Research Saturday
Episodes
Dissecting the Spring4Shell vulnerability.
18 Jun 2022
Contributed by Lukas
Edward Wu, senior principal data scientist at ExtraHop, joins Dave to discuss the company's research, "A Technical Analysis of How Spring4Shell Works....
New developments in the WSL attack.
11 Jun 2022
Contributed by Lukas
Danny Adamitis from Lumen's Black Lotus Labs, joins Dave to discuss new developments in the WSL attack surface. Since September 2021, Black Lotus Labs...
LemonDucks evading detection.
04 Jun 2022
Contributed by Lukas
Scott Fanning from CrowdStrike's research team, joins Dave to discuss their work on "LemonDuck Targets Docker for Cryptomining Operations." LemonDuck ...
Compromised military tech?
28 May 2022
Contributed by Lukas
Dick O'Brien from Symantec's threat hunter team, joins Dave to discuss their work on "Stonefly: North Korea-linked spying operation continues to hit h...
AutoWarp bug leads to Automation headaches.
21 May 2022
Contributed by Lukas
Yanir Tsarimi from Orca Security, joins Dave to discuss how researchers have discovered a critical Azure Automation service vulnerability called Auto...
Vulnerabilities in IoT devices.
14 May 2022
Contributed by Lukas
Dr. May Wang, CTO of IoT Security at Palo Alto Networks, joins Dave Bittner to discuss their findings detailed in Unit 42's "Know Your Infusion Pump V...
Vulnerabilities bring in the hackers.
07 May 2022
Contributed by Lukas
Tushar Richabadas from Barracuda joins Dave Bittner to discuss their findings detailed in their "Threat Spotlight: Attacks on Log4Shell vulnerabilitie...
Attackers coming in from the Backdoor?
30 Apr 2022
Contributed by Lukas
Vikram Thakur of Symantec Threat Hunter team joins Dave Bittner to discuss their work on Daxin, a new and the most advanced piece of malware researche...
BABYSHARK is swimming again!
23 Apr 2022
Contributed by Lukas
John Hammond from Huntress joins Dave Bittner on this episode to discuss malware known as BABYSHARK and how it is swimming out for blood once again. H...
A fight to defend Taiwan financial institutions.
16 Apr 2022
Contributed by Lukas
Alan Neville from Symantec/Broadcom joins Dave Bittner on this episode to discuss Antlion, a Chinese state-backed hacker group using custom backdoors ...
The secrets behind Docker.
09 Apr 2022
Contributed by Lukas
Alon Zahavi from CyberArk, joins Dave Bittner on this episode to discuss CyberArk's work in conjunction with Patch Tuesday. CyberArk published about h...
A popular malware scheme and pay-per-install services.
02 Apr 2022
Contributed by Lukas
Guest Michael DeBolt from Intel 471 joins Dave Bittner on this episode to discuss one of the most popular commodity malware loaders on the underground...
The breakdown of Shuckworm's continued cyber attacks against Ukraine.
26 Mar 2022
Contributed by Lukas
Guest Dick O'Brien from Symantec joins Dave Bittner on this episode to discuss how "Shuckworm Continues Cyber-Espionage Attacks Against Ukraine." The ...
Implications of data leaks of sensitive OT information.
19 Mar 2022
Contributed by Lukas
Guest Nathan Brubaker from Mandiant joins Dave Bittner on this episode to discuss Mandiant Threat Intelligence's research: "1 in 7 Ransomware Extortio...
The story of REvil: From origin to beyond.
12 Mar 2022
Contributed by Lukas
Guest Jon DiMaggio, Chief Security Strategist at Analyst1, joins Dave Bittner to discuss his team's research "A History of REvil" that chronicles the ...
An abuse of trust: Potential security issues with open redirects.
05 Mar 2022
Contributed by Lukas
Guest Mike Benjamin, VP of Security Research at Fastly, joins Dave Bittner to talk about the Fastly Security Research Team's work on "Open redirects: ...
Noberus ransomware: Coded in Rust and tailored to victim.
26 Feb 2022
Contributed by Lukas
Guest Dick O'Brien, Principal Editor at Symantec, joins Dave to discuss their team's research, "Noberus: Technical Analysis Shows Sophistication of Ne...
Instagram hijacks all start with a phish.
19 Feb 2022
Contributed by Lukas
Guest Marcelle Lee, Senior Security Researcher and Emerging Threats Lead, from SecureWorks joins Dave to share her team's work on "Ransoms Demanded fo...
SysJoker backdoor masquerades as benign updates.
12 Feb 2022
Contributed by Lukas
Guests Avigayil Mechtinger and Ryan Robinson from Intezer discuss SysJoker malware, a backdoor that targets Windows, Linux and MacOS, Malware targetin...
The persistent and patient nature of advanced threat actors.
05 Feb 2022
Contributed by Lukas
Guest Danny Adamitis from Black Lotus Labs joins Dave to discuss their team's new research "New Konni Campaign Kicks the New Year Off by Targeting Rus...
Use of legitimate tools possibly linked to Seedworm.
29 Jan 2022
Contributed by Lukas
Guest Sylvester Segura from the Symantec Threat Hunter Team joins Dave to discuss their team's work on "Espionage Campaign Targets Telecoms Organizati...
A collaboration stumbles upon threat actor Lyceum.
22 Jan 2022
Contributed by Lukas
Guest Rob Boyce, Accenture's Global Lead for Cyber Incident Response and Transformation Services, joins Dave to discuss joint research done by Accentu...
Keeping APIs on the radar: Evaluating the banking industry.
15 Jan 2022
Contributed by Lukas
This episode features guest Alissa Knight, former hacker and partner at Knight Ink, along with Karl Mattson, CISO from Noname Security, discussing fin...
The rise of Karakurt Hacking Team.
08 Jan 2022
Contributed by Lukas
Guest Rob Boyce, Accenture's Global Lead for Cyber Incident Response and Transformation Services, joins Dave to discuss their research "Karakurt rises...
Encore: When big ransomware goes away, where should affiliates go?
01 Jan 2022
Contributed by Lukas
Our guest Doel Santos, Threat Research Analyst at Palo Alto Networks, joins Dave Bittner to talk about Unit 42's work on "Ransomware Groups to Watch: ...
CyberWire Pro Research Briefing from 12/21/2021.
25 Dec 2021
Contributed by Lukas
Enjoy a peek into CyberWire Pro's Research Briefing as the team is off taking our long winter's nap. This is the spoken edition of our weekly Research...
Discovering ChaosDB, a critical vulnerability in the CosmosDB.
18 Dec 2021
Contributed by Lukas
Guests Sagi Tzadik and Nir Ohfeld of cloud security company Wiz join Dave to discuss their research "ChaosDB: How we hacked thousands of Azure custome...
FIN7 repositioning focus into ransomware.
11 Dec 2021
Contributed by Lukas
Guest Ilya Volovik, Team Lead of Cyber Intelligence at Gemini Advisory, discusses his team's work on "FIN7 Recruits Talent For Push Into Ransomware." ...
Getting in and getting out with SnapMC.
04 Dec 2021
Contributed by Lukas
Guest Christo Butcher of NCC Group's Research and Intelligence Fusion Team discusses their research into a cybercriminal group they dubbed SnapMC. For...
CyberWire Pro Research Briefing from 11/23/2021
27 Nov 2021
Contributed by Lukas
Enjoy a peek into CyberWire Pro's Research Briefing as the team is off recovering from our Thanksgiving feasts. This is the spoken edition of our week...
Using bidirectionality override characters to obscure code.
20 Nov 2021
Contributed by Lukas
Guests Nicholas Boucher and Ross Anderson from the University of Cambridge join Dave Bittner to discuss their research, "Trojan Source: Invisible Vuln...
A glimpse into TeamTNT.
13 Nov 2021
Contributed by Lukas
Senior Intelligence Researcher at Anomali, Tara Gould, joins Dave to discuss their team's work on "Inside TeamTNT’s Impressive Arsenal: A Look Into ...
An incident response reveals itself as GhostShell tool, ShellClient.
06 Nov 2021
Contributed by Lukas
Guest Mor Levi, Vice President of Cyber Practices from Cybereason, joins Dave Bittner to discuss her team's work on "Operation GhostShell - Novel RAT ...
Malware sometimes changes its behavior.
30 Oct 2021
Contributed by Lukas
Dr. Tudor Dumitras from University of Maryland joins Dave Bittner to share a research study conducted in collaboration with industry partners from Fa...
When big ransomware goes away, where should affiliates go?
23 Oct 2021
Contributed by Lukas
Our guest Doel Santos, Threat Research Analyst at Palo Alto Networks, joins Dave Bittner to talk about Unit 42's work on "Ransomware Groups to Watch: ...
Groove Gang making a name for themselves.
16 Oct 2021
Contributed by Lukas
Guest Michael DeBolt, Chief Intelligence Officer from Intel471, joins Dave Bittner to discuss their work on "How Groove Gang is shaking up the Ransomw...
Taking a closer look at UNC1151.
09 Oct 2021
Contributed by Lukas
Matt Stafford, Senior Threat Intelligence Researcher, from Prevailion joins Dave to talk about their work on "Diving Deep into UNC1151’s Infrastruct...
IoT security and the need for randomness.
02 Oct 2021
Contributed by Lukas
Dan Petro, Lead Researcher, and Allan Cecil, Security Consultant, from Bishop Fox join Dave to share their research "You're Doing IoT RNG," that they ...
Vulnerabilities in the public cloud.
25 Sep 2021
Contributed by Lukas
Guest Ariel Zelivansky, Senior Manager of Security Research at Palo Alto Networks, joins Dave to discuss Unit 42's work on the first cross-account con...
An IoT educational exercise reveals a far-reaching vulnerability.
18 Sep 2021
Contributed by Lukas
Guest Jake Valletta, Director of Professional Services at Mandiant, joins Dave to talk about the critical vulnerability Mandiant disclosed that affect...
A Google Chrome update that just didn't feel right.
11 Sep 2021
Contributed by Lukas
Guest Jon Hencinski from Expel joins Dave Bittner to discuss his team's recent work on "Expel SOC Stops Ransomware Attack Aimed at WordPress CMS via D...
Like a computer network but for physical objects.
04 Sep 2021
Contributed by Lukas
Guest Ben Seri, Armis' VP of Research, joins Dave to talk about a set of remote code execution (RCE) vulnerabilities in the pneumatic tube system of S...
Joker malware family: not a joke for Google Play.
28 Aug 2021
Contributed by Lukas
Guest Deepen Desai, Zscaler's Chief Information Security Officer and VP Security Research & Operations, joins Dave to discuss their ThreatLabz team's ...
Exploring vulnerabilities of off-the-shelf software.
21 Aug 2021
Contributed by Lukas
Guest Tomislav Peričin, Reversing Labs' Chief Software Architect and Co-Founder, joins Dave to discuss his team's research that addresses the importa...
You can add new features, just secure the old stuff first.
14 Aug 2021
Contributed by Lukas
Guests Will Schroeder and Lee Christensen from SpecterOps join Dave to share the research they recently presented at Black Hat USA on the security of ...
SideCopy malware campaigns expand and evolve.
07 Aug 2021
Contributed by Lukas
Guest Asheer Malhotra, Threat Researcher of Cisco Talos Intelligence Group, joins Dave to discuss his team's research "InSideCopy: How this APT contin...
China's influence grows through Digital Silk Road Initiative.
31 Jul 2021
Contributed by Lukas
Guest Charity Wright, Cyber Threat Intelligence Expert in Recorded Future's Insikt Group, joins Dave to discuss her research "China’s Digital Coloni...
Free malware with cracked software.
24 Jul 2021
Contributed by Lukas
Guest Christopher Budd, Senior Global Threat Communications Manager at Avast, joins Dave to talk about some research his team did when they looked int...
Enabling connectivity enables exposures.
17 Jul 2021
Contributed by Lukas
Guest Nathan Howe, Vice President of Emerging Technology at Zscaler, joins Dave to discuss his team's work, "2021 “Exposed” Report Reveals Corpora...
Dealing illicit goods on encrypted chat apps.
10 Jul 2021
Contributed by Lukas
Guest Daniel Kats, Senior Principal Research Engineer at NortonLifeLock, joins Dave to discuss his team's work, "Encrypted Chat Apps Doubling as Illeg...
Malware in pirated Windows installation files.
03 Jul 2021
Contributed by Lukas
Guest Tom Roter from Minera Labs joins Dave to discuss his team research: "Rigging a Windows Installation." It is common knowledge that pirated softwa...
Exhibiting advanced APT-like behavior.
26 Jun 2021
Contributed by Lukas
Guest Yonatan Striem-Amit joins Dave to talk about Cybereason's research "Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities." The Cybereas...
Primitive Bear spearphishes for Ukrainian entities.
19 Jun 2021
Contributed by Lukas
Guests Gage Mele and Yury Polozov join Dave to talk about Anomali's research "Primitive Bear (Gamaredon) Targets Ukraine with Timely Themes." Anomali ...
Taking a look behind the Science of Security.
12 Jun 2021
Contributed by Lukas
Guest Adam Tagert is a Science of Security (SoS) Researcher in the National Security Agency Research Directorate. The National Security Agency (NSA) s...
Bad building blocks: a new and unusual phishing campaign.
05 Jun 2021
Contributed by Lukas
Guest Karl Sigler of Trustwave's SpiderLabs joins Dave Bittner to talk about their research: "Hidden Phishing at Free JavaScript Site". The research d...
EtterSilent: a popular, versatile maldoc builder.
29 May 2021
Contributed by Lukas
Guest Brandon Hoffman of Intel 471 joins Dave Bittner to share his team's research "EtterSilent: the underground’s new favorite maldoc builder". The...
Leveraging COVID-19 themes for malicious purposes.
22 May 2021
Contributed by Lukas
Guest Joe Slowik joins us from DomainTools to discuss his team's research "COVID-19 Phishing With a Side of Cobalt Strike." Multiple adversaries, from...
Jack Voltaic: critical infrastructure resiliency project, not a person.
15 May 2021
Contributed by Lukas
Guest LTC Erica Mitchell from Army Cyber Institute joins us to talk about their infrastructure resiliency research project called Jack Voltaic. The Ar...
SUPERNOVA activity and its possible connection to SPIRAL threat group.
08 May 2021
Contributed by Lukas
Guest Mike McLellan from Secureworks joins us to share his team's insights about SUPERNOVA and threat group attribution. Similarities between the SUPE...
A snapshot of the ransomware threat landscape.
01 May 2021
Contributed by Lukas
Guest Jen Miller-Osborn from Palo Alto Networks' Unit 42 joins Dave to discuss their 2021 Unit 42 Ransomware Threat Report, which highlights a surge i...
Bulletproof hosting (BPH) and how it powers cybercrime.
24 Apr 2021
Contributed by Lukas
Guest Jason Passwaters of Intel 471 joins us to discuss his team's research into bulletproof hosting (BPH). The research team at Intel 471 defined wha...
Social engineering: MINEBRIDGE RAT embedded to look like job résumés.
17 Apr 2021
Contributed by Lukas
Guest Deepen Desai joins Dave to talk about Zsaler's research "Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures." In Jan 2021, ...
Strategic titles point to something more than a commodity campaign.
10 Apr 2021
Contributed by Lukas
Guests Gage Mele, Winston Marydasan, and Yury Polozov from Anomali join Dave to discuss their research into Static Kitten targeting government agencie...
Ezuri: Regenerating a different kind of target.
03 Apr 2021
Contributed by Lukas
Guests Fernando Martinez and Tom Hegel from AT&T Alien Labs join Dave to discuss their team's research "Malware using new Ezuri memory loader." Multip...
How are we doing in the industrial sector?
27 Mar 2021
Contributed by Lukas
Guest Sergio Caltagirone from Dragos joins us to take us through their 2020 ICS Cybersecurity Year in Review report. Dragos's annual ICS Year in Revie...
BendyBear: difficult to detect and downloader of malicious payloads.
20 Mar 2021
Contributed by Lukas
Guest Jen Miller-Osborn from Palo Alto Networks' Unit 42 joins us to discuss their research into BendyBear. Highly malleable, highly sophisticated and...
Keeping data confidential with fully homomorphic encryption.
13 Mar 2021
Contributed by Lukas
Guest Dr. Rosario Cammarota from Intel Labs joins us to discuss confidential computing. Confidential computing provides a secure platform for multiple...
Diving deep into North Korea's APT37 tool kit.
06 Mar 2021
Contributed by Lukas
Guest Hossein Jazi of Malwarebytes joins us to take a deep dive into North Korea's APT37 (aka ScarCruft, Reaper and Group123) toolkit. On December 7 2...
Shining a light on China's cyber underground.
27 Feb 2021
Contributed by Lukas
Guest Maurits Lucas from Intel471 joins us to discuss his team's research into cybercrime in China. Data from Intel 471 show that the Chinese cybercri...
Attackers (ab)using Google Chrome.
20 Feb 2021
Contributed by Lukas
Guest Bojan Zdrnja of Infigo IS and a certified instructor at SANS Institute shares an incident he discovered where attackers were using a pretty nove...
Using the human body as a wire-like communication channel.
13 Feb 2021
Contributed by Lukas
Guest Dr. Shreyas Sen, a Perdue University associate professor of electrical and computer engineering, joins us to discuss the following scenario:. In...
"Follow the money" the cybersecurity way.
06 Feb 2021
Contributed by Lukas
Guest Joe Slowik joins us from Domain Tools to share their research "Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activit...
The Kimsuky group from North Korea expands spyware, malware and infrastructure.
30 Jan 2021
Contributed by Lukas
Guest Yonatan Striem-Amit joins us from Cybereason to share their Nocturnus Team research into Kimsuky. The Cybereason Nocturnus Team has been trackin...
Trickbot may be down, but can we count it out?
23 Jan 2021
Contributed by Lukas
Guest Mark Arena from Intel471 joins us to discuss his team's research into Trickbot and its evolution from a banking trojan to a long-standing, most ...
Manufacturing sector is increasingly a target for adversaries.
16 Jan 2021
Contributed by Lukas
Guest Selena Larson, senior cyber threat analyst at Dragos, Inc., joins us to discuss their research into recent observations of ICS-targeting threats...
Emotet reemerges and becomes one of most prolific threat groups out there.
09 Jan 2021
Contributed by Lukas
Deep Instinct's Shimon Oren joins us to talk about his team's research on "Why Emotet's latest wave is harder to catch than ever before - Part 2." Emo...
Encore: Unpacking the Malvertising Ecosystem. [Research Saturday]
02 Jan 2021
Contributed by Lukas
Researchers at Cisco's Talos Unit recently published research exploring the tactics, technics and procedures of the global malvertising ecosystem. Cra...
Encore: Seedworm digs Middle East intelligence. [Research Saturday]
26 Dec 2020
Contributed by Lukas
Researchers at Symantec have been tracking Seedworm, a cyber espionage group targeting the Middle East as well as Europe and North America. The threat...
Advertising Software Development Kit (SDK): serving up more than just in-app ads and logging sensitive data.
19 Dec 2020
Contributed by Lukas
On August 24, 2020, Snyk announced the discovery of suspicious behaviors in the iOS version of a popular advertising SDK known as Mintegral. At that t...
Following DOJ indictment, a look back on NotPetya and Olympic Destroyer research.
12 Dec 2020
Contributed by Lukas
From US Department of Justice: "On Oct. 15, 2020, a federal grand jury in Pittsburgh returned an indictment charging six computer hackers, all of whom...
SSL-based threats remain prevalent and are becoming increasingly sophisticated.
05 Dec 2020
Contributed by Lukas
While SSL/TLS encryption is the industry standard for protecting data in transit from prying eyes, encryption has, itself, become a threat. It is ofte...
Encore: Using global events as lures for malicious activity.
28 Nov 2020
Contributed by Lukas
The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the use...
Misconfigured identity and access management (IAM) is much more widespread.
21 Nov 2020
Contributed by Lukas
Identity and access are intrinsically connected when providing security to cloud platforms. But security is only effective when environments are prope...
That first CVE was a fun find, for sure.
14 Nov 2020
Contributed by Lukas
In the late 90s, hackers who discovered vulnerabilities would sometimes send an email to Bugtraq with details. Bugtraq was a notification system used ...
PoetRAT: a complete lack of operational security.
07 Nov 2020
Contributed by Lukas
Cisco Talos discovered PoetRAT earlier this year. Since then, they observed multiple new campaigns indicating a change in the actor's capabilities and...
Leveraging for a bigger objective.
31 Oct 2020
Contributed by Lukas
The U.S. government has charged seven men in relation to hundreds of cyber attacks against organizations in the U.S. and multiple other countries in A...
The Malware Mash!
30 Oct 2020
Contributed by Lukas
Learn more about your ad choices. Visit megaphone.fm/adchoices
Just saying there are attacks is not enough.
24 Oct 2020
Contributed by Lukas
Ben-Gurion University researchers have developed a new artificial intelligence technique that will protect medical devices from malicious operating in...
Intentionally not drawing attention.
17 Oct 2020
Contributed by Lukas
Bitdefender researchers recently uncovered a sophisticated APT-style attack targeting an international architectural and video production company. The...
It's still possible to find ways to break out.
10 Oct 2020
Contributed by Lukas
Containers offer speed, performance, and portability, but do they actually contain? While they try their best, the shared kernel is a disturbing attac...
Smaug: Ransomware-as-a-service drag(s)on.
03 Oct 2020
Contributed by Lukas
Threat actors and cybercriminals that don’t have the ability to develop their own ransomware for malicious campaigns can turn to the Smaug Ransomwar...
What came first, the Golden Chickens or more_eggs?
26 Sep 2020
Contributed by Lukas
Throughout March and April, QuoIntelligence (QuoINT) observed four attacks (i.e. sightings) utilizing various tools from the Golden Chickens (GC) Malw...
Election 2020: What to expect when we are electing.
19 Sep 2020
Contributed by Lukas
After the 2016 General Election, the talk was all around foreign meddling. Rumors swirled that some votes may have been changed or influenced by state...
Leveraging legitimate tools.
12 Sep 2020
Contributed by Lukas
Researchers at Symantec spotted a Sodinokibi targeted ransomware campaign in which the attackers are also scanning the networks of some victims for cr...
Going after the most valuable data.
05 Sep 2020
Contributed by Lukas
A look at the realities of ransomware from Sophos, including an industry-first detailed look at new detection evasion techniques in WastedLocker ranso...
They fooled a lot of people.
29 Aug 2020
Contributed by Lukas
Docker containers have been gaining popularity over the past few years as an effective way of packaging software applications. Docker Hub provides a s...
Using global events as lures.
22 Aug 2020
Contributed by Lukas
The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the use...
Waiting for their victims.
15 Aug 2020
Contributed by Lukas
Bitdefender researchers have recently found the APT group StrongPity has been targeting victims in Turkey and Syria. Using watering hole tactics to se...
Like anything these days, you have to disinfect it first.
08 Aug 2020
Contributed by Lukas
“Cyberbunker” refers to a criminal group that operated a “bulletproof” hosting facility out of an actual military bunker. “Bullet Proof” h...
Detecting Twitter bots in real time.
01 Aug 2020
Contributed by Lukas
NortonLifeLock Research Group (NRG) released a prototype browser extension called BotSight that leverages machine learning to detect Twitter bots in r...