PLAY PODCASTS
Research Saturday

Research Saturday

454 episodes — Page 7 of 10

S2 Ep 154Smaug: Ransomware-as-a-service drag(s)on.

Threat actors and cybercriminals that don’t have the ability to develop their own ransomware for malicious campaigns can turn to the Smaug Ransomware as a Service (RaaS) offering, which is available via a Dark Web Onion site. At least two threat actors are operating the site, providing ransomware that can be used to target Windows, macOS, and Linux machines. The site is built with ease of use in mind. To launch an attack, threat actors simply need to sign up, create a campaign, and then start distributing the malware. The site also handles decryption key purchasing and tracking for victims. Joining us in this week's Research Saturday to discuss the research is Anomali's Joakim Kennedy and Rory Gould. The research can be found here: Anomali Threat Research Releases First Public Analysis of Smaug Ransomware as a Service Learn more about your ad choices. Visit megaphone.fm/adchoices

Oct 3, 202022 min

S2 Ep 153What came first, the Golden Chickens or more_eggs?

Throughout March and April, QuoIntelligence (QuoINT) observed four attacks (i.e. sightings) utilizing various tools from the Golden Chickens (GC) Malware-as-a-Service (MaaS) portfolio – they recently declassified their findings, after first notifying their clients. Further, during their analysis of the sightings, QuoIntelligence confirmed the GC MaaS Operator, Badbullzvenom, released improved variants with code updates to three tools in the service portfolio. Joining us in this week's Research Saturday to discuss the research is QuoIntelligence's Vice President of Threat Intelligence, Chaz Hobson. The research can be found here: Latest Golden Chickens MaaS Tools Updates and Observed Attacks Learn more about your ad choices. Visit megaphone.fm/adchoices

Sep 26, 202018 min

S2 Ep 152Election 2020: What to expect when we are electing.

After the 2016 General Election, the talk was all around foreign meddling. Rumors swirled that some votes may have been changed or influenced by state-sponsored actors. Sanctions and accusations followed. Four years later, is the U.S. any more prepared to protect the results of its largest elections? More than you may realize. Talos researchers take a deep dive into election security after spending the past four years talking to local, state and national officials, performing their own independent research and even watching one state plan an election in real-time. Joining us in this week's Research Saturday to discuss the report on this timely topic is Cisco Talos' Matt Olney. The research can be found here: What to expect when you’re electing: Talos’ 2020 election security primer. Learn more about your ad choices. Visit megaphone.fm/adchoices

Sep 19, 202023 min

S2 Ep 151Leveraging legitimate tools.

Researchers at Symantec spotted a Sodinokibi targeted ransomware campaign in which the attackers are also scanning the networks of some victims for credit card or point of sale (PoS) software. It is not clear if the attackers are targeting this software for encryption or because they want to scrape this information as a way to make even more money from this attack. Joining us in this week's Research Saturday to discuss the report is Jon DiMaggio of Symantec. The research can be found here: Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike Learn more about your ad choices. Visit megaphone.fm/adchoices

Sep 12, 202031 min

S2 Ep 150Going after the most valuable data.

A look at the realities of ransomware from Sophos, including an industry-first detailed look at new detection evasion techniques in WastedLocker ransomware attacks that leverage the Windows Cache Manager and memory-mapped I/O to encrypt files. A complementary article examines the evasion-centric arms race of ransomware, providing a months-long review of how cybercriminals have been escalating and markedly changing evasion techniques, tactics and procedures (TTPs) since Snatch ransomware in December 2019. The research also breaks down the five early warning signs organizations are about to be attacked by ransomware and why ransomware attacks continue to occur. Joining us on this week's Research Saturday to walk us through the research and share their findings is Sophos' Principal Research Scientist Chet Wisniewski and EVP & Chief Product Officer Dan Schiappa. The media alert and research articles can be found here: Media Alert: Sophos Reports on the Realities of Ransomware WastedLocker’s techniques point to a familiar heritage Ransomware’s evasion-centric arms race 5 signs you’re about to be hit by ransomware The realities of ransomware: extortion goes social Ransomware: why it’s not just a passing fad Learn more about your ad choices. Visit megaphone.fm/adchoices

Sep 5, 202025 min

S2 Ep 149They fooled a lot of people.

Docker containers have been gaining popularity over the past few years as an effective way of packaging software applications. Docker Hub provides a strong community-based model for users and companies to share their software applications. This is also attracting the attention of malicious actors intending to make money by cryptojacking within Docker containers and using Docker Hub to distribute these images. Palo Alto Networks' Unit 42 researchers identified a malicious Docker Hub account, azurenql, active since October 2019 that was hosting six malicious images intended to mine the cryptocurrency, Monero. The images hosted on this account have been collectively pulled more than two million times. Additionally, when last checked minexmr.com for this wallet ID, Palo Alto's team saw recent activity indicating that it’s still being used. Joining us on this week's Research Saturday is Jen Miller-Osborn from Palo Alto Networks' Unit 42 group to share the research and findings. The research and blog post can be found here: Attackers Cryptojacking Docker Images to Mine for Monero Learn more about your ad choices. Visit megaphone.fm/adchoices

Aug 29, 202014 min

S2 Ep 148Using global events as lures.

The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased accordingly. Together, these changes have had an impact on the threat landscape. We still see large amounts of active exploitation, but enterprises are getting better at defending against them. This has left adversaries with a couple of options, develop or buy a working exploit that will defeat today's protections, which can be costly, or pivot to enticing a user to help you. In today's threat landscape, adversaries are always trying to develop and implement the most effective lures to try and draw users into their infection path. They've tried a multitude of different tactics in this space, but one always stands out — current events. Joining us on this week's Research Saturday from Craig Williams from Cisco's Talos Outreach team to walk us through how current events are used as lures. The research and blog post can be found here: Adversarial use of current events as lures The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security. Learn more about your ad choices. Visit megaphone.fm/adchoices

Aug 22, 202021 min

S2 Ep 147Waiting for their victims.

Bitdefender researchers have recently found the APT group StrongPity has been targeting victims in Turkey and Syria. Using watering hole tactics to selectively infect victims and deploying a three-tier C&C infrastructure to thwart forensic investigations, the APT group leveraged Trojanized popular tools, such as archivers, file recovery applications, remote connections applications, utilities, and even security software, to cover a wide range of options that targeted victims might be seeking. Joining us on this week's Research Saturday to discuss the research is Bitdefender's Liviu Arsene. You can find the research here: StrongPity APT – Revealing Trojanized Tools, Working Hours and Infrastructure Learn more about your ad choices. Visit megaphone.fm/adchoices

Aug 15, 202023 min

S2 Ep 146Like anything these days, you have to disinfect it first.

“Cyberbunker” refers to a criminal group that operated a “bulletproof” hosting facility out of an actual military bunker. “Bullet Proof” hosting usually refers to hosting locations in countries with little or corrupt law enforcement, making shutting down criminal activity difficult. Cyberbunker, which is also known as “ZYZtm” and “Calibour”, was a bit different in that it actually operated out of a bulletproof bunker. In September of last year, German police raided this actual Cyberbunker and arrested several suspects. While most of the group's assets were seized during the initial raid, the IP address space remained and was later sold to Legaco Networks. Before being shut down, Legaco Networks temporarily redirected the traffic to the SANS Internet Storm Center honeypots for examination. Joining us on this week's Research Saturday from SANS Technology Institute is graduate student Karim Lalji and Dean of Research Johannes Ullrich to discuss their experiences. The research and blog post can be found here: Real-Time Honeypot Forensic Investigation on a German Organized Crime Network Cyberbunker 2.0: Analysis of the Remnants of a Bullet Proof Hosting Provider Learn more about your ad choices. Visit megaphone.fm/adchoices

Aug 8, 202026 min

S4 Ep 145Detecting Twitter bots in real time.

NortonLifeLock Research Group (NRG) released a prototype browser extension called BotSight that leverages machine learning to detect Twitter bots in real-time. The tool is intended to help users understand the prevalence of bots and disinformation campaigns within their Twitter feeds, particularly with the increase in disinformation of COVID-19. Joining us on this week's Research Saturday to discuss this tool is Daniel Kats from NortonLifeLock Research Group. You can find the research here: Introducing BotSight Learn more about your ad choices. Visit megaphone.fm/adchoices

Aug 1, 202023 min

S4 Ep 144It was only a matter of time.

On April 29, 2020, the Salt management framework, authored by the IT automation company SaltStack, received a patch concerning two CVEs; CVE-2020-11651, an authentication bypass vulnerability, and CVE-2020-11652, a directory-traversal vulnerability. On April 30, 2020, researchers at F-Secure disclosed their vulnerability findings to the public, with an urgent warning for Salt users - patch now. Before the weekend was out, criminals were deploying malware and targeting vulnerable Salt installations, successfully affecting operations at Ghost, DigiCert, and LineageOS. The malware is a cryptominer, but there is an additional component, a Remote Access Tool written in Go called nspps. Researchers at Akamai have also observed in-the-wild attacks on Salt vulnerabilities. Joining us on this week's Research Saturday is Larry Cashdollar, Senior Security Response Engineer at Akamai, to discuss this issue. The research can be found here: SaltStack Vulnerabilities Actively Exploited in the Wild Learn more about your ad choices. Visit megaphone.fm/adchoices

Jul 25, 202014 min

S4 Ep 143Every time we get smarter, the bad guy changes something.

Researchers at Symantec identified and alerted customers to a string of attacks against U.S. companies by attackers attempting to deploy the WastedLocker ransomware (Ransom.WastedLocker) on their networks. The end goal of these attacks is to cripple the victim’s IT infrastructure by encrypting most of their computers and servers in order to demand a multimillion dollar ransom. At least 31 Symantec customer organizations have been attacked, meaning the total number of attacks may be much higher. The attackers had breached the networks of targeted organizations and were in the process of laying the groundwork for staging ransomware attacks. Joining us in this week's Research Saturday to discuss the report is Jon DiMaggio of Symantec. The research can be found here: WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations Learn more about your ad choices. Visit megaphone.fm/adchoices

Jul 18, 202032 min

S4 Ep 142Are you running what you think you're running?

Built into virtually every hardware device, firmware is lower-level software that is programmed to ensure that hardware functions properly. As software security has been significantly hardened over the past two decades, hackers have responded by moving down the stack to focus on firmware entry points. Firmware offers a target that basic security controls can’t access or scan as easily as software, while allowing them to persist and continue leveraging many of their tried and true attack techniques. Joining us on this week's Research Saturday is Maggie Jauregui, security researcher at Dell, to discuss this issue. The research can be found here: Three firmware blind spots impacting security Learn more about your ad choices. Visit megaphone.fm/adchoices

Jul 11, 202016 min

S4 Ep 141Enter the RAT.

A new report examines how five related APT groups operating in the interest of the Chinese government have systematically targeted Linux servers, Windows systems and Android mobile devices while remaining undetected for nearly a decade. The report comes on the heels of the U.S. Department of Justice announcing several high-profile indictments from over 1,000 open FBI investigations into economic espionage as part of the DOJ’s China Initiative. Joining us in this week's Research Saturday to discuss the report is Eric Cornelius of Blackberry. The research can be found here: Decade of the RATs: Novel APT Attacks Targeting Linux, Windows and Android Learn more about your ad choices. Visit megaphone.fm/adchoices

Jun 27, 202023 min

S4 Ep 140Click here to update your webhook.

Slack is a cloud-based messaging platform that is commonly used in workplace communications. Slack Incoming Webhooks allow you to post messages from your applications to Slack. Generally, Slack webhooks are considered a low risk integration. A deeper dive into webhooks shows that this is not entirely accurate. Joining us in this week's Research Saturday is Ashley Graves from AT&T Cybersecurity's Alien Labs to discuss her research. The research can be found here: Slack phishing attacks using webhooks Learn more about your ad choices. Visit megaphone.fm/adchoices

Jun 20, 202018 min

S4 Ep 139The value of the why and the who.

Proactive, efficient threat mitigation and risk management require understanding adversaries’ fundamental thought processes, not just their tools and methods. Cyber threat intelligence analysts combed through 15 years (2004 to 2019) of public sources that have documented the activities of one prolific threat actor, Russia’s military intelligence agency, the GRU. Analysis shows that the timing, targets, and impacts of this activity mirrored Russian strategic concerns about specific events and developments. Joining us in this week's Research Saturday are Brad Stone & Nate Beach-Westmoreland from Booz Allen Hamilton to discuss their report and some of the 33 case studies presented in it. The research can be found here: Bearing Witness: Uncovering the Logic Behind Russian Military Cyber Operations Learn more about your ad choices. Visit megaphone.fm/adchoices

Jun 13, 202026 min

S4 Ep 138Due diligence cannot be done as a one-off.

Earlier this year, a Virgin Media database containing the personal details of 900,000 people was discovered to be unsecured and accessible online for 10 months. The breach was discovered by researchers at the security firm TurgenSec. This breach had major implications under GDPR. Joining us in this week's Research Saturday are George Punter and Peter Hansen from TurgenSec to talk about the discovery of the breach. The research can be found here: Virgin Media Disclosure Statement & Resources Learn more about your ad choices. Visit megaphone.fm/adchoices

Jun 6, 202020 min

S4 Ep 137Twofold snooping venture.

Working with many different honeypot implementations, a security researcher did an experiment expanding on that setting up a simple docker image with SSH, running a guessable root password. The catch? What happened in the next 24 hours was unexpected. Joining us in this week's Research Saturday to talk about his experiment is Larry Cashdollar of Akamai. The research can be found here: A Brief History of a Rootable Docker Image Learn more about your ad choices. Visit megaphone.fm/adchoices

May 30, 202020 min

S4 Ep 136Naming and shaming is the worst thing we can do.

In December 2019, the GOLD VILLAGE threat group that operates the Maze ransomware created a public website to name and shame victims. The threat actors used the website to dump data they exfiltrated from victims' networks before they deployed the ransomware. Secureworks Counter Threat Unit (CTU) researchers have observed several ransomware operators following suit. Joining us in this week's Research Saturday is Alex Tilley of SecureWorks' Counter Threat Unit. Learn more about your ad choices. Visit megaphone.fm/adchoices

May 23, 202026 min

S4 Ep 135Gangnam Industrial Style APT campaign targets South Korea.

Section 52, CyberX’s threat intelligence team, has uncovered an ongoing industrial cyberespionage campaign targeting hundreds of manufacturing and other industrial firms primarily located in South Korea. CyberX has identified more than 200 compromised systems from this campaign, including one belonging to a multi-billion dollar Korean conglomerate that manufactures critical infrastructure equipment such as heavy equipment for power transmission and distribution facilities, renewable energy, chemical plants, welding, and construction. Joining us in this week's Research Saturday is Phil Neray, one of the authors of this report. The research can be found here: Gangnam Industrial Style: APT Campaign Targets Korean Industrial Companies Learn more about your ad choices. Visit megaphone.fm/adchoices

May 16, 202019 min

S4 Ep 134The U.S. campaign trail is actually quite secure.

Multiple media reports have indicated that the United States’ (U.S.) 2020 general election could be targeted by foreign and domestic actors after the successful cyber and misinformation attacks during the 2016 general election. The responsibility of secure and ethical online campaigning has become a central issue in the 2020 election. In some cases, it has become part of candidate platforms. Joining us in this week's Research Saturday is Paul Gagliardi from Security Scorecard, discussing their recent report detailing the cybersecurity of the 2020 Presidential race. The research can be found here: 2020 Democratic Presidential Candidates Get Smart to Cybersecurity Report Learn more about your ad choices. Visit megaphone.fm/adchoices

May 9, 202021 min

S4 Ep 133Fingerprint authentication is not completely secure.

Passwords are the traditional authentication methods for computers and networks. But passwords can be stolen. Biometric authentication seems the perfect solution for that problem. Our guest today is Craig Williams, director of Talos outreach at Cisco. He'll be discussing and providing insights into their report which shows that fingerprints are good enough to protect the average person's privacy if they lose their phone. However, a person that is likely to be targeted by a well-funded and motivated actor should not use fingerprint authentication. The research can be found here: Fingerprint cloning: Myth or reality? Learn more about your ad choices. Visit megaphone.fm/adchoices

May 2, 202021 min

S4 Ep 132Contact tracing as COVID-19 aid.

Successful containment of the Coronavirus pandemic rests on the ability to quickly and reliably identify those who have been in close proximity to a contagious individual. Mayank Varia from Boston University describes how his team suggests an approach based on using short-range communication mechanisms, like Bluetooth, that are available in all modern cell phones. The research can be found here: Anonymous Collocation Discovery: Harnessing Privacy to Tame the Coronavirus Learn more about your ad choices. Visit megaphone.fm/adchoices

Apr 25, 202033 min

S4 Ep 131How low can they go? A spike in Coronavirus phishing.

As much of the world grapples with the new coronavirus, COVID-19, and how to handle it, attackers are taking advantage of the widespread discussion of COVID-19 in emails and across the web. Joining us today is Fleming Shi, CTO of Barracuda discussing their report on these types of attacks, which are up 667-percent since the end of February. The research can be found here: Threat Spotlight: Coronavirus-Related Phishing To learn more about our Academic and Military discounts, visit The CyberWire and click on the Contact Us button in the Academic or Government & Military box. Learn more about your ad choices. Visit megaphone.fm/adchoices

Apr 18, 202017 min

S4 Ep 130Profiling an audacious Nigerian cybercriminal.

By day, he is Dton, an upstanding Nigerian citizen. He believes in professionalism, hard work and excellence. He’s a leader, a content creator, an entrepreneur and an innovator; an accomplished business administrator; a renaissance man who is adored by his colleagues. But by night, he is Bill Henry, Cybercriminal Entrepreneur. We sat down with a researcher at CheckPoint for the inside scoop into this fascinating, brazen individual. The research can be found here: The Inside Scoop on a Six-Figure Nigerian Fraud Campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

Apr 11, 202022 min

S4 Ep 129A rough year ahead for ransomware attacks - and how to stop them.

2020 is shaping up to be a rough year. Ransomware attacks will continue to grow as cybercriminals get more sophisticated in their methods and expand their reach. Allan Liska, Senior Analyst at Recorded Future, shares their findings and predictions in a new report. The research can be found here: 5 Ransomware Trends to Watch in 2020 Learn more about your ad choices. Visit megaphone.fm/adchoices

Apr 4, 202014 min

S4 Ep 128Hidden dangers inside Windows and LINUX computers.

Eclypsium has issued a study that suggests the prevalence of “unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacturers.” Here to discuss their findings is Rick Altherr, a Principle Engineer at Eclypsium. The research can be found here: Perilous Peripherals: The Hidden Dangers Inside Windows and LINUX Computers. Learn more about your ad choices. Visit megaphone.fm/adchoices

Mar 28, 202023 min

S4 Ep 127The security implications of cloud infrastructure in IoT.

Cloud computing is now at the center of nearly every business strategy. But, as with the rapid adoption of any new technology, growing pains persist. The key findings in these reports shed light on security missteps that are actually in practice by organizations across the globe. Joining us in this special Research Saturday are Palo Alto Network's Matthew Chiodi and Ryan Olson. They discuss their findings in two different threat reports. The research can be found here: Cloud Threat Report IoT Threat Report Learn more about your ad choices. Visit megaphone.fm/adchoices

Mar 21, 202029 min

S4 Ep 126TLS is here to stay.

As websites and apps more widely adopt TLS (Transport Layer Security) and communicate over HTTPS connections, unencrypted traffic may draw even more attention, since it’s easier for analysts and security tools to identify malicious communication patterns in those plain HTTP sessions. Malware authors know this, and they’ve made it a priority to adopt TLS and thereby obfuscate the contents of malicious communication. Joining us on this week's Research Saturday is Chester Wisniewski from SophosLabs discussing their research on the subject. The research can be found here: Nearly a quarter of malware now communicates using TLS Learn more about your ad choices. Visit megaphone.fm/adchoices

Mar 14, 202018 min

S4 Ep 125Overworked developers write vulnerable software.

Why do some developers and development teams write more secure code than others? Software is written by people, either alone or in teams. Ultimately secure code development depends on the actions and decisions taken by the people who develop the code. Understanding the human factors that influence the introduction of software vulnerabilities, and acting on that knowledge, is a definitive way to shift security to the left. On this Research Saturday, our conversation with Anita D’Amico from CodeDX on which developers and teams are more likely to write vulnerable software. The research can be found here: Which Developers and Teams Are More Likely to Write Vulnerable Software? Learn more about your ad choices. Visit megaphone.fm/adchoices

Mar 7, 202016 min

S4 Ep 124Application tracking in Wacom tablets.

Today's Research Saturday features our conversation with Robert Heaton, a software engineer with Stripe who penned a blog post about his disappointing discovery involving his Wacom tablet tracking his applications. The post struck a nerve and has since been widely distributed. The research can be found here: Wacom drawing tablets track the name of every application that you open Learn more about your ad choices. Visit megaphone.fm/adchoices

Feb 29, 202020 min

S4 Ep 123New vulnerabilities in PC sound cards.

SafeBreach Labs discovered a new vulnerability in the Realtek HD Audio Driver Package, which is deployed on PCs containing Realtek sound cards. On this week's Research Saturday, our conversation with Itzik Kotler, who is Co-Founder and CTO at SafeBreach. The research can be found here: Realtek HD Audio Driver Package - DLL Preloading and Potential Abuses Learn more about your ad choices. Visit megaphone.fm/adchoices

Feb 22, 202021 min

S4 Ep 122If you can't detect it, you can't steal it.

BGN Technologies, the technology transfer company of Ben-Gurion University (BGU) of the Negev, Israel, is introducing the first all-optical “stealth” encryption technology that will be significantly more secure and private for highly-sensitive cloud computing and data center network transmission. Joining us in this special Research Saturday is BGN's Dan Sadot who helped pioneer this technology. The Research can be found here: Ben-Gurion University Researchers Introduce the FirstAll-Optical, Stealth Data Encryption Technology Learn more about your ad choices. Visit megaphone.fm/adchoices

Feb 15, 202025 min

S4 Ep 121The Chameleon attacks Online Social Networks.

The Chameleon attack technique is a new type of OSN-based trickery where malicious posts and profiles change the way they are displayed to OSN users to conceal themselves before the attack or avoid detection. Joining us to discuss their findings in a new report entitled "The Chameleon Attack: Manipulating Content Display in Online Social Media" is Ben-Gurion University's Rami Puzis. The research can be found here: The Chameleon Attack: Manipulating Content Display in Online Social Media Demonstration video of a Chameleon Attack Learn more about your ad choices. Visit megaphone.fm/adchoices

Feb 8, 202018 min

S4 Ep 120Tracking one of China's hidden hacking groups.

Operation Wocao (我操, “Wǒ cāo”, is a Chinese curse word) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group. We are joined by Fox-IT's Maarten van Dantzig who shares his insights into their new report entitled "Operation Wocao: Shining a light on one of China’s hidden hacking groups". The Research can be found here: Operation Wocao: Shining a light on one of China’s hidden hacking groups Learn more about your ad choices. Visit megaphone.fm/adchoices

Feb 1, 202019 min

S4 Ep 119Know Thine Enemy - Identifying North American Cyber Threats.

The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases. Selena Larson from Dragos joins us to discuss their new report North American Electric Cyber Threat Perspective. The report can be found here: North American Electric Cyber Threat Perspective Learn more about your ad choices. Visit megaphone.fm/adchoices

Jan 25, 202028 min

S4 Ep 118Clever breaches demonstrate IoT security gaps.

Some of our favorite and most trusted IoT devices help make us feel secure in our homes. From garage door openers to the locks on our front doors, we trust these devices to recognize and alert us when people are entering our home. It should come as no surprise that these too are subject to attack. Steve Povolny is head of advanced research at McAfee; we discuss a pair of research projects they recently published involving popular IoT devices. The research can be found here: McAfee Advanced Threat Research demo McLear NFC Ring McAfee Advanced Threat Research Demo Chamberlain MyQ Learn more about your ad choices. Visit megaphone.fm/adchoices

Jan 18, 202023 min

S4 Ep 117Profiling the Linken Sphere anti-detection browser.

Multiple e-commerce and financial organizations around the world are targeted by cybercriminals attempting to bypass or disable their security mechanisms, in some cases by using tools that imitate the activities of legitimate users. Linken Sphere, an anti-detection browser, is one of the most popular tools of this kind at the moment. Staffan Truvé is the CTO and Co-Founder of Recorded Future, he joins us to discuss their new report on the browser. The research can be found here: Profiling the Linken Sphere Anti-Detection Browser Learn more about your ad choices. Visit megaphone.fm/adchoices

Jan 11, 202013 min

S4 Ep 116A Jira vulnerability that’s leaking data in the public cloud.

Unit 42 (the Palo Alto Networks threat intelligence team) released new research on a Jira vulnerability that’s leaking data of technology, industrial and media organizations in the public cloud. The vulnerability (a Server Side Request Forgery -- SSRF) is the same type that led to the Capital One data breach in July 2019. Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks, and she joins us to share their findings. The research can be found here: https://unit42.paloaltonetworks.com/server-side-request-forgery-exposes-data-of-technology-industrial-and-media-organizations/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Jan 2, 202016 min

S3 Ep 115Inside Magecart and Genesis.

Dan Woods is VP of the intelligence center and Shape Security. He shares insights on two noteworthy attacks tools, Genesis and Magecart. Before joining Shape Security Dan served as assistant chief agent of special investigations at the Arizona attorney general's office, where he investigated complex fraud. Prior to that, he spent 20 years with federal law enforcement agencies and intelligence organizations, including the CIA and FBI, where he specialized in information operations and cybercrime. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dec 21, 201920 min

S3 Ep 114WAV files carry malicious data payloads.

Researchers at BlackBerry Cylance have been tracking ordinary WAV audio files being used to carry hidden malicious data used by threat actors. Eric Milam is VP of threat research and intelligence at BlackBerry Cylance, and he joins us to share their findings. The research can be found here: https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Dec 14, 201919 min

S3 Ep 113Targeting routers to hit gaming servers.

Researchers at Palo Alto Networks' Unit 42 recently published research outlining attacks on home and small-business routers, taking advantage of known vulnerabilities to make the routers parts of botnets, ultimately used to attack gaming servers. Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks. She joins us to share their findings. The research can be found here: https://unit42.paloaltonetworks.com/home-small-office-wireless-routers-exploited-to-attack-gaming-servers/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Dec 7, 201918 min

S3 Ep 112Mustang Panda leverages Windows shortcut files.

Researchers at Anomali have been tracking China-based threat group, Mustang Panda, believing them to be responsible for attacks making clever use of Windows shortcut files. Parthiban is a researcher at Anomali, and he joins us to share their findings. The research is here: https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations Learn more about your ad choices. Visit megaphone.fm/adchoices

Nov 23, 201914 min

S3 Ep 111Sodinokibi aka REvil connections to GandCrab.

Researchers at McAfee's Advanced Threat Research Team have been analyzing Sodinokibi ransomware as a service, also known as REvil. John Fokker is head of cyber investigations for McAfee Advanced Threat Research, and he joins us to share their findings. The research is here: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Nov 16, 201919 min

S3 Ep 110Monitoring the growing sophistication of PKPLUG.

Researchers from Palo Alto Networks' Unit 42 have been tracking a Chinese cyber espionage group they've named PKPLUG. The group mainly targets victims in the Southeast Asia region. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings. The original research is here: https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Nov 9, 201923 min

S3 Ep 109Usable security is a delicate balance.

Until recently, usability was often an afterthought when developing security tools. These days there's growing realization that usability is a fundamental part of security. Lorrie Cranor is director of the CyLab Usable Privacy and Security lab (CUPS) at Carnegie Mellon University. She shares the work she's been doing with her colleagues and students to improve security through usability. The research can be found here: https://www.cylab.cmu.edu/news/2019/07/29-usability-history.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Nov 2, 201920 min

S3 Ep 108Masad Steals via Social Media.

Researchers at Juniper Networks have been tracking a trojan they call Masad Stealer, which uses the Telegram instant messaging platform for part it its command and control infrastructure. (Telegram wasn't hacked; it's the innocent conduit.) Mounir Hahad is head of Juniper Threat Labs at Juniper Networks and he joins us to share their findings The original research is here: https://forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559 Learn more about your ad choices. Visit megaphone.fm/adchoices

Oct 26, 201920 min

S3 Ep 107Hoping for SOHO security.

Researchers at Independent Security Evaluators (ISE) recently published a report titled SOHOpelessly Broken 2.0, Security Vulnerabilities in Network Accessible Services. This publication continues and expands previous work they did examining small office/home office (SOHO) routers, network-attached storage devices (NAS), and IP cameras. Shaun Mirani is a security analyst at ISE, and he joins us to share their findings. The original research is here: https://www.ise.io/whitepaper/sohopelessly-broken-2/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Oct 19, 201917 min

S3 Ep 106Decrypting ransomware for good.

Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of ransomware they may have been infected with, and what decryptors may be available. He's written many decryptors himself, most recently for the Syrk strain of ransomware. Links to the research and Michael's work: https://blog.emsisoft.com/en/33885/emsisoft-releases-a-free-decryptor-for-the-syrk-ransomware/ https://id-ransomware.malwarehunterteam.com/ https://www.youtube.com/user/Demonslay335 Learn more about your ad choices. Visit megaphone.fm/adchoices

Oct 12, 201922 min

S3 Ep 105The fuzzy boundaries of APT41.

Researchers at FireEye recently released a report detailing the activities of APT41, a Chinese cyber threat group notable for the range of tools they use, their origins in the world of video gaming, and their willingness to shift from seemingly state-sponsored activity to hacking for personal gain. Nalani Fraser and Fred Plan contributed to the report, and they join us to share their findings. The original research is here: https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Oct 5, 201925 min