163 episodes

Every Saturday, we sit down with cybersecurity researchers to talk shop about the latest threats, vulnerabilities, and technical discoveries.

Research Saturday The CyberWire

    • Technology
    • 5.0 • 3 Ratings

Every Saturday, we sit down with cybersecurity researchers to talk shop about the latest threats, vulnerabilities, and technical discoveries.

    Encore: Using global events as lures for malicious activity.

    Encore: Using global events as lures for malicious activity.

    The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased accordingly. Together, these changes have had an impact on the threat landscape. We still see large amounts of active exploitation, but enterprises are getting better at defending against them.
    This has left adversaries with a couple of options, develop or buy a working exploit that will defeat today's protections, which can be costly, or pivot to enticing a user to help you. In today's threat landscape, adversaries are always trying to develop and implement the most effective lures to try and draw users into their infection path. They've tried a multitude of different tactics in this space, but one always stands out — current events.
    Joining us on this week's Research Saturday from Craig Williams from Cisco's Talos Outreach team to walk us through how current events are used as lures.
    The research and blog post can be found here: 
    Adversarial use of current events as lures

    • 22 min
    Misconfigured identity and access management (IAM) is much more widespread.

    Misconfigured identity and access management (IAM) is much more widespread.

    Identity and access are intrinsically connected when providing security to cloud platforms. But security is only effective when environments are properly configured and maintained. In the 2H 2020 edition of the biannual Unit 42 Cloud Threat Report, researchers conducted Red Team exercises, scanned public cloud data and pulled proprietary Palo Alto Networks data to explore the threat landscape of identity and access management (IAM) and identify where organizations can improve their IAM configurations.
    During a Red Team exercise, Unit 42 researchers were able to discover and leverage IAM misconfigurations to obtain admin access to a customer’s entire Amazon Web Services (AWS) cloud environment – a potentially multi-million dollar data breach in the real-world. These examples highlight just how serious the failure to secure IAM can be for an organization.
    Joining us in this week's Research Saturday to discuss the report for Palo Alto Networks' Unit 42 is CSO of Public Cloud, Matt Chiodi.
    The research can be found here:
    Highlights from the Unit 42 Cloud Threat Report, 2H 2020

    • 20 min
    That first CVE was a fun find, for sure.

    That first CVE was a fun find, for sure.

    In the late 90s, hackers who discovered vulnerabilities would sometimes send an email to Bugtraq with details. Bugtraq was a notification system used by people with an interest in network security. It was also a place that might have been monitored by employees of software companies looking for reports of vulnerabilities pertaining to their software. The problem was - there wasn't an easy way to track specific vulnerabilities in specific products. 
    It was May 1999. Larry Cashdollar was working as a system administrator for Bath Iron Works under contract by Computer Sciences Corporation. Specifically, he was a UNIX Systems Administrator, level one. His team managed over 3,000 UNIX systems across BIW's campuses. Most of these were CAD systems used for designing AEGIS class destroyers. This position gave me access to over 3,000 various flavors of UNIX ranging from Sun Solaris to IBM AIX.
    Joining us in this week's Research Saturday to discuss his journey from finding that first CVE through the next 20 years and hundreds of CVEs is Akamai Senior Response Engineer Larry Cashdollar.
    The research can be found here: 
    MUSIC TO HACK TO: MY FIRST CVE AND 20 YEARS OF VULNERABILITY RESEARCH

    • 28 min
    PoetRAT: a complete lack of operational security.

    PoetRAT: a complete lack of operational security.

    Cisco Talos discovered PoetRAT earlier this year. Since then, they observed multiple new campaigns indicating a change in the actor's capabilities and showing their maturity toward better operational security. They assess with medium confidence this actor continues to use spear-phishing attacks to lure a user to download a malicious document from temporary hosting providers. They currently believe the malware comes from malicious URLs included in the email, resulting in the user clicking and downloading a malicious document. These Word documents continue to contain malicious macros, which in turn download additional payloads once the attacker sets their sites on a particular victim. As the geopolitical tensions grow in Azerbaijan with neighboring countries, this is no doubt a stage of espionage with national security implications being deployed by a malicious actor with a specific interest in various Azerbajiani government departments.
    Joining us in this week's Research Saturday to discuss the research from Cisco's Talos Outreach is Craig Williams.
    The research can be found here: 
    PoetRAT: Malware targeting public and private sector in Azerbaijan evolves

    • 22 min
    Leveraging for a bigger objective.

    Leveraging for a bigger objective.

    The U.S. government has charged seven men in relation to hundreds of cyber attacks against organizations in the U.S. and multiple other countries in Asia and Europe. Two of the men, who were based in Malaysia, were arrested and their extradition to the U.S. has been requested. The other five are based in China and remain at large.
    The attacks were attributed to a China-linked organization dubbed APT41 and involved a combination of intellectual property theft and financially motivated cyber crime. While some of our peers monitor APT41 as a single operation, Symantec regards it as two distinct actors: Grayfly and Blackfly.
    Joining us in this week's Research Saturday to discuss the research from Symantec's Threat Hunter Team is Jon DiMaggio.
    The research can be found here: 
    APT41: Indictments Put Chinese Espionage Group in the Spotlight

    • 25 min
    The Malware Mash!

    The Malware Mash!

    • 3 min

Customer Reviews

5.0 out of 5
3 Ratings

3 Ratings

GottaRun21 ,

The go-to for cyber research discussion

Need or want to know more about the leading research in security? You’ve found just the thing. It’s the perfect show to catch up on the latest research over a cup of joe on a Saturday morning.

Frogstar5 ,

One of my favorites from the CyberWire

I never miss an episode of Research Saturday. These one-on-one interviews with researchers from all over the world, and from a diverse range of companies and institutions helps me keep on top of critical threats and vulnerabilities. I like the concise, down-to-business format too. This podcast is time well spent, thank you!

Top Podcasts In Technology