Exploring the mechanics of Infostealer malware.
Research Saturday
by N2K Networks
4d ago
This week, we are joined by a Security Researcher from SpyCloud Labs, James, who is discussing their work on "Unpacking Infostealer Malware: What we’ve learned from reverse engineering LummaC2 and Atomic macOS Stealer." Infostealer malware has become highly prevalent, with SpyCloud tracking over 50 families and finding that 1 in 5 digital identities are at risk. This research analyzes the workings and intentions behind infostealers like LummaC2 and Atomic macOS Stealer, focusing on the types of data extracted and the broader security implications. The research can be found here: Reversing Lum ..read more
Visit website
Riding the hype for new Arc browser.
Research Saturday
by N2K Networks
1w ago
Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes, is discussing their work on "Threat actors ride the hype for newly released Arc browser." The Arc browser, newly released for Windows, has quickly garnered positive reviews but has also attracted cybercriminals who are using deceptive Google search ads to distribute malware disguised as the browser. These malicious campaigns exploit the hype around Arc, using techniques like embedding malware in image files and utilizing the MEGA cloud platform for command and control, highlighting the need for caution with sponsored search ..read more
Visit website
1700 IPs and counting.
Research Saturday
by N2K Networks
2w ago
Amit Malik, Director of Threat Research at Uptycs, is sharing their work on "New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware." The Uptycs Threat Research Team has discovered a large-scale Log4j campaign involving over 1700 IPs, aiming to deploy XMRig cryptominer malware. This ongoing operation was initially detected through the team's honeypot collection, prompting an in-depth analysis of the campaign. The research says "The JNDI plugin is particularly useful to attackers because it allows them not only to fetch the values of environment variables in the t ..read more
Visit website
International effort dismantles LockBit.
Research Saturday
by N2K Networks
3w ago
Jon DiMaggio, a Chief Security Strategist at Analyst1, is sharing his work on "Ransomware Diaries Volume 5: Unmasking LockBit." On February 19, 2024, the National Crime Agency (NCA), a UK sovereign law enforcement agency, in collaboration with the FBI, Europol, and nine other countries under "Operation Cronos," disrupted the LockBit ransomware gang’s data leak site used for shaming, extorting, and leaking victim data. The NCA greeted visitors to LockBit’s dark web leak site with a seizure banner, revealing they had been controlling LockBit’s infrastructure for some time, collecting information ..read more
Visit website
From secret images to encryption keys.
Research Saturday
by N2K Networks
1M ago
This week, we are joined by Hosein Yavarzadeh from the University of California San Diego, as he is discussing his work on "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor" This paper introduces new methods that let attackers read from and write to specific parts of high-performance CPUs, such as the path history register (PHR) and prediction history tables (PHTs). These methods allow two main types of attacks. One can reveal a program's control flow history, as shown by recovering a secret image through the libjpeg routines. The other enables detai ..read more
Visit website
Geopolitical tensions rise with China.
Research Saturday
by N2K Networks
1M ago
Adam Marré, CISO at Arctic Wolf, is diving deep into geopolitical tension with China including APT31, iSoon and TikTok with Dave this week. They also discuss some of the history behind China cyber operations. Adam shares information on how different APT groups are able to create spear phishing campaigns, and provides info on how to combat these groups. Learn more about your ad choices. Visit megaphone.fm/adchoices ..read more
Visit website
Cerber ransomware strikes Linux.
Research Saturday
by N2K Networks
1M ago
Christopher Doman, Co-Founder and CTO at Cado Security, is talking about their research on "Cerber Ransomware: Dissecting the three heads." This research delves into Cerber ransomware being deployed onto servers running the Confluence application via the CVE-2023-22518 exploit.  The research states "Cerber emerged and was at the peak of its activity around 2016, and has since only occasional campaigns, most recently targeting the aforementioned Confluence vulnerability." The research can be found here: Cerber Ransomware: Dissecting the three heads Learn more about your ad choices. Visit ..read more
Visit website
Breaking down a a high-severity vulnerability in Kubernetes.
Research Saturday
by N2K Networks
2M ago
Tomer Peled, a Security & Vulnerability Researcher from Akamai is sharing their work on "What a Cluster: Local Volumes Vulnerability in Kubernetes." This research focuses on a high-severity vulnerability in Kubernetes, allowing for remote code execution with system privileges on all Windows endpoints within a Kubernetes cluster. The research states "The discovery of this vulnerability led to the discovery of two others that share the same root cause: insecure function call and lack of user input sanitization." The research can be found here: What a Cluster: Local Volumes Vulnerability in ..read more
Visit website
Leaking your AWS API keys, on purpose?
Research Saturday
by N2K Networks
2M ago
Noah Pack, a SANS Internet Storm Center Intern, sits down to discuss research on "What happens when you accidentally leak your AWS API keys?" This research is a guest diary from Noah and shares a project he worked on after seeing an online video of someone who created a python script that emailed colleges asking for free swag to be shipped to him. The research states "In this article, I will share some research, resources, and real-world data related to leaked AWS API keys." In this research, Noah shares what he learned while implementing his experiment. The research can be found here: What h ..read more
Visit website
The supply chain in disarray.
Research Saturday
by N2K Networks
2M ago
Elad, a Senior Security Researcher from Cycode is sharing their research on "Cycode Discovers a Supply Chain Vulnerability in Bazel." This security flaw could let hackers inject harmful code, potentially affecting millions of projects and users, including Kubernetes, Angular, Uber, LinkedIn, Databricks, DropBox, Nvidia, Google, and many more. The research states "We reported the vulnerability to Google via its Vulnerability Reward Program, where they acknowledged our discovery and proceeded to address and fix the vulnerable components." Please take a moment to fill out an audience survey! Let ..read more
Visit website

Follow Research Saturday on FeedSpot

Continue with Google
Continue with Apple
OR