Research Saturday
Episodes
It was only a matter of time.
25 Jul 2020
Contributed by Lukas
On April 29, 2020, the Salt management framework, authored by the IT automation company SaltStack, received a patch concerning two CVEs; CVE-2020-1165...
Every time we get smarter, the bad guy changes something.
18 Jul 2020
Contributed by Lukas
Researchers at Symantec identified and alerted customers to a string of attacks against U.S. companies by attackers attempting to deploy the WastedLoc...
Are you running what you think you're running?
11 Jul 2020
Contributed by Lukas
Built into virtually every hardware device, firmware is lower-level software that is programmed to ensure that hardware functions properly. As softwar...
Enter the RAT.
27 Jun 2020
Contributed by Lukas
A new report examines how five related APT groups operating in the interest of the Chinese government have systematically targeted Linux servers, Wind...
Click here to update your webhook.
20 Jun 2020
Contributed by Lukas
Slack is a cloud-based messaging platform that is commonly used in workplace communications. Slack Incoming Webhooks allow you to post messages from y...
The value of the why and the who.
13 Jun 2020
Contributed by Lukas
Proactive, efficient threat mitigation and risk management require understanding adversaries’ fundamental thought processes, not just their tools an...
Due diligence cannot be done as a one-off.
06 Jun 2020
Contributed by Lukas
Earlier this year, a Virgin Media database containing the personal details of 900,000 people was discovered to be unsecured and accessible online for ...
Twofold snooping venture.
30 May 2020
Contributed by Lukas
Working with many different honeypot implementations, a security researcher did an experiment expanding on that setting up a simple docker image with ...
Naming and shaming is the worst thing we can do.
23 May 2020
Contributed by Lukas
In December 2019, the GOLD VILLAGE threat group that operates the Maze ransomware created a public website to name and shame victims. The threat actor...
Gangnam Industrial Style APT campaign targets South Korea.
16 May 2020
Contributed by Lukas
Section 52, CyberX’s threat intelligence team, has uncovered an ongoing industrial cyberespionage campaign targeting hundreds of manufacturing and o...
The U.S. campaign trail is actually quite secure.
09 May 2020
Contributed by Lukas
Multiple media reports have indicated that the United States’ (U.S.) 2020 general election could be targeted by foreign and domestic actors after th...
Fingerprint authentication is not completely secure.
02 May 2020
Contributed by Lukas
Passwords are the traditional authentication methods for computers and networks. But passwords can be stolen. Biometric authentication seems the perfe...
Contact tracing as COVID-19 aid.
25 Apr 2020
Contributed by Lukas
Successful containment of the Coronavirus pandemic rests on the ability to quickly and reliably identify those who have been in close proximity to a c...
How low can they go? A spike in Coronavirus phishing.
18 Apr 2020
Contributed by Lukas
As much of the world grapples with the new coronavirus, COVID-19, and how to handle it, attackers are taking advantage of the widespread discussion of...
Profiling an audacious Nigerian cybercriminal.
11 Apr 2020
Contributed by Lukas
By day, he is Dton, an upstanding Nigerian citizen. He believes in professionalism, hard work and excellence. He’s a leader, a content creator, an e...
A rough year ahead for ransomware attacks - and how to stop them.
04 Apr 2020
Contributed by Lukas
2020 is shaping up to be a rough year. Ransomware attacks will continue to grow as cybercriminals get more sophisticated in their methods and expand t...
Hidden dangers inside Windows and LINUX computers.
28 Mar 2020
Contributed by Lukas
Eclypsium has issued a study that suggests the prevalence of “unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers...
The security implications of cloud infrastructure in IoT.
21 Mar 2020
Contributed by Lukas
Cloud computing is now at the center of nearly every business strategy. But, as with the rapid adoption of any new technology, growing pains persist. ...
TLS is here to stay.
14 Mar 2020
Contributed by Lukas
As websites and apps more widely adopt TLS (Transport Layer Security) and communicate over HTTPS connections, unencrypted traffic may draw even more a...
Overworked developers write vulnerable software.
07 Mar 2020
Contributed by Lukas
Why do some developers and development teams write more secure code than others? Software is written by people, either alone or in teams. Ultimately s...
Application tracking in Wacom tablets.
29 Feb 2020
Contributed by Lukas
Today's Research Saturday features our conversation with Robert Heaton, a software engineer with Stripe who penned a blog post about his disappointing...
New vulnerabilities in PC sound cards.
22 Feb 2020
Contributed by Lukas
SafeBreach Labs discovered a new vulnerability in the Realtek HD Audio Driver Package, which is deployed on PCs containing Realtek sound cards. On t...
If you can't detect it, you can't steal it.
15 Feb 2020
Contributed by Lukas
BGN Technologies, the technology transfer company of Ben-Gurion University (BGU) of the Negev, Israel, is introducing the first all-optical “stealth...
The Chameleon attacks Online Social Networks.
08 Feb 2020
Contributed by Lukas
The Chameleon attack technique is a new type of OSN-based trickery where malicious posts and profiles change the way they are displayed to OSN users t...
Tracking one of China's hidden hacking groups.
01 Feb 2020
Contributed by Lukas
Operation Wocao (我操, “Wǒ cāo”, is a Chinese curse word) is the name that Fox-IT uses to describe the hacking activities of a Chinese based ...
Know Thine Enemy - Identifying North American Cyber Threats.
25 Jan 2020
Contributed by Lukas
The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) ...
Clever breaches demonstrate IoT security gaps.
18 Jan 2020
Contributed by Lukas
Some of our favorite and most trusted IoT devices help make us feel secure in our homes. From garage door openers to the locks on our front doors, we ...
Profiling the Linken Sphere anti-detection browser.
11 Jan 2020
Contributed by Lukas
Multiple e-commerce and financial organizations around the world are targeted by cybercriminals attempting to bypass or disable their security mechani...
A Jira vulnerability that’s leaking data in the public cloud.
02 Jan 2020
Contributed by Lukas
Unit 42 (the Palo Alto Networks threat intelligence team) released new research on a Jira vulnerability that’s leaking data of technology, industria...
Inside Magecart and Genesis.
21 Dec 2019
Contributed by Lukas
Dan Woods is VP of the intelligence center and Shape Security. He shares insights on two noteworthy attacks tools, Genesis and Magecart. Before joinin...
WAV files carry malicious data payloads.
14 Dec 2019
Contributed by Lukas
Researchers at BlackBerry Cylance have been tracking ordinary WAV audio files being used to carry hidden malicious data used by threat actors. Eric ...
Targeting routers to hit gaming servers.
07 Dec 2019
Contributed by Lukas
Researchers at Palo Alto Networks' Unit 42 recently published research outlining attacks on home and small-business routers, taking advantage of known...
Mustang Panda leverages Windows shortcut files.
23 Nov 2019
Contributed by Lukas
Researchers at Anomali have been tracking China-based threat group, Mustang Panda, believing them to be responsible for attacks making clever use of W...
Sodinokibi aka REvil connections to GandCrab.
16 Nov 2019
Contributed by Lukas
Researchers at McAfee's Advanced Threat Research Team have been analyzing Sodinokibi ransomware as a service, also known as REvil. John Fokker is hea...
Monitoring the growing sophistication of PKPLUG.
09 Nov 2019
Contributed by Lukas
Researchers from Palo Alto Networks' Unit 42 have been tracking a Chinese cyber espionage group they've named PKPLUG. The group mainly targets victims...
Usable security is a delicate balance.
02 Nov 2019
Contributed by Lukas
Until recently, usability was often an afterthought when developing security tools. These days there's growing realization that usability is a fundame...
Masad Steals via Social Media.
26 Oct 2019
Contributed by Lukas
Researchers at Juniper Networks have been tracking a trojan they call Masad Stealer, which uses the Telegram instant messaging platform for part it it...
Hoping for SOHO security.
19 Oct 2019
Contributed by Lukas
Researchers at Independent Security Evaluators (ISE) recently published a report titled SOHOpelessly Broken 2.0, Security Vulnerabilities in Network ...
Decrypting ransomware for good.
12 Oct 2019
Contributed by Lukas
Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of rans...
The fuzzy boundaries of APT41.
05 Oct 2019
Contributed by Lukas
Researchers at FireEye recently released a report detailing the activities of APT41, a Chinese cyber threat group notable for the range of tools they ...
Focusing on Autumn Aperture.
28 Sep 2019
Contributed by Lukas
Researchers at Prevalion have been tracking a malware campaign making use of antiquated file formats and social engineering to target specific groups....
Leaky guest networks and covert channels.
21 Sep 2019
Contributed by Lukas
Many users of inexpensive internet routers use guest network functionality to help secure their home networks. Researchers at Ben Gurion University ha...
Bluetooth blues: KNOB attack explained.
14 Sep 2019
Contributed by Lukas
A team of researchers have published a report titled, "KNOB Attack. Key Negotiation of Bluetooth Attack: Breaking Bluetooth Security." The report outl...
VOIP phone system harbors decade-old vulnerability.
07 Sep 2019
Contributed by Lukas
Researchers at McAfee's Advanced Threat Research Team recently published the results of their investigation into a popular VOIP system, where they dis...
Emotet's updated business model.
31 Aug 2019
Contributed by Lukas
The Emotet malware came on the scene in 2014 as a banking trojan and has since evolved in sophistication and shifted its business model. Researchers a...
Gift card bots evolve and adapt.
24 Aug 2019
Contributed by Lukas
Researchers at Distil Networks have been tracking online bots targeting ecommerce gift card systems of major online retailers. The threat actors show ...
Detecting dating profile fraud.
17 Aug 2019
Contributed by Lukas
Researchers from King’s College London, University of Bristol, Boston University, and University of Melbourne recently collaborated to publish a rep...
Unpacking the Malvertising Ecosystem.
10 Aug 2019
Contributed by Lukas
Researchers at Cisco's Talos Unit recently published research exploring the tactics, technics and procedures of the global malvertising ecosystem. Cra...
Package manager repository malware detection.
03 Aug 2019
Contributed by Lukas
Researchers at Reversing Labs have been tracking malware hidden in software package manager repositories, and it's use as a supply chain attack vector...
Day to day app fraud in the Google Play store.
27 Jul 2019
Contributed by Lukas
Researchers at bot mitigation firm White Ops have been tracking fraudulent apps in the Google Play store. These apps often imitate legitimate apps, ev...
Nansh0u not your normal cryptominer.
20 Jul 2019
Contributed by Lukas
Researchers at Guardicore Labs have been tracking an unusual cryptominer that seems to be based in China and is targeting Windows MS-SQL and phpMyAdm...
Opportunistic botnets round up vulnerable routers.
13 Jul 2019
Contributed by Lukas
Researchers at Netscout's ASERT Team have been tracking the growth of botnets originating in Egypt and targeting routers in South Africa. The payload ...
Giving everyone a stake in the success of Open Source implementation.
29 Jun 2019
Contributed by Lukas
Synopsys recently published the 2019 edition of their Open Source Security and Risk Analysis (OSSRA) Report, providing an in-depth look at the state ...
Middleboxes may be meddling with TLS connections.
22 Jun 2019
Contributed by Lukas
Researchers at Cloudflare have been examining HTTPS interception, a technique that weakens security, and have developed tools to help detect it. Nic...
Apps on third-party Android store carry unwelcome code.
15 Jun 2019
Contributed by Lukas
Researchers at Zscaler have been tracking look-alike apps in third-party Android app stores that carry malicious code. Deepen Desai is VP of security ...
Xwo scans for default credentials and exposed web services.
08 Jun 2019
Contributed by Lukas
Researchers at AT&T Alien Labs have been tracking a new malware family they've named "Xwo" that's scanning systems for default credentials and vulnera...
Blockchain bandits plunder weak wallets.
01 Jun 2019
Contributed by Lukas
Adrian Bednarek is a senior research analyst at Independent Security Evaluators. He and his colleagues looked at weak private cryptocurrency keys on t...
A fresh look at GOSSIPGIRL and the Supra Threat Actors.
25 May 2019
Contributed by Lukas
Chronicle researchers Juan Andres Guerrero Saade and Silas Cutler recently published research tracking the development of the Stuxnet family of malwar...
Elfin APT group targets Middle East energy sector.
18 May 2019
Contributed by Lukas
Researchers at Symantec have been tracking an espionage group known as Elfin (aka APT 33) that has targeted dozens of organizations over the past thre...
Steganography enables sophisticated OceanLotus payloads.
11 May 2019
Contributed by Lukas
Researchers at Blackberry Cylance have been tracking payload obfuscation techniques employed by OceanLotus (APT32), specifically steganography used to...
Sea Turtle state-sponsored DNS hijacking.
04 May 2019
Contributed by Lukas
Researchers at Cisco Talos have been tracking what they believe is a state-sponsored attack on DNS systems, targeting the Middle East and North Africa...
Deep Learning threatens 3D medical imaging integrity.
27 Apr 2019
Contributed by Lukas
Researchers at Ben Gurion University in Israel have developed techniques to infiltrate medical imaging system networks and alter 3D medical scans with...
Undetectable vote manipulation in SwissPost e-voting system.
20 Apr 2019
Contributed by Lukas
Researchers have discovered a number of vulnerabilities in the SwissPost e-vote system which could allow undetectable manipulation of votes. Dr Vane...
Establishing software root of trust unconditionally.
13 Apr 2019
Contributed by Lukas
Researchers at Carnegie Mellon University's CyLab Security and Privacy Institute claim to have made an important breakthrough in establishing root of ...
Lessons learned from Ukraine elections.
06 Apr 2019
Contributed by Lukas
Joep Gommers from EclecticIQ joins us to share their research tracking the information operations and and security methods they've been tracking that ...
Alarming vulnerabilities in automotive security systems.
30 Mar 2019
Contributed by Lukas
Researchers at Pen Test Partners recently examined a variety of third-party automotive security systems and found serious security issues, potentially...
Ryuk ransomware relationship revelations.
23 Mar 2019
Contributed by Lukas
Investigators from McAfee's advanced threat research unit, working with partners at Coveware, have reevaluated hasty attributions of Ryuk ransomware t...
ThinkPHP exploit from Asia-Pacific region goes global.
16 Mar 2019
Contributed by Lukas
Akamai's Larry Cashdollar joins us to describe an exploit he recently came across while researching MageCart incidents. It's a remote command executio...
Job-seeker exposes banking network to Lazurus Group.
09 Mar 2019
Contributed by Lukas
Vitali Kremez is a Director of Research at Flashpoint. His team discovered that the recently disclosed intrusion suffered in December 2018 by Chilean ...
Fake Fortnite app scams infect gamers.
02 Mar 2019
Contributed by Lukas
Researchers at Zscaler have been tracking a variety fake versions of the popular Fortnite game on the Google Play store, along with associated scams. ...
Rosneft suspicions shift from espionage to business email compromise.
23 Feb 2019
Contributed by Lukas
Researchers at security firm Cylance have been tracking a threat group targeting the Rosneft Russian oil company. As Cylance uncovered details, suspic...
Seedworm digs Middle East intelligence.
16 Feb 2019
Contributed by Lukas
Researchers at Symantec have been tracking Seedworm, a cyber espionage group targeting the Middle East as well as Europe and North America. The threat...
Trends and tips for cloud security.
09 Feb 2019
Contributed by Lukas
The team at Palo Alto Networks' Unit 42 recently published research tracking trends in how organizations are addressing cloud security, along with tip...
Online underground markets in the Middle East.
02 Feb 2019
Contributed by Lukas
Researchers at Trend Micro recently published their look inside online underground marketplaces in the Middle East and North Africa, where criminals a...
Amplification bots and how to detect them.
26 Jan 2019
Contributed by Lukas
Researchers from Duo Security have been analyzing the behavior of Twitter bots in a series of posts on their web site. Their most recent dive into the...
Luring IoT botnets to the honeypot.
19 Jan 2019
Contributed by Lukas
Researchers from Netscout's ASERT team have been making use of honeypots to gather information on rapidly evolving IoT botnets that take advantage of ...
Magecart payment card theft analysis.
12 Jan 2019
Contributed by Lukas
Researchers at RiskIQ have been tracking a series of web-based credit card skimmers known as Magecart. We take a closer look at attacks on Ticketmaste...
NOKKI, Reaper and DOGCALL target Russians and Cambodians.
05 Jan 2019
Contributed by Lukas
Researchers from Unit 42 at Palo Alto Networks have discovered an interesting relationship between the NOKKI and DOGCALL malware families, as well as ...
Apple Device Enrollment Program vulnerabilities explored.
22 Dec 2018
Contributed by Lukas
Researchers at Duo Security have been looking into Apple's Device Enrollment Program (DEM) and have discovered vulnerabilities that could expose users...
The Sony hack and the perils of attribution.
15 Dec 2018
Contributed by Lukas
Researchers at Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that occurred while the facts were still unfold...
Operation Red Signature targets South Korean supply chain.
08 Dec 2018
Contributed by Lukas
Researchers at Trend Micro uncovered a supply chain attack targeting organizations in South Korea. With the goal of information theft, attackers compr...
Getting an education on Cobalt Dickens.
01 Dec 2018
Contributed by Lukas
Researchers from Secureworks' Counter Threat Unit have been tracking a threat group spoofing login pages for universities. Evidence suggests the Irani...
Doubling down on Cobalt Group activity.
17 Nov 2018
Contributed by Lukas
The NETSCOUT Arbor ASERT team has been tracking Cobalt Group campaigns targeting financial institutions. Richard Hummel is manager of threat intellig...
Establishing international norms in cyberspace.
10 Nov 2018
Contributed by Lukas
Joseph Nye is former dean of the Harvard Kennedy School of Government. He served as Chair of the National Intelligence Council, and as Assistant Secre...
Election protection.
03 Nov 2018
Contributed by Lukas
Symantec technical director Vikram Thakur returns to share his team's look at threat groups APT 28 and APT 29, the influence they had on the 2016 elec...
Faxploitation.
27 Oct 2018
Contributed by Lukas
Researchers at security firm Check Point Software Technologies explored the possibility of exploiting old, complex fax protocols to gain access to mod...
Stormy weather in the Office 365 cloud.
20 Oct 2018
Contributed by Lukas
Security firm Lastline recently took a close look at threats to the Office 365 cloud environment, taking advantage of the insights they gain protectin...
Driving GPS manipulation.
13 Oct 2018
Contributed by Lukas
Researchers at Virginia Tech investigate possible ways to manipulate GPS signals and send drivers to specific locations without their knowledge. Ga...
Cryptojacking criminal capers continue.
06 Oct 2018
Contributed by Lukas
Researchers at Palo Alto Networks' Unit 42 have been tracking the rise of cryptocurrency mining operations run by criminal groups around the world. Ry...
Sophisticated FIN7 criminal group hits payment card data.
29 Sep 2018
Contributed by Lukas
Researchers at security firm FireEye have been tracking malicious actors they call FIN7, a group which targets payment card data in the hospitality in...
ICS honeypots attract sophisticated snoops.
22 Sep 2018
Contributed by Lukas
Researchers at security firm Cybereason recently set up online honeypots to attract adversaries interested in industrial control system environments. ...
Android device eavesdropping investigation.
15 Sep 2018
Contributed by Lukas
A team of researchers from Northeastern University and UC Santa Barbara examined over 17,000 Android apps, and revealed a number of alarming privacy r...
Leafminer espionage digs the Middle East.
08 Sep 2018
Contributed by Lukas
Researchers at Symantec recently published their findings on an active attack group named Leafminer that's targeting government organizations and busi...
ATM hacks on the rise.
01 Sep 2018
Contributed by Lukas
Threat researcher Marcelle Lee from LookingGlass Cyber Solutions joins us to share her research on the growing threat of ATM hacks in the U.S. The r...
Cyber espionage coming from Chinese University.
25 Aug 2018
Contributed by Lukas
Threat intelligence firm Recorded Future recently published research describing espionage activities originating from servers at a major Chinese unive...
Stealthy ad fraud campaign evades detection.
18 Aug 2018
Contributed by Lukas
Researchers at Bitdefender have been tracking a bit of complex rootkit malware called Zacinlo that they suspect has been operating virtually undetecte...
Thrip espionage group lives off the land.
11 Aug 2018
Contributed by Lukas
Researchers at Symantec have been tracking a wide-ranging espionage operation that's targeting satellite, telecom and defense companies. Jon DiMaggi...
Cortana voice assistant lets you in.
04 Aug 2018
Contributed by Lukas
Researchers at McAfee recently discovered code execution vulnerabilities in the default settings of the Cortana voice-activated digital assistant in W...
BabaYaga strangely symbiotic Wordpress malware.
28 Jul 2018
Contributed by Lukas
Researchers at Defiant recently analyzed a malware family they named "BabaYaga," which has the curious behavior of clearing out other malware and keep...
Measuring the spearphishing threat.
21 Jul 2018
Contributed by Lukas
Researchers Gang Wang and Hang Hu from Virginia Tech recently conducted an end-to-end measurement on 35 popular email providers and examining user rea...