Research Saturday N2K Networks
-
- Technology
-
Every Saturday, we sit down with cybersecurity researchers to talk shop about the latest threats, vulnerabilities, and technical discoveries.
-
Cerber ransomware strikes Linux.
Christopher Doman, Co-Founder and CTO at Cado Security, is talking about their research on "Cerber Ransomware: Dissecting the three heads." This research delves into Cerber ransomware being deployed onto servers running the Confluence application via the CVE-2023-22518 exploit.
The research states "Cerber emerged and was at the peak of its activity around 2016, and has since only occasional campaigns, most recently targeting the aforementioned Confluence vulnerability."
The research can be found here:
Cerber Ransomware: Dissecting the three heads
Learn more about your ad choices. Visit megaphone.fm/adchoices -
The art of information gathering.
Greg Lesnewich, senior threat researcher at Proofpoint, sits down to discuss "From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering." Since 2023, TA427 has directly solicited foreign policy experts for their opinions on nuclear disarmament, US-ROK policies, and sanction topics via benign conversation starting emails.
The research states "While our researchers have consistently observed TA427 rely on social engineering tactics and regularly rotating its email infrastructure, in December 2023 the threat actor began to abuse lax Domain-based Message Authentication, Reporting and Conformance (DMARC) policies to spoof various personas and, in February 2024, began incorporating web beacons for target profiling."
The research can be found here:
From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Breaking down a high-severity vulnerability in Kubernetes.
Tomer Peled, a Security & Vulnerability Researcher from Akamai is sharing their work on "What a Cluster: Local Volumes Vulnerability in Kubernetes." This research focuses on a high-severity vulnerability in Kubernetes, allowing for remote code execution with system privileges on all Windows endpoints within a Kubernetes cluster.
The research states "The discovery of this vulnerability led to the discovery of two others that share the same root cause: insecure function call and lack of user input sanitization."
The research can be found here:
What a Cluster: Local Volumes Vulnerability in Kubernetes
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Leaking your AWS API keys, on purpose?
Noah Pack, a SANS Internet Storm Center Intern, sits down to discuss research on "What happens when you accidentally leak your AWS API keys?" This research is a guest diary from Noah and shares a project he worked on after seeing an online video of someone who created a python script that emailed colleges asking for free swag to be shipped to him.
The research states "In this article, I will share some research, resources, and real-world data related to leaked AWS API keys." In this research, Noah shares what he learned while implementing his experiment.
The research can be found here:
What happens when you accidentally leak your AWS API keys? [Guest Diary]
Learn more about your ad choices. Visit megaphone.fm/adchoices -
The supply chain in disarray.
Elad, a Senior Security Researcher from Cycode is sharing their research on "Cycode Discovers a Supply Chain Vulnerability in Bazel." This security flaw could let hackers inject harmful code, potentially affecting millions of projects and users, including Kubernetes, Angular, Uber, LinkedIn, Databricks, DropBox, Nvidia, Google, and many more.
The research states "We reported the vulnerability to Google via its Vulnerability Reward Program, where they acknowledged our discovery and proceeded to address and fix the vulnerable components."
Please take a moment to fill out an audience survey! Let us know how we are doing!
The research can be found here:
Cycode Discovers a Supply Chain Vulnerability in Bazel
Learn more about your ad choices. Visit megaphone.fm/adchoices -
HijackLoader unleashed: Evolving threats and sneaky tactics.
Liviu Arsene from CrowdStrike joins to discuss their research "HijackLoader Expands Techniques to Improve Defense Evasion." The research has found that HijackLoader continues to become increasingly popular among adversaries for deploying additional payloads and tooling.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. Researchers state "this new approach has the potential to make defense evasion stealthier."
Please take a moment to fill out an audience survey! Let us know how we are doing!
The research can be found here:
HijackLoader Expands Techniques to Improve Defense Evasion
And be sure to join our live webinar: CISOs are the new Architects (of the Workforce)
Join N2K’s Simone Petrella and Intuit’s Kim Jones on Wednesday, March 27th for an online discussion about the pivotal role security leaders play in shaping the security workforce landscape, and how we can start showing up for the future of our industry. Learn more and register on the event page.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Customer Reviews
A fascinating look into the guts of the machine
I love learning about how even the people who deeply know and understand the intricacies of existing data networks are constantly breaking new ground.
Podcast doesn’t play while on VPN.
Podcast doesn’t play while on VPN.
The go-to for cyber research discussion
Need or want to know more about the leading research in security? You’ve found just the thing. It’s the perfect show to catch up on the latest research over a cup of joe on a Saturday morning.