Research Saturday
Recent Episodes
Dissecting the Spring4Shell vulnerability.
Edward Wu, senior principal data scientist at ExtraHop, joins Dave to discuss the company's research, "A Technical Analysis of How Spring4Shell Works." ExtraHop first noticed chatter from social media in March of 2022 on a new remote code execution (RCE) vulnerability and immediately started tracking the issue. In the research, it describes how the exploit works and breaks down how the ExtraHop team came to identify the Spring4Shell vulnerability. The research describes the severity of the vulnerability, saying, "The impact of an RCE in this framework could have a serious impact similar to Log4Shell."
New developments in the WSL attack.
Danny Adamitis from Lumen's Black Lotus Labs, joins Dave to discuss new developments in the WSL attack surface. Since September 2021, Black Lotus Labs have been monitoring malware repositories as a part of their proactive threat hunting process. Danny shares how researchers discovered a series of suspicious ELF files compiled for Debian Linux . The research states how the team identified a series of samples that target the WSL environment, they were uploaded every two to three weeks and started as early as May 3, 2021 and go until August 22, 2021.
Scott Fanning, CrowdStrike's Senior Director of Product Management, Cloud Security, joins Dave to discuss their work on "LemonDuck Targets Docker for Cryptomining Operations." LemonDuck is a well-known cryptomining botnet, and the research suggests attackers are attracted to the monetary gain from the recent boom in cryptocurrency. LemonDuck was caught trying to disguise its attack against Docker by running an anonymous mining operation by the use of proxy pools. Scott shares how its unknown which organizations have been targeted and just how much cryptocurrency has been stolen.
Dick O'Brien from Symantec's threat hunter team, joins Dave to discuss their work on "Stonefly: North Korea-linked spying operation continues to hit high-value targets." Stonefly specializes in mounting highly selective targeted attacks against targets that could yield intelligence to assist strategically important sectors. Symantec found that The attackers breached an engineering firm in February 2022, most likely by exploiting the Log4j vulnerability, Their research describes who these high value targets are and ways to prevent this malware from breaching any more companies as well as indications that you could be compromised.
AutoWarp bug leads to Automation headaches.
Yanir Tsarimi from Orca Security, joins Dave to discuss how researchers have discovered a critical Azure Automation service vulnerability called AutoWarp. The security flaw was discovered this past March causing Yanir to leap into action announcing the issue to Microsoft who helped to swiftly resolve the cross-account vulnerability. The research shows how this serious flaw would allow attackers unauthorized access to other customer accounts and potentially full control over resources and data belonging to those accounts, as well as put multiple Fortune 500 companies and billions of dollars at risk. The research shares the crucial time line that the vulnerability was discovered as well as Microsofts response to the vulnerability.