Inside the PlugX malware removal operation, CISA takes victory lap and another Fortinet 0day

Three Buddy Problem - Episode 30: We discuss French threat-intel Sekoia creating a portal to handle “sovereign disinfections” of the PlugX malware, CISA leadership taking a victory lap using the ‘Secure by Design’ pledge as a trophy, the new Biden cybersecurity Executive Order, another Fortinet zero-day, the TikTok ban and Ukrainian hackers targeting Russian companies.

Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

• Transcript (unedited, AI-generated)
• Court-Authorized Operation Removes PlugX Malware from Over 4,200 Infected U.S. Computers
• PlugX removal affidavit
• Sekoia -- PlugX worm disinfection campaign
• Jen Easterly: Building a secure by Design ecosystem
• Trump zeroes in on Sean Plankey to lead CISA
• Sean Plankey bio
• Biden cybersecurity executive order
• Biden executive order aims to shore up US cyber defenses
• Gravy Analytics accused of negligence over location data breach
• Tracking the mobile trackers (Costin Raiu) - YouTube
• Russia's largest platform for state procurement hit by cyberattack from pro-Ukraine group
• New Star Blizzard spear-phishing campaign targets WhatsApp accounts
• UK proposes ransomware payment ban
• Fortinet authentication bypass zero-day
• Fortinet: Deep dive into a Linux rootkit malware
• Bernardo Quintero's new book on VirusTotal (Spanish-language)