Research Saturday

Research Saturday

Every Saturday, we sit down with cybersecurity researchers to talk shop about the latest threats, vulnerabilities, and technical discoveries.
Join Pro Today
To get access to ad-free episodes, exclusive podcasts, unlimited briefings, stories, and transcripts, and other valuable bonus features sign up today.

Recent Episodes

Ep 330 | 5.18.24

From secret images to encryption keys.

This week, we are joined by Hosein Yavarzadeh from the University of California San Diego, as he is discussing his work on "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor" This paper introduces new methods that let attackers read from and write to specific parts of high-performance CPUs, such as the path history register (PHR) and prediction history tables (PHTs). These methods allow two main types of attacks. One can reveal a program's control flow history, as shown by recovering a secret image through the libjpeg routines. The other enables detailed transient attacks, demonstrated by extracting an AES encryption key, highlighting significant security risks for these systems.

Ep 329 | 5.11.24

The double-edged sword of cyber espionage.

Dick O'Brien from Symantec Threat Hunter team is discussing their research on “Graph: Growing number of threats leveraging Microsoft API.” The team observed an increasing number of threats that have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services. The research states "the technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes."

Ep 328 | 5.4.24

Geopolitical tensions rise with China.

Adam Marré, CISO at Arctic Wolf, is diving deep into geopolitical tension with China including APT31, iSoon and TikTok with Dave this week. They also discuss some of the history behind China cyber operations. Adam shares information on how different APT groups are able to create spear phishing campaigns, and provides info on how to combat these groups.

Ep 327 | 4.27.24

Cerber ransomware strikes Linux.

Christopher Doman, Co-Founder and CTO at Cado Security, is talking about their research on "Cerber Ransomware: Dissecting the three heads." This research delves into Cerber ransomware being deployed onto servers running the Confluence application via the CVE-2023-22518 exploit. The research states "Cerber emerged and was at the peak of its activity around 2016, and has since only occasional campaigns, most recently targeting the aforementioned Confluence vulnerability."

Ep 326 | 4.20.24

The art of information gathering.

Greg Lesnewich, senior threat researcher at Proofpoint, sits down to discuss "From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering." Since 2023, TA427 has directly solicited foreign policy experts for their opinions on nuclear disarmament, US-ROK policies, and sanction topics via benign conversation starting emails. The research states "While our researchers have consistently observed TA427 rely on social engineering tactics and regularly rotating its email infrastructure, in December 2023 the threat actor began to abuse lax Domain-based Message Authentication, Reporting and Conformance (DMARC) policies to spoof various personas and, in February 2024, began incorporating web beacons for target profiling."

Load More
Research Saturday
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Saturdays
Creator: CyberWire, Inc.
CyberWire logo