About the show

Security Conversations is a series of podcasts covering threat intelligence and the business of cybersecurity, from the lens of veteran journalist and storyteller Ryan Naraine. The Three Buddy Problem show features conversations and debates on nation-state APTs, cyberespionage, spy tradecraft, cryptocurrency theft, advancements in offensive research and targeted malware espionage activity.

Connect with Ryan on Twitter (Open DMs).

Security Conversations on social media

Episodes

  • Inside the PlugX malware removal operation, CISA takes victory lap and another Fortinet 0day

    January 17th, 2025  |  1 hr 59 mins
    apt research, cisa, nation-state, zero-day

    Three Buddy Problem Episode 30: We discuss French threat-intel Sekoia creating a portal to handle “sovereign disinfections” of the PlugX malware, CISA leadership taking a victory lap using the ‘Secure by Design’ pledge as a trophy, the new Biden cybersecurity Executive Order, another Fortinet zero-day, the TikTok ban and Ukrainian hackers targeting Russian companies.

    Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade

  •

    Hijacking .gov backdoors, Ivanti 0days and a Samsung 0-click vuln

    January 10th, 2025  |  1 hr 48 mins
    apt research, nation-state, zero-day

    Three Buddy Problem Episode 29: Another day, another Ivanti zero-day being exploited in the wild. Plus, China's strange response to Volt Typhoon attribution, Japan blames China for hacks, a Samsung 0-click vulnerability found by Project Zero, Kim Zetter's reporting on drone sightings and a nuclear scare. Plus, hijacking abandoned .gov backdoors and Ukrainian hacktivists wiping a major Russian ISP.

    Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade

  •

    US Treasury hacked via BeyondTrust, MISP and the threat actor naming mess

    January 3rd, 2025  |  1 hr 49 mins
    apt research, nation-state, zero-day

    Three Buddy Problem Episode 28: In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by a lack of standardization, methodological inconsistencies and skewed, marketing-driven incentives.

    Plus, the US Treasury/BeyondTrust hack, the surge in 0day discoveries, a new variant of the Xdr33 CIA Hive malware, and exclusive new information on the Cyberhaven Chrome extension security incident.

    Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade

  •

    Palo Alto network edge device backdoor, Cyberhaven browser extension hack, 2024 research highlights

    December 27th, 2024  |  1 hr 53 mins
    apt research, chatgpt, csrb, deepfake, nation-state, zero-day

    Three Buddy Problem Episode 27: We discuss the discovery of a Palo Alto network firewall attack and a stealthy network edge device backdoor (LITTLELAMB.WOOLTEA), the Cyberhaven hack and the shady world of browser extensions, and a look back at the top research projects that caught our attention in 2025.

    Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade

  •

    US government's VPN advice, dropping bombs on ransomware gangs

    December 23rd, 2024  |  1 hr 58 mins
    apt research, hack-back, nation-state, zero-day

    Three Buddy Problem Episode 26: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite.

    Plus, thoughts on the US government’s controversial guidance on VPNs, Chinese reports on US intel agency hacking, TP-Link sanctions chatter, Mossad's dramatic exploding beeper operation and the ethical, legal, and security implications of escalating cyber-deterrence. Also, a mysterious BeyondTrust 0-day!

    Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

  •

    Surveillance economics, Turla and Careto, and the AI screenshots nobody asked for

    December 13th, 2024  |  2 hrs 14 mins
    apt research, nation-state, zero-day

    Three Buddy Problem Episode 25: An update on Romania’s cancelled election, the implications of TikTok on democratic processes, and the broader issues around surveillance capitalism and micro-targeting.

    Plus, news on Turla piggybacking on cybercriminal malware to hit Ukraine, the return of Careto and the absence of IOCs, Claroty report on an Iran-linked cyberweapon targeting critical infrastructure, ethical considerations in cyberwarfare, and the implications of quantum computing on security and cryptocurrencies.

    Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

  •

    Inside the Turla Playbook: Hijacking APTs and fourth-party espionage

    December 7th, 2024  |  1 hr 47 mins
    ai, apt research, nation-state, salt typhoon, turla, zero-day

    Three Buddy Problem Episode 24: In this episode, we dig into Lumen/Microsoft’s revelations on Russia's Turla APT stealing from a Pakistani APT, and issues around fourth-party espionage and problems with threat actor attribution. We also discuss Citizen Lab’s findings on Monokle-like spyware implanted by Russian authorities, the slow pace of Salt Typhoon disinfection, the Solana web3.js supply chain attack affecting crypto projects, and the Romanian election crisis over Russian interference via TikTok.

    Cast: Juan Andres Guerrero-Saade, Costin Raiu, Ryan Naraine.

  •

    Volexity’s Steven Adair on Russian Wi-Fi hacks, memory forensics, appliance 0days and network inspectability

    November 30th, 2024  |  1 hr 18 mins
    apt research, nation-state, network inspectability, zero-day

    Three Buddy Problem Episode 23: Volexity founder Steven Adair joins the show to explore the significance of memory analysis and the technical challenges associated with memory dumping and forensics. We dig into Volexity’s “nearest neighbor” Wi-Fi hack discovery, gaps in EDR detection and telemetry, and some real-talk on the Volt Typhoon intrusions.

    We also cover news on a Firefox zero-day exploited on the Tor browser, the professionalization of ransomware, ESET's discovery of a Linux bootkit (we have a scoop on the origins of this!), Binarly research on connections to LogoFAIL, and major visibility gaps in the firmware ecosystem.

    Cast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).

    Honorary buddy: Steven Adair (Volexity)

  •

    Sid Trivedi on the RSA Innovation Sandbox $5 million investment gambit

    November 28th, 2024  |  1 hr 1 min
    crosspoint capital, investments, rsa conference, safe, venture capital

    Episode sponsors:

    In this reboot of the Security Conversations interview series, Foundation Capital partner Sid Trivedi weighs in on major changes to the RSA Innovation Sandbox, the mandatory $5M uncapped SAFE investment for all 10 finalists, and red-flag concerns around discounts and pro-rata rights.

    Also discussed: controversial pay-for-play dynamics involving CISOs and venture capital firms, ethical implications of CISOs taking advisory positions in startups, and the challenges of investing in seed-stage startups amidst a trend towards platformization.

  • Russian APT weaponized nearby Wi-Fi networks in DC, new macOS zero-days, DOJ v Chrome

    November 22nd, 2024  |  1 hr 28 mins
    apt research, cisa, nation-state, zero-day

    Three Buddy Problem Episode 22: We discuss Volexity’s presentation on Russian APT operators hacking Wi-Fi networks in “nearest neighbor attacks,” the Chinese surveillance state and its impact on global security, the NSA's strange call for better data sharing on Salt Typhoon intrusions, and the failures of regulatory bodies to address cybersecurity risks.

    We also cover two new Apple zero-days being exploited in the wild, the US Government’s demand that Google sell the Chrome browser, and the value of data in the context of AI.

    Cast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).

  •

    What happens to CISA now? Is deterrence in cyber possible?

    November 15th, 2024  |  1 hr 53 mins
    apt research, nation-state, zero-day

    Three Buddy Problem Episode 21: We dig into an incredible government report on Iranian hacking group Emennet Pasargad and tradecraft during the Israel/Hamas war, why Predatory Sparrow could have been aimed at deterrence in cyber, and the significance of the FBI/CISA public confirmation of China-linked Salt Typhoon hacks.

    Plus, discussion on hina’s cyber capabilities, the narrative around “pre-positioning” for a Taiwan conflict, the blending of cyber and kinetic operations, and the long tail of Chinese researchers reporting Microsoft Windows vulnerabilities. The future of CISA is a recurring theme throughout this episode with some speculation about what happens to the agency under the Trump administration.

    Cast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).

  •

    Mysterious rebooting iPhones, EDR vendors spying on hackers, Bitcoin 'meatspace' attacks

    November 9th, 2024  |  1 hr 37 mins
    apple, apt research, cisa, nation-state, palo alto, sophos, zero-day

    Three Buddy Problem Episode 20: We revisit the ‘hack-back’ debate, the threshold for spying on adversaries, Palo Alto watching EDR bypass research to track threat actors, hot nuggets in Project Zero’s Clem Lecinge’s Hexacon talk, Apple’s new iOS update rebooting iPhones in law enforcement custody, the mysterious GoblinRAT backdoor, and physical ‘meatspace’ Bitcoin attacks and more details on North Korean cryptocurrency theft.

    Cast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).