Research Saturday
Episodes
A new approach to mission critical systems.
14 Jul 2018
Contributed by Lukas
Andy Bochman is senior grid strategist for Idaho National Lab’s National and Homeland Security directorate. Today we’re discussing the research t...
No Distribute Scanners help sell malware.
07 Jul 2018
Contributed by Lukas
Sellers of malware on Dark Web forums often use No Distribute malware scanning tools to help verify the effectiveness of their wares, while preventing...
VPNFilter malware could brick devices worldwide.
30 Jun 2018
Contributed by Lukas
Researchers from Cisco Talos continue to track malware they've named VPNFilter, a multi-stage infection with multiple capabilities, targeting consumer...
LG smartphone keyboard vulnerabilities.
23 Jun 2018
Contributed by Lukas
Researchers at Check Point Research recently discovered vulnerabilities in some LG smartphone keyboards, vulnerabilities that could have been used to ...
Cyber bank heists.
16 Jun 2018
Contributed by Lukas
Carbon Black's Chief Cybersecurity Officer Tom Kellerman shares the results of their recent report, Modern Bank Heists: Cyberattacks & Lateral Moveme...
Winnti Umbrella Chinese threat group.
09 Jun 2018
Contributed by Lukas
Researchers from ProtectWise's 401TRG team recently published research linking a variety of new and previously reported Chinese cyber threat groups. T...
Islamic State propaganda persistence.
02 Jun 2018
Contributed by Lukas
Researchers from Flashpoint recently explored ISIS' ability to distribute propaganda across the internet, and their use of major internet service prov...
UPnProxy infiltrates home routers.
26 May 2018
Contributed by Lukas
Researchers at Akamai recently published a white paper titled UPnProxy: Blackhat proxies via NAT Injections. In it, they describe vulnerabilities wit...
Threat actors hijack Lojack.
19 May 2018
Contributed by Lukas
Researchers from Arbor Networks' ASERT Threat Intelligence Team recently published a report titled, "Lojack Becomes a Double Agent." It outlines how t...
Three pillars of Artificial Intelligence.
12 May 2018
Contributed by Lukas
Bobby Filar is a Principal Data Scientist at Endgame, and coauthor of the research paper, The Malicious Use of Artificial Intelligence: Forecasting, ...
BlackTDS and ThreadKit offered in criminal markets.
05 May 2018
Contributed by Lukas
Kevin Epstein is Vice President of Proofpoint's Threat Operations Center. We’re discussing two bits of research with him today. The first is about ...
New MacOS backdoor linked to OceanLotus.
28 Apr 2018
Contributed by Lukas
Researchers at Trend Micro recently discovered a backdoor targeting MacOS users that they believe is the work of the OceanLotus threat group, an organ...
InnaputRAT exfiltrates victim data.
21 Apr 2018
Contributed by Lukas
Researchers with Arbor Networks ASERT team have been tracking a malware campaign targeting commercial manufacturing, and have uncovered various sample...
Energetic Dragonfly and DYMALLOY Bear 2.0.
14 Apr 2018
Contributed by Lukas
Researchers at Cylance recently uncovered the malicious use of a core router in a campaign aimed at critical infrastructure around the world. Kevin...
Crypto crumple zones.
07 Apr 2018
Contributed by Lukas
In their recently published paper, "Crypto Crumple Zones: Enabling Limited Access Without Mass Surveillance," coauthors Charles Wright and Mayank Vari...
Chasing FlawedAMMYY.
31 Mar 2018
Contributed by Lukas
FlawedAMMYY is a newly discovered remote access trojan (RAT) that’s been used in malicious email campaigns, as far back as 2016. Ryan Kalember is Se...
Code comments cause SAML conundrum.
24 Mar 2018
Contributed by Lukas
Researchers at Duo Security recently unearthed a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can ...
Cryptojacking injections heat up.
17 Mar 2018
Contributed by Lukas
There's been an epidemic of cryptojacking code injections recently, as bad actors attempt to cash in on the cryptocurrency craze through unauthorized ...
Dark Caracal APT steals out of Lebanon.
10 Mar 2018
Contributed by Lukas
Researcher from Lookout and the EFF have discovered an APT group operating out of Lebanon they've named Dark Caracal. The group is running a global es...
Lebal malware phishes for victims.
03 Mar 2018
Contributed by Lukas
Researchers at Comodo Security Solutions have been tracking a recently discovered strain of malware named Lebal. The malware uses several clever techn...
Phishing for holiday winnings.
24 Feb 2018
Contributed by Lukas
Or Katz is principal lead security researcher for Akamai's Enterprise Security Business Unit, and the research he’s sharing today is a widespread ph...
The uncanny HEX men.
17 Feb 2018
Contributed by Lukas
The research we’re discussing today is called, “Beware the Hex Men”, and it tracks multiple attack campaigns conducted by a Chinese threat actor...
IcedID banking trojan.
10 Feb 2018
Contributed by Lukas
IcedID is a banking trojan recently discovered and tracked by IBM's X-Force research team, targeting banks, payment card providers, mobile services p...
Advanced adware with nation-state tactics.
03 Feb 2018
Contributed by Lukas
Adware is generally considered unsophisticated, and because of its low perceived threat level it's often ignored. Researchers at the Booz Allen Dark L...
Targeting Olympic organizations.
27 Jan 2018
Contributed by Lukas
This week we’re discussing the a campaign the McAfee Advanced Threat Research team recently discovered, one that’s targeting organizations involve...
Fancy Bear Duping Doping Domains.
20 Jan 2018
Contributed by Lukas
Researchers at ThreatConnect have discovered evidence that Fancy Bear, a cyber espionage group generally associated with Russia's military agency GRU,...
Shake Your MoneyTaker.
13 Jan 2018
Contributed by Lukas
A group of Russian-speaking hackers have stolen nearly $10 million from banks around the world. Group-IB, a company with expertise in computer forens...
TRISIS Malware: Fail-safe fail.
06 Jan 2018
Contributed by Lukas
Robert M. Lee. is CEO of Dragos Security, a company that specializes in the protection of industrial control systems. He’s describing his team's res...
Hunting the Sowbug.
30 Dec 2017
Contributed by Lukas
Alan Neville is a senior threat intelligence analyst at Symantec located in Dublin. He is responsible for leading and documenting investigations into ...
Keyboys back in town.
23 Dec 2017
Contributed by Lukas
In this edition of the CyberWire Research Saturday, we'll take a look at a more recent intrusion PwC has uncovered, named KeyBoy and highly likely a C...
The unique culture of the Middle Eastern and North African underground.
16 Dec 2017
Contributed by Lukas
Online underground markets thrive across the globe, with the Middle East and North Africa being no exception. Researchers at Trend Micro recently too ...
Stealthy Zberp Banking Trojan.
09 Dec 2017
Contributed by Lukas
Zberp is a stealthy banking trojan with an unconventional process injection technique. A hybrid of the ZeusVM and Carberp malware, Zberp uses a variet...
Staying ahead of Fast Flux Networks.
02 Dec 2017
Contributed by Lukas
Bad actors are using Fast Flux Networks with quickly-changing IP addresses and domain names to help hide their activities. Or Katz, Principal Lead Sec...
Waiting for Terdot, a sneaky banking Trojan.
25 Nov 2017
Contributed by Lukas
The Terdot Banker Trojan is a descendant of the Zeus family of malware, and has evolved to feature serious espionage capabilities. It can compromise t...
Dark Net Pricing with Flashpoint's Liv Rowley.
18 Nov 2017
Contributed by Lukas
Cybercriminals offer all sorts of illicit goods for sale on Deep and Dark Web markets. In this episode, Liv Rowley, cybercrime intelligence analyst a...
Taiwan Bank Heist and Lazurus Group with BAE's Adrian Nish.
11 Nov 2017
Contributed by Lukas
Dr. Adrian Nish is head of cyber threat intelligence at BAE Systems. His team has been tracking a new cyber-enabled bank heist in Asia. Some of the to...
Exploring Phishing Kits with Duo Security's Jordan Wright.
04 Nov 2017
Contributed by Lukas
In this episode of the CyberWire’s Research Saturday we are joined by Jordan Wright, Senior Research and Development Engineer at Duo Security. He’...
Tracking a Trojan: KHRAT.
28 Oct 2017
Contributed by Lukas
The moniker KHRAT came about because of the identification of a Remote Access Trojan (RAT) with command and control infrastructure found in Cambodia (...
WireX BotNet with Justin Paine from Cloudflare.
21 Oct 2017
Contributed by Lukas
In August 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. (The b...
Synthesized DNA Malware with Peter Ney.
14 Oct 2017
Contributed by Lukas
Peter Ney is a PhD candidate in the Allen School of Computer Science and Engineering at the University of Washington where he is advised by Professor ...
Android Toast Overlay: Ryan Olson from Palo Alto Networks.
07 Oct 2017
Contributed by Lukas
Android Toast Overlay enables attackers to trick Android users into enabling permissions on infected devices by making them think they are clicking on...
APT 33: FireEye's John Hultquist on an Iranian Cyber Espionage Group.
30 Sep 2017
Contributed by Lukas
APT 33 is an Iranian cyber espionage group that targets aerospace and energy sectors and has ties to destructive malware. John Hultquist is Director o...
Pacifier APT : Bitdefender's Liviu Arsene describes a sophisticated, multifaceted malware campaign.
23 Sep 2017
Contributed by Lukas
In 2016 Bitdefender uncovered a new advanced persistent threat dubbed Pacifier, targeting government institutions starting in 2014. Using malicious ....
Cobian RAT: Zscaler’s Deepen Desai describes some clever malware.
16 Sep 2017
Contributed by Lukas
Deepen Desai, senior director of security research and operations at Zscaler, describes research he and his team have been doing since discovered a cl...