

Rob Pantazopoulos from Secureworks, joins Dave to discuss their work on "REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence." Securew...

A record breaking DDoS attack.

16 Jul 2022

Contributed by Lukas

Chad Seaman, Team Lead at Akamai SIRT joins Dave to discuss their research about a record-breaking DDoS Attack. The research says "A new reflection/am...

Information operations during a war.

09 Jul 2022

Contributed by Lukas

Alden Wahlstrom, senior analyst on Mandiant's Information Operations Team, shares a comprehensive overview and analysis of the various information ope...

Could REvil have a copycat?

02 Jul 2022

Contributed by Lukas

Larry Cashdollar from Akamai, joins Dave to discuss their research on a DDoS campaign claiming to be REvil. The research shares that Akamai's team was...

Lazarus Targets Chemical Sector With 'Dream Job.'

25 Jun 2022

Contributed by Lukas

Alan Neville, a Threat Intelligence Analyst from Symantec Broadcom, joins Dave to discuss their research "Lazarus Targets Chemical Sector." Symantec h...