The methods and mechanisms we use to understand and protect ourselves from the dangers lurking in cyberspace come from the exacting, often painstaking investigations of researchers all over the world. Each Saturday, we’ll talk to those dissecting the malware that’s disrupting business or stealing our personal information, identifying the vulnerabilities in our electronic and human cyber defenses, ferreting out the hidden surveillance features in the products we buy, and hunting down the threats to our increasingly interconnected world. We’ll also hear from researchers in industry and academia working to solve the hard problems of security in a rapidly evolving technological landscape, all while society grapples with the challenge of balancing security and privacy.
Research Saturday Episode List
ThinkPHP exploit from Asia-Pacific region goes global.
Akamai's Larry Cashdollar joins us to describe an exploit he recently came across while researching MageCart incidents. It's a remote command execution vulnerability affecting ThinkPHP, a popular web framework.
Job-seeker exposes banking network to Lazurus Group
Vitali Kremez is a Director of Research at Flashpoint. His team discovered that the recently disclosed intrusion suffered in December 2018 by Chilean interbank network Redbanc involved PowerRatankba, a malware toolkit with ties to North Korea-linked group Lazarus. The intrusion represents the latest known example of Lazarus-affiliated tools being deployed within financially motivated activity targeted toward financial institutions in Latin America.
Fake Fortnite app scams infect gamers.
Researchers at Zscaler have been tracking a variety fake versions of the popular Fortnite game on the Google Play store, along with associated scams. Deepen Desai is head of security research at Zscaler, and he joins us to share their findings.
Rosneft suspicions shift from espionage to business email compromise.
Researchers at security firm Cylance have been tracking a threat group targeting the Rosneft Russian oil company. As Cylance uncovered details, suspicions shifted from state-sponsored espionage to business email compromise. Kevin Livelli is director of threat intelligence at Cylance, and he joins us to share what they found.
Seedworm digs Middle East intelligence
Researchers at Symantec have been tracking Seedworm, a cyber espionage group targeting the Middle East as well as Europe and North America. The threat group targets government agencies, oil & gas facilities, NGOs, telecoms and IT firms. Al Cooley is director of product management at Symantec, and he joins us to share their findings.
Trends and tips for cloud security.
The team at Palo Alto Networks' Unit 42 recently published research tracking trends in how organizations are addressing cloud security, along with tips for improvement. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings.
Online underground markets in the Middle East
Researchers at Trend Micro recently published their look inside online underground marketplaces in the Middle East and North Africa, where criminals are buying and selling malware, laundering money and event booking their next discount vacation. Jon Clay is director of global threat communications at Trend Micro, and he joins us with their findings.
Twitter amplification bots and how to detect them.
Researchers from Duo Security have been analyzing the behavior of Twitter bots in a series of posts on their web site. Their most recent dive into the subject explores amplification bots, which boost the impact of tweets through likes and retweets. Jordan Wright is a principal R&D engineer at Duo Security, and he joins us to share their findings.
Luring IoT botnets to the honeypot.
Researchers from Netscout's ASERT team have been making use of honeypots to gather information on rapidly evolving IoT botnets that take advantage of default usernames and passwords to gain access and take control of unprotected devices. Matt Bing is a security research analyst with Netscout, and he guides us through their findings.
Magecart payment card skimming analysis.
Researchers at RiskIQ have been tracking a series of web-based credit card skimmers known as Magecart. We take a closer look at attacks on Ticketmaster, British Airways, NewEgg and Shopper Approved payment card pages. Yonathan Klijnsma is lead of threat research at RiskIQ, and he guides us through what they've learned.
NOKKI, Reaper and Dogcall target Russians and Cambodians.
Researchers from Unit 42 at Palo Alto Networks have discovered an interesting relationship between the NOKKI and DOGCALL malware families, as well as a new RAT being used to deploy the malware. Jen Miller-Osborn is Deputy Director of Threat Intelligence with Unit 42, and she joins us to share their findings.
Apple Device Enrollment Program vulnerabilities explored.
Researchers at Duo Security have been looking into Apple's Device Enrollment Program (DEM) and have discovered vulnerabilities that could expose users of the service to potential issues from social engineering and rogue devices. James Barclay is Senior R&D Engineer at Duo Security, and he joins us to share what they've found.
The Sony hack and the perils of attribution.
Researchers at Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that occurred while the facts were still unfolding with what we know, today. There are interesting lessons to be learned, especially when it comes to attribution. Brian Martin is V.P. of vulnerability intelligence at Risk Based Security, and he shares their findings.
Operation Red Signature targets South Korean supply chain.
Researchers at Trend Micro uncovered a supply chain attack targeting organizations in South Korea. With the goal of information theft, attackers compromised the update server of a third party support provider, resulting in the installation of a RAT, or remote access trojan. Rik Ferguson is Vice President of Security Research at Trend Micro, and he guides us through their discoveries.
Getting an education on Cobalt Dickens.
Researchers from Secureworks' Counter Threat Unit have been tracking a threat group spoofing login pages for universities. Evidence suggests the Iranian group Cobalt Dickens is likely responsible. Allison Wikoff is a senior researcher at Secureworks, and she joins us to share what they've found.
Doubling down on Cobalt Group activity.
The NETSCOUT Arbor ASERT team has been tracking Cobalt Group campaigns targeting financial institutions. Richard Hummel is manager of threat intelligence with ASERT, and he joins us to share his team's findings.
Establishing international norms in cyberspace.
Joseph Nye is former dean of the Harvard Kennedy School of Government. He served as Chair of the National Intelligence Council, and as Assistant Secretary of Defense for International Security Affairs under President Clinton. He serves as a Commissioner for the Global Commission on Internet Governance, and is the author of over a dozen books, including, “Soft Power: The means to success in work politics,” and “The future of power.”
Symantec technical director Vikram Thakur returns to share his team's look at threat groups APT 28 and APT 29, the influence they had on the 2016 election, and how the cyber security industry has responded in preparation for the 2018 midterms.
Researchers at security firm Check Point Software Technologies explored the possibility of exploiting old, complex fax protocols to gain access to modern multifunction office printers, and then pivot to connected networks. Yaniv Balmas is head of security research at Check Point, and he joins us to share what he and his colleague Eyal Itkin discovered.
Stormy weather in the Office 365 cloud.
Security firm Lastline recently took a close look at threats to the Office 365 cloud environment, taking advantage of the insights they gain protecting their clients. Andy Norton is director of threat intelligence at Lastline, and he joins us to describe their findings.