Episodes
Tuesday Sep 17, 2024
EvilVideo
Tuesday Sep 17, 2024
Tuesday Sep 17, 2024
Telegram, with nearly a billion monthly users, is a juicy target for cybercriminals, especially if they can exploit a zero-day vulnerability. ESET malware researcher Lukáš Štefanko ran into such an exploit – which ESET named EvilVideo – being sold online. In the discussion with our podcast host ESET Distinguished Researcher Aryeh Goretsky, Štefanko describes the findings of his analysis, including which platforms were affected, what malware can be bundled with EvilVideo, and how Telegram developers reacted when ESET reached out to report the vulnerability. If you want to read more about EvilVideo or our other research findings, head to WeLiveSecurity.com.
Host
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Lukáš Štefanko, ESET Malware Researcher
Materials:
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android
PS: For those of our listeners who are attending the 2024 ESET Technology Conference and playing along with our game of capture the flag, the flag for the CTF challenge named “Radio Broadcast” is: podcasts_are_new_books.
Monday Aug 26, 2024
HotPage
Monday Aug 26, 2024
Monday Aug 26, 2024
In this episode, ESET Distinguished Researcher Aryeh Goretsky and his guest ESET Principal Threat Intelligence Researcher Robert Lipovsky detail recently discovered unusual adware called HotPage. This trojan caught attention of researchers by using a Microsoft-signed, yet vulnerable, kernel driver to inject and manipulate what victims see in their browsers. With its advanced technical means and targeting of Chinese internet cafes and gamers, it shows that even adware creators can invest extra time and effort to innovate their malicious products.
Host
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Robert Lipovsky, ESET Principal Threat Intelligence Researcher
Materials:
HotPage: Story of a signed, vulnerable, ad-injecting driver
Monday Jun 10, 2024
APT Activity Report Q4 2023-Q1 2024: I-SOON, FishMonger, and MuddyWater
Monday Jun 10, 2024
Monday Jun 10, 2024
The I-SOON data leak has allowed us to identify FishMonger, a group notorious for the cyberattacks against Hong Kong universities back in 2019, as I-SOON. This contractor also developed a platform for tracking gambling activity, linking the group to Operation ChattyGoblin. MustangPanda conducted a series of attacks on cargo shipping companies in Norway, Greece, and the Netherlands, even compromising the ships’ systems. Since the Hamas-led attack on Israel in 2023, Iran-aligned groups have shifted focus to impact attacks. Visit WeLiveSecurity to read about other topics covered in the the latest ESET APT Activity Report.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guest: Robert Lipovský, ESET Principal Malware Researcher
Read more @WeLiveSecurity.com and @ESETresearch on Twitter
ESET Threat Reports and ESET APT Activity Reports
Wednesday Jan 31, 2024
Threat Report H2 2023: ChatGPT, the MOVEit hack, and Pandora
Wednesday Jan 31, 2024
Wednesday Jan 31, 2024
In 2023, ESET detected over 675,000 attempts to access malicious domains abusing the popularity of ChatGPT; some offer bring-your-own-key web apps that can steal OpenAI API keys. Apart from AI, in H2 the Cl0p ransomware gang exploited MOVEit software, causing a staggering $14 billion in damages. The IoT landscape faced the new Pandora botnet, compromising Android devices via malicious firmware updates or pirated content apps. Of course, this podcast episode can only cover so much of the latest ESET Threat Report H2 2023. Visit WeLiveSecurity to read about other topics it covers.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guest: René Holt, Security Awareness Specialist
Read more @WeLiveSecurity.com and @ESETresearch on Twitter
ESET Threat Reports and ESET APT Activity Reports
Monday Dec 18, 2023
Neanderthals, Mammoths and Telekopye
Monday Dec 18, 2023
Monday Dec 18, 2023
In this episode, ESET researchers Radek Jizba and Jakub Souček talk about the dynamics within and between various Neanderthal groups, the techniques that this horde of scammers uses to find the best Mammoths, and especially about Neanderthals teaching each other how to wield the cybercriminal tool Telekopye effectively. While this might seem like an odd topic for a podcast about cybersecurity, quite the contrary. Telekopye is the name of a highly automated malicious toolkit implemented as a Telegram bot, that cybercriminals use to deceive unsuspecting users on online marketplaces. If you want to read more before listening, head to the research articles published on WeLiveSecurity.com.
Host
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Radek Jizba, ESET Malware Researcher
Jakub Souček, ESET Malware Researcher
Materials:
Telekopye: Hunting Mammoths using Telegram bot
Telekopye: Chamber of Neanderthals’ secrets
Tuesday Sep 12, 2023
Threat Report H1 2023: Sextortion, usury and brute-force
Tuesday Sep 12, 2023
Tuesday Sep 12, 2023
In H1 2023, intrusion vectors were closing left and right. This forced many cybercriminals to search for alternative ways to compromise devices of their victims. While some of the attackers tried revisiting old routes such as brute-forcing MS SQL servers or distributing (AI-generated?) sextortion and text-based email messages, others kickstarted several Android apps running usury schemes. But there’s also good news. Emotet botnet went quiet after a month of dwindling and ineffective campaigning, and Redline stealer – a notorious malware-as-a-service – has been disrupted by ESET researchers and their friends at Flare systems. Of course, this podcast episode can only cover so much of the ESET Threat report. If you wish to learn about other topics it covers, visit WeLiveSecurity.
Discussed: Sextortion and text-based threats 1:46, brute force attacks on MS SQL servers 7:10, usury Android apps 9:20, Emotet activity 13:25, RedLine Stealer disruption 16:45.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guest: Ondrej Kubovic, Security Awareness Specialist
Read more @WeLiveSecurity.com and @ESETresearch on Twitter
ESET Threat Reports and ESET APT Activity Reports
Thursday Aug 10, 2023
MoustachedBouncer
Thursday Aug 10, 2023
Thursday Aug 10, 2023
What do Disco, NightClub, backdoors, espionage, and internet service providers in Belarus all have in common? They all are tied to the same MoustachedBouncer. It sounds like a bad joke, but it sums up some of the key findings of ESET’s latest research focusing on a recently discovered APT group. Listen to ESET Director of Threat Research Jean-Ian Boutin explain the intricacies of this threat actor to our host Aryeh Goretsky - and if that doesn’t satisfy your hunger for further details - then read the full thing on WeLiveSecurity.com.
Host:
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Jean-Ian Boutin, ESET Director of Threat Research
Materials:
MoustachedBouncer: Espionage against foreign diplomats in Belarus
Wednesday Jul 12, 2023
Finding the mythical BlackLotus bootkit
Wednesday Jul 12, 2023
Wednesday Jul 12, 2023
Towards the end of 2022, an unknown threat actor boasted online that they created a new and powerful UEFI bootkit called BlackLotus. Its most distinctive feature? It could mysteriously bypass UEFI Secure Boot, a feature built into all modern computers to prevent them from running unauthorized software. What at first sounded like a myth turned into reality a few months later when ESET researchers discovered a sample that perfectly matched all the mentioned attributes of a UEFI bootkit known as BlackLotus. Listen to the fascinating story of ESET Malware Researcher Martin Smolár describing his threat hunt to our host ESET Distinguished Researcher Aryeh Goretsky. For more info about this research, read the blogpost on WeLiveSecurity.com.
Host:
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Martin Smolár, ESET Malware Researcher
Materials:
BlackLotus UEFI bootkit: Myth confirmed