Research Saturday

Research Saturday

Every Saturday, we sit down with cybersecurity researchers to talk shop about the latest threats, vulnerabilities, and technical discoveries.
Join Pro Today
To get access to ad-free episodes, exclusive podcasts, unlimited briefings, stories, and transcripts, and other valuable bonus features sign up today.

Recent Episodes

Ep 259 | 11.19.22

Another infection with new malware.

Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot. The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection.

TranscriptTranscript
Ep 258 | 11.12.22

An in-depth look on the Crytox ransomware family.

Deepen Desai from Zscaler sits down with Dave to talk about the Crytox ransomware family. First observed in 2020, Crytox is a ransomware family consisting of several stages of encrypted code that has fallen under the radar compared to other ransomware families. While other groups normally use double extortion attacks where data is both encrypted and held for ransom, Crytox does not perform this way. The research says "The modus operandi of the group is to encrypt files on connected drives along with network drives, drop the uTox messenger application and then display a ransom note to the victim." It also shares how you may be compromised with this ransomware and goes through each stage in depth.

TranscriptTranscript
Ep 257 | 11.5.22

Over-the-air 0-day vulnerabilities.

Roya Gordon from Nozomi Networks sits down with Dave to discuss their work "UWB Real Time Locating Systems: How Secure Radio Communications May Fail in Practice." Ultra-wideband (UWB) is a rapidly-growing radio technology that, according to the UWB Alliance, is forecasted to drive sales volumes exceeding one billion devices annually by 2025. In an effort to strengthen the security of devices utilizing UWB, Nozomi Networks Labs conducted a security assessment of two popular UWB RTLS solutions available on the market. Their research reveals 0-day vulnerabilities and other weaknesses that, if exploited, could allow an attacker to gain full access to all sensitive location data exchanged over-the-air.

TranscriptTranscript
Ep 256 | 10.29.22

Bugs and working from home.

Federico Kirschbaum from Faraday Security sits down with Dave to discuss their research on "A vulnerability in Realtek's SDK for eCos OS: pwning thousands of routers." The team at Faraday found a vulnerability that made it to DEFCON 30, labeling it high severity. With more and more people working from home for their companies, the research team went looking for where there may be vulnerabilities as employees are working from home. The research states that the team was "seeking and reporting security vulnerabilities in IoT devices, which led to the finding of an exploitable bug in a consumer-grade router popular in Argentina." They also stated in the research that it was escalating quickly and shares about how protecting home networks is important while working remotely.

TranscriptTranscript
Ep 255 | 10.22.22

New tools target governments in Middle East?

Dick O'Brien from Symantec's Threat Hunter team sits down with Dave to discuss their work on "Witchetty - Group Uses Updated Toolset in Attacks on Governments in Middle East." Their research has found that the group known as Witchetty aka LookingFrog, has been progressively updating its toolset, including the new tool, backdoor Trojan (Backdoor.Stegmap) to launch malware attacks on targets in the Middle East and Africa. The research states "The attackers exploited the ProxyShell and ProxyLogon vulnerabilities to install web shells on public-facing servers before stealing credentials, moving laterally across networks, and installing malware on other computers. The researchers describe more on the new tool being used and why this new group is a threat.

TranscriptTranscript
Load More
Research Saturday
Host(s)
Dave Bittner
Dave Bittner, is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Saturdays
Creator: CyberWire, Inc.
CyberWire logo