The methods and mechanisms we use to understand and protect ourselves from the dangers lurking in cyberspace come from the exacting, often painstaking investigations of researchers all over the world. Each Saturday, we’ll talk to those dissecting the malware that’s disrupting business or stealing our personal information, identifying the vulnerabilities in our electronic and human cyber defenses, ferreting out the hidden surveillance features in the products we buy, and hunting down the threats to our increasingly interconnected world. We’ll also hear from researchers in industry and academia working to solve the hard problems of security in a rapidly evolving technological landscape, all while society grapples with the challenge of balancing security and privacy.
Research Saturday Episode List
Elfin APT group targets Middle East energy sector.
Researchers at Symantec have been tracking an espionage group known as Elfin that has targeted dozens of organizations over the past three years, primarily focusing on Saudi Arabia and the United States. Alan Neville is a principal threat intelligence analyst at Symantec, and he joins us to share their findings.
Steganography enables sophisticated OceanLotus payloads.
Researchers at Blackberry Cylance have been tracking payload obfuscation techniques employed by OceanLotus (APT32), specifically steganography used to hide code within seemingly benign image files. Tom Bonner is director of threat research at Blackberry Cylance, and he joins us to share their findings.
Sea Turtle state-sponsored DNS hijacking
Researchers at Cisco Talos have been tracking what they believe is a state-sponsored attack on DNS systems, targeting the Middle East and North Africa. This attack has the potential to erode trust and stability of the DNS system, so critical to the global economy. Craig Williams is director of Talos Outreach at Cisco, and he joins us to share their findings.
Deep Learning threatens 3D medical imaging integrity.
Researchers at Ben Gurion University in Israel have developed techniques to infiltrate medical imaging system networks and alter 3D medical scans within, fooling both human and automated examiners with a high rate of success. Yisroel Mirsky is a cybersecurity researcher and project manager at Ben Gurion University, and he joins us to share what his team discovered.
Undetectable vote manipulation in SwissPost e-voting system
Researchers have discovered a number of vulnerabilities in the SwissPost e-vote system which could allow undetectable manipulation of votes. Dr Vanessa Teague is Associate Professor and Chair, Cybersecurity and Democracy Network at the Melbourne School of Engineering, University of Melbourne, Australia. She joins us to explain her team's findings.
Establishing software root of trust unconditionally.
Researchers at Carnegie Mellon University's CyLab Security and Privacy Institute claim to have made an important breakthrough in establishing root of trust (RoT) to detect malware in computing devices. Virgil Gligor is one of the authors of the research, and he joins us to share their findings.
Lessons learned from Ukraine elections.
Joep Gommers from EclecticIQ joins us to share their research tracking the information operations and and security methods they've been tracking that Russians have been using in advance of the recently held elections in Ukraine.
Alarming vulnerabilities in automotive security systems.
Researchers at Pen Test Partners recently examined a variety of third-party automotive security systems and found serious security issues, potentially giving bad actors the ability to locate, disable or meddle with multiple vehicle systems.
Ryuk ransomware relationship revelations.
Investigators from McAfee's advanced threat research unit, working with partners at Coveware, have reevaluated hasty attributions of Ryuk ransomware to North Korea and have explored the inner workings of the threat. John Fokker is head of cyber investigations in McAfee's Advanced Threat research unit. He join us to share their findings.
ThinkPHP exploit from Asia-Pacific region goes global.
Akamai's Larry Cashdollar joins us to describe an exploit he recently came across while researching MageCart incidents. It's a remote command execution vulnerability affecting ThinkPHP, a popular web framework.
Job-seeker exposes banking network to Lazurus Group
Vitali Kremez is a Director of Research at Flashpoint. His team discovered that the recently disclosed intrusion suffered in December 2018 by Chilean interbank network Redbanc involved PowerRatankba, a malware toolkit with ties to North Korea-linked group Lazarus. The intrusion represents the latest known example of Lazarus-affiliated tools being deployed within financially motivated activity targeted toward financial institutions in Latin America.
Fake Fortnite app scams infect gamers.
Researchers at Zscaler have been tracking a variety fake versions of the popular Fortnite game on the Google Play store, along with associated scams. Deepen Desai is head of security research at Zscaler, and he joins us to share their findings.
Rosneft suspicions shift from espionage to business email compromise.
Researchers at security firm Cylance have been tracking a threat group targeting the Rosneft Russian oil company. As Cylance uncovered details, suspicions shifted from state-sponsored espionage to business email compromise. Kevin Livelli is director of threat intelligence at Cylance, and he joins us to share what they found.
Seedworm digs Middle East intelligence
Researchers at Symantec have been tracking Seedworm, a cyber espionage group targeting the Middle East as well as Europe and North America. The threat group targets government agencies, oil & gas facilities, NGOs, telecoms and IT firms. Al Cooley is director of product management at Symantec, and he joins us to share their findings.
Trends and tips for cloud security.
The team at Palo Alto Networks' Unit 42 recently published research tracking trends in how organizations are addressing cloud security, along with tips for improvement. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings.
Online underground markets in the Middle East
Researchers at Trend Micro recently published their look inside online underground marketplaces in the Middle East and North Africa, where criminals are buying and selling malware, laundering money and event booking their next discount vacation. Jon Clay is director of global threat communications at Trend Micro, and he joins us with their findings.
Twitter amplification bots and how to detect them.
Researchers from Duo Security have been analyzing the behavior of Twitter bots in a series of posts on their web site. Their most recent dive into the subject explores amplification bots, which boost the impact of tweets through likes and retweets. Jordan Wright is a principal R&D engineer at Duo Security, and he joins us to share their findings.
Luring IoT botnets to the honeypot.
Researchers from Netscout's ASERT team have been making use of honeypots to gather information on rapidly evolving IoT botnets that take advantage of default usernames and passwords to gain access and take control of unprotected devices. Matt Bing is a security research analyst with Netscout, and he guides us through their findings.
Magecart payment card skimming analysis.
Researchers at RiskIQ have been tracking a series of web-based credit card skimmers known as Magecart. We take a closer look at attacks on Ticketmaster, British Airways, NewEgg and Shopper Approved payment card pages. Yonathan Klijnsma is lead of threat research at RiskIQ, and he guides us through what they've learned.
NOKKI, Reaper and Dogcall target Russians and Cambodians.
Researchers from Unit 42 at Palo Alto Networks have discovered an interesting relationship between the NOKKI and DOGCALL malware families, as well as a new RAT being used to deploy the malware. Jen Miller-Osborn is Deputy Director of Threat Intelligence with Unit 42, and she joins us to share their findings.