The methods and mechanisms we use to understand and protect ourselves from the dangers lurking in cyberspace come from the exacting, often painstaking investigations of researchers all over the world. Each Saturday, we’ll talk to those dissecting the malware that’s disrupting business or stealing our personal information, identifying the vulnerabilities in our electronic and human cyber defenses, ferreting out the hidden surveillance features in the products we buy, and hunting down the threats to our increasingly interconnected world. We’ll also hear from researchers in industry and academia working to solve the hard problems of security in a rapidly evolving technological landscape, all while society grapples with the challenge of balancing security and privacy.
Research Saturday Episode List
Undetectable vote manipulation in SwissPost e-voting system
Researchers have discovered a number of vulnerabilities in the SwissPost e-vote system which could allow undetectable manipulation of votes. Dr Vanessa Teague is Associate Professor and Chair, Cybersecurity and Democracy Network at the Melbourne School of Engineering, University of Melbourne, Australia. She joins us to explain her team's findings.
Establishing software root of trust unconditionally.
Researchers at Carnegie Mellon University's CyLab Security and Privacy Institute claim to have made an important breakthrough in establishing root of trust (RoT) to detect malware in computing devices. Virgil Gligor is one of the authors of the research, and he joins us to share their findings.
Lessons learned from Ukraine elections.
Joep Gommers from EclecticIQ joins us to share their research tracking the information operations and and security methods they've been tracking that Russians have been using in advance of the recently held elections in Ukraine.
Alarming vulnerabilities in automotive security systems.
Researchers at Pen Test Partners recently examined a variety of third-party automotive security systems and found serious security issues, potentially giving bad actors the ability to locate, disable or meddle with multiple vehicle systems.
Ryuk ransomware relationship revelations.
Investigators from McAfee's advanced threat research unit, working with partners at Coveware, have reevaluated hasty attributions of Ryuk ransomware to North Korea and have explored the inner workings of the threat. John Fokker is head of cyber investigations in McAfee's Advanced Threat research unit. He join us to share their findings.
ThinkPHP exploit from Asia-Pacific region goes global.
Akamai's Larry Cashdollar joins us to describe an exploit he recently came across while researching MageCart incidents. It's a remote command execution vulnerability affecting ThinkPHP, a popular web framework.
Job-seeker exposes banking network to Lazurus Group
Vitali Kremez is a Director of Research at Flashpoint. His team discovered that the recently disclosed intrusion suffered in December 2018 by Chilean interbank network Redbanc involved PowerRatankba, a malware toolkit with ties to North Korea-linked group Lazarus. The intrusion represents the latest known example of Lazarus-affiliated tools being deployed within financially motivated activity targeted toward financial institutions in Latin America.
Fake Fortnite app scams infect gamers.
Researchers at Zscaler have been tracking a variety fake versions of the popular Fortnite game on the Google Play store, along with associated scams. Deepen Desai is head of security research at Zscaler, and he joins us to share their findings.
Rosneft suspicions shift from espionage to business email compromise.
Researchers at security firm Cylance have been tracking a threat group targeting the Rosneft Russian oil company. As Cylance uncovered details, suspicions shifted from state-sponsored espionage to business email compromise. Kevin Livelli is director of threat intelligence at Cylance, and he joins us to share what they found.
Seedworm digs Middle East intelligence
Researchers at Symantec have been tracking Seedworm, a cyber espionage group targeting the Middle East as well as Europe and North America. The threat group targets government agencies, oil & gas facilities, NGOs, telecoms and IT firms. Al Cooley is director of product management at Symantec, and he joins us to share their findings.
Trends and tips for cloud security.
The team at Palo Alto Networks' Unit 42 recently published research tracking trends in how organizations are addressing cloud security, along with tips for improvement. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings.
Online underground markets in the Middle East
Researchers at Trend Micro recently published their look inside online underground marketplaces in the Middle East and North Africa, where criminals are buying and selling malware, laundering money and event booking their next discount vacation. Jon Clay is director of global threat communications at Trend Micro, and he joins us with their findings.
Twitter amplification bots and how to detect them.
Researchers from Duo Security have been analyzing the behavior of Twitter bots in a series of posts on their web site. Their most recent dive into the subject explores amplification bots, which boost the impact of tweets through likes and retweets. Jordan Wright is a principal R&D engineer at Duo Security, and he joins us to share their findings.
Luring IoT botnets to the honeypot.
Researchers from Netscout's ASERT team have been making use of honeypots to gather information on rapidly evolving IoT botnets that take advantage of default usernames and passwords to gain access and take control of unprotected devices. Matt Bing is a security research analyst with Netscout, and he guides us through their findings.
Magecart payment card skimming analysis.
Researchers at RiskIQ have been tracking a series of web-based credit card skimmers known as Magecart. We take a closer look at attacks on Ticketmaster, British Airways, NewEgg and Shopper Approved payment card pages. Yonathan Klijnsma is lead of threat research at RiskIQ, and he guides us through what they've learned.
NOKKI, Reaper and Dogcall target Russians and Cambodians.
Researchers from Unit 42 at Palo Alto Networks have discovered an interesting relationship between the NOKKI and DOGCALL malware families, as well as a new RAT being used to deploy the malware. Jen Miller-Osborn is Deputy Director of Threat Intelligence with Unit 42, and she joins us to share their findings.
Apple Device Enrollment Program vulnerabilities explored.
Researchers at Duo Security have been looking into Apple's Device Enrollment Program (DEM) and have discovered vulnerabilities that could expose users of the service to potential issues from social engineering and rogue devices. James Barclay is Senior R&D Engineer at Duo Security, and he joins us to share what they've found.
The Sony hack and the perils of attribution.
Researchers at Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that occurred while the facts were still unfolding with what we know, today. There are interesting lessons to be learned, especially when it comes to attribution. Brian Martin is V.P. of vulnerability intelligence at Risk Based Security, and he shares their findings.
Operation Red Signature targets South Korean supply chain.
Researchers at Trend Micro uncovered a supply chain attack targeting organizations in South Korea. With the goal of information theft, attackers compromised the update server of a third party support provider, resulting in the installation of a RAT, or remote access trojan. Rik Ferguson is Vice President of Security Research at Trend Micro, and he guides us through their discoveries.
Getting an education on Cobalt Dickens.
Researchers from Secureworks' Counter Threat Unit have been tracking a threat group spoofing login pages for universities. Evidence suggests the Iranian group Cobalt Dickens is likely responsible. Allison Wikoff is a senior researcher at Secureworks, and she joins us to share what they've found.