267 episodes

Every Saturday, we sit down with cybersecurity researchers to talk shop about the latest threats, vulnerabilities, and technical discoveries.

Research Saturday CyberWire Inc.

    • Technology
    • 4.9 • 7 Ratings

Every Saturday, we sit down with cybersecurity researchers to talk shop about the latest threats, vulnerabilities, and technical discoveries.

    Encore: The secrets behind Docker.

    Encore: The secrets behind Docker.

    Alon Zahavi from CyberArk, joins Dave Bittner on this episode to discuss CyberArk's work in conjunction with Patch Tuesday. CyberArk published about how Docker inadvertently created a new vulnerability and what happens when it's exploited.
    CyberArk's research concluded that an attacker may execute files with capabilities or setuid files in order to escalate its privileges up to root level. CyberArk found the new vuln in some of Microsoft’s Docker images, caused by misuse of Linux capabilities, a powerful additional layer of security that gives admins the ability to assign capabilities and privileges to processes and files in the Linux system
    The research can be found here:
    How Docker Made Me More Capable and the Host Less Secure

    • 21 min
    Another infection with new malware.

    Another infection with new malware.

    Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot. 
    The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection.
    The research can be found here:
    KmsdBot: The Attack and Mine Malware

    • 23 min
    An in-depth look on the Crytox ransomware family.

    An in-depth look on the Crytox ransomware family.

    Deepen Desai from Zscaler sits down with Dave to talk about the Crytox ransomware family. First observed in 2020, Crytox is a ransomware family consisting of several stages of encrypted code that has fallen under the radar compared to other ransomware families. While other groups normally use double extortion attacks where data is both encrypted and held for ransom, Crytox does not perform this way.
    The research says "The modus operandi of the group is to encrypt files on connected drives along with network drives, drop the uTox messenger application and then display a ransom note to the victim." It also shares how you may be compromised with this ransomware and goes through each stage in depth.
    The research can be found here:
    Technical Analysis of Crytox Ransomware

    • 17 min
    Over-the-air 0-day vulnerabilities.

    Over-the-air 0-day vulnerabilities.

    Roya Gordon from Nozomi Networks sits down with Dave to discuss their work "UWB Real Time Locating Systems: How Secure Radio Communications May Fail in Practice." Ultra-wideband (UWB) is a rapidly-growing radio technology that, according to the UWB Alliance, is forecasted to drive sales volumes exceeding one billion devices annually by 2025.
    In an effort to strengthen the security of devices utilizing UWB, Nozomi Networks Labs conducted a security assessment of two popular UWB RTLS solutions available on the market. Their research reveals 0-day vulnerabilities and other weaknesses that, if exploited, could allow an attacker to gain full access to all sensitive location data exchanged over-the-air.
    The research can be found here:
    UWB Real Time Locating Systems: How Secure Radio Communications May Fail in Practice

    • 25 min
    Bugs and working from home.

    Bugs and working from home.

    Federico Kirschbaum from Faraday Security sits down with Dave to discuss their research on "A vulnerability in Realtek's SDK for eCos OS: pwning thousands of routers." The team at Faraday found a vulnerability that made it to DEFCON 30, labeling it high severity. With more and more people working from home for their companies, the research team went looking for where there may be vulnerabilities as employees are working from home.
    The research states that the team was "seeking and reporting security vulnerabilities in IoT devices, which led to the finding of an exploitable bug in a consumer-grade router popular in Argentina." They also stated in the research that it was escalating quickly and shares about how protecting home networks is important while working remotely.
    The research can be found here:
    A vulnerability in Realtek´s SDK for eCos OS: pwning thousands of routers

    • 31 min
    New tools target governments in Middle East?

    New tools target governments in Middle East?

    Dick O'Brien from Symantec's Threat Hunter team sits down with Dave to discuss their work on "Witchetty - Group Uses Updated Toolset in Attacks on Governments in Middle East." Their research has found that the group known as Witchetty aka LookingFrog, has been progressively updating its toolset, including the new tool, backdoor Trojan (Backdoor.Stegmap) to launch malware attacks on targets in the Middle East and Africa.
    The research states "The attackers exploited the ProxyShell and ProxyLogon vulnerabilities to install web shells on public-facing servers before stealing credentials, moving laterally across networks, and installing malware on other computers. The researchers describe more on the new tool being used and why this new group is a threat.
    The research can be found here:
    Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

    • 20 min

Customer Reviews

4.9 out of 5
7 Ratings

7 Ratings

Jedi Wannabi ,

A fascinating look into the guts of the machine

I love learning about how even the people who deeply know and understand the intricacies of existing data networks are constantly breaking new ground.

GottaRun21 ,

The go-to for cyber research discussion

Need or want to know more about the leading research in security? You’ve found just the thing. It’s the perfect show to catch up on the latest research over a cup of joe on a Saturday morning.

Frogstar5 ,

One of my favorites from the CyberWire

I never miss an episode of Research Saturday. These one-on-one interviews with researchers from all over the world, and from a diverse range of companies and institutions helps me keep on top of critical threats and vulnerabilities. I like the concise, down-to-business format too. This podcast is time well spent, thank you!

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
NPR
The New York Times
Chris Tarbell & Hector Monsegur
Jack Rhysider

You Might Also Like

CyberWire Inc.
CyberWire, Inc.
Johannes B. Ullrich
CISO Series
Cybereason
The Record by Recorded Future