Greg Lesnewich, senior threat researcher at Proofpoint, sits down to discuss "From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering." Since 2023, TA427 has directly solicited foreign policy experts for their opinions on n

Breaking down a high-severity vulnerability in Kubernetes.

13 days ago 15m 45s

Tomer Peled, a Security & Vulnerability Researcher from Akamai is sharing their work on "What a Cluster: Local Volumes Vulnerability in Kubernetes." This research focuses on a high-severity vulnerability in Kubernetes, allowing for remote code

Leaking your AWS API keys, on purpose?

20 days ago 26m 30s

Noah Pack, a SANS Internet Storm Center Intern, sits down to discuss research on "What happens when you accidentally leak your AWS API keys?" This research is a guest diary from Noah and shares a project he worked on after seeing an online vide

The supply chain in disarray.

27 days ago 19m 56s

Elad, a Senior Security Researcher from Cycode is sharing their research on "Cycode Discovers a Supply Chain Vulnerability in Bazel." This security flaw could let hackers inject harmful code, potentially affecting millions of projects and users

HijackLoader unleashed: Evolving threats and sneaky tactics.

Mar 23rd, 2024 24m 13s

Liviu Arsene from CrowdStrike joins to discuss their research "HijackLoader Expands Techniques to Improve Defense Evasion." The research has found that HijackLoader continues to become increasingly popular among adversaries for deploying additi

Inside SendGrid's phishy business.

Mar 16th, 2024 31m 55s

Robert Duncan from Netcraft is sharing their research on "Phishception - SendGrid abused to host phishing attacks impersonating itself." Netcraft has recently observed that criminals abused Twilio SendGrid’s email delivery, API, and marketing s

Understanding the multi-tiered impact of ransomware.

Mar 9th, 2024 22m 55s

This week we are joined by Jamie MacColl and Dr. Pia Hüsch from RUSI discussing their work on "Ransomware: Victim Insights on Harms to Individuals, Organisations and Society." The research reveals some of the harms caused by ransomware, includi

The return of a malware menace.

Mar 2nd, 2024 21m 8s

This week we are joined by, Selena Larson from Proofpoint, who is discussing their research, "Bumblebee Buzzes Back in Black." Bumblebee is a sophisticated downloader used by multiple cybercriminal threat actors and was a favored payload from i

Web host havoc: Unveiling the Manic Menagerie campaign.

Feb 24th, 2024 23m 45s

Assaf Dahan and Daniel Frank from Palo Alto Networks Cortex sit down with Dave to talk about their research "Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor." From late 2020 to late 2022, Unit 42 researchers discovered an

Hackers come hopping back.

Feb 17th, 2024 20m 16s

Ori David from Akamai is sharing their research "Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal." FritzFrog takes advantage of the fact that only internet facing applications were prioritized for Log4Shell patching and targets inter

Ransomware is coming.

Feb 10th, 2024 30m 48s

Jon DiMaggio, Chief Security Strategist for Analyst1, is discussing his research on "Ransomware Diaries Volume 4: Ransomed and Exposed - The Story of RansomedVC." While there is evidence to support that RansomedVC runs cybercrime operations, Jo

Weathering the internet storm.

Feb 3rd, 2024 25m 37s

Johannes Ullrich from SANS talking about the Internet Storm Center and how they do research. Internet Storm Center was created as a mix of manual reports submitted by security analysts during Y2K and automated firewall collection started by DSh

Hooked on pirated macOS applications.

Jan 27th, 2024 23m

Jaron Bradley from Jamf Threat Labs is sharing their work on "Jamf Threat Labs discovers new malware embedded in pirated applications." Jamf Threat Labs has detected a series of pirated macOS applications that have been modified to communicate

A firewall wake up call.

Jan 20th, 2024 23m 1s

Jon Williams from Bishop Fox is sharing their research on "It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable." SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart after finding that NGFW series

Dual Russian cyber gangs hit 23 companies.

Jan 13th, 2024 18m 58s

Ryan Westman, Senior Manager, Threat Intelligence, eSentire's Threat Response Unit (TRU), is discussing their research "Two Russian-speaking cyber gangs attack employees from 23 different companies." They are using malicious Google ads, promoti

Diving deep into Phobos ransomware.

Jan 6th, 2024 24m 5s

Guilherme Venere from Cisco Talos joins to discuss their research on "A deep dive into Phobos ransomware, recently deployed by 8Base group." Cisco Talos discovered that 8Base’s Phobos ransomware payload contains an embedded configuration, which

Encore: What malicious campaign is lurking under the surface?

Dec 30th, 2023 23m 33s

Israel Barak, CISO from Cybereason, sits down with Dave to discuss their research, "Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation." Cybereason researchers recently found an attack lurking beneat

Encore: Compromised military tech?

Dec 23rd, 2023 21m 32s

Dick O'Brien from Symantec's threat hunter team, joins Dave to discuss their work on "Stonefly: North Korea-linked spying operation continues to hit high-value targets." Stonefly specializes in mounting highly selective targeted attacks against

Shedding light on Fighting Ursa.

Dec 16th, 2023 22m 27s

Host of the CyberWire Daily podcast segment Threat Vector, David Moulton sits down with Mike "Siko" Sikorski from Palo Alto Networks Unit 42 to discuss their research on "Fighting Ursa Aka APT28: Illuminating a Covert Campaign." Unit 42 just p

On the hunt for popping up kernel drives.

Dec 9th, 2023 15m 2s

Dana Behling, researcher from Carbon Black, sharing their work on "Hunting Vulnerable Kernel Drivers." The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers, six of which allow kernel memory access, accepting firmw

Exploits and vulnerabilities.

Dec 2nd, 2023 18m 48s

Ryan from Bishop Fox joins to describe their work on "Building an Exploit for FortiGate Vulnerability CVE-2023-27997." After Lexfo published details of a pre-authentication remote code injection vulnerability in the Fortinet SSL VPN, Bishop Fo

Encore: Another infection with new malware.

Nov 25th, 2023 19m 25s

Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infect

The malicious YoroTrooper in disguise.

Nov 18th, 2023 16m 35s

Asheer Malhotra from Cisco Talos discussing their research and findings on "Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan." Cisco Talos' research team, released research attributing the work of the espionage-focuse

Encore: Old malware returns in a new way.

Nov 11th, 2023 24m 19s

Jeremy Kennelly and Sulian Lebegue from Mandiant sit down with Dave to discuss their research "From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind? One of the oldest and most successful banking fraud malwares, URSNIF, which caused an estimated

Sandman doesn't slow malware down.

Nov 4th, 2023 22m 58s

Aleksandar Milenkoski and JAGS from SentinelOne sits down to share their work on "Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit." After observing a new threat activity cluster by an unknown threat actor in August of this