Episode Archive

138 episodes of Security Conversations since the first episode, which aired on December 6th, 2017.

  • What happens to CISA now? Is deterrence in cyber possible?

    November 15th, 2024  |  1 hr 53 mins
    apt research, nation-state, zero-day

    Three Buddy Problem Episode 21: We dig into an incredible government report on Iranian hacking group Emennet Pasargad and tradecraft during the Israel/Hamas war, why Predatory Sparrow could have been aimed at deterrence in cyber, and the significance of the FBI/CISA public confirmation of China-linked Salt Typhoon hacks.

    Plus, discussion on hina’s cyber capabilities, the narrative around “pre-positioning” for a Taiwan conflict, the blending of cyber and kinetic operations, and the long tail of Chinese researchers reporting Microsoft Windows vulnerabilities. The future of CISA is a recurring theme throughout this episode with some speculation about what happens to the agency under the Trump administration.

    Cast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).

  • Mysterious rebooting iPhones, EDR vendors spying on hackers, Bitcoin 'meatspace' attacks

    November 9th, 2024  |  1 hr 37 mins
    apple, apt research, cisa, nation-state, palo alto, sophos, zero-day

    Three Buddy Problem Episode 20: We revisit the ‘hack-back’ debate, the threshold for spying on adversaries, Palo Alto watching EDR bypass research to track threat actors, hot nuggets in Project Zero’s Clem Lecinge’s Hexacon talk, Apple’s new iOS update rebooting iPhones in law enforcement custody, the mysterious GoblinRAT backdoor, and physical ‘meatspace’ Bitcoin attacks and more details on North Korean cryptocurrency theft.

    Cast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).

  • The Sophos kernel implant, 'hack-back' implications, CIA malware in Venezuela

    November 3rd, 2024  |  1 hr 54 mins
    apt research, china, edr, nation-state, sophos, zero-day

    Three Buddy Problem Episode 19: We explore Ivan Kwiatkowski’s essay on the limits of threat intelligence, Sophos using kernel implants to surveil Chinese hackers, the concept of ‘hack-back’ and legal implications, geopolitical layers of cyber espionage, CIA malware in Venezuela, Vatican/Mossad mentioned in high-profile Italy hacks, and Canada bracing for .gov attacks from India.

    Cast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).

  • Fortinet 0days, Appin hack-for-hire exposé, crypto heists, Russians booted from Linux kernel

    October 25th, 2024  |  1 hr 26 mins
    apt research, nation-state, zero-day

    Three Buddy Problem Episode 18: This week’s show covers the White House's new Traffic Light Protocol (TLP) guidance, Reuters expose of Appin as a hack-for-hire mercenary company, Fortinet zero-day exploitation and missing CSRB investigations, major cryptocurrency heists, Apple opening Private Cloud Compute to public inspection, Russians removed from Linux kernel maintenance and China’s Antiy beefing with Sentinel One over APT reporting.

    Cast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).

  • ESET Israel wiper malware, China's Volt Typhoon response, Kaspersky sanctions and isolation

    October 18th, 2024  |  1 hr 38 mins
    apt research, nation-state, zero-day

    Three Buddy Problem Episode 17: News of a wiper malware attack in Israel implicating ESET, threats from wartime hacktivists, China's strange response to Volt Typhoon attribution and Section 702 messaging, an IE zero-day discovery and web browser rot in South Korea, the ongoing isolation of Kaspersky due to sanctions, and the geopolitical influences affecting cybersecurity reporting.

    Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

  • Typhoons and Blizzards: Cyberespionage and national security on front burner

    October 11th, 2024  |  1 hr 9 mins
    apt29, ivanti, midnight blizzard, salt typhoon, zero-day

    Three Buddy Problem Episode 16: We break down the new GCHQ advisory on the history and tactics of Russia’s APT29, the challenges of tracking and defending against these sophisticated espionage programs, the mysterious Salt Typhoon intrusions, the absence of technical indicators (IOCs), the risks of supply chain attacks. We also touch on the surge in zero-day discoveries, the nonstop flow of exploited Ivanti security bugs, and why the CSRB should investigate these network edge device and appliance vendors.

    Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

  • Careto returns, IDA Pro pricing controversy, crypto's North Korea problem

    October 4th, 2024  |  1 hr 30 mins
    careto, crypto, hexrays, ida pro, north korea, paragon, russia, spyware, virus bulletin, virustotal, yara

    Three Buddy Problem Episode 15: Juanito checks in from Virus Bulletin with news on the return of Careto/Mask, a ‘milk-carton’ APT linked to Spain. We also cover the latest controversy surrounding IDA Pro's subscription model, a major new YARA update, and ongoing issues with VirusTotal's value and pricing. The conversation shifts to North Korean cyber operations, particularly the infiltration of prominent crypto companies, Tom Rid's essay on Russian disinformation results, and the US government's ICE department using commercial spyware from an Israeli vendor.

    Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

  • Exploding beepers, critical CUPS flaws, Windows Recall rebuilt for security

    September 28th, 2024  |  1 hr 19 mins
    artificial intelligence, crowdstrike, kaspersky, labscon, ultraav, windows recall

    Three Buddy Problem Episode 14: The buddies are back together for a discussion on Juan’s LABScon keynote and mental health realities, Microsoft rewriting the Windows Recall security architecture, a new CVSS 9.9 Linux CUPS flaw, Kaspersky's controversial transition to Ultra AV, and the intelligence operations surrounding exploding pagers in Lebanon.

    This episode is dedicated to the memory of Jeff Wade from Solis, who was an important part of the LABScon family.

    Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

  • Ep13: The Consolation of Threat Intel (JAG-S LABScon keynote)

    September 21st, 2024  |  31 mins 41 secs
    journalism, threat intelligence, transparency, venture capital

    Three Buddy Problem Episode 13: This is a special edition of the show, featuring Juan Andres Guerrero-Saade's full keynote day remarks at LABScon2024. In this talk, Juanito addresses the current state of the threat intelligence industry, expressing a need for a difficult conversation about its direction and purpose. He discusses feelings of disenfranchisement among professionals, the void in meaningful work, and the importance of reclaiming control and value in cybersecurity. Juan emphasizes the need for researchers, journalists, and even VCs, to be the change to reinvigorate the industry and ensure its relevance and impact.

    Cast: Juan Andres Guerrero-Saade (SentinelLabs). Costin Raiu and Ryan Naraine are listening to this episode.

  • Ep12: Security use-cases for AI chain-of-thought reasoning

    September 14th, 2024  |  1 hr 14 mins
    chatgpt, generative ai, llms, openai

    Three Buddy Problem - Episode 12: Gabriel Bernadett-Shapiro joins the show for an extended conversation on artificial intelligence and cybersecurity. We discuss the hype around OpenAI's new o1 model, AI chain-of-thought reasoning and security use-cases, pervasive chatbots and privacy concerns, and the ongoing debate between open source and closed source AI models.

    Cast: Gabriel Bernadett-Shapiro, Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)

    • Costin Raiu is on vacation.
  • Ep11: Cyberwarfare takes an ominous turn

    September 6th, 2024  |  1 hr 15 mins
    china, cisa, doppelganger, gru, influence operations, north korea, russia, skills shortage, skripal, south korea, unit 29155, yara, zero-day

    Three Buddy Problem - Episode 11: Russia's notorious GRU Unit 29155 (previously tied to assassinations, poisonings and coup attempts) now blamed for destructive cyberattacks for sabotage; FBI and DOJ take down 'Doppelganger' network spreading Russian propaganda; CISA's budget, staff, advisories and YARA rules; Influence Operations 2.0; prolific Chinese hackers and global bug-disclosure implications; North Korean hacking capabilities and 0day expertise.

    Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)

  • Ep10: Volt Typhoon zero-day, Russia's APT29 reusing spyware exploits, Pavel Durov's arrest

    August 30th, 2024  |  1 hr 18 mins
    apt research, nation-state, ransomware, volt typhoon, zero-day

    Three Buddy Problem - Episode 10 -- Top stories this week: Volt Typhoon zero-day exploitation of Versa Director servers, Chinese APT building botnets with EOL routers, the gap in security solutions for network devices and appliances, Russia's APT29 (Midnight Blizzard) caught reusing exploits from NSO Group and Intellexa, Microsoft’s upcoming Windows endpoint security summit in response to the CrowdStrike incident, and the arrest of Telegram’s Pavel Durov in France. Plus, the NSA is launching a podcast.

    Hosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)