{"version":"https://jsonfeed.org/version/1","title":"Three Buddy Problem","home_page_url":"https://securityconversations.fireside.fm","feed_url":"https://securityconversations.fireside.fm/json","description":"The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs).","_fireside":{"subtitle":"A Security Conversations podcast","pubdate":"2026-05-27T07:30:00.000-07:00","explicit":false,"copyright":"2026 by The Naraine Group","owner":"Security Conversations","image":"https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/5/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/cover.jpg?v=15"},"items":[{"id":"bb564b77-d5c5-4736-90b4-0e227ddd145e","title":"Aaron Portnoy on Pwn2Own, the End of Easy Bugs, and AI-Fueled Offense","url":"https://securityconversations.fireside.fm/aaron-portnoy-pwn2own-end-easy-bugs-ai-offense","content_text":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)\n\nThree Buddy Problem x Ekoparty Miami: Aaron Portnoy (Zero Day Initiative alum, early Pwn2Own organizer, and now at Mindgard) joins us at Ekoparty Miami to reminisce on the early days of the hacking contest, where vulnerabilities actually live (the boundaries between systems, not inside them), why LLMs will take out the trash but can't dream up the next speculative-execution-class bug, and the coming patching apocalypse when discovery 10x's overnight. \n\nPlus, why your SOC is a forensic historian, the promise of hijacking an attacker's reward loop with deception tech, and the legendary story of carrying a Walmart \"fat stack\" of cash to bootstrap Ekoparty in Buenos Aires. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Aaron Portnoy.\n\nTimestamps:\n0:00 — Introductory banter\n1:17 — Dropping out, iDefense, and getting good at reversing everything\n2:19 — How Pwn2Own got started \n4:15 — The most impressive Pwn2Own ever: Nils, VUPEN, and exploit \"art\"\n5:59 — \"iPhone hacked in 30 seconds\" — and the 18 months behind it\n6:41 — Does Pwn2Own still have a place in the AI era?\n9:16 — Why LLMs take out the trash but can't invent the next bug class\n12:48 — Will LLMs deliver new mitigation classes? Aaron's skeptical\n18:34 — The place of the human when the easy bugs run dry\n21:08 — Cognitive offloading, Halvar's warning, and skill rot\n22:39 — Decompiling 800k functions: Aaron's LLM \"holy shit\" moment\n25:26 — The patching apocalypse and why \"assume breach\" breaks\n28:15 — Compounding asymmetries: why offense just transcended defenseLinks:Transcript\nAaron Portnoy | LinkedIn\nMindgard - Automated AI Red Teaming\nPwn2Own\nEkoparty Miami\nNils2Own: 'I want to see security flaws fixed'\nVUPEN\nCharlie Miller on hacking iPhones, Macbooks, Cars\nLABScon 2026\nTLPBLACK\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem x Ekoparty Miami\u003c/strong\u003e: Aaron Portnoy (Zero Day Initiative alum, early Pwn2Own organizer, and now at Mindgard) joins us at Ekoparty Miami to reminisce on the early days of the hacking contest, where vulnerabilities actually live (the boundaries between systems, not inside them), why LLMs will take out the trash but can't dream up the next speculative-execution-class bug, and the coming patching apocalypse when discovery 10x's overnight. \u003c/p\u003e\n\n\u003cp\u003ePlus, why your SOC is a forensic historian, the promise of hijacking an attacker's reward loop with deception tech, and the legendary story of carrying a Walmart \"fat stack\" of cash to bootstrap Ekoparty in Buenos Aires. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://www.linkedin.com/in/aaronportnoy/\" target=\"_blank\" rel=\"nofollow noopener\"\u003eAaron Portnoy\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTimestamps:\u003c/strong\u003e\u003cbr\u003e\n0:00 — Introductory banter\u003cbr\u003e\n1:17 — Dropping out, iDefense, and getting good at reversing everything\u003cbr\u003e\n2:19 — How Pwn2Own got started \u003cbr\u003e\n4:15 — The most impressive Pwn2Own ever: Nils, VUPEN, and exploit \"art\"\u003cbr\u003e\n5:59 — \"iPhone hacked in 30 seconds\" — and the 18 months behind it\u003cbr\u003e\n6:41 — Does Pwn2Own still have a place in the AI era?\u003cbr\u003e\n9:16 — Why LLMs take out the trash but can't invent the next bug class\u003cbr\u003e\n12:48 — Will LLMs deliver new mitigation classes? Aaron's skeptical\u003cbr\u003e\n18:34 — The place of the human when the easy bugs run dry\u003cbr\u003e\n21:08 — Cognitive offloading, Halvar's warning, and skill rot\u003cbr\u003e\n22:39 — Decompiling 800k functions: Aaron's LLM \"holy shit\" moment\u003cbr\u003e\n25:26 — The patching apocalypse and why \"assume breach\" breaks\u003cbr\u003e\n28:15 — Compounding asymmetries: why offense just transcended defense\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/19oPo8tMDe2ZylwY8LIbWIGa28yeRSZDL0mPEqHazawU/edit?tab=t.0\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Aaron Portnoy | LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/aaronportnoy/\"\u003eAaron Portnoy | LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mindgard - Automated AI Red Teaming\" rel=\"nofollow\" href=\"https://mindgard.ai/\"\u003eMindgard - Automated AI Red Teaming\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Pwn2Own\" rel=\"nofollow\" href=\"https://en.wikipedia.org/wiki/Pwn2Own\"\u003ePwn2Own\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ekoparty Miami\" rel=\"nofollow\" href=\"https://ekoparty.org/miami/\"\u003eEkoparty Miami\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Nils2Own: \u0026#39;I want to see security flaws fixed\u0026#39;\" rel=\"nofollow\" href=\"https://www.zdnet.com/article/nils2own-i-want-to-see-security-flaws-fixed/\"\u003eNils2Own: 'I want to see security flaws fixed'\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"VUPEN\" rel=\"nofollow\" href=\"https://en.wikipedia.org/wiki/Vupen\"\u003eVUPEN\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Charlie Miller on hacking iPhones, Macbooks, Cars\" rel=\"nofollow\" href=\"https://securityconversations.fireside.fm/charlie-miller-hacking-iphones-self-driving-cars\"\u003eCharlie Miller on hacking iPhones, Macbooks, Cars\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2026\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon 2026\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).\r\n\r\nThree Buddy Problem x Ekoparty Miami: Aaron Portnoy (Zero Day Initiative alum, early Pwn2Own organizer, and now at Mindgard) joins us at Ekoparty Miami to reminisce on the early days of the hacking contest, where vulnerabilities actually live (the boundaries between systems, not inside them), why LLMs will take out the trash but can't dream up the next speculative-execution-class bug, and the coming patching apocalypse when discovery 10x's overnight. \r\n\r\nPlus, why your SOC is a forensic historian, the promise of hijacking an attacker's reward loop with deception tech, and the legendary story of carrying a Walmart \"fat stack\" of cash to bootstrap Ekoparty in Buenos Aires. \r\n\r\nCast: Ryan Naraine, Juan Andres Guerrero-Saade, Aaron Portnoy.\r\n\r\nTimestamps: \r\n0:00 — Introductory banter\r\n1:17 — Dropping out, iDefense, and getting good at reversing everything\r\n2:19 — How Pwn2Own got started \r\n4:15 — The most impressive Pwn2Own ever: Nils, VUPEN, and exploit \"art\"\r\n5:59 — \"iPhone hacked in 30 seconds\" — and the 18 months behind it\r\n6:41 — Does Pwn2Own still have a place in the AI era?\r\n9:16 — Why LLMs take out the trash but can't invent the next bug class\r\n12:48 — Will LLMs deliver new mitigation classes? Aaron's skeptical\r\n18:34 — The place of the human when the easy bugs run dry\r\n21:08 — Cognitive offloading, Halvar's warning, and skill rot\r\n22:39 — Decompiling 800k functions: Aaron's LLM \"holy shit\" moment\r\n25:26 — The patching apocalypse and why \"assume breach\" breaks\r\n28:15 — Compounding asymmetries: why offense just transcended defense\r\n\r\n","date_published":"2026-05-27T07:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/bb564b77-d5c5-4736-90b4-0e227ddd145e.mp3","mime_type":"audio/mpeg","size_in_bytes":19272236,"duration_in_seconds":2409}]},{"id":"29af6aef-bacc-4236-bb7e-876273983ca2","title":"Perri Adams on Proof Engines, LLMs, and the New Era of Verifiable Code","url":"https://securityconversations.fireside.fm/perri-adams-proof-engings-llm-verifiable-code","content_text":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)\n\nThree Buddy Problem x Ekoparty Miami: Perri Adams of DARPA AIxCC fame joins the show to chat about proof engines, formal methods, and why LLMs just made a once-niche corner of computer science suddenly essential. \n\nWe get into why verifiers and proof engines are the key to effective AI, why vulnerability research is so far ahead of threat intel, and the case for baking security checks directly into code generation tools like Claude Code and Codex. \n\nPlus, designing a multi-million dollar challenge that's allowed to fail, the Mythos \"too dangerous to release\" debate, and musings on every LLM-discovered bug being a public bug by default. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Perri Adams.\n\nTimestamps:\n0:00 — Introductory banter\n1:09 — Why LLMs just made formal methods relevant again\n4:03 — Proof engines, explained \n8:43 — Can a layman grab this fire? The calculus problem\n11:58 — Vuln researchers are scrappy kids with a trust fund\n14:55 — Pitching AIxCC inside DARPA: hard sell or easy sell?\n18:00 — Designing a challenge that's allowed to fail\n22:06 — Inside Team Atlanta's 150-page winning system\n24:00 — Why this is bigger for defense than for offense\n31:49 — Mythos, safeguards, and \"every LLM bug is a public bug\"Links:Transcript\nPerri Adams (@perribus) / X\nDARPA AIxCC - AI Cyber Challenge\nAIxCC Final Competition Winners Announcement\nTeam Atlanta (AIxCC)\nTeam Atlanta AIxCC Research Publications and Source Code\nDARPA's Perri Adams on CTF hacking, new $20M AI Cyber Challenge\nMicrosoft MDASH \nOffensiveCon25 Keynote (Perri Adams)\nBinary Analysis: An AI Success Story\nTLPBLACK\nLABScon 2026\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem x Ekoparty Miami\u003c/strong\u003e: Perri Adams of DARPA AIxCC fame joins the show to chat about proof engines, formal methods, and why LLMs just made a once-niche corner of computer science suddenly essential. \u003c/p\u003e\n\n\u003cp\u003eWe get into why verifiers and proof engines are the key to effective AI, why vulnerability research is so far ahead of threat intel, and the case for baking security checks directly into code generation tools like Claude Code and Codex. \u003c/p\u003e\n\n\u003cp\u003ePlus, designing a multi-million dollar challenge that's allowed to fail, the Mythos \"too dangerous to release\" debate, and musings on every LLM-discovered bug being a public bug by default. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://x.com/perribus\" target=\"_blank\" rel=\"nofollow noopener\"\u003ePerri Adams\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTimestamps:\u003c/strong\u003e\u003cbr\u003e\n0:00 — Introductory banter\u003cbr\u003e\n1:09 — Why LLMs just made formal methods relevant again\u003cbr\u003e\n4:03 — Proof engines, explained \u003cbr\u003e\n8:43 — Can a layman grab this fire? The calculus problem\u003cbr\u003e\n11:58 — Vuln researchers are scrappy kids with a trust fund\u003cbr\u003e\n14:55 — Pitching AIxCC inside DARPA: hard sell or easy sell?\u003cbr\u003e\n18:00 — Designing a challenge that's allowed to fail\u003cbr\u003e\n22:06 — Inside Team Atlanta's 150-page winning system\u003cbr\u003e\n24:00 — Why this is bigger for defense than for offense\u003cbr\u003e\n31:49 — Mythos, safeguards, and \"every LLM bug is a public bug\"\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1UgWAYuS7RMQd3eSCcWIxNB6wYyVluuPIlLNZpbPxQDg/edit?tab=t.0#heading=h.vj61zciiju0r\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Perri Adams (@perribus) / X\" rel=\"nofollow\" href=\"https://x.com/perribus?lang=en\"\u003ePerri Adams (@perribus) / X\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DARPA AIxCC - AI Cyber Challenge\" rel=\"nofollow\" href=\"https://aicyberchallenge.com/\"\u003eDARPA AIxCC - AI Cyber Challenge\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AIxCC Final Competition Winners Announcement\" rel=\"nofollow\" href=\"https://aicyberchallenge.com/Finals-winners-announcement/\"\u003eAIxCC Final Competition Winners Announcement\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Team Atlanta (AIxCC)\" rel=\"nofollow\" href=\"https://team-atlanta.github.io/\"\u003eTeam Atlanta (AIxCC)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Team Atlanta AIxCC Research Publications and Source Code\" rel=\"nofollow\" href=\"https://team-atlanta.github.io/artifacts/\"\u003eTeam Atlanta AIxCC Research Publications and Source Code\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DARPA\u0026#39;s Perri Adams on CTF hacking, new $20M AI Cyber Challenge\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/darpas-perri-adams-on-ctf-hacking-new-20m-ai-cyber-challenge/\"\u003eDARPA's Perri Adams on CTF hacking, new $20M AI Cyber Challenge\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft MDASH \" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-tops-leading-industry-benchmark/\"\u003eMicrosoft MDASH \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OffensiveCon25 Keynote (Perri Adams)\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=Y1naY3gupRw\"\u003eOffensiveCon25 Keynote (Perri Adams)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Binary Analysis: An AI Success Story\" rel=\"nofollow\" href=\"https://www.ndss-symposium.org/ndss-paper/auto-draft-751/\"\u003eBinary Analysis: An AI Success Story\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2026\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon 2026\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).\r\n\r\nThree Buddy Problem x Ekoparty Miami: Perri Adams of DARPA AIxCC fame joins the show to chat about proof engines, formal methods, and why LLMs just made a once-niche corner of computer science suddenly essential. \r\n\r\nWe get into why verifiers and proof engines are the key to effective AI, why vulnerability research is so far ahead of threat intel, and the case for baking security checks directly into code generation tools like Claude Code and Codex. \r\n\r\nPlus, designing a multi-million dollar challenge that's allowed to fail, the Mythos \"too dangerous to release\" debate, and musings on every LLM-discovered bug being a public bug by default. \r\n\r\nCast: Ryan Naraine, Juan Andres Guerrero-Saade, Gabriel Bernadette-Shapiro.\r\n\r\nTimestamps: \r\n0:00 — Introductory banter\r\n1:09 — Why LLMs just made formal methods relevant again\r\n4:03 — Proof engines, explained \r\n8:43 — Can a layman grab this fire? The calculus problem\r\n11:58 — Vuln researchers are scrappy kids with a trust fund\r\n14:55 — Pitching AIxCC inside DARPA: hard sell or easy sell?\r\n18:00 — Designing a challenge that's allowed to fail\r\n22:06 — Inside Team Atlanta's 150-page winning system\r\n24:00 — Why this is bigger for defense than for offense\r\n31:49 — Mythos, safeguards, and \"every LLM bug is a public bug\"\r\n","date_published":"2026-05-26T14:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/29af6aef-bacc-4236-bb7e-876273983ca2.mp3","mime_type":"audio/mpeg","size_in_bytes":19420268,"duration_in_seconds":2427}]},{"id":"90e9f196-8dc0-447d-96fb-7e363ffb073c","title":"Find 50,000 Bugs, Fix Zero: Gabriel Bernadett-Shapiro on the AI Vuln Trap","url":"https://securityconversations.fireside.fm/gabe-bernadett-shapiro-ai-vulntrap","content_text":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)\n\nThree Buddy Problem x Ekoparty Miami: SentinelLabs researcher Gabriel Bernadett-Shapiro hops on the mic to unpack who gets to define what \"security\" even means in the age of AI, why venture capital keeps funding the wrong things, and how the frontier labs quietly ate everyone's coding harness. \n\nPlus, how AI actually contributed to cracking the FAST 16 research, overcoming the guardrails, and why your domain expertise is the only thing keeping you out of full-blown rabbit-hole psychosis.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Gabriel Bernadett-Shapiro.\n\nTimestamps:\n0:00 Introductory banter\n4:55 Gabe returns: how the models got scary-good at code\n8:45 Bay Area short-termism and the \"10x in 18 months\" trap\n11:35 VCs as tastemakers, and why that's broken\n13:00 The unpaid-labor pipeline into the AI labs\n18:00 The real misunderstanding about security's moat\n20:18 Bug bounties: a net negative for the industry?\n22:20 The great vuln fire sale — find 50,000, fix zero\n27:28 Who will maintain vetted open-source libraries?\n29:29 FAST 16: how AI actually broke the case open\n35:05 The rabbit-holing machine and the path to \"AI psychosis\"\n41:05 Stuxnet, Kim Zetter, and the story we'll never be toldLinks:Transcript\nfast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage \nExperts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests\nAI \u0026amp; LLMs for Automation \u0026amp; Intel with Gabriel Bernadett-Shapiro\nSentinelLabs\nSecurity use-cases for AI chain-of-thought reasoning\nDaniel Miessler - A Conversation with Gabe Bernadett-Shapiro on AI\nGabriel Bernadett-Shapiro on X\nTLPBLACK\nEkoparty Miami\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem x Ekoparty Miami\u003c/strong\u003e: SentinelLabs researcher Gabriel Bernadett-Shapiro hops on the mic to unpack who gets to define what \"security\" even means in the age of AI, why venture capital keeps funding the wrong things, and how the frontier labs quietly ate everyone's coding harness. \u003c/p\u003e\n\n\u003cp\u003ePlus, how AI actually contributed to cracking the FAST 16 research, overcoming the guardrails, and why your domain expertise is the only thing keeping you out of full-blown rabbit-hole psychosis.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://x.com/Gabeincognito\" target=\"_blank\" rel=\"nofollow noopener\"\u003eGabriel Bernadett-Shapiro\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTimestamps:\u003c/strong\u003e\u003cbr\u003e\n0:00 Introductory banter\u003cbr\u003e\n4:55 Gabe returns: how the models got scary-good at code\u003cbr\u003e\n8:45 Bay Area short-termism and the \"10x in 18 months\" trap\u003cbr\u003e\n11:35 VCs as tastemakers, and why that's broken\u003cbr\u003e\n13:00 The unpaid-labor pipeline into the AI labs\u003cbr\u003e\n18:00 The real misunderstanding about security's moat\u003cbr\u003e\n20:18 Bug bounties: a net negative for the industry?\u003cbr\u003e\n22:20 The great vuln fire sale — find 50,000, fix zero\u003cbr\u003e\n27:28 Who will maintain vetted open-source libraries?\u003cbr\u003e\n29:29 FAST 16: how AI actually broke the case open\u003cbr\u003e\n35:05 The rabbit-holing machine and the path to \"AI psychosis\"\u003cbr\u003e\n41:05 Stuxnet, Kim Zetter, and the story we'll never be told\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/169O7LPMhdYr_YbB_1vfuvMpIVVR5BIZ55qruKOm8Jc8/edit?tab=t.0#heading=h.uat707byod1j\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage \" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/\"\u003efast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Experts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests\" rel=\"nofollow\" href=\"https://www.zetter-zeroday.com/experts-confirm-the-fast16-malware-was-sabotaging-nuclear-weapons-tests-likely-in-iran/\"\u003eExperts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AI \u0026amp; LLMs for Automation \u0026amp; Intel with Gabriel Bernadett-Shapiro\" rel=\"nofollow\" href=\"https://alperovitch.sais.jhu.edu/round-2-ai-llms-for-automation-intel-w-gabriel-bernadett-shapiro/\"\u003eAI \u0026amp; LLMs for Automation \u0026amp; Intel with Gabriel Bernadett-Shapiro\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"SentinelLabs\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/\"\u003eSentinelLabs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Security use-cases for AI chain-of-thought reasoning\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/ep12-security-use-cases-for-ai-chain-of-thought-reasoning/\"\u003eSecurity use-cases for AI chain-of-thought reasoning\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Daniel Miessler - A Conversation with Gabe Bernadett-Shapiro on AI\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=wXNsYKJKKDs\"\u003eDaniel Miessler - A Conversation with Gabe Bernadett-Shapiro on AI\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Gabriel Bernadett-Shapiro on X\" rel=\"nofollow\" href=\"https://x.com/Gabeincognito\"\u003eGabriel Bernadett-Shapiro on X\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ekoparty Miami\" rel=\"nofollow\" href=\"https://ekoparty.org/miami/\"\u003eEkoparty Miami\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).\r\n\r\nThree Buddy Problem x Ekoparty Miami: SentinelLabs researcher Gabriel Bernadett-Shapiro hops on the mic to unpack who gets to define what \"security\" even means in the age of AI, why venture capital keeps funding the wrong things, and how the frontier labs quietly ate everyone's coding harness.\r\n\r\nPlus, how AI actually contributed to cracking the FAST 16 research, overcoming the guardrails, and why your domain expertise is the only thing keeping you out of full-blown rabbit-hole psychosis.\r\n\r\nCast: Ryan Naraine, Juan Andres Guerrero-Saade, Gabriel Bernadett-Shapiro.\r\n\r\nTimestamps: \r\n0:00 Introductory banter\r\n4:55 Gabe returns: how the models got scary-good at code\r\n8:45 Bay Area short-termism and the \"10x in 18 months\" trap\r\n11:35 VCs as tastemakers, and why that's broken\r\n13:00 The unpaid-labor pipeline into the AI labs\r\n18:00 The real misunderstanding about security's moat\r\n20:18 Bug bounties: a net negative for the industry?\r\n22:20 The great vuln fire sale — find 50,000, fix zero\r\n27:28 Who will maintain vetted open-source libraries?\r\n29:29 FAST 16: how AI actually broke the case open\r\n35:05 The rabbit-holing machine and the path to \"AI psychosis\"\r\n41:05 Stuxnet, Kim Zetter, and the story we'll never be told\r\n\r\n","date_published":"2026-05-26T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/90e9f196-8dc0-447d-96fb-7e363ffb073c.mp3","mime_type":"audio/mpeg","size_in_bytes":39361257,"duration_in_seconds":2977}]},{"id":"5a951a88-283d-4be6-9458-2ea6c248017c","title":"Federico Kirschbaum on XBOW, AI Hackers, and the Future of Pen Testing","url":"https://securityconversations.fireside.fm/federico-kirshbaum-xbow-ai-hackers-future-pen-testing","content_text":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)\n\nThree Buddy Problem x Ekoparty Miami: Federico Kirschbaum, founder of Ekoparty and now head of Security Lab at XBOW, talks about what happens to offensive security when an autonomous AI hacker can find and exploit real vulnerabilities. Fede walks through XBOW's \"Tales from the Trace,\" the surreal experience of watching a non-human adversary reason its way to an ASLR bypass, and why he believes pen-testing isn't dying but finally becoming accessible to far more than the world's biggest companies.\n\nPlus, where humans still matter in the loop, whether an LLM-discovered bug is public by definition, the looming reckoning over software liability, and Halvar Flake's very honest fear of getting lazy. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Federico Kirschbaum.\n\nTimestamps:\n0:00 Fede's move to XBOW\n2:20 What's XBOW building? An AI hacker for real vulnerabilities\n5:53 Where the human stays in the loop\n6:35 The Exim bug: a craftsman races the LLM to an ASLR bypass\n10:49 Does bug discovery still need a human asking the right question?\n16:24 A short history: Satan, CORE, Metasploit, bug bounties\n18:48 An LLM-discovered bug is public by definition\n24:12 Halvar Flake's laziness worry \u0026amp; the assembly-to-C parallel\n29:47 Rising tides: script kiddies get the full gamut\n41:02 The economics: does pentesting get cheap?\n43:18 Argentina, Ekoparty, and an untapped talent pipelineLinks:Transcript\nFederico Kirschbaum on a life in the Argentina hacking scene\nFederico Kirschbaum on LinkedIn\nFederico Kirschbaum\nXBOW | Autonomous Offensive Security Platform\nMythos for Offensive Security: XBOW's Evaluation\nTales from the Trace: How Agentic AI Merges Static and Dynamic Testing\nEkoparty Miami\nTLPBLACK\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem x Ekoparty Miami\u003c/strong\u003e: Federico Kirschbaum, founder of Ekoparty and now head of Security Lab at XBOW, talks about what happens to offensive security when an autonomous AI hacker can find and exploit real vulnerabilities. Fede walks through XBOW's \"Tales from the Trace,\" the surreal experience of watching a non-human adversary reason its way to an ASLR bypass, and why he believes pen-testing isn't dying but finally becoming accessible to far more than the world's biggest companies.\u003c/p\u003e\n\n\u003cp\u003ePlus, where humans still matter in the loop, whether an LLM-discovered bug is public by definition, the looming reckoning over software liability, and Halvar Flake's very honest fear of getting lazy. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://x.com/fede_k\" target=\"_blank\" rel=\"nofollow noopener\"\u003eFederico Kirschbaum\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTimestamps:\u003c/strong\u003e\u003cbr\u003e\n0:00 Fede's move to XBOW\u003cbr\u003e\n2:20 What's XBOW building? An AI hacker for real vulnerabilities\u003cbr\u003e\n5:53 Where the human stays in the loop\u003cbr\u003e\n6:35 The Exim bug: a craftsman races the LLM to an ASLR bypass\u003cbr\u003e\n10:49 Does bug discovery still need a human asking the right question?\u003cbr\u003e\n16:24 A short history: Satan, CORE, Metasploit, bug bounties\u003cbr\u003e\n18:48 An LLM-discovered bug is public by definition\u003cbr\u003e\n24:12 Halvar Flake's laziness worry \u0026amp; the assembly-to-C parallel\u003cbr\u003e\n29:47 Rising tides: script kiddies get the full gamut\u003cbr\u003e\n41:02 The economics: does pentesting get cheap?\u003cbr\u003e\n43:18 Argentina, Ekoparty, and an untapped talent pipeline\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1q3ZoqbTSgksQ9Jr9O21z9qp-3v9a6a2VRmNnGwH3bNo/edit?tab=t.0\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Federico Kirschbaum on a life in the Argentina hacking scene\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/federico-kirschbaum-on-a-life-in-the-argentina-hacking-scene/\"\u003eFederico Kirschbaum on a life in the Argentina hacking scene\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Federico Kirschbaum on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/fedek/\"\u003eFederico Kirschbaum on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Federico Kirschbaum\" rel=\"nofollow\" href=\"https://x.com/fede_k\"\u003eFederico Kirschbaum\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"XBOW | Autonomous Offensive Security Platform\" rel=\"nofollow\" href=\"https://xbow.com/\"\u003eXBOW | Autonomous Offensive Security Platform\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mythos for Offensive Security: XBOW\u0026#39;s Evaluation\" rel=\"nofollow\" href=\"https://xbow.com/blog/mythos-offensive-security-xbow-evaluation\"\u003eMythos for Offensive Security: XBOW's Evaluation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Tales from the Trace: How Agentic AI Merges Static and Dynamic Testing\" rel=\"nofollow\" href=\"https://xbow.com/blog/tales-from-the-trace-how-agentic-ai-merges-static-and-dynamic-testing\"\u003eTales from the Trace: How Agentic AI Merges Static and Dynamic Testing\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ekoparty Miami\" rel=\"nofollow\" href=\"https://ekoparty.org/miami/\"\u003eEkoparty Miami\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).\r\n\r\nThree Buddy Problem x Ekoparty Miami: Federico Kirschbaum, founder of Ekoparty and now head of Security Lab at XBOW, talks about what happens to offensive security when an autonomous AI hacker can find and exploit real vulnerabilities. Fede walks through XBOW's \"Tales from the Trace,\" the surreal experience of watching a non-human adversary reason its way to an ASLR bypass, and why he believes pen-testing isn't dying but finally becoming accessible to far more than the world's biggest companies.\r\n\r\nPlus, where humans still matter in the loop, whether an LLM-discovered bug is public by definition, the looming reckoning over software liability, and Halvar Flake's very honest fear of getting lazy. \r\n\r\nCast: Ryan Naraine, Juan Andres Guerrero-Saade, Federico Kirschbaum\r\n\r\nTimestamps: \r\n0:00 Fede's move to XBOW\r\n2:20 What's XBOW building? An AI hacker for real vulnerabilities\r\n5:53 Where the human stays in the loop\r\n6:35 The Exim bug: a craftsman races the LLM to an ASLR bypass\r\n10:49 Does bug discovery still need a human asking the right question?\r\n16:24 A short history: Satan, CORE, Metasploit, bug bounties\r\n18:48 An LLM-discovered bug is public by definition\r\n24:12 Halvar Flake's laziness worry \u0026 the assembly-to-C parallel\r\n29:47 Rising tides: script kiddies get the full gamut\r\n41:02 The economics: does pentesting get cheap?\r\n43:18 Argentina, Ekoparty, and an untapped talent pipeline\r\n","date_published":"2026-05-25T05:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/5a951a88-283d-4be6-9458-2ea6c248017c.mp3","mime_type":"audio/mpeg","size_in_bytes":27856161,"duration_in_seconds":3482}]},{"id":"911ccb72-67a2-4af5-ad6c-593e67c5399a","title":"Jordan Wiens on AI, Offense vs. Defense, and the Dying CTF Pipeline","url":"https://securityconversations.fireside.fm/jordan-wiens-ai-offense-defense-dying-ctf-pipeline","content_text":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)\n\nThree Buddy Problem x Ekoparty Miami: Jordan Wiens, co-founder of Vector 35 and creator of Binary Ninja, talks about a decade spent building a decompiler in a market everyone told him not to enter. He walks through why accessibility drove the whole project, how Binja's intermediate-language system stacks up against IDA, Ghidra, and Radare, and why language-specific decompilation for Rust, C++, and Go is the next real frontier.\n\nPlus, thoughts on AI disruption and why \"the model can do it\" misses the point that the model is just driving the tool, what verifiability really means, whether AI tilts the field toward offense or defense, and questions around subsidized tokens, the collapse of the CTF talent pipeline, and what happens to a craft when the shortcut is always one prompt away.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Jordan Wiens.\n\nTimestamps:\n0:00 Introductory banter\n1:22 Vector 35 and the origin of Binary Ninja\n2:32 From CTFs and SCIFs to building a decompiler\n3:27 Before Ghidra: when an IDA license was out of reach\n9:47 Language-specific decompilation: Rust, C++, and Go\n12:47 Running a 17-person bootstrapped shop with no org chart\n13:50 DARPA money, In-Q-Tel, and staying independent\n15:23 AI as disruptor: the model drives the tool\n18:06 Verifiability and the Fast16 reversing story\n25:10 How AI actually gets used inside the company\n28:52 Frontier models and guardrails \n33:30 Will AI favor offense or defense?\n40:51 Shrinking CTF talent pipelinesLinks:Transcript\nJordan Wiens on LinkedIn\nJordan Wiens (@psifertex)\nVector 35\nBinary Ninja\nGhidra Releases\nAI x CC (AI Cyber Challenge)\nEkoparty Miami\nTLPBLACK\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem x Ekoparty Miami\u003c/strong\u003e: Jordan Wiens, co-founder of Vector 35 and creator of Binary Ninja, talks about a decade spent building a decompiler in a market everyone told him not to enter. He walks through why accessibility drove the whole project, how Binja's intermediate-language system stacks up against IDA, Ghidra, and Radare, and why language-specific decompilation for Rust, C++, and Go is the next real frontier.\u003c/p\u003e\n\n\u003cp\u003ePlus, thoughts on AI disruption and why \"the model can do it\" misses the point that the model is just driving the tool, what verifiability really means, whether AI tilts the field toward offense or defense, and questions around subsidized tokens, the collapse of the CTF talent pipeline, and what happens to a craft when the shortcut is always one prompt away.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://x.com/psifertex\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJordan Wiens\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTimestamps:\u003c/strong\u003e\u003cbr\u003e\n0:00 Introductory banter\u003cbr\u003e\n1:22 Vector 35 and the origin of Binary Ninja\u003cbr\u003e\n2:32 From CTFs and SCIFs to building a decompiler\u003cbr\u003e\n3:27 Before Ghidra: when an IDA license was out of reach\u003cbr\u003e\n9:47 Language-specific decompilation: Rust, C++, and Go\u003cbr\u003e\n12:47 Running a 17-person bootstrapped shop with no org chart\u003cbr\u003e\n13:50 DARPA money, In-Q-Tel, and staying independent\u003cbr\u003e\n15:23 AI as disruptor: the model drives the tool\u003cbr\u003e\n18:06 Verifiability and the Fast16 reversing story\u003cbr\u003e\n25:10 How AI actually gets used inside the company\u003cbr\u003e\n28:52 Frontier models and guardrails \u003cbr\u003e\n33:30 Will AI favor offense or defense?\u003cbr\u003e\n40:51 Shrinking CTF talent pipelines\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1wSLP1tg5NK9LblUIyqTq3H5rUqYobV-4rzQ8G-qXCoc/edit?tab=t.0#heading=h.vj61zciiju0r\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Jordan Wiens on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/jwiens/\"\u003eJordan Wiens on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Jordan Wiens (@psifertex)\" rel=\"nofollow\" href=\"https://x.com/psifertex?lang=en\"\u003eJordan Wiens (@psifertex)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Vector 35\" rel=\"nofollow\" href=\"https://vector35.com/\"\u003eVector 35\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Binary Ninja\" rel=\"nofollow\" href=\"https://binary.ninja/\"\u003eBinary Ninja\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ghidra Releases\" rel=\"nofollow\" href=\"https://github.com/NationalSecurityAgency/ghidra/releases\"\u003eGhidra Releases\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AI x CC (AI Cyber Challenge)\" rel=\"nofollow\" href=\"https://aicyberchallenge.com/\"\u003eAI x CC (AI Cyber Challenge)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ekoparty Miami\" rel=\"nofollow\" href=\"https://ekoparty.org/miami/\"\u003eEkoparty Miami\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).\r\n\r\nThree Buddy Problem x Ekoparty Miami: Jordan Wiens, co-founder of Vector 35 and creator of Binary Ninja, talks about a decade spent building a decompiler in a market everyone told him not to enter. He walks through why accessibility drove the whole project, how Binja's intermediate-language system stacks up against IDA, Ghidra, and Radare, and why language-specific decompilation for Rust, C++, and Go is the next real frontier.\r\n\r\nPlus, thoughts on AI disruption and why \"the model can do it\" misses the point that the model is just driving the tool, what verifiability really means, whether AI tilts the field toward offense or defense, and questions around subsidized tokens, the collapse of the CTF talent pipeline, and what happens to a craft when the shortcut is always one prompt away.\r\n\r\nCast: Ryan Naraine, Juan Andres Guerrero-Saade, Jordan Wiens.\r\n\r\nTimestamps: \r\n0:00 Introductory banter\r\n1:22 Vector 35 and the origin of Binary Ninja\r\n2:32 From CTFs and SCIFs to building a decompiler\r\n3:27 Before Ghidra: when an IDA license was out of reach\r\n9:47 Language-specific decompilation: Rust, C++, and Go\r\n12:47 Running a 17-person bootstrapped shop with no org chart\r\n13:50 DARPA money, In-Q-Tel, and staying independent\r\n15:23 AI as disruptor: the model drives the tool\r\n18:06 Verifiability and the Fast16 reversing story\r\n25:10 How AI actually gets used inside the company\r\n28:52 Frontier models and guardrails \r\n33:30 Will AI favor offense or defense?\r\n40:51 Shrinking CTF talent pipelines\r\n","date_published":"2026-05-24T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/911ccb72-67a2-4af5-ad6c-593e67c5399a.mp3","mime_type":"audio/mpeg","size_in_bytes":21258258,"duration_in_seconds":2657}]},{"id":"6ff0236c-91f5-4e08-b190-d83bb20eb8e8","title":"The AI-powered 10x patch tsunami has arrived. Now what?","url":"https://securityconversations.fireside.fm/10x-ai-powered-patch-tsunami-has-arrived-now-what","content_text":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)\n\nThree Buddy Problem - Episode 98: We dive back into the fast16 malware discovery with fresh speculation that it's targeting spherical implosion simulations for Iran's nuclear program, and wonder who on earth is qualified to confirm this. \n\nPlus, thoughts on OpenAI's new three-tier cyber access program, Microsoft's MDASH harness, the 10x Patch Tuesday tsunami, Cloudflare's 1,100 layoffs blamed on AI, and why frontier-lab guardrails may just be elaborate security theater.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.\n\nTimestamps:\n0:00 - Introductory banter\n3:19 - fast16 update: spherical implosion simulations?\n9:01 - Manhattan Project precedent — why this matches Iran\n12:28 - Who can actually reproduce the FAST 16 attack?\n19:32 - Google GTIG's \"AI-written\" zero-day\n22:13 - The rise of AI-backend \"silent detections\"\n25:54 - Guardrails as security theater\n38:47 - Are the 10x patch numbers real defense?\n43:48 - OpenAI's Trusted Access tiers + Microsoft MDASH\n53:35 - End of the ‘patch-and-pray’ model\n57:50 - Sean Heelan: strict harnesses can make models worse\n1:03:51 - Pwn2Own Berlin overflow and bug-density debate\n1:12:24 - Cloudflare's 1,100 layoffs and AI as scapegoat\n1:27:42 - RCS encryption, Android Intrusion Logging, Seedworm \u0026amp; KazuarLinks:Transcript\nfast16 malware targeting spherical implosion simulations\nfast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet\nCracking the Fast16 sabotage malware mystery\nGTIG on AI Exploit Generation Discovery\niOS 26.5 Security Bulletin\nEnd-to-end encrypted RCS messaging hits beta\nAndroid adds 'Intrusion Logging' feature\nGoogle: Log your Android device activity\nMicrosoft MDASH new multi-model agentic security system\nDaybreak | OpenAI for cybersecurity\nPwn2Own 2026 Capacity Overflow, Hackers Drop 0-Days Solo\nSeedworm: Iran-Linked Hackers Breached Korean Electronics Maker\nKazuar: Anatomy of a nation-state botnet (Microsoft)\nEkoparty Miami\nLABScon 2026\nTLPBLACK\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 98\u003c/strong\u003e: We dive back into the fast16 malware discovery with fresh speculation that it's targeting spherical implosion simulations for Iran's nuclear program, and wonder who on earth is qualified to confirm this. \u003c/p\u003e\n\n\u003cp\u003ePlus, thoughts on OpenAI's new three-tier cyber access program, Microsoft's MDASH harness, the 10x Patch Tuesday tsunami, Cloudflare's 1,100 layoffs blamed on AI, and why frontier-lab guardrails may just be elaborate security theater.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTimestamps:\u003c/strong\u003e\u003cbr\u003e\n0:00 - Introductory banter\u003cbr\u003e\n3:19 - fast16 update: spherical implosion simulations?\u003cbr\u003e\n9:01 - Manhattan Project precedent — why this matches Iran\u003cbr\u003e\n12:28 - Who can actually reproduce the FAST 16 attack?\u003cbr\u003e\n19:32 - Google GTIG's \"AI-written\" zero-day\u003cbr\u003e\n22:13 - The rise of AI-backend \"silent detections\"\u003cbr\u003e\n25:54 - Guardrails as security theater\u003cbr\u003e\n38:47 - Are the 10x patch numbers real defense?\u003cbr\u003e\n43:48 - OpenAI's Trusted Access tiers + Microsoft MDASH\u003cbr\u003e\n53:35 - End of the ‘patch-and-pray’ model\u003cbr\u003e\n57:50 - Sean Heelan: strict harnesses can make models worse\u003cbr\u003e\n1:03:51 - Pwn2Own Berlin overflow and bug-density debate\u003cbr\u003e\n1:12:24 - Cloudflare's 1,100 layoffs and AI as scapegoat\u003cbr\u003e\n1:27:42 - RCS encryption, Android Intrusion Logging, Seedworm \u0026amp; Kazuar\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/16b29x8ZTGr-NfA341wJKfRIp1OqLHSQOBMNriCgzV0E/edit?usp=sharing\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"fast16 malware targeting spherical implosion simulations\" rel=\"nofollow\" href=\"https://x.com/rhizomaticthot/status/2054591007396913218\"\u003efast16 malware targeting spherical implosion simulations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/?utm_campaign=cloud-launch\u0026amp;utm_source=email-marketing\u0026amp;utm_medium=letsignit\u0026amp;utm_content=undefined\u0026amp;utm_term=undefined\u0026amp;gclid=undefined\"\u003efast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cracking the Fast16 sabotage malware mystery\" rel=\"nofollow\" href=\"https://podcasts.apple.com/us/podcast/cracking-the-fast16-sabotage-malware-mystery/id1414525622?i=1000765508051\"\u003eCracking the Fast16 sabotage malware mystery\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"GTIG on AI Exploit Generation Discovery\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access\"\u003eGTIG on AI Exploit Generation Discovery\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"iOS 26.5 Security Bulletin\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/127110\"\u003eiOS 26.5 Security Bulletin\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"End-to-end encrypted RCS messaging hits beta\" rel=\"nofollow\" href=\"https://www.apple.com/newsroom/2026/05/end-to-end-encrypted-rcs-messaging-begins-rolling-out-today-in-beta/\"\u003eEnd-to-end encrypted RCS messaging hits beta\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Android adds \u0026#39;Intrusion Logging\u0026#39; feature\" rel=\"nofollow\" href=\"https://blog.google/security/whats-new-in-android-security-privacy-2026/\"\u003eAndroid adds 'Intrusion Logging' feature\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google: Log your Android device activity\" rel=\"nofollow\" href=\"https://support.google.com/android/answer/16927813?visit_id=639142077178356281-866636134\"\u003eGoogle: Log your Android device activity\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft MDASH new multi-model agentic security system\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-tops-leading-industry-benchmark/\"\u003eMicrosoft MDASH new multi-model agentic security system\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Daybreak | OpenAI for cybersecurity\" rel=\"nofollow\" href=\"https://openai.com/daybreak/\"\u003eDaybreak | OpenAI for cybersecurity\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Pwn2Own 2026 Capacity Overflow, Hackers Drop 0-Days Solo\" rel=\"nofollow\" href=\"https://awesomeagents.ai/news/pwn2own-berlin-2026-capacity-overflow/\"\u003ePwn2Own 2026 Capacity Overflow, Hackers Drop 0-Days Solo\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker\" rel=\"nofollow\" href=\"https://www.security.com/threat-intelligence/iran-seedworm-electronics\"\u003eSeedworm: Iran-Linked Hackers Breached Korean Electronics Maker\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kazuar: Anatomy of a nation-state botnet (Microsoft)\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/\"\u003eKazuar: Anatomy of a nation-state botnet (Microsoft)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ekoparty Miami\" rel=\"nofollow\" href=\"https://ekoparty.org/miami/\"\u003eEkoparty Miami\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2026\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon 2026\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).\r\n\r\nThree Buddy Problem - Episode 98: We dive back into the fast16 malware discovery with fresh speculation that it's targeting spherical implosion simulations for Iran's nuclear program, and wonder who on earth is qualified to confirm this. \r\n\r\nPlus, thoughts on OpenAI's new three-tier cyber access program, Microsoft's MDASH harness, the 10x Patch Tuesday tsunami, Cloudflare's 1,100 layoffs blamed on AI, and why frontier-lab guardrails may just be elaborate security theater.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. \r\n\r\nTimestamps: \r\n0:00 - Introductory banter\r\n3:19 - fast16 update: spherical implosion simulations?\r\n9:01 - Manhattan Project precedent — why this matches Iran\r\n12:28 - Who can actually reproduce the FAST 16 attack?\r\n19:32 - Google GTIG's \"AI-written\" zero-day\r\n22:13 - The rise of AI-backend \"silent detections\"\r\n25:54 - Guardrails as security theater\r\n38:47 - Are the 10x patch numbers real defense?\r\n43:48 - OpenAI's Trusted Access tiers + Microsoft MDASH\r\n53:35 - End of the ‘patch-and-pray’ model\r\n57:50 - Sean Heelan: strict harnesses can make models worse\r\n1:03:51 - Pwn2Own Berlin overflow and bug-density debate\r\n1:12:24 - Cloudflare's 1,100 layoffs and AI as scapegoat\r\n1:27:42 - RCS encryption, Android Intrusion Logging, Seedworm \u0026 Kazuar\r\n","date_published":"2026-05-15T05:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6ff0236c-91f5-4e08-b190-d83bb20eb8e8.mp3","mime_type":"audio/mpeg","size_in_bytes":93372705,"duration_in_seconds":6638}]},{"id":"93a70e36-c427-4377-85aa-5cc2fb2ad115","title":"The disappointing death of big-game APT reporting","url":"https://securityconversations.fireside.fm/disappointing-death-big-game-apt-reports","content_text":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)\n\nThree Buddy Problem - Episode 97: We discuss the disappearing art of Windows APT paleontology, the absence of complex malware documentation, and why so much threat-intel research has slipped behind paywalls and into private rooms. \n\nPlus, a surge in AI-discovered bugs in Firefox and Chrome, a rough week for Linux security flaw disclosures, and the usual Ivanti and Palo Alto zero-day bulletins that ship without a single IOC.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.\n\nTimestamps:\n0:00 - Introductory banter\n1:17 - Inside TLP-Red: writing hashes by hand\n3:57- fast16 fallout and the threat intel trust collapse\n9:17 - The death of cyber paleontology on Windows\n14:49 - Mobile is the new paleontology frontier\n15:48 - When threat intel went private: the CrowdStrike effect\n23:29 - Falling sideways into intelligence brokerage\n36:05 -- AI, Easter eggs, and the loss of malware artistry\n47:22 -- Will the Frontier Labs publish threat intel?\n51:43 -- fast16 follow-up reports coming\n1:09:38 - Mythos, Aardvark, and the patch tsunami\n1:15:33 - CopyFail and the Linux reboot crisis\n1:51:05 - UAPs, Pulitzers, last-ever LabsCon, and shoutoutsLinks:Transcript\nWhere Have All the Complex Windows Malware and Their Analyses Gone?\nAcidBox: Rare Malware Repurposing Turla Group Exploit\nGoogle Chrome security update documentation\nBehind the Scenes Hardening Firefox with Mythos\nCVE-2026-0073 Android adbd TLS client-authentication bypass\nUrgent patch for Android zero-click vuln \nCVE-2026-0300: PAN-OS zero-day exploited in the wild\nIvanti zero-day marked as exploited in the wild\nCopy Fail — CVE-2026-31431\nYael Grauer wins a Pulitzer Prize\nAJ Vicens wins a Pulitzer Prize\nPacific Rim – Darknet Diaries\nFast16, Stuxnet, and the History of Cyber Espionage\nTLPBLACK\nLABScon 2026 CFP\nUS Gov on UAP Encounters \n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 97\u003c/strong\u003e: We discuss the disappearing art of Windows APT paleontology, the absence of complex malware documentation, and why so much threat-intel research has slipped behind paywalls and into private rooms. \u003c/p\u003e\n\n\u003cp\u003ePlus, a surge in AI-discovered bugs in Firefox and Chrome, a rough week for Linux security flaw disclosures, and the usual Ivanti and Palo Alto zero-day bulletins that ship without a single IOC.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTimestamps:\u003c/strong\u003e\u003cbr\u003e\n0:00 - Introductory banter\u003cbr\u003e\n1:17 - Inside TLP-Red: writing hashes by hand\u003cbr\u003e\n3:57- fast16 fallout and the threat intel trust collapse\u003cbr\u003e\n9:17 - The death of cyber paleontology on Windows\u003cbr\u003e\n14:49 - Mobile is the new paleontology frontier\u003cbr\u003e\n15:48 - When threat intel went private: the CrowdStrike effect\u003cbr\u003e\n23:29 - Falling sideways into intelligence brokerage\u003cbr\u003e\n36:05 -- AI, Easter eggs, and the loss of malware artistry\u003cbr\u003e\n47:22 -- Will the Frontier Labs publish threat intel?\u003cbr\u003e\n51:43 -- fast16 follow-up reports coming\u003cbr\u003e\n1:09:38 - Mythos, Aardvark, and the patch tsunami\u003cbr\u003e\n1:15:33 - CopyFail and the Linux reboot crisis\u003cbr\u003e\n1:51:05 - UAPs, Pulitzers, last-ever LabsCon, and shoutouts\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1XD-WeRNLra07UXmgRpBaiGNFo0PPiSkw3PntcdnMdI8/edit?tab=t.0\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Where Have All the Complex Windows Malware and Their Analyses Gone?\" rel=\"nofollow\" href=\"https://r136a1.dev/2026/05/07/where-have-all-the-complex-malware-and-their-analyses-gone/\"\u003eWhere Have All the Complex Windows Malware and Their Analyses Gone?\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AcidBox: Rare Malware Repurposing Turla Group Exploit\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/acidbox-rare-malware/\"\u003eAcidBox: Rare Malware Repurposing Turla Group Exploit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google Chrome security update documentation\" rel=\"nofollow\" href=\"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html\"\u003eGoogle Chrome security update documentation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Behind the Scenes Hardening Firefox with Mythos\" rel=\"nofollow\" href=\"https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/\"\u003eBehind the Scenes Hardening Firefox with Mythos\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CVE-2026-0073 Android adbd TLS client-authentication bypass\" rel=\"nofollow\" href=\"https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass/\"\u003eCVE-2026-0073 Android adbd TLS client-authentication bypass\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Urgent patch for Android zero-click vuln \" rel=\"nofollow\" href=\"https://source.android.com/docs/security/bulletin/2026/2026-05-01\"\u003eUrgent patch for Android zero-click vuln \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CVE-2026-0300: PAN-OS zero-day exploited in the wild\" rel=\"nofollow\" href=\"https://security.paloaltonetworks.com/CVE-2026-0300\"\u003eCVE-2026-0300: PAN-OS zero-day exploited in the wild\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ivanti zero-day marked as exploited in the wild\" rel=\"nofollow\" href=\"https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US\"\u003eIvanti zero-day marked as exploited in the wild\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Copy Fail — CVE-2026-31431\" rel=\"nofollow\" href=\"https://copy.fail/\"\u003eCopy Fail — CVE-2026-31431\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Yael Grauer wins a Pulitzer Prize\" rel=\"nofollow\" href=\"https://www.ap.org/media-center/press-releases/2026/ap-wins-pulitzer-prize-for-china-surveillance-reporting/\"\u003eYael Grauer wins a Pulitzer Prize\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AJ Vicens wins a Pulitzer Prize\" rel=\"nofollow\" href=\"https://www.reuters.com/investigations/charlie-kirk-purge-how-600-americans-were-punished-pro-trump-crackdown-2025-11-19/\"\u003eAJ Vicens wins a Pulitzer Prize\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Pacific Rim – Darknet Diaries\" rel=\"nofollow\" href=\"https://darknetdiaries.com/episode/174/\"\u003ePacific Rim – Darknet Diaries\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fast16, Stuxnet, and the History of Cyber Espionage\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=Nemom0_vCYU\"\u003eFast16, Stuxnet, and the History of Cyber Espionage\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2026 CFP\" rel=\"nofollow\" href=\"https://www.cvent.com/c/abstracts/0f2ae039-4175-42c2-a534-7f25ada9e539\"\u003eLABScon 2026 CFP\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US Gov on UAP Encounters \" rel=\"nofollow\" href=\"https://www.war.gov/ufo/\"\u003eUS Gov on UAP Encounters \n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).\r\n\r\nThree Buddy Problem - Episode 97: We discuss the disappearing art of Windows APT paleontology, the absence of complex malware documentation, and why so much threat-intel research has slipped behind paywalls and into private rooms. \r\n\r\nPlus, a surge in AI-discovered bugs in Firefox and Chrome, a rough week for Linux security flaw disclosures, and the usual Ivanti and Palo Alto zero-day bulletins that ship without a single IOC.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. \r\n\r\nTimestamps: \r\n0:00 - Introductory banter\r\n1:17 - Inside TLP-Red: writing hashes by hand\r\n3:57- fast16 fallout and the threat intel trust collapse\r\n9:17 - The death of cyber paleontology on Windows\r\n14:49 - Mobile is the new paleontology frontier\r\n15:48 - When threat intel went private: the CrowdStrike effect\r\n23:29 - Falling sideways into intelligence brokerage\r\n36:05 -- AI, Easter eggs, and the loss of malware artistry\r\n47:22 -- Will the Frontier Labs publish threat intel?\r\n51:43 -- fast16 follow-up reports coming\r\n1:09:38 - Mythos, Aardvark, and the patch tsunami\r\n1:15:33 - CopyFail and the Linux reboot crisis\r\n1:51:05 - UAPs, Pulitzers, last-ever LabsCon, and shoutouts\r\n","date_published":"2026-05-10T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/93a70e36-c427-4377-85aa-5cc2fb2ad115.mp3","mime_type":"audio/mpeg","size_in_bytes":103309846,"duration_in_seconds":7350}]},{"id":"d5ef56b8-cf5d-4e7b-b1c2-255d6f6cab4f","title":"Cracking the Fast16 sabotage malware mystery","url":"https://securityconversations.fireside.fm/cracking-fast16-sabotage-malware-mystery","content_text":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)\n\nThree Buddy Problem - Episode 96: We're joined by WIRED writer Andy Greenberg to dig into SentinelLabs' bombshell FAST16 research, a newly deciphered piece of sabotage malware that predates Stuxnet by five years and quietly tampered with physics modeling software likely tied to Iran's nuclear program. \n\nWe discuss the attribution rabbit hole (NSA? Israel? someone else?), the eerie \"spiritual warfare\" implications of corrupting scientific calculations, and Antiy Labs' very dialectical Chinese rebuttal. Plus, what AI reverse-engineering means for the next decade of cyber paleontology.\n\nCast: Andy Greenberg, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.\n\nTimestamps:\n\n0:00 - WIRED’s Andy Greenberg joins the show\n1:53 - How the FAST16 scoop landed in Andy's lap\n6:45 - JAGS sat on this sample for 7 years\n10:33 - How Costin and the Kaspersky team missed the sabotage routine\n15:20 - The \"holy moly\" moment: what FAST16 actually does\n18:26 - Territorial Dispute, Shadow Brokers, and the driver list\n24:11 - The targets: MOHID, PKPM, and LS-DYNA's link to Iran\n28:13 - No C\u0026amp;C, no victims: a worm built for air-gapped networks\n34:45 - Was this part of a larger anti-Iran toolkit?\n37:55 - Attribution: NSA, Israel, or someone else entirely?\n51:39 - What was the actual sabotage? Unanswered questions\n55:48 - \"Spiritual warfare\": the psychological angle and trust in computers\n1:20:05 - Equities, going public, and the case for AI-powered reversing\n1:32:19 - Antiy Labs' Chinese rebuttal and the apparatchik tone\n1:43:04 - Shoutouts: Sergey Mineev, LabsCon CFP, PivotCon, and EkopartyLinks:Transcript\nfast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet\nFlame: A complex malware for targeted attacks\nTerritorial Dispute – NSA's perspective on APT landscape\nNewly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program - and Predates Stuxnet\nKim Zetter's Countdown to Zero Day\nAn Unprecedented Look at Stuxnet, the World's First Digital Weapon\nThe Flame: Questions and Answers (Kaspersky)\nSentinelLabs \nAndy Greenberg on X\nTLPBLACK\nAntiy Labs: “Psychological Warfare” to Show Off Cyber Capabilities\nWho’s Really Spreading through the Bright Star?\nLABScon 2026 CFP\nEkoparty Miami 2026 (Agenda)\nPIVOTcon Agenda\nDecipher: Fast16, Stuxnet, and the History of Cyber Espionage\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 96\u003c/strong\u003e: We're joined by WIRED writer Andy Greenberg to dig into SentinelLabs' bombshell FAST16 research, a newly deciphered piece of sabotage malware that predates Stuxnet by five years and quietly tampered with physics modeling software likely tied to Iran's nuclear program. \u003c/p\u003e\n\n\u003cp\u003eWe discuss the attribution rabbit hole (NSA? Israel? someone else?), the eerie \"spiritual warfare\" implications of corrupting scientific calculations, and Antiy Labs' very dialectical Chinese rebuttal. Plus, what AI reverse-engineering means for the next decade of cyber paleontology.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://x.com/a_greenberg\" target=\"_blank\" rel=\"nofollow noopener\"\u003eAndy Greenberg\u003c/a\u003e, \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTimestamps:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp\u003e0:00 - WIRED’s Andy Greenberg joins the show\u003cbr\u003e\n1:53 - How the FAST16 scoop landed in Andy's lap\u003cbr\u003e\n6:45 - JAGS sat on this sample for 7 years\u003cbr\u003e\n10:33 - How Costin and the Kaspersky team missed the sabotage routine\u003cbr\u003e\n15:20 - The \"holy moly\" moment: what FAST16 actually does\u003cbr\u003e\n18:26 - Territorial Dispute, Shadow Brokers, and the driver list\u003cbr\u003e\n24:11 - The targets: MOHID, PKPM, and LS-DYNA's link to Iran\u003cbr\u003e\n28:13 - No C\u0026amp;C, no victims: a worm built for air-gapped networks\u003cbr\u003e\n34:45 - Was this part of a larger anti-Iran toolkit?\u003cbr\u003e\n37:55 - Attribution: NSA, Israel, or someone else entirely?\u003cbr\u003e\n51:39 - What was the actual sabotage? Unanswered questions\u003cbr\u003e\n55:48 - \"Spiritual warfare\": the psychological angle and trust in computers\u003cbr\u003e\n1:20:05 - Equities, going public, and the case for AI-powered reversing\u003cbr\u003e\n1:32:19 - Antiy Labs' Chinese rebuttal and the apparatchik tone\u003cbr\u003e\n1:43:04 - Shoutouts: Sergey Mineev, LabsCon CFP, PivotCon, and Ekoparty\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1m0kgtQ17e-_mOUJbhVvwLAmn-khQck_vOudjMTh4IZ0/edit?tab=t.0#heading=h.f9h50gafamn5\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/\"\u003efast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Flame: A complex malware for targeted attacks\" rel=\"nofollow\" href=\"https://static.crysys.hu/v1/publications/files/skywiper\"\u003eFlame: A complex malware for targeted attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Territorial Dispute – NSA\u0026#39;s perspective on APT landscape\" rel=\"nofollow\" href=\"https://static.crysys.hu/publications/files/tedi/ukatemicrysys_territorialdispute.pdf\"\u003eTerritorial Dispute – NSA's perspective on APT landscape\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program - and Predates Stuxnet\" rel=\"nofollow\" href=\"https://archive.ph/ZsaH6\"\u003eNewly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program - and Predates Stuxnet\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kim Zetter\u0026#39;s Countdown to Zero Day\" rel=\"nofollow\" href=\"https://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/0770436196\"\u003eKim Zetter's Countdown to Zero Day\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"An Unprecedented Look at Stuxnet, the World\u0026#39;s First Digital Weapon\" rel=\"nofollow\" href=\"https://archive.ph/BOolM\"\u003eAn Unprecedented Look at Stuxnet, the World's First Digital Weapon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Flame: Questions and Answers (Kaspersky)\" rel=\"nofollow\" href=\"https://securelist.com/the-flame-questions-and-answers/34344/\"\u003eThe Flame: Questions and Answers (Kaspersky)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"SentinelLabs \" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/\"\u003eSentinelLabs \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Andy Greenberg on X\" rel=\"nofollow\" href=\"https://x.com/a_greenberg\"\u003eAndy Greenberg on X\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Antiy Labs: “Psychological Warfare” to Show Off Cyber Capabilities\" rel=\"nofollow\" href=\"https://www.antiy.net/p/a-psychological-warfare-to-show-off-cyber-capabilities-a-comprehensive-analysis-of-sentinelones-exposure-of-fast16/\"\u003eAntiy Labs: “Psychological Warfare” to Show Off Cyber Capabilities\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Who’s Really Spreading through the Bright Star?\" rel=\"nofollow\" href=\"https://securelist.com/whos-really-spreading-through-the-bright-star/68978/\"\u003eWho’s Really Spreading through the Bright Star?\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2026 CFP\" rel=\"nofollow\" href=\"https://www.cvent.com/c/abstracts/0f2ae039-4175-42c2-a534-7f25ada9e539\"\u003eLABScon 2026 CFP\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ekoparty Miami 2026 (Agenda)\" rel=\"nofollow\" href=\"https://ekoparty.org/schedule-miami-2026/\"\u003eEkoparty Miami 2026 (Agenda)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PIVOTcon Agenda\" rel=\"nofollow\" href=\"https://pivotcon.org/#agenda\"\u003ePIVOTcon Agenda\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Decipher: Fast16, Stuxnet, and the History of Cyber Espionage\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=Nemom0_vCYU\"\u003eDecipher: Fast16, Stuxnet, and the History of Cyber Espionage\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).\r\n\r\nThree Buddy Problem - Episode 96: We're joined by WIRED writer Andy Greenberg to dig into SentinelLabs' bombshell FAST16 research, a newly deciphered piece of sabotage malware that predates Stuxnet by five years and quietly tampered with physics modeling software likely tied to Iran's nuclear program. \r\n\r\nWe discuss the attribution rabbit hole (NSA? Israel? someone else?), the eerie \"spiritual warfare\" implications of corrupting scientific calculations, and Antiy Labs' very dialectical Chinese rebuttal. Plus, what AI reverse-engineering means for the next decade of cyber paleontology. \r\n\r\nCast: Andy Greenberg (WIRED), Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. \r\n\r\nTimestamps: \r\n0:00 - WIRED’s Andy Greenberg joins the show\r\n1:53 - How the FAST16 scoop landed in Andy's lap\r\n6:45 - JAGS sat on this sample for 7 years\r\n10:33 - How Costin and the Kaspersky team missed the sabotage routine\r\n15:20 - The \"holy moly\" moment: what FAST16 actually does\r\n18:26 - Territorial Dispute, Shadow Brokers, and the driver list\r\n24:11 - The targets: MOHID, PKPM, and LS-DYNA's link to Iran\r\n28:13 - No C\u0026C, no victims: a worm built for air-gapped networks\r\n34:45 - Was this part of a larger anti-Iran toolkit?\r\n37:55 - Attribution: NSA, Israel, or someone else entirely?\r\n51:39 - What was the actual sabotage? Unanswered questions\r\n55:48 - \"Spiritual warfare\": the psychological angle and trust in computers\r\n1:20:05 - Equities, going public, and the case for AI-powered reversing\r\n1:32:19 - Antiy Labs' Chinese rebuttal and the apparatchik tone\r\n1:43:04 - Shoutouts: Sergey Mineev, LabsCon CFP, PivotCon, and Ekoparty\r\n","date_published":"2026-05-01T05:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/d5ef56b8-cf5d-4e7b-b1c2-255d6f6cab4f.mp3","mime_type":"audio/mpeg","size_in_bytes":93137140,"duration_in_seconds":6474}]},{"id":"95c34251-30c2-472e-bc82-3dc476cfa4e1","title":"Mark Dowd on AI hacking, exploit chains, zero-day sales","url":"https://securityconversations.fireside.fm/mark-dowd-ai-zero-day-marketplace-ethics-economics","content_text":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)\n\nThree Buddy Problem - Episode 95: Vigilant Labs director Mark Dowd joins the show to shed light on the state of offensive research, the economics of the exploit market, and why \"Mark Dowd in a box\" isn't quite the threat the AI hype machine suggests. He talks through the daily stresses of running an offensive shop, how AI is reshaping vulnerability discovery, exploit development, and the pricing of full exploit chains.\n\nPlus, thoughts on Lockdown Mode and Apple's MIE, whether mitigations actually work or just push attackers toward less access, the rise of HarmonyOS and the Balkanization of device security, persistence, baseband attacks, GrapheneOS, and Samsung Knox. \n\nWe discuss customer vetting and OpSec fears, policymakers who've never written an exploit, and the strange afterlife of The Art of Software Security Assessment, the 20-year-old book now possibly training data for the very tools coming for his job.\n\nCast: Mark Dowd, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.\n\nTimestamps:\n0:00 Introductions\n4:28 The origin story of Azimuth: why go offensive?\n6:26 Stresses of running an offensive research business\n12:10 \"Mark Dowd in a box\" — is AI an existential threat to vuln research?\n16:13 Using AI in workflow: frontier models vs. local models\n22:05 AI in bug-finding vs. exploit implementation\n30:30 Watching AI tear through a firmware backdoor\n38:23 Artificial guardrails and the \"POC\" wall\n43:25 Will AI commoditize 0days? The high-end vs. low-end vendor split\n57:30 How AI disrupts exploit chain pricing \n1:05:18 Does persistence still matter? Should you reboot your phone?\n1:09:33 Lockdown Mode, MIE, and Apple's \"never been compromised\" claim\n1:14:25 Do mitigations really work, or are we stuck in an endless loop?\n1:23:25 Android vs. iOS vs. Huawei's HarmonyOS Next\n1:34:44 Exploit leaks, customer vetting, and OpSec fears\n1:41:37 GrapheneOS, Samsung Knox and baseband attacks\n1:53:56 Did the exploit market save us from encryption backdoors?\n1:55:11 What does the threat-intel community get wrong about vuln research? Links:Transcript\nVigilant Labs\nMark Dowd at BlueHat: Inside the Zero Day Market\nThe Art of Software Security Assessment [Book]\nMark Dowd on X\nTrenchant, Peter Williams, and the proliferation of a Shadow Brokers-level iOS exploit framework\nApple: Memory Integrity Enforcement \nCost of Sandboxing Prompts Shift to Memory-Safe Languages \nDowd: Memory Corruption Mitigations Doing Their Job \nTLPBLACK\nLABScon 2026 Call for Papers\nApple paying big bounty for wireless proximity-based attacks\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 95\u003c/strong\u003e: Vigilant Labs director Mark Dowd joins the show to shed light on the state of offensive research, the economics of the exploit market, and why \"Mark Dowd in a box\" isn't quite the threat the AI hype machine suggests. He talks through the daily stresses of running an offensive shop, how AI is reshaping vulnerability discovery, exploit development, and the pricing of full exploit chains.\u003c/p\u003e\n\n\u003cp\u003ePlus, thoughts on Lockdown Mode and Apple's MIE, whether mitigations actually work or just push attackers toward less access, the rise of HarmonyOS and the Balkanization of device security, persistence, baseband attacks, GrapheneOS, and Samsung Knox. \u003c/p\u003e\n\n\u003cp\u003eWe discuss customer vetting and OpSec fears, policymakers who've never written an exploit, and the strange afterlife of The Art of Software Security Assessment, the 20-year-old book now possibly training data for the very tools coming for his job.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://x.com/mdowd\" target=\"_blank\" rel=\"nofollow noopener\"\u003eMark Dowd\u003c/a\u003e, \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003eTimestamps:\u003cbr\u003e\n0:00 Introductions\u003cbr\u003e\n4:28 The origin story of Azimuth: why go offensive?\u003cbr\u003e\n6:26 Stresses of running an offensive research business\u003cbr\u003e\n12:10 \"Mark Dowd in a box\" — is AI an existential threat to vuln research?\u003cbr\u003e\n16:13 Using AI in workflow: frontier models vs. local models\u003cbr\u003e\n22:05 AI in bug-finding vs. exploit implementation\u003cbr\u003e\n30:30 Watching AI tear through a firmware backdoor\u003cbr\u003e\n38:23 Artificial guardrails and the \"POC\" wall\u003cbr\u003e\n43:25 Will AI commoditize 0days? The high-end vs. low-end vendor split\u003cbr\u003e\n57:30 How AI disrupts exploit chain pricing \u003cbr\u003e\n1:05:18 Does persistence still matter? Should you reboot your phone?\u003cbr\u003e\n1:09:33 Lockdown Mode, MIE, and Apple's \"never been compromised\" claim\u003cbr\u003e\n1:14:25 Do mitigations really work, or are we stuck in an endless loop?\u003cbr\u003e\n1:23:25 Android vs. iOS vs. Huawei's HarmonyOS Next\u003cbr\u003e\n1:34:44 Exploit leaks, customer vetting, and OpSec fears\u003cbr\u003e\n1:41:37 GrapheneOS, Samsung Knox and baseband attacks\u003cbr\u003e\n1:53:56 Did the exploit market save us from encryption backdoors?\u003cbr\u003e\n1:55:11 What does the threat-intel community get wrong about vuln research? \u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1G2B7VetSNfxN9Lfb8f2Y1Vyy-uVBQPl_YSj_3ayVUxM/edit?usp=sharing\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Vigilant Labs\" rel=\"nofollow\" href=\"https://www.vigilantlabs.com/\"\u003eVigilant Labs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mark Dowd at BlueHat: Inside the Zero Day Market\" rel=\"nofollow\" href=\"https://github.com/mdowd79/presentations/blob/main/bluehat2023-mdowd-final.pdf\"\u003eMark Dowd at BlueHat: Inside the Zero Day Market\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Art of Software Security Assessment [Book]\" rel=\"nofollow\" href=\"https://www.oreilly.com/library/view/the-art-of/0321444426/\"\u003eThe Art of Software Security Assessment [Book]\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mark Dowd on X\" rel=\"nofollow\" href=\"https://x.com/mdowd\"\u003eMark Dowd on X\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Trenchant, Peter Williams, and the proliferation of a Shadow Brokers-level iOS exploit framework\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/trenchant-peter-williams-and-the-proliferation-of-a-shadow-brokers-level-ios-exploit-framework/\"\u003eTrenchant, Peter Williams, and the proliferation of a Shadow Brokers-level iOS exploit framework\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple: Memory Integrity Enforcement \" rel=\"nofollow\" href=\"https://security.apple.com/blog/memory-integrity-enforcement/\"\u003eApple: Memory Integrity Enforcement \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cost of Sandboxing Prompts Shift to Memory-Safe Languages \" rel=\"nofollow\" href=\"https://www.securityweek.com/cost-sandboxing-prompts-shift-memory-safe-languages-little-too-late/\"\u003eCost of Sandboxing Prompts Shift to Memory-Safe Languages \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dowd: Memory Corruption Mitigations Doing Their Job \" rel=\"nofollow\" href=\"https://threatpost.com/memory-corruption-mitigations-doing-their-job/124728/\"\u003eDowd: Memory Corruption Mitigations Doing Their Job \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2026 Call for Papers\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon 2026 Call for Papers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple paying big bounty for wireless proximity-based attacks\" rel=\"nofollow\" href=\"https://security.apple.com/bounty/categories/\"\u003eApple paying big bounty for wireless proximity-based attacks\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).\r\n\r\nThree Buddy Problem - Episode 95: Vigilant Labs director Mark Dowd joins the show to shed light on the state of offensive research, the economics of the exploit market, and why \"Mark Dowd in a box\" isn't quite the threat the AI hype machine suggests. He talks through the daily stresses of running an offensive shop, how AI is reshaping vulnerability discovery, exploit development, and the pricing of full exploit chains.\r\n\r\nPlus, thoughts on Lockdown Mode and Apple's MIE, whether mitigations actually work or just push attackers toward less access, the rise of HarmonyOS and the Balkanization of device security, persistence, baseband attacks, GrapheneOS, and Samsung Knox. \r\n\r\nWe discuss customer vetting and OpSec fears, policymakers who've never written an exploit, and the strange afterlife of The Art of Software Security Assessment, the 20-year-old book now possibly training data for the very tools coming for his job.\r\n\r\nCast: Mark Dowd, Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. \r\n\r\nTimestamps:\r\n0:00 Introductions\r\n4:28 The origin story of Azimuth: why go offensive?\r\n6:26 Stresses of running an offensive research business\r\n12:10 \"Mark Dowd in a box\" — is AI an existential threat to vuln research?\r\n16:13 Using AI in workflow: frontier models vs. local models\r\n22:05 AI in bug-finding vs. exploit implementation\r\n30:30 Watching AI tear through a firmware backdoor\r\n38:23 Artificial guardrails and the \"POC\" wall\r\n43:25 Will AI commoditize 0days? The high-end vs. low-end vendor split\r\n57:30 How AI disrupts exploit chain pricing \r\n1:05:18 Does persistence still matter? Should you reboot your phone?\r\n1:09:33 Lockdown Mode, MIE, and Apple's \"never been compromised\" claim\r\n1:14:25 Do mitigations really work, or are we stuck in an endless loop?\r\n1:23:25 Android vs. iOS vs. Huawei's HarmonyOS Next\r\n1:34:44 Exploit leaks, customer vetting, and OpSec fears\r\n1:41:37 GrapheneOS, Samsung Knox and baseband attacks\r\n1:53:56 Did the exploit market save us from encryption backdoors?\r\n1:55:11 What does the threat-intel community get wrong about vuln research? \r\n","date_published":"2026-04-24T06:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/95c34251-30c2-472e-bc82-3dc476cfa4e1.mp3","mime_type":"audio/mpeg","size_in_bytes":98613710,"duration_in_seconds":7338}]},{"id":"e76fbe12-d6f8-4e86-b598-e7103442b0b5","title":"The Angry Spark APT Mystery: A Year-Long Backdoor, One Victim, Zero Attribution","url":"https://securityconversations.fireside.fm/angry-spark-mystery-apex-apt-attribution","content_text":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)\n\nThree Buddy Problem - Episode 94: We discuss a mysterious, VM-obfuscated backdoor that lived undetected on a single U.K. machine for a year before disappearing, finding clues pointing to an elite-level APT intrusion that still evades broader industry coverage. \n\nPlus, connecting the dots across AI-driven vulnerability discovery, Microsoft’s massive Patch Tuesday, Jensen Huang talks cybersecurity, Mythos dangers and Chinese chips, and the quiet erosion of CVE enrichment at NIST.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.\n\nTimestamps:\n0:00 – Intros + AI news whiplash \n5:10 – Patch Tuesday breakdown: Microsoft's second-largest CVE release ever\n7:32 – AI accelerating vulnerability discovery at record pace\n10:00 – Frontier lab cyber models, fine-tuning, guardrail removal \u0026amp; KYC\n12:37 – FreeBSD NFS bug: Opus 4.6 was already finding critical vulns\n14:26 – Anthropic's infrastructure strain: Is Opus being nerfed?\n21:05 – OpenAI's Trusted Access for Cyber vs. Anthropic's Mythos cabal\n28:45 – SharePoint zero-day CVE-2026-32201: The endless Microsoft tax\n34:36 – Adobe Acrobat zero-day: A rare, real, Russia-linked exploit in the wild\n41:36 – VirusTotal mining: The golden age of threat intel hunting\n50:03 – ZionSiphon: Vibe-coded OT malware targeting Israeli water infrastructure\n55:04 – Paleontology of threat research: When do you publish? Who do you trust?\n1:13:53 – Angry Spark: A one-machine, one-year backdoor raises eyebrows\n1:49:25 – Jensen Huang vs. Dwarkesh Patel on Mythos, China and chips \n2:14:32 – Chinese AI distillation: 24,000 fake Anthropic accounts, DeepSeek \u0026amp; the catch-up questionLinks:Transcript\nMicrosoft Patches Exploited SharePoint Zero-Day and 160 Other Vulns\nZDI: April 2026 Patch Tuesday Review\nInside ZionSiphon: OT Malware Targeting Israeli Water Systems\nGenDigital: Chasing an Angry Spark\nMAD Bugs: Month of AI-Discovered Bugs (Calif)\nHackerOne: The Vulnerability Apocalypse is a Remediation Crisis\nOpenAI scaling up Trusted Access for Cyber (TAC) Program\nOpenAI Commits $10m in API credits for cybersecurity\nAnthropic: Introducing Claude Opus 4.7 \nOpenAI confirms Axios developer tool compromise\nJensen Huang x Jensen Huang on Nvidia’s AI Moat\nAnthropic: Detecting and preventing distillation attacks\nNIST Updates NVD Operations to Address Record CVE Growth\nDreadnode Open-Source Tools to Measure AI Offense-Defense Gap\nLABScon 2026 Call for Papers\nCyber-Paleontology in the Age of AI (Black Hat Asia 2026)\nEkoparty Miami Schedule\nTLPBLACK\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 94\u003c/strong\u003e: We discuss a mysterious, VM-obfuscated backdoor that lived undetected on a single U.K. machine for a year before disappearing, finding clues pointing to an elite-level APT intrusion that still evades broader industry coverage. \u003c/p\u003e\n\n\u003cp\u003ePlus, connecting the dots across AI-driven vulnerability discovery, Microsoft’s massive Patch Tuesday, Jensen Huang talks cybersecurity, Mythos dangers and Chinese chips, and the quiet erosion of CVE enrichment at NIST.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003eTimestamps:\u003cbr\u003e\n0:00 – Intros + AI news whiplash \u003cbr\u003e\n5:10 – Patch Tuesday breakdown: Microsoft's second-largest CVE release ever\u003cbr\u003e\n7:32 – AI accelerating vulnerability discovery at record pace\u003cbr\u003e\n10:00 – Frontier lab cyber models, fine-tuning, guardrail removal \u0026amp; KYC\u003cbr\u003e\n12:37 – FreeBSD NFS bug: Opus 4.6 was already finding critical vulns\u003cbr\u003e\n14:26 – Anthropic's infrastructure strain: Is Opus being nerfed?\u003cbr\u003e\n21:05 – OpenAI's Trusted Access for Cyber vs. Anthropic's Mythos cabal\u003cbr\u003e\n28:45 – SharePoint zero-day CVE-2026-32201: The endless Microsoft tax\u003cbr\u003e\n34:36 – Adobe Acrobat zero-day: A rare, real, Russia-linked exploit in the wild\u003cbr\u003e\n41:36 – VirusTotal mining: The golden age of threat intel hunting\u003cbr\u003e\n50:03 – ZionSiphon: Vibe-coded OT malware targeting Israeli water infrastructure\u003cbr\u003e\n55:04 – Paleontology of threat research: When do you publish? Who do you trust?\u003cbr\u003e\n1:13:53 – Angry Spark: A one-machine, one-year backdoor raises eyebrows\u003cbr\u003e\n1:49:25 – Jensen Huang vs. Dwarkesh Patel on Mythos, China and chips \u003cbr\u003e\n2:14:32 – Chinese AI distillation: 24,000 fake Anthropic accounts, DeepSeek \u0026amp; the catch-up question\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1wVB-Ec5EHYAOhsq2B8Zvf8XJju6ztX7blylz-6IvUHM/edit?usp=sharing\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulns\" rel=\"nofollow\" href=\"https://www.securityweek.com/microsoft-patches-exploited-sharepoint-zero-day-and-160-other-vulnerabilities/\"\u003eMicrosoft Patches Exploited SharePoint Zero-Day and 160 Other Vulns\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ZDI: April 2026 Patch Tuesday Review\" rel=\"nofollow\" href=\"https://www.zerodayinitiative.com/blog/2026/4/14/the-april-2026-security-update-review\"\u003eZDI: April 2026 Patch Tuesday Review\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Inside ZionSiphon: OT Malware Targeting Israeli Water Systems\" rel=\"nofollow\" href=\"https://www.darktrace.com/blog/inside-zionsiphon-darktraces-analysis-of-ot-malware-targeting-israeli-water-systems\"\u003eInside ZionSiphon: OT Malware Targeting Israeli Water Systems\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"GenDigital: Chasing an Angry Spark\" rel=\"nofollow\" href=\"https://www.gendigital.com/blog/insights/research/chasing-an-angry-spark\"\u003eGenDigital: Chasing an Angry Spark\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"MAD Bugs: Month of AI-Discovered Bugs (Calif)\" rel=\"nofollow\" href=\"https://blog.calif.io/p/mad-bugs-month-of-ai-discovered-bugs\"\u003eMAD Bugs: Month of AI-Discovered Bugs (Calif)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"HackerOne: The Vulnerability Apocalypse is a Remediation Crisis\" rel=\"nofollow\" href=\"https://www.hackerone.com/blog/continuous-threat-exposure-management-remediation-crisis\"\u003eHackerOne: The Vulnerability Apocalypse is a Remediation Crisis\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OpenAI scaling up Trusted Access for Cyber (TAC) Program\" rel=\"nofollow\" href=\"https://openai.com/index/scaling-trusted-access-for-cyber-defense/\"\u003eOpenAI scaling up Trusted Access for Cyber (TAC) Program\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OpenAI Commits $10m in API credits for cybersecurity\" rel=\"nofollow\" href=\"https://openai.com/index/accelerating-cyber-defense-ecosystem/\"\u003eOpenAI Commits $10m in API credits for cybersecurity\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anthropic: Introducing Claude Opus 4.7 \" rel=\"nofollow\" href=\"https://www.anthropic.com/news/claude-opus-4-7\"\u003eAnthropic: Introducing Claude Opus 4.7 \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OpenAI confirms Axios developer tool compromise\" rel=\"nofollow\" href=\"https://openai.com/index/axios-developer-tool-compromise/\"\u003eOpenAI confirms Axios developer tool compromise\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Jensen Huang x Jensen Huang on Nvidia’s AI Moat\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=Hrbq66XqtCo\"\u003eJensen Huang x Jensen Huang on Nvidia’s AI Moat\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anthropic: Detecting and preventing distillation attacks\" rel=\"nofollow\" href=\"https://www.anthropic.com/news/detecting-and-preventing-distillation-attacks\"\u003eAnthropic: Detecting and preventing distillation attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NIST Updates NVD Operations to Address Record CVE Growth\" rel=\"nofollow\" href=\"https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth\"\u003eNIST Updates NVD Operations to Address Record CVE Growth\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dreadnode Open-Source Tools to Measure AI Offense-Defense Gap\" rel=\"nofollow\" href=\"https://dreadnode.io/research/mine-the-gap-open-source-tools-for-measuring-the-ai-offense-defense-gap/\"\u003eDreadnode Open-Source Tools to Measure AI Offense-Defense Gap\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2026 Call for Papers\" rel=\"nofollow\" href=\"https://www.labscon.io/cfp/\"\u003eLABScon 2026 Call for Papers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cyber-Paleontology in the Age of AI (Black Hat Asia 2026)\" rel=\"nofollow\" href=\"https://blackhat.com/asia-26/briefings/schedule/index.html#cyber-paleontology-in-the-age-of-ai-51494\"\u003eCyber-Paleontology in the Age of AI (Black Hat Asia 2026)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ekoparty Miami Schedule\" rel=\"nofollow\" href=\"https://ekoparty.org/schedule-miami-2026/\"\u003eEkoparty Miami Schedule\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).\r\n\r\nThree Buddy Problem - Episode 94: We discuss a mysterious, VM-obfuscated backdoor that lived undetected on a single U.K. machine for a year before disappearing, finding clues pointing to an elite-level APT intrusion that still evades broader industry coverage. \r\n\r\nPlus, connecting the dots across AI-driven vulnerability discovery, Microsoft’s massive Patch Tuesday, Jensen Huang talks cybersecurity, Mythos dangers and Chinese chips, and the quiet erosion of CVE enrichment at NIST.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. \r\n\r\nTimestamps:\r\n0:00 – Intros + AI news whiplash \r\n5:10 – Patch Tuesday breakdown: Microsoft's second-largest CVE release ever\r\n7:32 – AI accelerating vulnerability discovery at record pace\r\n10:00 – Frontier lab cyber models, fine-tuning, guardrail removal \u0026 KYC\r\n12:37 – FreeBSD NFS bug: Opus 4.6 was already finding critical vulns\r\n14:26 – Anthropic's infrastructure strain: Is Opus being nerfed?\r\n21:05 – OpenAI's Trusted Access for Cyber vs. Anthropic's Mythos cabal\r\n28:45 – SharePoint zero-day CVE-2026-32201: The endless Microsoft tax\r\n34:36 – Adobe Acrobat zero-day: A rare, real, Russia-linked exploit in the wild\r\n41:36 – VirusTotal mining: The golden age of threat intel hunting\r\n50:03 – ZionSiphon: Vibe-coded OT malware targeting Israeli water infrastructure\r\n55:04 – Paleontology of threat research: When do you publish? Who do you trust?\r\n1:13:53 – Angry Spark: A one-machine, one-year backdoor raises eyebrows\r\n1:49:25 – Jensen Huang vs. Dwarkesh Patel on Mythos, China and chips \r\n2:14:32 – Chinese AI distillation: 24,000 fake Anthropic accounts, DeepSeek \u0026 the catch-up question","date_published":"2026-04-18T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/e76fbe12-d6f8-4e86-b598-e7103442b0b5.mp3","mime_type":"audio/mpeg","size_in_bytes":129806188,"duration_in_seconds":9323}]},{"id":"cc2c69d7-921c-4ac8-b034-4546ab0e3de8","title":"The Claude Mythos, Project Glasswing Shockwave","url":"https://securityconversations.fireside.fm/claude-mythos-project-glasslight-shockwave","content_text":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)\n\nThree Buddy Problem - Episode 93: We discuss Anthropic's release of Claude Mythos Preview (an AI model so capable and dangerous they won't release it publicly) and debate the looming patching crisis, bug bounty extinction, possible US government nationalization of frontier labs, and why the NSA might not be thrilled about all this bug-fixing. \n\nPlus, North Korea's six-month Drift Protocol con job, APT28's retro DNS hijacking campaign, and Microsoft's driver signing mess hitting WireGuard and VeraCrypt.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.\n\n00:00 — Opening banter\n01:36 — Anthropic Mythos Preview + Project Glasswing\n06:17 — USG reaction + Wall Street emergency meeting\n10:54 — Mythos capabilities vs hype (technical reality check)\n13:44 — PR stunt? Skepticism of Anthropic narrative\n20:42 — The patching crisis + “defender advantage”\n27:41 — Bug bounty model under threat from AI\n33:37 — Mythos practical workflows\n45:09 — Geopolitics, NSA angle, and nationalization discussion\n01:40:18 — Fortinet zero-day + ongoing failures\n01:42:39 — Drift Protocol heist ($285M) + long-term social engineering\n01:44:07 — Revisiting XZ Utils / Jia Tan attribution\n01:54:07 — Crypto security gaps + need for real CTI in blockchain\n02:04:22 — APT28 DNS hijacking + router compromise campaign\n02:18:57 — Microsoft driver signing meltdown + ecosystem impactLinks:Transcript\nTLPBLACK\nClaude Mythos Preview \nAccidental data leak reveals existence of Anthropic Mythos\nProject Glasswing\nSystem Card: Claude Mythos Preview\nAxios: OpenAI plans new product for cybersecurity use\nThe $285M Drift Protocol Heist Was ‘6 Months in the Making’\nDrift Protocol - Incident Report\nUS Treasury to share threat-intel with crypto companies\nFortinet customers confront actively exploited zero-day\nFortinet advisory: CVE-2026-35616 (exploited in the wild)\nSOHO router compromise leads to DNS hijacking\nAPT28 exploit routers to enable DNS hijacking operations\nDOJ Conducts Court-Authorized Disruption of DNS Hijacking Network Controlled by a Russian Military\nLumen on 'Frost Armada' Forest Blizzard DNS Hijacking\nWireGuard (Account Suspended)\nOSR on Microsoft Driver Signing Lockout\nMicrosoft: Account Verification for Windows Hardware Program\nUS Warns of Iran-Linked Cyber Hacks on Water, Energy Systems\nCISA bulletin: Iranian Hackers Exploiting PLCs Across US Critical Infrastructure\nWatch S4: The Bob Lazar Story\nYouTube: Dan Guido at [un]prompted\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 93\u003c/strong\u003e: We discuss Anthropic's release of Claude Mythos Preview (an AI model so capable and dangerous they won't release it publicly) and debate the looming patching crisis, bug bounty extinction, possible US government nationalization of frontier labs, and why the NSA might not be thrilled about all this bug-fixing. \u003c/p\u003e\n\n\u003cp\u003ePlus, North Korea's six-month Drift Protocol con job, APT28's retro DNS hijacking campaign, and Microsoft's driver signing mess hitting WireGuard and VeraCrypt.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e00:00 — Opening banter\u003cbr\u003e\n01:36 — Anthropic Mythos Preview + Project Glasswing\u003cbr\u003e\n06:17 — USG reaction + Wall Street emergency meeting\u003cbr\u003e\n10:54 — Mythos capabilities vs hype (technical reality check)\u003cbr\u003e\n13:44 — PR stunt? Skepticism of Anthropic narrative\u003cbr\u003e\n20:42 — The patching crisis + “defender advantage”\u003cbr\u003e\n27:41 — Bug bounty model under threat from AI\u003cbr\u003e\n33:37 — Mythos practical workflows\u003cbr\u003e\n45:09 — Geopolitics, NSA angle, and nationalization discussion\u003cbr\u003e\n01:40:18 — Fortinet zero-day + ongoing failures\u003cbr\u003e\n01:42:39 — Drift Protocol heist ($285M) + long-term social engineering\u003cbr\u003e\n01:44:07 — Revisiting XZ Utils / Jia Tan attribution\u003cbr\u003e\n01:54:07 — Crypto security gaps + need for real CTI in blockchain\u003cbr\u003e\n02:04:22 — APT28 DNS hijacking + router compromise campaign\u003cbr\u003e\n02:18:57 — Microsoft driver signing meltdown + ecosystem impact\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/14G3lVzHmbLtwhI8daMVzH-GWVj8PHI6CO1jVah1dW_g/edit?tab=t.0\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Claude Mythos Preview \" rel=\"nofollow\" href=\"https://red.anthropic.com/2026/mythos-preview/\"\u003eClaude Mythos Preview \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Accidental data leak reveals existence of Anthropic Mythos\" rel=\"nofollow\" href=\"https://archive.ph/oqiUD\"\u003eAccidental data leak reveals existence of Anthropic Mythos\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Project Glasswing\" rel=\"nofollow\" href=\"https://www.anthropic.com/glasswing\"\u003eProject Glasswing\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"System Card: Claude Mythos Preview\" rel=\"nofollow\" href=\"https://www-cdn.anthropic.com/08ab9158070959f88f296514c21b7facce6f52bc.pdf\"\u003eSystem Card: Claude Mythos Preview\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Axios: OpenAI plans new product for cybersecurity use\" rel=\"nofollow\" href=\"https://www.axios.com/2026/04/09/openai-new-model-cyber-mythos-anthopic\"\u003eAxios: OpenAI plans new product for cybersecurity use\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The $285M Drift Protocol Heist Was ‘6 Months in the Making’\" rel=\"nofollow\" href=\"https://decipher.sc/2026/04/05/the-285m-drift-protocol-heist-was-6-months-in-the-making/\"\u003eThe $285M Drift Protocol Heist Was ‘6 Months in the Making’\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Drift Protocol - Incident Report\" rel=\"nofollow\" href=\"https://x.com/DriftProtocol/status/2040611161121370409\"\u003eDrift Protocol - Incident Report\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US Treasury to share threat-intel with crypto companies\" rel=\"nofollow\" href=\"https://home.treasury.gov/news/press-releases/sb0437\"\u003eUS Treasury to share threat-intel with crypto companies\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fortinet customers confront actively exploited zero-day\" rel=\"nofollow\" href=\"https://cyberscoop.com/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited/\"\u003eFortinet customers confront actively exploited zero-day\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fortinet advisory: CVE-2026-35616 (exploited in the wild)\" rel=\"nofollow\" href=\"https://fortiguard.fortinet.com/psirt/FG-IR-26-099\"\u003eFortinet advisory: CVE-2026-35616 (exploited in the wild)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"SOHO router compromise leads to DNS hijacking\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2026/04/07/soho-router-compromise-leads-to-dns-hijacking-and-adversary-in-the-middle-attacks/\"\u003eSOHO router compromise leads to DNS hijacking\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"APT28 exploit routers to enable DNS hijacking operations\" rel=\"nofollow\" href=\"https://www.ncsc.gov.uk/news/apt28-exploit-routers-to-enable-dns-hijacking-operations\"\u003eAPT28 exploit routers to enable DNS hijacking operations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DOJ Conducts Court-Authorized Disruption of DNS Hijacking Network Controlled by a Russian Military\" rel=\"nofollow\" href=\"https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-dns-hijacking-network-controlled\"\u003eDOJ Conducts Court-Authorized Disruption of DNS Hijacking Network Controlled by a Russian Military\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Lumen on \u0026#39;Frost Armada\u0026#39; Forest Blizzard DNS Hijacking\" rel=\"nofollow\" href=\"https://www.lumen.com/blog-and-news/en-us/frostarmada-forest-blizzard-dns-hijacking\"\u003eLumen on 'Frost Armada' Forest Blizzard DNS Hijacking\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"WireGuard (Account Suspended)\" rel=\"nofollow\" href=\"https://news.ycombinator.com/item?id=47687884\"\u003eWireGuard (Account Suspended)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OSR on Microsoft Driver Signing Lockout\" rel=\"nofollow\" href=\"https://x.com/OSRDrivers/status/2042286973461709183\"\u003eOSR on Microsoft Driver Signing Lockout\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft: Account Verification for Windows Hardware Program\" rel=\"nofollow\" href=\"https://techcommunity.microsoft.com/blog/hardware-dev-center/action-required-account-verification-for-windows-hardware-program-begins-october/4455452\"\u003eMicrosoft: Account Verification for Windows Hardware Program\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US Warns of Iran-Linked Cyber Hacks on Water, Energy Systems\" rel=\"nofollow\" href=\"https://archive.ph/nqUvK\"\u003eUS Warns of Iran-Linked Cyber Hacks on Water, Energy Systems\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA bulletin: Iranian Hackers Exploiting PLCs Across US Critical Infrastructure\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a\"\u003eCISA bulletin: Iranian Hackers Exploiting PLCs Across US Critical Infrastructure\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Watch S4: The Bob Lazar Story\" rel=\"nofollow\" href=\"https://www.amazon.com/S4-Lazar-Story-Luigi-Vendittelli/dp/B0GL9JHLGW\"\u003eWatch S4: The Bob Lazar Story\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"YouTube: Dan Guido at [un]prompted\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=kgwvAyF7qsA\"\u003eYouTube: Dan Guido at [un]prompted\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals).\r\n\r\nThree Buddy Problem - Episode 93: We discuss Anthropic's release of Claude Mythos Preview (an AI model so capable and dangerous they won't release it publicly) and debate the looming patching crisis, bug bounty extinction, possible US government nationalization of frontier labs, and why the NSA might not be thrilled about all this bug-fixing. \r\n\r\nPlus, North Korea's six-month Drift Protocol con job, APT28's retro DNS hijacking campaign, and Microsoft's driver signing mess hitting WireGuard and VeraCrypt.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. \r\n\r\n0:00 — Opening banter\r\n1:36 — Claude Mythos Preview, Project Glasswing Announcement\r\n7:22 — Parsing the Hype: Is Mythos Really a Step Change?\r\n11:31 — Costin's Take: Is This All a PR Stunt?\r\n17:10 — The Patching Problem: What Happens After the Zero Days?\r\n28:11 — Bug Bounty Programs Under Threat from AI\r\n33:37 — What Will Companies Actually Do With Mythos?\r\n45:09 — Geopolitics: Where Is the US Government? Nationalization Talk\r\n53:01 — Source Code vs. Binary: The Real Limits of Mythos\r\n1:00:01 — Model Recklessness, Guardrails and the Psychiatrist\r\n1:06:17 — Fortinet: Another Zero Day, No Patch, No IOCs\r\n1:09:08 — North Korean Drift Protocol Heist: $285 Million Stolen\r\n1:24:39 — SOHO Router DNS Hijacking: APT28 and FBI Disruption\r\n1:32:34 — Microsoft Suspensions Hit WireGuard, VeraCrypt, OSR\r\n1:38:49 — Shout-Outs, Conferences \u0026 Closing\r\n","date_published":"2026-04-10T13:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/cc2c69d7-921c-4ac8-b034-4546ab0e3de8.mp3","mime_type":"audio/mpeg","size_in_bytes":127570297,"duration_in_seconds":9276}]},{"id":"3522bb83-8f21-4dff-abdd-01c9891be4d6","title":"LLMs writing exploits, engineers losing skills, and a case for the generative OS","url":"https://securityconversations.fireside.fm/llm-exploit-engineer-skills-generative-os","content_text":"(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\n\nThree Buddy Problem - Episode 92: Costin walks through real-world ransomware incident response while Juanito makes the case for AI-generated operating systems that never run anyone else's code. Plus, debates on whether vulnerability research is cooked, why nobody should pay ransoms, and what the security industry looks like after the massive AI flood.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.\n\n0:00 – Introductory banter\n2:00 – Costin's ransomware incident response work\n3:30 – How attackers break in: Fortinet vulnerabilities everywhere\n6:30 – Hunting for ransomware decryption keys \n9:00 – Breaking into ransomware C2s and monitoring leak sites\n12:00 – The ransom payment debate: should you ever pay?\n16:00 – Why \"don't pay the ransom\" is overgeneralized\n21:00 – How ransomware gangs price their demands\n24:00 – The AI-pilling of the security industry\n28:30 – Nicholas Carlini, Ptacek, and \"vulnerability research is cooked\"\n35:00 – Towards a generative-first operating system\n41:00 – Code factories, trusted computing, and killing dependencies\n48:00 – Microsoft and Apple's AI positioning\n56:00 – Chris St. Myers' \"Cognitive Rust Belt\" essay\n1:18:00 – Choice, The Matrix, and the illusion of control\n1:38:00 – Supply chain attacks, North Korea, and dependency sprawlLinks:Transcript\nNicholas Carlini - Black-hat LLMs\nPtacek: Vulnerability Research Is Cooked\nChris St Myers: Why Organizations Are Confusing Temporary Friction with Permanent Safety\nDan Geer: Children of the Magenta\nCalif: Month of AI-Discovered Bugs\nClaude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell\nInternet Bug Bounty Pauses Bug Bounty Program \nNode.js Bug Bounty Program Paused Due to Loss of Funding\nElastic: How we caught the Axios supply chain attack\nElastic tool: supply-chain-monitor \nApple Will Push Out Rare ‘Backported’ Patches to iOS 18 Users\nWhatsApp Alerts 200 Users After Fake iOS App Installed Spyware\nThe Human-Machine Team\nArsenal Recon Tool\nTLPBLACK\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 92\u003c/strong\u003e: Costin walks through real-world ransomware incident response while Juanito makes the case for AI-generated operating systems that never run anyone else's code. Plus, debates on whether vulnerability research is cooked, why nobody should pay ransoms, and what the security industry looks like after the massive AI flood.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e0:00 – Introductory banter\u003cbr\u003e\n2:00 – Costin's ransomware incident response work\u003cbr\u003e\n3:30 – How attackers break in: Fortinet vulnerabilities everywhere\u003cbr\u003e\n6:30 – Hunting for ransomware decryption keys \u003cbr\u003e\n9:00 – Breaking into ransomware C2s and monitoring leak sites\u003cbr\u003e\n12:00 – The ransom payment debate: should you ever pay?\u003cbr\u003e\n16:00 – Why \"don't pay the ransom\" is overgeneralized\u003cbr\u003e\n21:00 – How ransomware gangs price their demands\u003cbr\u003e\n24:00 – The AI-pilling of the security industry\u003cbr\u003e\n28:30 – Nicholas Carlini, Ptacek, and \"vulnerability research is cooked\"\u003cbr\u003e\n35:00 – Towards a generative-first operating system\u003cbr\u003e\n41:00 – Code factories, trusted computing, and killing dependencies\u003cbr\u003e\n48:00 – Microsoft and Apple's AI positioning\u003cbr\u003e\n56:00 – Chris St. Myers' \"Cognitive Rust Belt\" essay\u003cbr\u003e\n1:18:00 – Choice, The Matrix, and the illusion of control\u003cbr\u003e\n1:38:00 – Supply chain attacks, North Korea, and dependency sprawl\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1U_trUjJ2pr3MFSPJocqpD5zzFoPCq7w_zRqUaqAcoD8/edit?tab=t.0#heading=h.l8bcya3t95p\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Nicholas Carlini - Black-hat LLMs\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=1sd26pWhfmg\"\u003eNicholas Carlini - Black-hat LLMs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ptacek: Vulnerability Research Is Cooked\" rel=\"nofollow\" href=\"https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/\"\u003ePtacek: Vulnerability Research Is Cooked\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chris St Myers: Why Organizations Are Confusing Temporary Friction with Permanent Safety\" rel=\"nofollow\" href=\"https://www.sentinelone.com/blog/the-implementation-blind-spot-why-organizations-are-confusing-temporary-friction-with-permanent-safety/\"\u003eChris St Myers: Why Organizations Are Confusing Temporary Friction with Permanent Safety\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dan Geer: Children of the Magenta\" rel=\"nofollow\" href=\"https://www.computer.org/csdl/magazine/sp/2015/05/msp2015050104/13rRUxASutL\"\u003eDan Geer: Children of the Magenta\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Calif: Month of AI-Discovered Bugs\" rel=\"nofollow\" href=\"https://blog.calif.io/p/mad-bugs-month-of-ai-discovered-bugs\"\u003eCalif: Month of AI-Discovered Bugs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell\" rel=\"nofollow\" href=\"https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd\"\u003eClaude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Internet Bug Bounty Pauses Bug Bounty Program \" rel=\"nofollow\" href=\"https://hackerone.com/ibb/policy_versions?change=3771829\u0026amp;type=team\"\u003eInternet Bug Bounty Pauses Bug Bounty Program \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Node.js Bug Bounty Program Paused Due to Loss of Funding\" rel=\"nofollow\" href=\"https://nodejs.org/en/blog/announcements/discontinuing-security-bug-bounties\"\u003eNode.js Bug Bounty Program Paused Due to Loss of Funding\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Elastic: How we caught the Axios supply chain attack\" rel=\"nofollow\" href=\"https://www.elastic.co/security-labs/how-we-caught-the-axios-supply-chain-attack\"\u003eElastic: How we caught the Axios supply chain attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Elastic tool: supply-chain-monitor \" rel=\"nofollow\" href=\"https://github.com/elastic/supply-chain-monitor\"\u003eElastic tool: supply-chain-monitor \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple Will Push Out Rare ‘Backported’ Patches to iOS 18 Users\" rel=\"nofollow\" href=\"https://archive.ph/lnKTe\"\u003eApple Will Push Out Rare ‘Backported’ Patches to iOS 18 Users\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware\" rel=\"nofollow\" href=\"https://thehackernews.com/2026/04/whatsapp-alerts-200-users-after-fake.html\"\u003eWhatsApp Alerts 200 Users After Fake iOS App Installed Spyware\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Human-Machine Team\" rel=\"nofollow\" href=\"https://www.amazon.com/Human-Machine-Team-Artificial-Intelligence-Revolutionize/dp/B0948LGS3K\"\u003eThe Human-Machine Team\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Arsenal Recon Tool\" rel=\"nofollow\" href=\"https://arsenalrecon.com/additional-products\"\u003eArsenal Recon Tool\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK - High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\r\n\r\nThree Buddy Problem - Episode 92: Costin walks through real-world ransomware incident response while Juanito makes the case for AI-generated operating systems that never run anyone else's code. Plus, debates on whether vulnerability research is cooked, why nobody should pay ransoms, and what the security industry looks like after the massive AI flood.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. \r\n\r\n0:00 – Introductory banter\r\n2:00 – Costin's ransomware incident response work\r\n3:30 – How attackers break in: Fortinet vulnerabilities everywhere\r\n6:30 – Hunting for ransomware decryption keys \r\n9:00 – Breaking into ransomware C2s and monitoring leak sites\r\n12:00 – The ransom payment debate: should you ever pay?\r\n16:00 – Why \"don't pay the ransom\" is overgeneralized\r\n21:00 – How ransomware gangs price their demands\r\n24:00 – The AI-pilling of the security industry\r\n28:30 – Nicholas Carlini, Ptacek, and \"vulnerability research is cooked\"\r\n35:00 – Towards a generative-first operating system\r\n41:00 – Code factories, trusted computing, and killing dependencies\r\n48:00 – Microsoft and Apple's AI positioning\r\n56:00 – Chris St. Myers' \"Cognitive Rust Belt\" essay\r\n1:18:00 – Choice, The Matrix, and the illusion of control\r\n1:38:00 – Supply chain attacks, North Korea, and dependency sprawl\r\n","date_published":"2026-04-03T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/3522bb83-8f21-4dff-abdd-01c9891be4d6.mp3","mime_type":"audio/mpeg","size_in_bytes":113808314,"duration_in_seconds":8396}]},{"id":"a7041bf8-53f7-4733-9052-dc5adfd2282c","title":"Jeremy Banon: Personal Exec Compromise as Corporate Incident","url":"https://securityconversations.fireside.fm/jeremy-banon-cyber-health-company","content_text":"(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\n\nSecurity Conversations: Jeremy Bannon, founder/CEO of The Cyber Health Company, joins Ryan Naraine to discuss why executive personal cybersecurity is a growing blind spot for organizations, and real-world incidents where personal compromises became corporate crises.\n\nPlus, why CISOs struggle to secure the C-suite's personal lives, and how a healthcare-inspired model (complete with risk scores, care plans, and concierge support) can help companies close the gap. \n\n0:00 — Introduction to The Cyber Health Company \n1:00 — Why personal security is a blind spot for organizations \n2:00 — Real examples: Disney hack, Instagram compromise, productivity loss \n6:50 — Executives circumventing IT policy and Shadow-AI \n8:43 — Digital immunity: resilience and incident response readiness \n10:25 — The healthcare model for cybersecurity communication \n12:14 — How the Cyber Health Score and risk coefficient work \n15:34 — OSINT intake: why your social security number isn't private \n17:26 — The state of executive security hygiene and the concierge model\n35:00 — AI, deepfakes, and the scaling of commodity attacksLinks:Transcript\nTLPBLACK\nThe Cyber Health Company\nIran-linked hackers breach FBI director's personal email\nDisney to stop using Salesforce-owned Slack after hack\nJefferies says CEO Handler's Instagram account hacked\nJeremy Banon on LinkedIn\nJeremy Banon on X/Twitter\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eSecurity Conversations\u003c/strong\u003e: Jeremy Bannon, founder/CEO of The Cyber Health Company, joins Ryan Naraine to discuss why executive personal cybersecurity is a growing blind spot for organizations, and real-world incidents where personal compromises became corporate crises.\u003c/p\u003e\n\n\u003cp\u003ePlus, why CISOs struggle to secure the C-suite's personal lives, and how a healthcare-inspired model (complete with risk scores, care plans, and concierge support) can help companies close the gap. \u003c/p\u003e\n\n\u003cp\u003e0:00 — Introduction to The Cyber Health Company \u003cbr\u003e\n1:00 — Why personal security is a blind spot for organizations \u003cbr\u003e\n2:00 — Real examples: Disney hack, Instagram compromise, productivity loss \u003cbr\u003e\n6:50 — Executives circumventing IT policy and Shadow-AI \u003cbr\u003e\n8:43 — Digital immunity: resilience and incident response readiness \u003cbr\u003e\n10:25 — The healthcare model for cybersecurity communication \u003cbr\u003e\n12:14 — How the Cyber Health Score and risk coefficient work \u003cbr\u003e\n15:34 — OSINT intake: why your social security number isn't private \u003cbr\u003e\n17:26 — The state of executive security hygiene and the concierge model\u003cbr\u003e\n35:00 — AI, deepfakes, and the scaling of commodity attacks\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1m-B-rOrG55L2nl93wZMA3JdmogNY0Y2cZtT3R8c6EeA/edit?tab=t.0\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Cyber Health Company\" rel=\"nofollow\" href=\"https://cyberhealth.co/\"\u003eThe Cyber Health Company\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Iran-linked hackers breach FBI director\u0026#39;s personal email\" rel=\"nofollow\" href=\"https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/\"\u003eIran-linked hackers breach FBI director's personal email\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Disney to stop using Salesforce-owned Slack after hack\" rel=\"nofollow\" href=\"https://www.reuters.com/business/media-telecom/disney-stop-using-salesforce-owned-slack-after-hack-exposed-company-data-wsj-2024-09-19/\"\u003eDisney to stop using Salesforce-owned Slack after hack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Jefferies says CEO Handler\u0026#39;s Instagram account hacked\" rel=\"nofollow\" href=\"https://www.reuters.com/technology/jefferies-says-ceo-handlers-instagram-account-hacked-2022-05-06/\"\u003eJefferies says CEO Handler's Instagram account hacked\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Jeremy Banon on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/jeremybanon/\"\u003eJeremy Banon on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Jeremy Banon on X/Twitter\" rel=\"nofollow\" href=\"https://x.com/jeremybanon\"\u003eJeremy Banon on X/Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK - High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\r\n\r\nSecurity Conversations: Jeremy Bannon, founder/CEO of The Cyber Health Company, joins Ryan Naraine to discuss why executive personal cybersecurity is a growing blind spot for organizations, and real-world incidents where personal compromises became corporate crises.\r\n\r\nPlus, why CISOs struggle to secure the C-suite's personal lives, and how a healthcare-inspired model (complete with risk scores, care plans, and concierge support) can help companies close the gap. \r\n\r\n0:00 — Introduction to The Cyber Health Company \r\n1:00 — Why personal security is a blind spot for organizations \r\n2:00 — Real examples: Disney hack, Instagram compromise, productivity loss \r\n6:50 — Executives circumventing IT policy and Shadow-AI \r\n8:43 — Digital immunity: resilience and incident response readiness \r\n10:25 — The healthcare model for cybersecurity communication \r\n12:14 — How the Cyber Health Score and risk coefficient work \r\n15:34 — OSINT intake: why your social security number isn't private \r\n17:26 — The state of executive security hygiene and the concierge model\r\n35:00 — AI, deepfakes, and the scaling of commodity attacks\r\n","date_published":"2026-04-01T07:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a7041bf8-53f7-4733-9052-dc5adfd2282c.mp3","mime_type":"audio/mpeg","size_in_bytes":30828561,"duration_in_seconds":2187}]},{"id":"020fab1b-ad5d-4221-95a4-910623065a2d","title":"Google's Cyber Disruption Unit; Coruna is Triangulation, US Bans Foreign-Made Routers","url":"https://securityconversations.fireside.fm/1","content_text":"(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\n\nThree Buddy Problem - Episode 91: This week we dig into Google's new cyber threat disruption unit announced at RSAC, Kaspersky confirming Coruna is a direct evolution of Operation Triangulation, and a cascading supply chain compromise that chained through LiteLLM, Trivy, and Checkmarx into thousands of software pipelines. \n\nPlus, VCs and the breathless AI hype, Apple's iOS 26.4 and silent patches, the FCC's ban on foreign-made routers, and Symantec catching an APT looking for Chinese military data.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.\n\n0:00 Intro \u0026amp; Pre-Show Banter\n3:08 JAGS in San Francisco: RSAC week recap\n6:05 Google Launches Cyber Disruption Unit — What's Actually New?\n13:43 Why Separate Disruption Units Matter: ROI \u0026amp; Budget Justification\n29:11 Haroon Meer's RSA Reality Check: The AI Hype Machine\n32:37 The VC Ponzi Cycle \u0026amp; How Easy Money Hollowed Out Cybersecurity\n47:32 ENT.ai \u0026amp; Tenex AI Hackathon at RSAC\n53:08 Kaspersky Links Corona Exploit Kit to Operation Triangulation\n1:08:09 Trenchant Cleanup \u0026amp; Lessons from Equation Group Burns\n1:19:31 Apple iOS Patches, Hong Kong Device Passcode Law \n1:27:53 Handala Hacks FBI Director Kash Patel's Personal Gmail\n1:37:32 LeakBase Admin \"Chucky\" Arrested in Russia — FSB Gets the Data\n1:45:38 Supply Chain Attacks: TeamPCP Hits LiteLLM \u0026amp; Trivy\n2:04:34 FCC Bans Foreign-Made Routers — But What Do We Buy?Links:Transcript\nTLPBLACK Solutions\nGoogle launches threat disruption unit at RSAC\nWhite House downplays cyber ‘letters of marque’ speculation\nHaroon Meer on RSAC 2026\nKaspersky on Coruna/Triangulation Connection\nApple Security Bulletin - iOS 26.4\nReverse engineering Apple’s silent security fixes\nNew Hong Kong Law on Phone/Laptop Passwords\nIran-linked hackers breach FBI director's personal email\nUS DOJ Disrupts Iranian Cyber Enabled Psychological Operations\nOfficial Statement on Stryker Network Disruption\nRussia arrests Leakbase admin\nTrivy ecosystem supply chain compromised (Advisory)\nSelf-propagating malware poisons open source software and wipes Iran-based machines\nNew Malware Targets Users of Cobra DocGuard Software\nFCC bans 'foreign made' consumer routers (PDF)\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 91\u003c/strong\u003e: This week we dig into Google's new cyber threat disruption unit announced at RSAC, Kaspersky confirming Coruna is a direct evolution of Operation Triangulation, and a cascading supply chain compromise that chained through LiteLLM, Trivy, and Checkmarx into thousands of software pipelines. \u003c/p\u003e\n\n\u003cp\u003ePlus, VCs and the breathless AI hype, Apple's iOS 26.4 and silent patches, the FCC's ban on foreign-made routers, and Symantec catching an APT looking for Chinese military data.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e0:00 Intro \u0026amp; Pre-Show Banter\u003cbr\u003e\n3:08 JAGS in San Francisco: RSAC week recap\u003cbr\u003e\n6:05 Google Launches Cyber Disruption Unit — What's Actually New?\u003cbr\u003e\n13:43 Why Separate Disruption Units Matter: ROI \u0026amp; Budget Justification\u003cbr\u003e\n29:11 Haroon Meer's RSA Reality Check: The AI Hype Machine\u003cbr\u003e\n32:37 The VC Ponzi Cycle \u0026amp; How Easy Money Hollowed Out Cybersecurity\u003cbr\u003e\n47:32 ENT.ai \u0026amp; Tenex AI Hackathon at RSAC\u003cbr\u003e\n53:08 Kaspersky Links Corona Exploit Kit to Operation Triangulation\u003cbr\u003e\n1:08:09 Trenchant Cleanup \u0026amp; Lessons from Equation Group Burns\u003cbr\u003e\n1:19:31 Apple iOS Patches, Hong Kong Device Passcode Law \u003cbr\u003e\n1:27:53 Handala Hacks FBI Director Kash Patel's Personal Gmail\u003cbr\u003e\n1:37:32 LeakBase Admin \"Chucky\" Arrested in Russia — FSB Gets the Data\u003cbr\u003e\n1:45:38 Supply Chain Attacks: TeamPCP Hits LiteLLM \u0026amp; Trivy\u003cbr\u003e\n2:04:34 FCC Bans Foreign-Made Routers — But What Do We Buy?\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/11MJU1XFXzjukFrkVnS6FtxHCXwfhX-WcoxmQOhcjYzU/edit?tab=t.0\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK Solutions\" rel=\"nofollow\" href=\"https://tlpblack.net/#solutions-pdns\"\u003eTLPBLACK Solutions\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google launches threat disruption unit at RSAC\" rel=\"nofollow\" href=\"https://www.nextgov.com/cybersecurity/2026/03/google-launches-threat-disruption-unit-stops-short-calling-it-offensive/412321/\"\u003eGoogle launches threat disruption unit at RSAC\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"White House downplays cyber ‘letters of marque’ speculation\" rel=\"nofollow\" href=\"https://therecord.media/offensive-cyber-white-house-hacking\"\u003eWhite House downplays cyber ‘letters of marque’ speculation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Haroon Meer on RSAC 2026\" rel=\"nofollow\" href=\"https://blog.thinkst.com/2026/03/rsac-infosec-themes-and-crumby-products.html\"\u003eHaroon Meer on RSAC 2026\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kaspersky on Coruna/Triangulation Connection\" rel=\"nofollow\" href=\"https://securelist.com/coruna-framework-updated-operation-triangulation-exploit/119228/\"\u003eKaspersky on Coruna/Triangulation Connection\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple Security Bulletin - iOS 26.4\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/126792\"\u003eApple Security Bulletin - iOS 26.4\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Reverse engineering Apple’s silent security fixes\" rel=\"nofollow\" href=\"https://blog.calif.io/p/reverse-engineering-apples-silent\"\u003eReverse engineering Apple’s silent security fixes\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"New Hong Kong Law on Phone/Laptop Passwords\" rel=\"nofollow\" href=\"https://hk.usconsulate.gov/security-alert-2026032601/\"\u003eNew Hong Kong Law on Phone/Laptop Passwords\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Iran-linked hackers breach FBI director\u0026#39;s personal email\" rel=\"nofollow\" href=\"https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/\"\u003eIran-linked hackers breach FBI director's personal email\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US DOJ Disrupts Iranian Cyber Enabled Psychological Operations\" rel=\"nofollow\" href=\"https://www.justice.gov/opa/pr/justice-department-disrupts-iranian-cyber-enabled-psychological-operations\"\u003eUS DOJ Disrupts Iranian Cyber Enabled Psychological Operations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Official Statement on Stryker Network Disruption\" rel=\"nofollow\" href=\"https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html\"\u003eOfficial Statement on Stryker Network Disruption\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russia arrests Leakbase admin\" rel=\"nofollow\" href=\"https://tass.ru/proisshestviya/26879969\"\u003eRussia arrests Leakbase admin\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Trivy ecosystem supply chain compromised (Advisory)\" rel=\"nofollow\" href=\"https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23\"\u003eTrivy ecosystem supply chain compromised (Advisory)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Self-propagating malware poisons open source software and wipes Iran-based machines\" rel=\"nofollow\" href=\"https://arstechnica.com/security/2026/03/self-propagating-malware-poisons-open-source-software-and-wipes-iran-based-machines/\"\u003eSelf-propagating malware poisons open source software and wipes Iran-based machines\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"New Malware Targets Users of Cobra DocGuard Software\" rel=\"nofollow\" href=\"https://www.security.com/threat-intelligence/speagle-cobradocguard-infostealer\"\u003eNew Malware Targets Users of Cobra DocGuard Software\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"FCC bans \u0026#39;foreign made\u0026#39; consumer routers (PDF)\" rel=\"nofollow\" href=\"https://docs.fcc.gov/public/attachments/DOC-420034A1.pdf\"\u003eFCC bans 'foreign made' consumer routers (PDF)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK - High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\r\n\r\nThree Buddy Problem - Episode 91: This week we dig into Google's new cyber threat disruption unit announced at RSAC, Kaspersky confirming Coruna is a direct evolution of Operation Triangulation, and a cascading supply chain compromise that chained through LiteLLM, Trivy, and Checkmarx into thousands of software pipelines. \r\n\r\nPlus, VCs and the breathless AI hype, Apple's iOS 26.4 and silent patches, the FCC's ban on foreign-made routers, and Symantec catching an APT looking for Chinese military data.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. \r\n\r\n0:00 Intro \u0026 Pre-Show Banter\r\n3:08 JAGS in San Francisco: RSAC week recap\r\n6:05 Google Launches Cyber Disruption Unit — What's Actually New?\r\n13:43 Why Separate Disruption Units Matter: ROI \u0026 Budget Justification\r\n29:11 Haroon Meer's RSA Reality Check: The AI Hype Machine\r\n32:37 The VC Ponzi Cycle \u0026 How Easy Money Hollowed Out Cybersecurity\r\n47:32 ENT.ai \u0026 Tenex AI Hackathon at RSAC\r\n53:08 Kaspersky Links Corona Exploit Kit to Operation Triangulation\r\n1:08:09 Trenchant Cleanup \u0026 Lessons from Equation Group Burns\r\n1:19:31 Apple iOS Patches, Hong Kong Device Passcode Law \r\n1:27:53 Handala Hacks FBI Director Kash Patel's Personal Gmail\r\n1:37:32 LeakBase Admin \"Chucky\" Arrested in Russia — FSB Gets the Data\r\n1:45:38 Supply Chain Attacks: TeamPCP Hits LiteLLM \u0026 Trivy\r\n2:04:34 FCC Bans Foreign-Made Routers — But What Do We Buy?","date_published":"2026-03-28T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/020fab1b-ad5d-4221-95a4-910623065a2d.mp3","mime_type":"audio/mpeg","size_in_bytes":129104025,"duration_in_seconds":9144}]},{"id":"3faf0dca-154f-4bf1-a297-a945ce9c457c","title":"The greatest APT hunter of all time, Apple's exploit kit problem, Microsoft FedRAMP mess","url":"https://securityconversations.fireside.fm/sergey-mineev-apple-darksword-exploit-kit-fedramp-microsoft","content_text":"(Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)\n\nThree Buddy Problem - Episode 90: We remember GReAT teammate Sergey Mineev, the legendary malware hunter behind discoveries like Equation Group and Project Sauron (Remsec), including stories about his methods and why he was the best to ever do it. \n\nPlus, another in-the-wild iOS exploit kit discovery and a long overdue conversation about Apple's responsibility to hundreds of millions of users on older iOS versions; the ProPublica Microsoft/FedRAMP bombshell, Interlock ransomware sitting on a Cisco zero-day, the White House AI policy framework, and Supermicro co-founder $2.5 billion AI chip smuggling bust.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript \nThinkst Canary\nEquation Group: The Crown Creator of Cyber-Espionage\nThe Project Sauron APT\nGoogle: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors\niVerify: Inside DarkSword - A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites\nLookout: Attackers Wielding DarkSword Threaten iOS Users\nApple statement on Coruna, DarkSword\nAmazon discovers Interlock ransomware hitting enterprise firewalls\nCisco Secure Firewall Management Center RCE Flaw\nCISA Urges Endpoint Management System Hardening After Stryker Attack\nStryker statements on wiper network disruption\nFederal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.\nWhite House Unveils National AI Legislative Framework\nSupermicro Founder Charged with Diverting AI tech to China\nNEBULA:FOG 2026 | AI x Security Hackathon\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://canary.tools\" target=\"_blank\" rel=\"nofollow noopener\"\u003eThinkst Canary\u003c/a\u003e: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 90\u003c/strong\u003e: We remember GReAT teammate Sergey Mineev, the legendary malware hunter behind discoveries like Equation Group and Project Sauron (Remsec), including stories about his methods and why he was the best to ever do it. \u003c/p\u003e\n\n\u003cp\u003ePlus, another in-the-wild iOS exploit kit discovery and a long overdue conversation about Apple's responsibility to hundreds of millions of users on older iOS versions; the ProPublica Microsoft/FedRAMP bombshell, Interlock ransomware sitting on a Cisco zero-day, the White House AI policy framework, and Supermicro co-founder $2.5 billion AI chip smuggling bust.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript \" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1omZagfRGkZZLy3O_t_YmBl_dfbXPQ03QjnFAM2Sw9XE/edit?tab=t.0\"\u003eTranscript \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Thinkst Canary\" rel=\"nofollow\" href=\"https://canary.tools/\"\u003eThinkst Canary\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Equation Group: The Crown Creator of Cyber-Espionage\" rel=\"nofollow\" href=\"https://www.kaspersky.com/about/press-releases/equation-group-the-crown-creator-of-cyber-espionage\"\u003eEquation Group: The Crown Creator of Cyber-Espionage\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Project Sauron APT\" rel=\"nofollow\" href=\"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07190154/The-ProjectSauron-APT_research_KL.pdf\"\u003eThe Project Sauron APT\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain\"\u003eGoogle: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"iVerify: Inside DarkSword - A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites\" rel=\"nofollow\" href=\"https://iverify.io/blog/darksword-ios-exploit-kit-explained\"\u003eiVerify: Inside DarkSword - A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Lookout: Attackers Wielding DarkSword Threaten iOS Users\" rel=\"nofollow\" href=\"https://www.lookout.com/threat-intelligence/article/darksword\"\u003eLookout: Attackers Wielding DarkSword Threaten iOS Users\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple statement on Coruna, DarkSword\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/126776\"\u003eApple statement on Coruna, DarkSword\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Amazon discovers Interlock ransomware hitting enterprise firewalls\" rel=\"nofollow\" href=\"https://aws.amazon.com/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/\"\u003eAmazon discovers Interlock ransomware hitting enterprise firewalls\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cisco Secure Firewall Management Center RCE Flaw\" rel=\"nofollow\" href=\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh\"\u003eCisco Secure Firewall Management Center RCE Flaw\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA Urges Endpoint Management System Hardening After Stryker Attack\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization\"\u003eCISA Urges Endpoint Management System Hardening After Stryker Attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Stryker statements on wiper network disruption\" rel=\"nofollow\" href=\"https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html\"\u003eStryker statements on wiper network disruption\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.\" rel=\"nofollow\" href=\"https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government\"\u003eFederal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"White House Unveils National AI Legislative Framework\" rel=\"nofollow\" href=\"https://www.whitehouse.gov/articles/2026/03/president-donald-j-trump-unveils-national-ai-legislative-framework/\"\u003eWhite House Unveils National AI Legislative Framework\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Supermicro Founder Charged with Diverting AI tech to China\" rel=\"nofollow\" href=\"https://www.justice.gov/opa/pr/three-charged-conspiring-unlawfully-divert-cutting-edge-us-artificial-intelligence\"\u003eSupermicro Founder Charged with Diverting AI tech to China\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NEBULA:FOG 2026 | AI x Security Hackathon\" rel=\"nofollow\" href=\"https://nebulafog.ai/\"\u003eNEBULA:FOG 2026 | AI x Security Hackathon\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by Thinkst Canary. Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With 0 admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)\r\n\r\nThree Buddy Problem - Episode 90: We remember GReAT teammate Sergey Mineev, the legendary malware hunter behind discoveries like Equation Group and Project Sauron (Remsec), including stories about his methods and why he was the best to ever do it. \r\n\r\nPlus, another in-the-wild iOS exploit kit discovery and a long overdue conversation about Apple's responsibility to hundreds of millions of users on older iOS versions; the ProPublica Microsoft/FedRAMP bombshell, Interlock ransomware sitting on a Cisco zero-day, the White House AI policy framework, and Supermicro co-founder $2.5 billion AI chip smuggling bust.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2026-03-20T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/3faf0dca-154f-4bf1-a297-a945ce9c457c.mp3","mime_type":"audio/mpeg","size_in_bytes":120657732,"duration_in_seconds":8840}]},{"id":"21fe7ed6-897b-4dee-a445-18a9deab022a","title":"Handala wiper attacks, APT28 implant devs are back, Signal's verification problems","url":"https://securityconversations.fireside.fm/handala-wiper-stryker-apt28-signal-whatsapp-coruna-patches","content_text":"(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\n\nThree Buddy Problem - Episode 89: We discuss Iran hacktivist group 'Handala' wiper attacks against US medical device maker Stryker, Microsoft Intune MDM tool abuse, and whether Iran's cyber retaliation is as scary as the headlines suggest.\n\nPlus, ESET's discovery that Russia's APT28 original implant developers are back after years of silence, Dutch intelligence warnings on Russian campaigns targeting Signal and WhatsApp accounts, Apple finally patching Coruna exploit kit vulnerabilities for older iPhones, and Google sharing Coruna samples that raise new questions about the exploit kit's proliferation chain.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (raw, AI-generated)\nTLPBLACK Solutions\nKim Zetter: Iranian Hacktivists Strike Medical Device Maker Stryker in \"Severe\" Attack that Wiped Systems\nStryker Cyberattack Adds to Fears of New Front in Iran War\nBloomberg: Cyberattack Hits Stryker; Pro-Iran Group Claims Credit\nWho is Handala? (Malpedia)\nPalo Alto: Increased Risk of Wiper Attacks\nCISA Advisories on Iran State-Sponsored Cyber Threat\nRussia state actors targets Signal and WhatsApp accounts\nDutch intel report on Signal, WhatsApp targeting\nSignal responds to Dutch Intel report\nESET: Resurgence of one of Russia’s most notorious APT groups\nPoland says foiled cyberattack on nuclear centre may have come from Iran\nApple ships iOS 16.7.15 to cover 'Coruna' exploits\nApple iOS 15.8.7 covers 'Coruna' exploit kit\nDetection Engineering #148\nNEBULA:FOG 2026 | AI x Security Hackathon\nEkoparty Miami (May 21-22, 2026)\nPIVOTcon Agenda\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 89\u003c/strong\u003e: We discuss Iran hacktivist group 'Handala' wiper attacks against US medical device maker Stryker, Microsoft Intune MDM tool abuse, and whether Iran's cyber retaliation is as scary as the headlines suggest.\u003c/p\u003e\n\n\u003cp\u003ePlus, ESET's discovery that Russia's APT28 original implant developers are back after years of silence, Dutch intelligence warnings on Russian campaigns targeting Signal and WhatsApp accounts, Apple finally patching Coruna exploit kit vulnerabilities for older iPhones, and Google sharing Coruna samples that raise new questions about the exploit kit's proliferation chain.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (raw, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1zhtku2XeCIhpAs7pa_p34-Rypy9WzyTdZc-pyyx6cTc/edit?tab=t.0\"\u003eTranscript (raw, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK Solutions\" rel=\"nofollow\" href=\"https://tlpblack.net/#solutions\"\u003eTLPBLACK Solutions\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kim Zetter: Iranian Hacktivists Strike Medical Device Maker Stryker in \u0026quot;Severe\u0026quot; Attack that Wiped Systems\" rel=\"nofollow\" href=\"https://www.zetter-zeroday.com/iranian-hacktivists-strike-medical-device-maker-stryker-in-severe-attack-that-wiped-systems/\"\u003eKim Zetter: Iranian Hacktivists Strike Medical Device Maker Stryker in \"Severe\" Attack that Wiped Systems\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Stryker Cyberattack Adds to Fears of New Front in Iran War\" rel=\"nofollow\" href=\"https://www.nytimes.com/2026/03/12/world/middleeast/stryker-iran-cyberattack.html\"\u003eStryker Cyberattack Adds to Fears of New Front in Iran War\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Bloomberg: Cyberattack Hits Stryker; Pro-Iran Group Claims Credit\" rel=\"nofollow\" href=\"https://archive.ph/7wpe7\"\u003eBloomberg: Cyberattack Hits Stryker; Pro-Iran Group Claims Credit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Who is Handala? (Malpedia)\" rel=\"nofollow\" href=\"https://malpedia.caad.fkie.fraunhofer.de/actor/handala\"\u003eWho is Handala? (Malpedia)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Palo Alto: Increased Risk of Wiper Attacks\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/handala-hack-wiper-attacks/\"\u003ePalo Alto: Increased Risk of Wiper Attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA Advisories on Iran State-Sponsored Cyber Threat\" rel=\"nofollow\" href=\"https://www.cisa.gov/topics/cyber-threats-and-advisories/nation-state-cyber-actors/iran/publications\"\u003eCISA Advisories on Iran State-Sponsored Cyber Threat\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russia state actors targets Signal and WhatsApp accounts\" rel=\"nofollow\" href=\"https://english.aivd.nl/latest/news/2026/03/09/russia-targets-signal-and-whatsapp-accounts-in-cyber-campaign\"\u003eRussia state actors targets Signal and WhatsApp accounts\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dutch intel report on Signal, WhatsApp targeting\" rel=\"nofollow\" href=\"https://drive.google.com/file/d/1ZWvYkM_09GULHogLSlXA4Yb8PPlRfnBP/view\"\u003eDutch intel report on Signal, WhatsApp targeting\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Signal responds to Dutch Intel report\" rel=\"nofollow\" href=\"https://bsky.app/profile/signal.org/post/3mgnap76pnk2a\"\u003eSignal responds to Dutch Intel report\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ESET: Resurgence of one of Russia’s most notorious APT groups\" rel=\"nofollow\" href=\"https://www.welivesecurity.com/en/eset-research/sednit-reloaded-back-trenches/\"\u003eESET: Resurgence of one of Russia’s most notorious APT groups\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Poland says foiled cyberattack on nuclear centre may have come from Iran\" rel=\"nofollow\" href=\"https://www.reuters.com/world/poland-says-foiled-cyberattack-nuclear-centre-may-have-come-iran-2026-03-12/\"\u003ePoland says foiled cyberattack on nuclear centre may have come from Iran\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple ships iOS 16.7.15 to cover \u0026#39;Coruna\u0026#39; exploits\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/126646\"\u003eApple ships iOS 16.7.15 to cover 'Coruna' exploits\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple iOS 15.8.7 covers \u0026#39;Coruna\u0026#39; exploit kit\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/126632\"\u003eApple iOS 15.8.7 covers 'Coruna' exploit kit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Detection Engineering #148\" rel=\"nofollow\" href=\"https://www.detectionengineering.net/p/dew-148-detection-pipeline-maturity\"\u003eDetection Engineering #148\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NEBULA:FOG 2026 | AI x Security Hackathon\" rel=\"nofollow\" href=\"https://nebulafog.ai/\"\u003eNEBULA:FOG 2026 | AI x Security Hackathon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ekoparty Miami (May 21-22, 2026)\" rel=\"nofollow\" href=\"https://ekoparty.org/miami/\"\u003eEkoparty Miami (May 21-22, 2026)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PIVOTcon Agenda\" rel=\"nofollow\" href=\"https://pivotcon.org/#agenda\"\u003ePIVOTcon Agenda\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK - High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\r\n\r\nThree Buddy Problem - Episode 89: We discuss Iran hacktivist group 'Handala' wiper attacks against US medical device maker Stryker, Microsoft Intune MDM tool abuse, and whether Iran's cyber retaliation is as scary as the headlines suggest.\r\n\r\nPlus, ESET's discovery that Russia's APT28 original implant developers are back after years of silence, Dutch intelligence warnings on Russian campaigns targeting Signal and WhatsApp accounts, Apple finally patching Coruna exploit kit vulnerabilities for older iPhones, and Google sharing Coruna samples that raise new questions about the exploit kit's proliferation chain.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2026-03-13T17:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/21fe7ed6-897b-4dee-a445-18a9deab022a.mp3","mime_type":"audio/mpeg","size_in_bytes":85654180,"duration_in_seconds":6240}]},{"id":"502a67da-c82e-4e95-bfae-642c47b5faee","title":"Trenchant, Peter Williams, and the proliferation of a Shadow Brokers-level iOS exploit framework","url":"https://securityconversations.fireside.fm/trenchant-peter-williams-coruna-ios-exploit-framework","content_text":"(Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)\n\nThree Buddy Problem - Episode 88: We unpack the fallout from public documentation of the Coruna iOS exploit kit, the likely connection to the Peter Williams/Trenchant exploit sale to Russians, how it slipped from government hands into criminal use, and the widening use of zero-days by surveillance vendors and cybercriminals.\n\nPlus, fresh signs of cyber-warfare activity tied to Iran and Israel, the FBI’s disclosure of a breach affecting internal surveillance systems, and the latest debate over AI, security tooling, and Anthropic’s public stumbles.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (raw, AI-generated)\nThinkst Canary (how it works)\nCoruna: The Mysterious Journey of a Powerful iOS Exploit Kit\niVerify Details First Known Mass iOS Attack\nMatthias Frielingsdorf on the mysterious Coruna iOS exploit kit discovery\nMatthias Frielingsdorf on Coruna (raw transcript)\nCoruna-related hashes on VirusTotal\nKaspersky: No signs Coruna iPhone exploit kit made by US\nAzimuth unlocked the San Bernardino shooter’s iPhone for the FBI\n2025 Zero-Days in Review (Google)\nFBI investigating ‘suspicious’ cyber activities on critical surveillance network\nIranian Hacking Groups Go Dark Amid US, Israeli Military Strikes\nInterplay between Iranian Targeting of IP Cameras and Physical Warfare\nIsrael says it knocked out Iran’s cyber warfare headquarters\nAmazon Bahrain facility targeted for U.S. military support\nFull transcript of Anthropic CEO Dario Amodei interview\nCodex Security (formerly Aardvark) now in research preview\nNEBULA:FOG 2026 | AI x Security Hackathon\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://canary.tools\" target=\"_blank\" rel=\"nofollow noopener\"\u003eThinkst Canary\u003c/a\u003e: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 88\u003c/strong\u003e: We unpack the fallout from public documentation of the Coruna iOS exploit kit, the likely connection to the Peter Williams/Trenchant exploit sale to Russians, how it slipped from government hands into criminal use, and the widening use of zero-days by surveillance vendors and cybercriminals.\u003c/p\u003e\n\n\u003cp\u003ePlus, fresh signs of cyber-warfare activity tied to Iran and Israel, the FBI’s disclosure of a breach affecting internal surveillance systems, and the latest debate over AI, security tooling, and Anthropic’s public stumbles.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (raw, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1hjqvWGMuFA7K5oQ5ZWC8ZbMRg9sHsHYXEAi-liB2d9w/edit?usp=sharing\"\u003eTranscript (raw, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Thinkst Canary (how it works)\" rel=\"nofollow\" href=\"https://canary.tools/#how-it-works\"\u003eThinkst Canary (how it works)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit\"\u003eCoruna: The Mysterious Journey of a Powerful iOS Exploit Kit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"iVerify Details First Known Mass iOS Attack\" rel=\"nofollow\" href=\"https://iverify.io/press-releases/first-known-mass-ios-attack\"\u003eiVerify Details First Known Mass iOS Attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Matthias Frielingsdorf on the mysterious Coruna iOS exploit kit discovery\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/matthias-frielingsdorf-on-the-mysterious-coruna-ios-exploit-kit-discovery/\"\u003eMatthias Frielingsdorf on the mysterious Coruna iOS exploit kit discovery\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Matthias Frielingsdorf on Coruna (raw transcript)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/192CYhxiWAGXdhU7EEYB2SXLUq24f1E03/edit\"\u003eMatthias Frielingsdorf on Coruna (raw transcript)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Coruna-related hashes on VirusTotal\" rel=\"nofollow\" href=\"https://x.com/Now_on_VT/status/2029887800909156681\"\u003eCoruna-related hashes on VirusTotal\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kaspersky: No signs Coruna iPhone exploit kit made by US\" rel=\"nofollow\" href=\"https://www.theregister.com/2026/03/04/kaspersky_dismisses_claims_that_coruna/\"\u003eKaspersky: No signs Coruna iPhone exploit kit made by US\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Azimuth unlocked the San Bernardino shooter’s iPhone for the FBI\" rel=\"nofollow\" href=\"https://www.washingtonpost.com/technology/2021/04/14/azimuth-san-bernardino-apple-iphone-fbi/\"\u003eAzimuth unlocked the San Bernardino shooter’s iPhone for the FBI\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"2025 Zero-Days in Review (Google)\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/2025-zero-day-review\"\u003e2025 Zero-Days in Review (Google)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"FBI investigating ‘suspicious’ cyber activities on critical surveillance network\" rel=\"nofollow\" href=\"https://edition.cnn.com/2026/03/05/politics/fbi-investigating-cyber-breach-critical-surveillance-network?cid=ios_app\"\u003eFBI investigating ‘suspicious’ cyber activities on critical surveillance network\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Iranian Hacking Groups Go Dark Amid US, Israeli Military Strikes\" rel=\"nofollow\" href=\"https://archive.ph/KLQSf\"\u003eIranian Hacking Groups Go Dark Amid US, Israeli Military Strikes\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Interplay between Iranian Targeting of IP Cameras and Physical Warfare\" rel=\"nofollow\" href=\"https://research.checkpoint.com/2026/interplay-between-iranian-targeting-of-ip-cameras-and-physical-warfare-in-the-middle-east/\"\u003eInterplay between Iranian Targeting of IP Cameras and Physical Warfare\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Israel says it knocked out Iran’s cyber warfare headquarters\" rel=\"nofollow\" href=\"https://archive.ph/4IUgU\"\u003eIsrael says it knocked out Iran’s cyber warfare headquarters\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Amazon Bahrain facility targeted for U.S. military support\" rel=\"nofollow\" href=\"https://www.cnbc.com/2026/03/04/amazon-bahrain-data-centers-targeted-iran-drone-strike.html\"\u003eAmazon Bahrain facility targeted for U.S. military support\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Full transcript of Anthropic CEO Dario Amodei interview\" rel=\"nofollow\" href=\"https://www.cbsnews.com/news/anthropic-ceo-dario-amodei-full-transcript/\"\u003eFull transcript of Anthropic CEO Dario Amodei interview\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Codex Security (formerly Aardvark) now in research preview\" rel=\"nofollow\" href=\"https://openai.com/index/codex-security-now-in-research-preview/\"\u003eCodex Security (formerly Aardvark) now in research preview\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NEBULA:FOG 2026 | AI x Security Hackathon\" rel=\"nofollow\" href=\"https://nebulafog.ai/\"\u003eNEBULA:FOG 2026 | AI x Security Hackathon\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by Thinkst Canary. Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With 0 admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)\r\n\r\nThree Buddy Problem - Episode 88: We unpack the fallout from public documentation of the Coruna iOS exploit kit, the likely connection to the Peter Williams/Trenchant exploit sale to Russians, how it slipped from government hands into criminal use, and the widening use of zero-days by surveillance vendors and cybercriminals.\r\n\r\nPlus, fresh signs of cyber-warfare activity tied to Iran and Israel, the FBI’s disclosure of a breach affecting internal surveillance systems, and the latest debate over AI, security tooling, and Anthropic’s public stumbles.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2026-03-06T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/502a67da-c82e-4e95-bfae-642c47b5faee.mp3","mime_type":"audio/mpeg","size_in_bytes":94165630,"duration_in_seconds":7183}]},{"id":"7669e3ee-6fd7-484c-a56f-bb6abb9f9207","title":"Matthias Frielingsdorf on the mysterious Coruna iOS exploit kit discovery","url":"https://securityconversations.fireside.fm/matthias-frielingsdorf-coruna-ios-exploit-kit","content_text":"(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\n\nMatthias Frielingsdorf (co-founder and VP of Research at iVerify) joins the show to discuss the mysterious US government connection to 'Coruna', an iOS exploit kit fitted with 23 exploits across five full chains targeting iPhones iOS 13 through 17.2.1. \n\nWe talk about a \"gut feeling\" connecting this to the L3 Trenchant/Peter Williams exploit sale scandal, how a nation-state-grade exploit kit ended up in the hands of a Chinese cybercrime group chasing crypto wallets, and what it means that criminal organizations are now deploying iPhone zero-days at scale. \n\nMatthias walks through what iVerify can and can't do on Apple's locked-down platform, why he thinks Apple needs to give defenders more access, the Lockdown Mode debate, the thorny issue of sample sharing in the research community, and practical advice for everyday iPhone users facing a threat landscape that just got a lot more complicated.Links:Raw Transcript\nCoruna: The Mysterious Journey of a Powerful iOS Exploit Kit\niVerify Details First Known Mass iOS Attack\nCoruna: Inside the Nation-State-Grade iOS Exploit Kit (iVerify)\nWired: A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals\nLockdown Mode or Nothing \nZero-day reality check: iOS exploitation \nAbout Lockdown Mode (Apple)\nCharlie Miller on hacking iPhones, Macbooks\nTLPBLACK\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003eMatthias Frielingsdorf (co-founder and VP of Research at iVerify) joins the show to discuss the mysterious US government connection to 'Coruna', an iOS exploit kit fitted with 23 exploits across five full chains targeting iPhones iOS 13 through 17.2.1. \u003c/p\u003e\n\n\u003cp\u003eWe talk about a \"gut feeling\" connecting this to the L3 Trenchant/Peter Williams exploit sale scandal, how a nation-state-grade exploit kit ended up in the hands of a Chinese cybercrime group chasing crypto wallets, and what it means that criminal organizations are now deploying iPhone zero-days at scale. \u003c/p\u003e\n\n\u003cp\u003eMatthias walks through what iVerify can and can't do on Apple's locked-down platform, why he thinks Apple needs to give defenders more access, the Lockdown Mode debate, the thorny issue of sample sharing in the research community, and practical advice for everyday iPhone users facing a threat landscape that just got a lot more complicated.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Raw Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/192CYhxiWAGXdhU7EEYB2SXLUq24f1E03/edit\"\u003eRaw Transcript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit\"\u003eCoruna: The Mysterious Journey of a Powerful iOS Exploit Kit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"iVerify Details First Known Mass iOS Attack\" rel=\"nofollow\" href=\"https://iverify.io/press-releases/first-known-mass-ios-attack\"\u003eiVerify Details First Known Mass iOS Attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Coruna: Inside the Nation-State-Grade iOS Exploit Kit (iVerify)\" rel=\"nofollow\" href=\"https://iverify.io/blog/coruna-inside-the-nation-state-grade-ios-exploit-kit-we-ve-been-tracking\"\u003eCoruna: Inside the Nation-State-Grade iOS Exploit Kit (iVerify)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Wired: A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals\" rel=\"nofollow\" href=\"https://archive.ph/r7jGc\"\u003eWired: A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Lockdown Mode or Nothing \" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=fAhTPMmvrB0\"\u003eLockdown Mode or Nothing \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Zero-day reality check: iOS exploitation \" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=YTRQ56n0yHA\"\u003eZero-day reality check: iOS exploitation \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"About Lockdown Mode (Apple)\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/105120\"\u003eAbout Lockdown Mode (Apple)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Charlie Miller on hacking iPhones, Macbooks\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/charlie-miller-on-hacking-iphones-macbooks-jeep-and-self-driving-cars/\"\u003eCharlie Miller on hacking iPhones, Macbooks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/#solutions\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK - High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\r\n\r\nMatthias Frielingsdorf (co-founder and VP of Research at iVerify) joins the show to discuss the mysterious US government connection to 'Coruna', an iOS exploit kit fitted with 23 exploits across five full chains targeting iPhones iOS 13 through 17.2.1. \r\n\r\nWe talk about a \"gut feeling\" connecting this to the L3 Trenchant/Peter Williams exploit sale scandal, how a nation-state-grade exploit kit ended up in the hands of a Chinese cybercrime group chasing crypto wallets, and what it means that criminal organizations are now deploying iPhone zero-days at scale. \r\n\r\nMatthias walks through what iVerify can and can't do on Apple's locked-down platform, why he thinks Apple needs to give defenders more access, the Lockdown Mode debate, the thorny issue of sample sharing in the research community, and practical advice for everyday iPhone users facing a threat landscape that just got a lot more complicated.","date_published":"2026-03-05T16:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/7669e3ee-6fd7-484c-a56f-bb6abb9f9207.mp3","mime_type":"audio/mpeg","size_in_bytes":34892689,"duration_in_seconds":2344}]},{"id":"b9815070-450a-43d3-8970-287ef88e305c","title":"Threat Hunter Greg Linares on the modern ransomware playbook","url":"https://securityconversations.fireside.fm/greg-linares-modern-ransomware-playbook","content_text":"(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\n\nHuntress threat intelligence analyst Greg Linares shares insights on the modern ransomware ecosystem, including how crews operate like businesses and why Akira, Medusa, RansomHub, and Qilin cause so much damage. Plus, signs of overlap between ransomware and nation-state activity, what “time to ransom” really means for defenders, and why techniques like ClickFix and credential theft keep working at scale. \n\nThe conversation also covers the surge in RMM tool abuse, how “living off the land” attacks can unfold without traditional malware, and the basic defenses smaller organizations can prioritize.Links:TLPBLACK\nTranscript\nHuntress 2025 Cyber Threat Report\nMicrosoft: Think before you Click(Fix)\nAkira Ransomware\nCISA: Protecting Against Malicious Use of Remote Monitoring and Management Software\nEp9: The blurring lines between nation-state APTs and the ransomware epidemic \nChinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003eHuntress threat intelligence analyst Greg Linares shares insights on the modern ransomware ecosystem, including how crews operate like businesses and why Akira, Medusa, RansomHub, and Qilin cause so much damage. Plus, signs of overlap between ransomware and nation-state activity, what “time to ransom” really means for defenders, and why techniques like ClickFix and credential theft keep working at scale. \u003c/p\u003e\n\n\u003cp\u003eThe conversation also covers the surge in RMM tool abuse, how “living off the land” attacks can unfold without traditional malware, and the basic defenses smaller organizations can prioritize.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1Fx1Ez2CK71rmn0RhDXXObDXTxio_aGvRxHByv6WvY0Y/edit?tab=t.0\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Huntress 2025 Cyber Threat Report\" rel=\"nofollow\" href=\"https://www.huntress.com/resources/2025-cyber-threat-report\"\u003eHuntress 2025 Cyber Threat Report\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft: Think before you Click(Fix)\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/\"\u003eMicrosoft: Think before you Click(Fix)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Akira Ransomware\" rel=\"nofollow\" href=\"https://www.ic3.gov/CSA/2025/251113.pdf\"\u003eAkira Ransomware\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA: Protecting Against Malicious Use of Remote Monitoring and Management Software\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-025a\"\u003eCISA: Protecting Against Malicious Use of Remote Monitoring and Management Software\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ep9: The blurring lines between nation-state APTs and the ransomware epidemic \" rel=\"nofollow\" href=\"https://securityconversations.com/episode/ep9-the-blurring-lines-between-nation-state-apts-and-the-ransomware-epidemic/\"\u003eEp9: The blurring lines between nation-state APTs and the ransomware epidemic \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines\" rel=\"nofollow\" href=\"https://www.securityweek.com/chinese-apt-tools-found-in-ransomware-schemes-blurring-attribution-lines/\"\u003eChinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK - High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\r\n\r\nHuntress threat intelligence analyst Greg Linares shares insights on the modern ransomware ecosystem, including how crews operate like businesses and why Akira, Medusa, RansomHub, and Qilin cause so much damage. Plus, signs of overlap between ransomware and nation-state activity, what “time to ransom” really means for defenders, and why techniques like ClickFix and credential theft keep working at scale. \r\n\r\nThe conversation also covers the surge in RMM tool abuse, how “living off the land” attacks can unfold without traditional malware, and the basic defenses smaller organizations can prioritize.","date_published":"2026-03-03T13:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/b9815070-450a-43d3-8970-287ef88e305c.mp3","mime_type":"audio/mpeg","size_in_bytes":42939010,"duration_in_seconds":2988}]},{"id":"7d707098-e32e-45a7-9069-fb8a34620302","title":"War in Iran, Anthropic v Pentagon, Trenchant zero-day sanctions, AI stock market shocks","url":"https://securityconversations.fireside.fm/war-iran-anthropic-usgov-trenchant-zero-day-sanctions","content_text":"(Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)\n\nThree Buddy Problem - Episode 87: We wake up to news of U.S./Israel military action against Iran and the expected fallout, including Tehran’s cyber capabilities and proxy risks. Plus: Anthropic’s clash with the Pentagon over AI use in warfare, market shockwaves from AI-driven security tools, mass layoffs tied to automation, Trenchant exec sentencing and sanctions in the exploit trade, and fresh questions around Cisco’s SD-WAN breach and supply-chain trust.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nThinkst Canary\nLive updates: US and Israel strike Iran\nEpisode 80: Hamid Kashfi on the situation in Iran\n‘Incoherent’: Hegseth’s Anthropic ultimatum confounds AI policymakers\nAnthropic Claude AI Security Tool Wipes Out Over $15 Billion From Cybersecurity Stocks\nCrowdStrike CEO responds to stock price hit\nDesignation of Zero-Day Exploits Broker for Theft of U.S. Trade Secrets\nTreasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools \nTrenchant Exec Who Sold Zero-Day Exploits to Russian Buyer Sentenced to 7 Years in Prison\nAWS says AI-augmented threat actor accesses FortiGate devices at scale\nActive exploitation of Cisco Catalyst SD-WAN by UAT-8616\nAnthropic Claud Code Security\nAnthropic: Detecting and preventing distillation attacks\nGTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use\niPhone and iPad approved to handle classified NATO information\nFortinet Achieves Certification for Secure Product Development\nCisco SD-WAN threat hunting guide\nTLPBLACK\nNEBULA:FOG 2026 | AI x Security Hackathon\nRE//verse Conference\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://canary.tools\" target=\"_blank\" rel=\"nofollow noopener\"\u003eThinkst Canary\u003c/a\u003e: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 87\u003c/strong\u003e: We wake up to news of U.S./Israel military action against Iran and the expected fallout, including Tehran’s cyber capabilities and proxy risks. Plus: Anthropic’s clash with the Pentagon over AI use in warfare, market shockwaves from AI-driven security tools, mass layoffs tied to automation, Trenchant exec sentencing and sanctions in the exploit trade, and fresh questions around Cisco’s SD-WAN breach and supply-chain trust.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1pVVw2L0YShpPy1ArqBLUcvApTJcjFxSQBYUepjj1yF0/edit?tab=t.0\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Thinkst Canary\" rel=\"nofollow\" href=\"https://canary.tools/#pricing\"\u003eThinkst Canary\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Live updates: US and Israel strike Iran\" rel=\"nofollow\" href=\"https://apnews.com/live/live-updates-israel-iran-february-28-2026\"\u003eLive updates: US and Israel strike Iran\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Episode 80: Hamid Kashfi on the situation in Iran\" rel=\"nofollow\" href=\"https://securityconversations.fireside.fm/hamid-kashfi-iran-protests-cyber-venezuela\"\u003eEpisode 80: Hamid Kashfi on the situation in Iran\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"‘Incoherent’: Hegseth’s Anthropic ultimatum confounds AI policymakers\" rel=\"nofollow\" href=\"https://www.politico.com/news/2026/02/26/incoherent-hegseths-anthropic-ultimatum-confounds-ai-policymakers-00800135\"\u003e‘Incoherent’: Hegseth’s Anthropic ultimatum confounds AI policymakers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anthropic Claude AI Security Tool Wipes Out Over $15 Billion From Cybersecurity Stocks\" rel=\"nofollow\" href=\"https://www.linkedin.com/pulse/anthropics-new-claude-ai-security-tool-wipes-out-17jje/\"\u003eAnthropic Claude AI Security Tool Wipes Out Over $15 Billion From Cybersecurity Stocks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CrowdStrike CEO responds to stock price hit\" rel=\"nofollow\" href=\"https://www.linkedin.com/feed/update/urn:li:activity:7431417202505064448/\"\u003eCrowdStrike CEO responds to stock price hit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Designation of Zero-Day Exploits Broker for Theft of U.S. Trade Secrets\" rel=\"nofollow\" href=\"https://www.state.gov/releases/office-of-the-spokesperson/2026/02/designation-of-russia-based-zero-day-exploits-broker-and-affiliates-for-theft-of-u-s-trade-secrets/\"\u003eDesignation of Zero-Day Exploits Broker for Theft of U.S. Trade Secrets\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Treasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools \" rel=\"nofollow\" href=\"https://home.treasury.gov/news/press-releases/sb0404\"\u003eTreasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Trenchant Exec Who Sold Zero-Day Exploits to Russian Buyer Sentenced to 7 Years in Prison\" rel=\"nofollow\" href=\"https://www.zetter-zeroday.com/trenchant-exec-who-sold-his-employers-zero-day-exploits-to-russian-buyer-sentenced-to-7-years-in-prison/\"\u003eTrenchant Exec Who Sold Zero-Day Exploits to Russian Buyer Sentenced to 7 Years in Prison\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AWS says AI-augmented threat actor accesses FortiGate devices at scale\" rel=\"nofollow\" href=\"https://aws.amazon.com/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale/\"\u003eAWS says AI-augmented threat actor accesses FortiGate devices at scale\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Active exploitation of Cisco Catalyst SD-WAN by UAT-8616\" rel=\"nofollow\" href=\"https://blog.talosintelligence.com/uat-8616-sd-wan/\"\u003eActive exploitation of Cisco Catalyst SD-WAN by UAT-8616\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anthropic Claud Code Security\" rel=\"nofollow\" href=\"https://www.anthropic.com/news/claude-code-security\"\u003eAnthropic Claud Code Security\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anthropic: Detecting and preventing distillation attacks\" rel=\"nofollow\" href=\"https://www.anthropic.com/news/detecting-and-preventing-distillation-attacks\"\u003eAnthropic: Detecting and preventing distillation attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use\"\u003eGTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"iPhone and iPad approved to handle classified NATO information\" rel=\"nofollow\" href=\"https://www.apple.com/newsroom/2026/02/iphone-and-ipad-approved-to-handle-classified-nato-information/\"\u003eiPhone and iPad approved to handle classified NATO information\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fortinet Achieves Certification for Secure Product Development\" rel=\"nofollow\" href=\"https://www.fortinet.com/blog/operational-technology/fortinet-achieves-iec-62443-4-1-ml2-certification-for-secure-product-development\"\u003eFortinet Achieves Certification for Secure Product Development\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cisco SD-WAN threat hunting guide\" rel=\"nofollow\" href=\"https://www.cyber.gov.au/sites/default/files/2026-02/ACSC-led%20Cisco%20SD-WAN%20Hunt%20Guide.pdf\"\u003eCisco SD-WAN threat hunting guide\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NEBULA:FOG 2026 | AI x Security Hackathon\" rel=\"nofollow\" href=\"https://nebulafog.ai/\"\u003eNEBULA:FOG 2026 | AI x Security Hackathon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"RE//verse Conference\" rel=\"nofollow\" href=\"https://re-verse.io/\"\u003eRE//verse Conference\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by Thinkst Canary. Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With 0 admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)\r\n\r\nThree Buddy Problem - Episode 87: We wake up to news of U.S./Israel military action against Iran and the expected fallout, including Tehran’s cyber capabilities and proxy risks. Plus: Anthropic’s clash with the Pentagon over AI use in warfare, market shockwaves from AI-driven security tools, mass layoffs tied to automation, sentencing and sanctions in the exploit trade, and fresh questions around Cisco’s SD-WAN breach and supply-chain trust.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2026-02-28T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/7d707098-e32e-45a7-9069-fb8a34620302.mp3","mime_type":"audio/mpeg","size_in_bytes":105895784,"duration_in_seconds":7702}]},{"id":"6850debe-7ea0-498e-9857-123d30c24e8d","title":"GitLab doxxes North Korea .gov hackers; fresh Ivanti zero-days; AI addiction and human purpose","url":"https://securityconversations.fireside.fm/gitlab-north-korea-ivanti-zero-day-ai-human-purpose","content_text":"(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\n\nThree Buddy Problem - Episode 86: We dig into GitLab’s explosive look at North Korea’s “Contagious Interview” APT operation, the scale of fake IT worker infiltration, and what it means for companies chasing cheap talent. \n\nPlus, a fresh batch of already-exploited Ivanti and Dell zero-days, the return of Apple’s shutdown logs, and thoughts on addictive AI coding agents affecting human purpose. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:TLPBLACK\nGitLab exposes North Korean malware tradecraft\nBeyond the Backdoor: How Contagious Interview Is Surgically Tampering with MetaMask Wallets (Seongsu Park)\nCritical Vulnerabilities in Ivanti EPMM Exploited\nDell RecoverPoint for Virtual Machines Zero-Day\nDell Bulletin - RecoverPoint for Virtual Machines Hardcoded Credential Vulnerability\nCritical Dell bug exploited for two years\nOpenAI intros Lockdown Mode and Elevated Risk labels in ChatGPT\nOpenAI is rebranding Aardvark \nAnthropic Claude Code Security \nJason Lang: Real Human Concerns In The Age of AI\nJAGS' batteries-included Claude Code SDLC config\nRE//verse Conference\nNEBULA:FOG 2026 | AI x Security Hackathon\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://tlpblack.net\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTLPBLACK\u003c/a\u003e: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 86\u003c/strong\u003e: We dig into GitLab’s explosive look at North Korea’s “Contagious Interview” APT operation, the scale of fake IT worker infiltration, and what it means for companies chasing cheap talent. \u003c/p\u003e\n\n\u003cp\u003ePlus, a fresh batch of already-exploited Ivanti and Dell zero-days, the return of Apple’s shutdown logs, and thoughts on addictive AI coding agents affecting human purpose. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/#solutions-pdns\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"GitLab exposes North Korean malware tradecraft\" rel=\"nofollow\" href=\"https://about.gitlab.com/blog/gitlab-threat-intelligence-reveals-north-korean-tradecraft/\"\u003eGitLab exposes North Korean malware tradecraft\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Beyond the Backdoor: How Contagious Interview Is Surgically Tampering with MetaMask Wallets (Seongsu Park)\" rel=\"nofollow\" href=\"https://sp4rk.medium.com/beyond-the-backdoor-how-contagious-interview-is-surgically-tampering-with-metamask-wallets-0314ae901d85\"\u003eBeyond the Backdoor: How Contagious Interview Is Surgically Tampering with MetaMask Wallets (Seongsu Park)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Critical Vulnerabilities in Ivanti EPMM Exploited\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/\"\u003eCritical Vulnerabilities in Ivanti EPMM Exploited\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dell RecoverPoint for Virtual Machines Zero-Day\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day\"\u003eDell RecoverPoint for Virtual Machines Zero-Day\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dell Bulletin - RecoverPoint for Virtual Machines Hardcoded Credential Vulnerability\" rel=\"nofollow\" href=\"https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079\"\u003eDell Bulletin - RecoverPoint for Virtual Machines Hardcoded Credential Vulnerability\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Critical Dell bug exploited for two years\" rel=\"nofollow\" href=\"https://www.thestack.technology/dell-critical-vulnerability-vmware-cve-202622769/\"\u003eCritical Dell bug exploited for two years\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OpenAI intros Lockdown Mode and Elevated Risk labels in ChatGPT\" rel=\"nofollow\" href=\"https://openai.com/index/introducing-lockdown-mode-and-elevated-risk-labels-in-chatgpt/\"\u003eOpenAI intros Lockdown Mode and Elevated Risk labels in ChatGPT\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OpenAI is rebranding Aardvark \" rel=\"nofollow\" href=\"https://x.com/btibor91/status/2024613054638608558\"\u003eOpenAI is rebranding Aardvark \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anthropic Claude Code Security \" rel=\"nofollow\" href=\"https://www.anthropic.com/news/claude-code-security\"\u003eAnthropic Claude Code Security \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Jason Lang: Real Human Concerns In The Age of AI\" rel=\"nofollow\" href=\"https://x.com/curi0usJack/status/2024184571974000984\"\u003eJason Lang: Real Human Concerns In The Age of AI\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"JAGS\u0026#39; batteries-included Claude Code SDLC config\" rel=\"nofollow\" href=\"https://github.com/juanandresgs/claude-system\"\u003eJAGS' batteries-included Claude Code SDLC config\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"RE//verse Conference\" rel=\"nofollow\" href=\"https://re-verse.io/\"\u003eRE//verse Conference\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NEBULA:FOG 2026 | AI x Security Hackathon\" rel=\"nofollow\" href=\"https://nebulafog.ai/\"\u003eNEBULA:FOG 2026 | AI x Security Hackathon\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by TLPBLACK - High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)\r\n\r\nThree Buddy Problem - Episode 86: We dig into GitLab’s explosive look at North Korea’s “Contagious Interview” APT operation, the scale of fake IT worker infiltration, and what it means for companies chasing cheap talent. \r\n\r\nPlus, a fresh batch of already-exploited Ivanti and Dell zero-days, the return of Apple’s shutdown logs, and thoughts on addictive AI coding agents affecting human purpose. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2026-02-20T01:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6850debe-7ea0-498e-9857-123d30c24e8d.mp3","mime_type":"audio/mpeg","size_in_bytes":106607056,"duration_in_seconds":8199}]},{"id":"1964971a-bff0-48c5-9d43-8874e3b38d67","title":"Palo Alto and the uncomfortable politics of APT attribution","url":"https://securityconversations.fireside.fm/drones-elpaso-palo-alto-china-attribution","content_text":"(Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)\n\nThree Buddy Problem - Episode 85: Top stories this week include drone incursions over El Paso and the murky line between cartel activity, anti-drone tech testing, and full-blown hybrid warfare; updates on the Notepad++ supply chain fallout; Microsoft’s zero-day treadmill and AI-enabled attack surfaces; and Apple’s “extremely sophisticated” iOS exploits.\n\nPlus, Europe’s growing appetite for offensive cyber, Palo Alto and the uncomfortable politics of cyber attribution, Singapore on telco intrusions, and the economics of end-of-life infrastructure.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nThinkst Canary - Customer Love\nWhat We Know About the El Paso Airspace Shutdown\nEl Paso Closure Caused by Firing Anti-Drone Laser \nNotepad++ supply chain hack (new IOCs)\nUkatemi: Notepad++ attack related samples\nNotepad's new Markdown powers served with a side of RCE\nMicrosoft: Windows Notepad App RCE Vulnerability \niOS 26.3 security advisory (exploited 0day)\nEstonian Foreign Intelligence Service annual report\nPSIRT | FortiGuard Labs High-Risk Advisory\nGermany prepares to attack cyber enemies\nPalo Alto chose not to tie China to hacking campaign for fear of retaliation\nThe Shadow Campaigns: Uncovering Global Espionage (Palo Alto)\nSingapore .gov on nation-state telco hacks\nTLP-BLACK\nLABScon 2026\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://canary.tools\" target=\"_blank\" rel=\"nofollow noopener\"\u003eThinkst Canary\u003c/a\u003e: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 85\u003c/strong\u003e: Top stories this week include drone incursions over El Paso and the murky line between cartel activity, anti-drone tech testing, and full-blown hybrid warfare; updates on the Notepad++ supply chain fallout; Microsoft’s zero-day treadmill and AI-enabled attack surfaces; and Apple’s “extremely sophisticated” iOS exploits.\u003c/p\u003e\n\n\u003cp\u003ePlus, Europe’s growing appetite for offensive cyber, Palo Alto and the uncomfortable politics of cyber attribution, Singapore on telco intrusions, and the economics of end-of-life infrastructure.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/10uh_I7o0vdCt34EWS84SVdt_b6hmyXuigAPkP7HwYJQ/edit?tab=t.0\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Thinkst Canary - Customer Love\" rel=\"nofollow\" href=\"https://canary.tools/love\"\u003eThinkst Canary - Customer Love\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"What We Know About the El Paso Airspace Shutdown\" rel=\"nofollow\" href=\"https://archive.ph/7JHqq\"\u003eWhat We Know About the El Paso Airspace Shutdown\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"El Paso Closure Caused by Firing Anti-Drone Laser \" rel=\"nofollow\" href=\"https://archive.ph/xi7BU\"\u003eEl Paso Closure Caused by Firing Anti-Drone Laser \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Notepad++ supply chain hack (new IOCs)\" rel=\"nofollow\" href=\"https://notepad-plus-plus.org/assets/data/IoCFromFormerHostingProvider.txt\"\u003eNotepad++ supply chain hack (new IOCs)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ukatemi: Notepad++ attack related samples\" rel=\"nofollow\" href=\"https://blog.ukatemi.com/blog/2026-02-12-notepad++-supply-chain-samples/\"\u003eUkatemi: Notepad++ attack related samples\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Notepad\u0026#39;s new Markdown powers served with a side of RCE\" rel=\"nofollow\" href=\"https://www.theregister.com/2026/02/11/notepad_rce_flaw/\"\u003eNotepad's new Markdown powers served with a side of RCE\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft: Windows Notepad App RCE Vulnerability \" rel=\"nofollow\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841\"\u003eMicrosoft: Windows Notepad App RCE Vulnerability \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"iOS 26.3 security advisory (exploited 0day)\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/126346\"\u003eiOS 26.3 security advisory (exploited 0day)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Estonian Foreign Intelligence Service annual report\" rel=\"nofollow\" href=\"https://raport.valisluureamet.ee/2026/en/\"\u003eEstonian Foreign Intelligence Service annual report\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PSIRT | FortiGuard Labs High-Risk Advisory\" rel=\"nofollow\" href=\"https://fortiguard.fortinet.com/psirt/FG-IR-25-1052\"\u003ePSIRT | FortiGuard Labs High-Risk Advisory\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Germany prepares to attack cyber enemies\" rel=\"nofollow\" href=\"https://www.politico.eu/article/germany-prepares-hack-back-cyber-enemies/\"\u003eGermany prepares to attack cyber enemies\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Palo Alto chose not to tie China to hacking campaign for fear of retaliation\" rel=\"nofollow\" href=\"https://www.reuters.com/world/china/palo-alto-chose-not-tie-china-hacking-campaign-fear-retaliation-beijing-sources-2026-02-12/\"\u003ePalo Alto chose not to tie China to hacking campaign for fear of retaliation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Shadow Campaigns: Uncovering Global Espionage (Palo Alto)\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/shadow-campaigns-uncovering-global-espionage/\"\u003eThe Shadow Campaigns: Uncovering Global Espionage (Palo Alto)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Singapore .gov on nation-state telco hacks\" rel=\"nofollow\" href=\"https://www.csa.gov.sg/news-events/press-releases/largest-multi-agency-cyber-operation-mounted-to-counter-threat-posed-by-advanced-persistent-threat--apt--actor-unc3886-to-singapore-s-telecommunications-sector/\"\u003eSingapore .gov on nation-state telco hacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLP-BLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLP-BLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2026\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon 2026\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by Thinkst Canary. Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With 0 admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)\r\n\r\nThree Buddy Problem - Episode 85: Top stories this week include drone incursions over El Paso and the murky line between cartel activity, anti-drone tech testing, and full-blown hybrid warfare; updates on the Notepad++ supply chain fallout; Microsoft’s zero-day treadmill and AI-enabled attack surfaces; and Apple’s “extremely sophisticated” iOS exploits.\r\n\r\nPlus, Europe’s growing appetite for offensive cyber, Palo Alto and the uncomfortable politics of cyber attribution, Singapore on telco intrusions, and the economics of end-of-life infrastructure.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2026-02-13T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1964971a-bff0-48c5-9d43-8874e3b38d67.mp3","mime_type":"audio/mpeg","size_in_bytes":118296559,"duration_in_seconds":9030}]},{"id":"d4b5dfb8-20b2-4dc6-aa39-6f582bd8dae8","title":"From Epstein to Notepad++: Redactions, Zero-Days and Supply Chain Attacks","url":"https://securityconversations.fireside.fm/epstein-notepad-plus-zerodays-supply-chain-attacks","content_text":"(Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)\n\nThree Buddy Problem - Episode 84: We process the cybersecurity fallout from the latest Epstein document dump, focusing on why redactions fail in the AI era and how quickly modern tools can unravel them. The conversation moves from sloppy redaction practices and exploit mythology to harder questions about ethics, accountability, and silence within the infosec community. \n\nPlus, inside the Notepad++ supply-chain compromise attributed to a known Chinese APT, Microsoft’s security executive changes, Anthropic's AI-driven vulnerability discovery, China-linked network implants, and Lockdown Mode thwarting FBI investigators.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Thinkst Canary - Customer Love\nTranscript (unedited, AI-generated)\nDid a renowned hacker help Jeffrey Epstein get ‘dirt on other people'?\nDOJ releases details alleged talented hacker working for Jeffrey Epstein\nClaude Opus 4.6 \\ Anthropic\n0-Days \\ red.anthropic.com\nJAGS' Claude Code SDLC config\nCERT-Ukraine on zero-day attacks via MS Office\nExecutive security shuffle at Microsoft\nTLPBLACK: What we know about the Notepad++ supply chain attack\nLotus Blossom APT targets critical infrastructure via Notepad++.\nKaspersky: Notepad++ supply chain attack breakdown\nValidin: Exploring the C2 Infrastructure of the Notepad++ Compromise\nHostinger server unauthorized access case: What happened with Notepad++ and how we resolved it\nKnife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework\nPalo Alto Unit 42: The Shadow Campaigns - Uncovering Global Espionage\nFBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled\nCourt document: FBI Washington Post Lockdown Mode\nPIVOTcon\nTLP BLACK\nLABScon 2026\nDecipher podcast (Dennis Fisher)\nDetection Engineering newsletter (Zack Allen)\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://canary.tools\" target=\"_blank\" rel=\"nofollow noopener\"\u003eThinkst Canary\u003c/a\u003e: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 84\u003c/strong\u003e: We process the cybersecurity fallout from the latest Epstein document dump, focusing on why redactions fail in the AI era and how quickly modern tools can unravel them. The conversation moves from sloppy redaction practices and exploit mythology to harder questions about ethics, accountability, and silence within the infosec community. \u003c/p\u003e\n\n\u003cp\u003ePlus, inside the Notepad++ supply-chain compromise attributed to a known Chinese APT, Microsoft’s security executive changes, Anthropic's AI-driven vulnerability discovery, China-linked network implants, and Lockdown Mode thwarting FBI investigators.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Thinkst Canary - Customer Love\" rel=\"nofollow\" href=\"https://canary.tools/love\"\u003eThinkst Canary - Customer Love\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1DamIQqfq_QYsYm7xby3ntH4bI30T98emmOSkNnQzY84/edit?tab=t.0\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Did a renowned hacker help Jeffrey Epstein get ‘dirt on other people\u0026#39;?\" rel=\"nofollow\" href=\"https://www.yahoo.com/news/articles/did-renowned-hacker-help-jeffrey-120148711.html\"\u003eDid a renowned hacker help Jeffrey Epstein get ‘dirt on other people'?\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DOJ releases details alleged talented hacker working for Jeffrey Epstein\" rel=\"nofollow\" href=\"https://securityaffairs.com/187515/laws-and-regulations/doj-releases-details-alleged-talented-hacker-working-for-jeffrey-epstein.html\"\u003eDOJ releases details alleged talented hacker working for Jeffrey Epstein\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Claude Opus 4.6 \\ Anthropic\" rel=\"nofollow\" href=\"https://www.anthropic.com/news/claude-opus-4-6\"\u003eClaude Opus 4.6 \\ Anthropic\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"0-Days \\ red.anthropic.com\" rel=\"nofollow\" href=\"https://red.anthropic.com/2026/zero-days/\"\u003e0-Days \\ red.anthropic.com\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"JAGS\u0026#39; Claude Code SDLC config\" rel=\"nofollow\" href=\"https://github.com/juanandresgs/claude-system\"\u003eJAGS' Claude Code SDLC config\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CERT-Ukraine on zero-day attacks via MS Office\" rel=\"nofollow\" href=\"https://cert.gov.ua/article/6287250\"\u003eCERT-Ukraine on zero-day attacks via MS Office\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Executive security shuffle at Microsoft\" rel=\"nofollow\" href=\"https://blogs.microsoft.com/blog/2026/02/04/updates-in-two-of-our-core-priorities/\"\u003eExecutive security shuffle at Microsoft\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK: What we know about the Notepad++ supply chain attack\" rel=\"nofollow\" href=\"https://medium.com/@costin.raiu/what-we-know-about-the-notepad-supply-chain-attack-0f428b4aee08\"\u003eTLPBLACK: What we know about the Notepad++ supply chain attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Lotus Blossom APT targets critical infrastructure via Notepad++.\" rel=\"nofollow\" href=\"https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/\"\u003eLotus Blossom APT targets critical infrastructure via Notepad++.\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kaspersky: Notepad++ supply chain attack breakdown\" rel=\"nofollow\" href=\"https://securelist.com/notepad-supply-chain-attack/118708/\"\u003eKaspersky: Notepad++ supply chain attack breakdown\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Validin: Exploring the C2 Infrastructure of the Notepad++ Compromise\" rel=\"nofollow\" href=\"https://www.validin.com/blog/exploring_notepad_plus_plus_network_indicators/\"\u003eValidin: Exploring the C2 Infrastructure of the Notepad++ Compromise\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Hostinger server unauthorized access case: What happened with Notepad++ and how we resolved it\" rel=\"nofollow\" href=\"https://www.hostinger.com/blog/notepad-unauthorized-access\"\u003eHostinger server unauthorized access case: What happened with Notepad++ and how we resolved it\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework\" rel=\"nofollow\" href=\"https://blog.talosintelligence.com/knife-cutting-the-edge/\"\u003eKnife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Palo Alto Unit 42: The Shadow Campaigns - Uncovering Global Espionage\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/shadow-campaigns-uncovering-global-espionage/\"\u003ePalo Alto Unit 42: The Shadow Campaigns - Uncovering Global Espionage\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled\" rel=\"nofollow\" href=\"https://www.404media.co/fbi-couldnt-get-into-wapo-reporters-iphone-because-it-had-lockdown-mode-enabled/\"\u003eFBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Court document: FBI Washington Post Lockdown Mode\" rel=\"nofollow\" href=\"https://www.documentcloud.org/documents/26808056-fbi-washington-post-lockdown-mode/\"\u003eCourt document: FBI Washington Post Lockdown Mode\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PIVOTcon\" rel=\"nofollow\" href=\"https://pivotcon.org/\"\u003ePIVOTcon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLP BLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLP BLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2026\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon 2026\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Decipher podcast (Dennis Fisher)\" rel=\"nofollow\" href=\"https://open.spotify.com/episode/5k9xpXyD7YSlJRkYqoCQde\"\u003eDecipher podcast (Dennis Fisher)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Detection Engineering newsletter (Zack Allen)\" rel=\"nofollow\" href=\"https://www.detectionengineering.net/p/dew-144-pyramid-of-permanence-and\"\u003eDetection Engineering newsletter (Zack Allen)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by Thinkst Canary. Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With 0 admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)\r\n\r\nThree Buddy Problem - Episode 84: We process the cybersecurity fallout from the latest Epstein document dump, focusing on why redactions fail in the AI era and how quickly modern tools can unravel them. The conversation moves from sloppy redaction practices and exploit mythology to harder questions about ethics, accountability, and silence within the infosec community. \r\n\r\nPlus, inside the Notepad++ supply-chain compromise attributed to a known Chinese APT, Microsoft’s security executive changes, Anthropic's AI-driven vulnerability discovery, China-linked network implants, and Lockdown Mode thwarting FBI investigators.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2026-02-08T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/d4b5dfb8-20b2-4dc6-aa39-6f582bd8dae8.mp3","mime_type":"audio/mpeg","size_in_bytes":113124412,"duration_in_seconds":8258}]},{"id":"c425eddb-3de4-49f4-b6da-d3701d26642f","title":"A destructive cyberattack in Poland raises NATO 'red-line' questions","url":"https://securityconversations.fireside.fm/destructive-cyber-poland-nato-red-line-questions","content_text":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)\n\nThree Buddy Problem - Episode 83: Poland's CERT documents a rare, explicit wiper attack on civilians in a NATO country, including detailed attribution of a Russian government op targeting the electric grid in the heart of winter. We examine why this crosses a long-avoided threshold, why attribution suddenly matters again, and what it says about pre-positioned access, vendor insecurity, and the shrinking gap between cyber operations and acts of war.\n\nPlus, another Fortinet fiasco, a new batch of Ivanti zero-days under attack, an emergency patch from Microsoft and the return of the mysterious KasperSekrets account.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nMaterial Security (Use Cases)\nESET DynoWiper update: Technical analysis and attribution\nPoland CERT on Russian wiper attacks\nPoland blames two Ukrainians allegedly working for Russia for railway blast\nBritain’s New Spy Chief Has a New Mission\nTwo New Ivanti 0days Exploited\nMicrosoft ships emergency Office patch to thwart attacks\nAnalysis of Single Sign-On Abuse on FortiOS\nFortinet PSIRT: Administrative FortiCloud SSO authentication bypass\nDiverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088\nWhatsApp Strict Account Settings\nChina Executes 11 People Linked to Cyberscam Centers in Myanmar\nSingapore to start caning for scammers\nGermany on hacking attacks: \"We will strike back, including abroad\"\nActing CISA chief uploaded sensitive files into a public version of ChatGPT\nTLP BLACK\nLABScon 2026\nKasperSekrets\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://material.security\" target=\"_blank\" rel=\"nofollow noopener\"\u003eMaterial Security\u003c/a\u003e: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 83\u003c/strong\u003e: Poland's CERT documents a rare, explicit wiper attack on civilians in a NATO country, including detailed attribution of a Russian government op targeting the electric grid in the heart of winter. We examine why this crosses a long-avoided threshold, why attribution suddenly matters again, and what it says about pre-positioned access, vendor insecurity, and the shrinking gap between cyber operations and acts of war.\u003c/p\u003e\n\n\u003cp\u003ePlus, another Fortinet fiasco, a new batch of Ivanti zero-days under attack, an emergency patch from Microsoft and the return of the mysterious KasperSekrets account.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1imC13dSZLhHk1Lf7fEuVeuajlbgiqk2ypQdJow2qGkI/edit?tab=t.0\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Material Security (Use Cases)\" rel=\"nofollow\" href=\"https://material.security/use-cases\"\u003eMaterial Security (Use Cases)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ESET DynoWiper update: Technical analysis and attribution\" rel=\"nofollow\" href=\"https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/\"\u003eESET DynoWiper update: Technical analysis and attribution\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Poland CERT on Russian wiper attacks\" rel=\"nofollow\" href=\"https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf\"\u003ePoland CERT on Russian wiper attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Poland blames two Ukrainians allegedly working for Russia for railway blast\" rel=\"nofollow\" href=\"https://www.aljazeera.com/news/2025/11/18/poland-blames-two-ukrainians-allegedly-working-for-russia-for-railway-blast\"\u003ePoland blames two Ukrainians allegedly working for Russia for railway blast\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Britain’s New Spy Chief Has a New Mission\" rel=\"nofollow\" href=\"https://archive.is/kbx9b\"\u003eBritain’s New Spy Chief Has a New Mission\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Two New Ivanti 0days Exploited\" rel=\"nofollow\" href=\"https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US\"\u003eTwo New Ivanti 0days Exploited\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft ships emergency Office patch to thwart attacks\" rel=\"nofollow\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509\"\u003eMicrosoft ships emergency Office patch to thwart attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Analysis of Single Sign-On Abuse on FortiOS\" rel=\"nofollow\" href=\"https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios\"\u003eAnalysis of Single Sign-On Abuse on FortiOS\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fortinet PSIRT: Administrative FortiCloud SSO authentication bypass\" rel=\"nofollow\" href=\"https://fortiguard.fortinet.com/psirt/FG-IR-26-060\"\u003eFortinet PSIRT: Administrative FortiCloud SSO authentication bypass\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/exploiting-critical-winrar-vulnerability\"\u003eDiverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"WhatsApp Strict Account Settings\" rel=\"nofollow\" href=\"https://about.fb.com/news/2026/01/whatsapp-strict-account-settings-safeguarding-against-cyber-attacks/\"\u003eWhatsApp Strict Account Settings\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"China Executes 11 People Linked to Cyberscam Centers in Myanmar\" rel=\"nofollow\" href=\"https://archive.ph/5UTzW\"\u003eChina Executes 11 People Linked to Cyberscam Centers in Myanmar\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Singapore to start caning for scammers\" rel=\"nofollow\" href=\"https://www.police.gov.sg/Knowledge-Hub/Legislation/Caning-for-Scams-and-Scams-related-Offences\"\u003eSingapore to start caning for scammers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Germany on hacking attacks: \u0026quot;We will strike back, including abroad\u0026quot;\" rel=\"nofollow\" href=\"https://www.welt.de/politik/deutschland/article6973feeaf5499fb954b6401d/hackerangriffe-auf-deutschland-wir-werden-zurueckschlagen-auch-im-ausland-dobrindt-will-cyber-gegenwehr-verschaerfen.html\"\u003eGermany on hacking attacks: \"We will strike back, including abroad\"\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Acting CISA chief uploaded sensitive files into a public version of ChatGPT\" rel=\"nofollow\" href=\"https://www.politico.com/news/2026/01/27/cisa-madhu-gottumukkala-chatgpt-00749361\"\u003eActing CISA chief uploaded sensitive files into a public version of ChatGPT\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLP BLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLP BLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2026\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon 2026\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"KasperSekrets\" rel=\"nofollow\" href=\"https://x.com/kaspersekrets/\"\u003eKasperSekrets\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices).\r\n\r\nThree Buddy Problem - Episode 83: Poland's CERT documents a rare, explicit wiper attack on civilians in a NATO country, including detailed attribution of a Russian government op targeting the electric grid in the heart of winter. We examine why this crosses a long-avoided threshold, why attribution suddenly matters again, and what it says about pre-positioned access, vendor insecurity, and the shrinking gap between cyber operations and acts of war.\r\n\r\nPlus, another Fortinet fiasco, a new batch of Ivanti zero-days under attack, an emergency patch from Microsoft and the return of the mysterious KasperSekrets account.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2026-01-30T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/c425eddb-3de4-49f4-b6da-d3701d26642f.mp3","mime_type":"audio/mpeg","size_in_bytes":134749410,"duration_in_seconds":10402}]},{"id":"40dc6ef5-03de-4767-ae99-5b8d91ba37f7","title":"Cheap, AI-generated zero-days and the real meaning of ‘advanced’ malware","url":"https://securityconversations.fireside.fm/ai-generated-malware-real-meaning-advanced-attacks","content_text":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)\n\nThree Buddy Problem - Episode 82: We parse news that China-linked VoidLink is a malware framework created entirely by AI and the collapsing line between elite APT operations and everyday threat actors. \n\nPlus, a new Sean Heelan essay on low-cost exploit generation and why “AI guardrails” are mostly a comforting myth; AI slop overwhelming bug bounty programs; CISA's new Brickstorm YARA rules; and fresh research on a wiper-malware found in Russian attacks against Poland's electricity sector.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nMaterial Security (use cases)\nSean Heelan on the coming industrialisation of exploit generation with LLMs\nVoidLink Shows AI-Generated Malware Has Begun\nLLMs in the SOC: Why Benchmarks Fail Security Operations Teams\nCISA advisory on BRICKSTORM backdoor\nNode.js — New HackerOne Signal Requirement \nAI slop security reports submitted to cURL\nArctic Wolf on FortiGate attacks via SSO accounts\nNew Cisco Remote Code Execution Vulnerability\nFrom Protest to Peril: Cellebrite Used Against Jordanian Civil Society\nMicrosoft on multi‑stage AiTM phishing and BEC campaign abusing SharePoint\nMicrosoft Gave FBI BitLocker Encryption Keys \nThe Mastermind: Drugs. Empire. Murder. Betrayal \nKim Zetter: Cyberattack on Poland’s energy grid used a wiper\nESET on 'DynoWiper' malware\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://material.security\" target=\"_blank\" rel=\"nofollow noopener\"\u003eMaterial Security\u003c/a\u003e: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 82\u003c/strong\u003e: We parse news that China-linked VoidLink is a malware framework created entirely by AI and the collapsing line between elite APT operations and everyday threat actors. \u003c/p\u003e\n\n\u003cp\u003ePlus, a new Sean Heelan essay on low-cost exploit generation and why “AI guardrails” are mostly a comforting myth; AI slop overwhelming bug bounty programs; CISA's new Brickstorm YARA rules; and fresh research on a wiper-malware found in Russian attacks against Poland's electricity sector.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1VTSffx5pgJQd7V1V2XtIu9BS3AgzPZ82VWSkPNKCsqk/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Material Security (use cases)\" rel=\"nofollow\" href=\"https://material.security/use-cases\"\u003eMaterial Security (use cases)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sean Heelan on the coming industrialisation of exploit generation with LLMs\" rel=\"nofollow\" href=\"https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/\"\u003eSean Heelan on the coming industrialisation of exploit generation with LLMs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"VoidLink Shows AI-Generated Malware Has Begun\" rel=\"nofollow\" href=\"https://research.checkpoint.com/2026/voidlink-early-ai-generated-malware-framework/\"\u003eVoidLink Shows AI-Generated Malware Has Begun\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LLMs in the SOC: Why Benchmarks Fail Security Operations Teams\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/llms-in-the-soc-part-1-why-benchmarks-fail-security-operations-teams/\"\u003eLLMs in the SOC: Why Benchmarks Fail Security Operations Teams\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA advisory on BRICKSTORM backdoor\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/analysis-reports/ar25-338a\"\u003eCISA advisory on BRICKSTORM backdoor\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Node.js — New HackerOne Signal Requirement \" rel=\"nofollow\" href=\"https://nodejs.org/en/blog/announcements/hackerone-signal-requirement\"\u003eNode.js — New HackerOne Signal Requirement \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AI slop security reports submitted to cURL\" rel=\"nofollow\" href=\"https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d1cd\"\u003eAI slop security reports submitted to cURL\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Arctic Wolf on FortiGate attacks via SSO accounts\" rel=\"nofollow\" href=\"https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-configuration-changes-fortinet-fortigate-devices-via-sso-accounts/\"\u003eArctic Wolf on FortiGate attacks via SSO accounts\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"New Cisco Remote Code Execution Vulnerability\" rel=\"nofollow\" href=\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b\"\u003eNew Cisco Remote Code Execution Vulnerability\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"From Protest to Peril: Cellebrite Used Against Jordanian Civil Society\" rel=\"nofollow\" href=\"https://citizenlab.ca/research/from-protest-to-peril-cellebrite-used-against-jordanian-civil-society/\"\u003eFrom Protest to Peril: Cellebrite Used Against Jordanian Civil Society\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft on multi‑stage AiTM phishing and BEC campaign abusing SharePoint\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2026/01/21/multistage-aitm-phishing-bec-campaign-abusing-sharepoint/\"\u003eMicrosoft on multi‑stage AiTM phishing and BEC campaign abusing SharePoint\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Gave FBI BitLocker Encryption Keys \" rel=\"nofollow\" href=\"https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/\"\u003eMicrosoft Gave FBI BitLocker Encryption Keys \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Mastermind: Drugs. Empire. Murder. Betrayal \" rel=\"nofollow\" href=\"https://www.amazon.com/Mastermind-Drugs-Empire-Murder-Betrayal/dp/0399590412\"\u003eThe Mastermind: Drugs. Empire. Murder. Betrayal \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kim Zetter: Cyberattack on Poland’s energy grid used a wiper\" rel=\"nofollow\" href=\"https://www.zetter-zeroday.com/cyberattack-targeting-polands-energy-grid-used-a-wiper/\"\u003eKim Zetter: Cyberattack on Poland’s energy grid used a wiper\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ESET on \u0026#39;DynoWiper\u0026#39; malware\" rel=\"nofollow\" href=\"https://x.com/ESETresearch/status/2014737644048044267\"\u003eESET on 'DynoWiper' malware\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices).\r\n\r\nThree Buddy Problem - Episode 82: We parse news that China-linked VoidLink is a malware framework created entirely by AI and the collapsing line between elite APT operations and everyday threat actors. \r\n\r\nPlus, a new Sean Heelan essay on low-cost exploit generation and why “AI guardrails” are mostly a comforting myth; AI slop overwhelming bug bounty programs; CISA's new Brickstorm YARA rules; and fresh research on a wiper-malware found in Russian attacks against Poland's electricity sector.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2026-01-23T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/40dc6ef5-03de-4767-ae99-5b8d91ba37f7.mp3","mime_type":"audio/mpeg","size_in_bytes":104173843,"duration_in_seconds":7746}]},{"id":"9e16b30e-091e-44f0-bcf0-03e0f74e465f","title":"Google Pixel 'zero-click' exploit caused by AI, mysterious Poland grid attacks, China bans US cybersecurity software","url":"https://securityconversations.fireside.fm/project-zero-click-pixel-attack-surface","content_text":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)\n\nThree Buddy Problem - Episode 81: We dissect New York Times reporting on the \"precision\" of US cyber operations in Venezuela, the competing narratives around offensive cyber capabilities and \"letters of marque\" for private hackers. Plus, a mysterious failed cyber attack on Poland's power grid, internet blackouts in Iran (with fascinating DNS telemetry revealing Chinese bank traffic and Russian website spikes), and news of China's ban on US/Israeli cybersecurity software.\n\nWe also cover Check Point's research on \"VoidLink\" (is it a successor to ShadowPad?), Microsoft's threat intelligence sharing practices, and Google Project Zero's disclosure of zero-click vulnerabilities caused by AI-powered transcription features. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nSponsor: Material Security\nCyberattack in Venezuela Demonstrated Precision of U.S. Capabilities \nMassive cyberattack on Polish power system in December failed, minister says \nWhat happened in Poland? (Ruben Santamarta)\nCostin Raiu: What’s Happening in Iran?\nVerizon just had a big outage. Here’s what we know\nBeijing tells Chinese firms to stop using US and Israeli cyber products\nMS Patch Tuesday CVE-2026-20805 (exploited in the wild)\nVoidLink: The Cloud-Native Malware Framework\nMicrosoft disrupts global cybercrime subscription service\nProject Zero: A 0-click exploit chain for the Pixel 9 \nJoint statement from Google and Apple\nSean Plankey re-nominated to lead CISA \nTLPBLACK\nDistrictCon Agenda\nEkoparty Miami \nThe Thinking Game (Full Documentary)\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://material.security\" target=\"_blank\" rel=\"nofollow noopener\"\u003eMaterial Security\u003c/a\u003e: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 81\u003c/strong\u003e: We dissect New York Times reporting on the \"precision\" of US cyber operations in Venezuela, the competing narratives around offensive cyber capabilities and \"letters of marque\" for private hackers. Plus, a mysterious failed cyber attack on Poland's power grid, internet blackouts in Iran (with fascinating DNS telemetry revealing Chinese bank traffic and Russian website spikes), and news of China's ban on US/Israeli cybersecurity software.\u003c/p\u003e\n\n\u003cp\u003eWe also cover Check Point's research on \"VoidLink\" (is it a successor to ShadowPad?), Microsoft's threat intelligence sharing practices, and Google Project Zero's disclosure of zero-click vulnerabilities caused by AI-powered transcription features. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/14CwFDiK41p3VK3jeEiHVs9xK0oIF1iVs8midU-nvX7k/edit?tab=t.0\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sponsor: Material Security\" rel=\"nofollow\" href=\"https://material.security/product\"\u003eSponsor: Material Security\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities \" rel=\"nofollow\" href=\"https://www.nytimes.com/2026/01/15/us/politics/cyberattack-venezuela-military.html\"\u003eCyberattack in Venezuela Demonstrated Precision of U.S. Capabilities \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Massive cyberattack on Polish power system in December failed, minister says \" rel=\"nofollow\" href=\"https://www.reuters.com/sustainability/climate-energy/massive-cyberattack-polish-power-system-december-failed-minister-says-2026-01-13/\"\u003eMassive cyberattack on Polish power system in December failed, minister says \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"What happened in Poland? (Ruben Santamarta)\" rel=\"nofollow\" href=\"https://www.linkedin.com/pulse/what-happened-poland-part-i-ruben-santamarta-bknye/\"\u003eWhat happened in Poland? (Ruben Santamarta)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Costin Raiu: What’s Happening in Iran?\" rel=\"nofollow\" href=\"https://medium.com/@costin.raiu/whats-happening-in-iran-93cc103863ab\"\u003eCostin Raiu: What’s Happening in Iran?\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Verizon just had a big outage. Here’s what we know\" rel=\"nofollow\" href=\"https://www.npr.org/2026/01/15/nx-s1-5678889/verizon-outage-what-happened\"\u003eVerizon just had a big outage. Here’s what we know\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Beijing tells Chinese firms to stop using US and Israeli cyber products\" rel=\"nofollow\" href=\"https://www.reuters.com/world/china/beijing-tells-chinese-firms-stop-using-us-israeli-cybersecurity-software-sources-2026-01-14/\"\u003eBeijing tells Chinese firms to stop using US and Israeli cyber products\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\" MS Patch Tuesday CVE-2026-20805 (exploited in the wild)\" rel=\"nofollow\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805\"\u003eMS Patch Tuesday CVE-2026-20805 (exploited in the wild)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"VoidLink: The Cloud-Native Malware Framework\" rel=\"nofollow\" href=\"https://research.checkpoint.com/2026/voidlink-the-cloud-native-malware-framework/\"\u003eVoidLink: The Cloud-Native Malware Framework\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft disrupts global cybercrime subscription service\" rel=\"nofollow\" href=\"https://blogs.microsoft.com/on-the-issues/2026/01/14/microsoft-disrupts-cybercrime/\"\u003eMicrosoft disrupts global cybercrime subscription service\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Project Zero: A 0-click exploit chain for the Pixel 9 \" rel=\"nofollow\" href=\"https://projectzero.google/2026/01/pixel-0-click-part-1.html\"\u003eProject Zero: A 0-click exploit chain for the Pixel 9 \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Joint statement from Google and Apple\" rel=\"nofollow\" href=\"https://blog.google/company-news/inside-google/company-announcements/joint-statement-google-apple/\"\u003eJoint statement from Google and Apple\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sean Plankey re-nominated to lead CISA \" rel=\"nofollow\" href=\"https://cyberscoop.com/sean-plankey-re-nominated-to-lead-cisa/\"\u003eSean Plankey re-nominated to lead CISA \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DistrictCon Agenda\" rel=\"nofollow\" href=\"https://www.districtcon.org/agenda\"\u003eDistrictCon Agenda\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ekoparty Miami \" rel=\"nofollow\" href=\"https://ekoparty.org/miami/\"\u003eEkoparty Miami \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Thinking Game (Full Documentary)\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=d95J8yzvjbQ\"\u003eThe Thinking Game (Full Documentary)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices).\r\n\r\nThree Buddy Problem - Episode 81: We dissect New York Times reporting on the \"precision\" of US cyber operations in Venezuela, the competing narratives around offensive cyber capabilities and \"letters of marque\" for private hackers. Plus, a mysterious failed cyber attack on Poland's power grid, internet blackouts in Iran (with fascinating DNS telemetry revealing Chinese bank traffic and Russian website spikes), and news of China's ban on US/Israeli cybersecurity software.\r\n\r\nWe also cover Check Point's research on \"VoidLink\" (is it a successor to ShadowPad?), Microsoft's threat intelligence sharing practices, and Google Project Zero's disclosure of zero-click vulnerabilities caused by AI-powered transcription features. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2026-01-16T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/9e16b30e-091e-44f0-bcf0-03e0f74e465f.mp3","mime_type":"audio/mpeg","size_in_bytes":114472744,"duration_in_seconds":8676}]},{"id":"e3dcead7-7b2e-4924-bde5-18c9ea6bd8e7","title":"Hamid Kashfi on the situation in Iran; Did cyber cause Venezuela blackouts?","url":"https://securityconversations.fireside.fm/hamid-kashfi-iran-protests-cyber-venezuela","content_text":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)\n\nThree Buddy Problem - Episode 80: Researcher Hamid Kashfi returns to unpack Iran’s latest unrest, separating economic reality from propaganda while examining how information control, cyber pressure, and state surveillance are shaping events on the ground. \n\nPlus, did cyber make the lights go out in Venezuela? \n\nCast: Hamid Kashfi, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nSponsor: Material Security\nAbout Hamid Kashfi\nIsrael-Iran cyberwar: Predatory Sparrow, vanishing crypto, bank hacks\nVenezuela strike marks a turning point for US cyber warfare\nKittenBusters | CharmingKitten\nComprehensive Threat Intelligence Report: Charming Kitten\nBetween Three Nerds: The evolution of Iranian cyber espionage\nTrump says U.S. will hit Iran \"very hard\" if violence continues at protests\nVenezuelan oil giant PVDSA hit by cyberattack\nCIA cyberattacks targeting the Maduro regime didn’t satisfy Trump in his first term\nAntiy Report on cyber operations in Venezuela\nNationwide internet blackout reported in Iran\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://material.security\" target=\"_blank\" rel=\"nofollow noopener\"\u003eMaterial Security\u003c/a\u003e: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 80\u003c/strong\u003e: Researcher Hamid Kashfi returns to unpack Iran’s latest unrest, separating economic reality from propaganda while examining how information control, cyber pressure, and state surveillance are shaping events on the ground. \u003c/p\u003e\n\n\u003cp\u003ePlus, did cyber make the lights go out in Venezuela? \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/hkashfi\" target=\"_blank\" rel=\"nofollow noopener\"\u003eHamid Kashfi\u003c/a\u003e, \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/11KT2hDzyOlv3WdxyVfw9pjW2xV56p9dyACgqZenlDBk/edit?tab=t.0\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sponsor: Material Security\" rel=\"nofollow\" href=\"https://material.security/\"\u003eSponsor: Material Security\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"About Hamid Kashfi\" rel=\"nofollow\" href=\"https://www.darkcell.se/about\"\u003eAbout Hamid Kashfi\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Israel-Iran cyberwar: Predatory Sparrow, vanishing crypto, bank hacks\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/israel-iran-cyberwar-predatory-sparrow-vanishing-crypto-bank-hacks/\"\u003eIsrael-Iran cyberwar: Predatory Sparrow, vanishing crypto, bank hacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Venezuela strike marks a turning point for US cyber warfare\" rel=\"nofollow\" href=\"https://www.politico.com/news/2026/01/07/venezuela-us-cyber-warfare-00713507\"\u003eVenezuela strike marks a turning point for US cyber warfare\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"KittenBusters | CharmingKitten\" rel=\"nofollow\" href=\"https://github.com/KittenBusters/CharmingKitten\"\u003eKittenBusters | CharmingKitten\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Comprehensive Threat Intelligence Report: Charming Kitten\" rel=\"nofollow\" href=\"https://gist.github.com/Hamid-K#comprehensive-threat-intelligence-report-charming-kitten\"\u003eComprehensive Threat Intelligence Report: Charming Kitten\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Between Three Nerds: The evolution of Iranian cyber espionage\" rel=\"nofollow\" href=\"https://risky.biz/BTN148/\"\u003eBetween Three Nerds: The evolution of Iranian cyber espionage\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Trump says U.S. will hit Iran \u0026quot;very hard\u0026quot; if violence continues at protests\" rel=\"nofollow\" href=\"https://www.cbsnews.com/video/trump-says-us-will-hit-iran-very-hard-if-violence-continues-at-protests/\"\u003eTrump says U.S. will hit Iran \"very hard\" if violence continues at protests\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Venezuelan oil giant PVDSA hit by cyberattack\" rel=\"nofollow\" href=\"https://www.techradar.com/pro/security/venezuelan-oil-giant-pvdsa-hit-by-cyberattack-amid-us-conflict\"\u003eVenezuelan oil giant PVDSA hit by cyberattack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CIA cyberattacks targeting the Maduro regime didn’t satisfy Trump in his first term\" rel=\"nofollow\" href=\"https://edition.cnn.com/2025/10/29/politics/maduro-cyberattack-trump-cia\"\u003eCIA cyberattacks targeting the Maduro regime didn’t satisfy Trump in his first term\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Antiy Report on cyber operations in Venezuela\" rel=\"nofollow\" href=\"https://www.antiy.cn/research/notice\u0026amp;report/research_report/US_military_cyber_ops_in_Venezuela_spectrum_speculation-analysis.html\"\u003eAntiy Report on cyber operations in Venezuela\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Nationwide internet blackout reported in Iran\" rel=\"nofollow\" href=\"https://www.reuters.com/world/middle-east/iran-warns-suppliers-against-overpricing-or-hoarding-goods-2026-01-08/\"\u003eNationwide internet blackout reported in Iran\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices).\r\n\r\nThree Buddy Problem - Episode 80: Researcher Hamid Kashfi returns to unpack Iran’s latest unrest, separating economic reality from propaganda while examining how information control, cyber pressure, and state surveillance are shaping events on the ground. \r\n\r\nPlus, did cyber make the lights go out in Venezuela? \r\n\r\nCast: Hamid Kashfi, Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2026-01-09T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/e3dcead7-7b2e-4924-bde5-18c9ea6bd8e7.mp3","mime_type":"audio/mpeg","size_in_bytes":103702632,"duration_in_seconds":8035}]},{"id":"3e2f17a7-107f-4709-8697-d066d253fde2","title":"A special mailbag episode with book recommendations","url":"https://securityconversations.fireside.fm/mongobleed-ai-misuse-books-to-read-mailbag","content_text":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)\n\nThree Buddy Problem - Episode 79: We cover MongoBleed (CVE‑2025‑14847), exposed MongoDB deployments, and the sad realization that zero-day attacks are a normal, everyday occurrence. Plus, AI’s expanding role and misuse across products and workflows, proximity attacks against Bluetooth audio devices, spyware sanctions de-listings, and ransomware economics.\n\nIn a special mailbag segment, we give our book recommendations and respond to common questions from the listeners. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nSponsored by Material Security\nMongoDB Server Security Update (Dec 2025)\nCVE Record: CVE-2025-14847\nCensys on MongoBleed\nEuropean Space Agency hit by cyberattack\nSecurity pros plead guilty to ransomware \nUS removes sanctions for three execs tied to spyware maker Intellexa\nBluetooth Headphone Jacking: A Key to Your Phone \nDan Geer Black Hat 2015 keynote\nBook Review: Infected - A Candid Look at VirusTotal’s Birth and Legacy\nInfected: From Side Project to Google: The Journey Behind VirusTotal \nThe Human Factor (Inside the CIA's dysfunctional intelligence culture)\nA Killing Art: The Untold History of Tae Kwon Do\nThou Shall Prosper: Ten Commandments for Making Money\nCult of the Dead Cow (by Joseph Menn)\nThe Nvidia Way: Jensen Huang and the Making of a Tech Giant\nFrom Third World to First: The Singapore Story\nThinking in Systems (PDF)\nAI Superpowers: China, Silicon Valley, and the New World Order\nThe Denial of Death: Ernest Becker\nEnergy and Civilization: A History by Vaclav Smil\nDeepLearning.AI\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://material.security\" target=\"_blank\" rel=\"nofollow noopener\"\u003eMaterial Security\u003c/a\u003e: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 79\u003c/strong\u003e: We cover MongoBleed (CVE‑2025‑14847), exposed MongoDB deployments, and the sad realization that zero-day attacks are a normal, everyday occurrence. Plus, AI’s expanding role and misuse across products and workflows, proximity attacks against Bluetooth audio devices, spyware sanctions de-listings, and ransomware economics.\u003c/p\u003e\n\n\u003cp\u003eIn a special mailbag segment, we give our book recommendations and respond to common questions from the listeners. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/18T3pUHEZlaSS8CnjRBfeTTpYL9XG4xJaacMu-Z-QTmQ/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sponsored by Material Security\" rel=\"nofollow\" href=\"https://material.security/\"\u003eSponsored by Material Security\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"MongoDB Server Security Update (Dec 2025)\" rel=\"nofollow\" href=\"https://www.mongodb.com/company/blog/news/mongodb-server-security-update-december-2025\"\u003eMongoDB Server Security Update (Dec 2025)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CVE Record: CVE-2025-14847\" rel=\"nofollow\" href=\"https://www.cve.org/CVERecord?id=CVE-2025-14847\"\u003eCVE Record: CVE-2025-14847\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Censys on MongoBleed\" rel=\"nofollow\" href=\"https://docs.censys.com/changelog/december-29-2025\"\u003eCensys on MongoBleed\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"European Space Agency hit by cyberattack\" rel=\"nofollow\" href=\"https://www.theregister.com/2025/12/31/european_space_agency_hacked/\"\u003eEuropean Space Agency hit by cyberattack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Security pros plead guilty to ransomware \" rel=\"nofollow\" href=\"https://www.justice.gov/opa/pr/two-americans-plead-guilty-targeting-multiple-us-victims-using-alphv-blackcat-ransomware\"\u003eSecurity pros plead guilty to ransomware \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US removes sanctions for three execs tied to spyware maker Intellexa\" rel=\"nofollow\" href=\"https://therecord.media/treasury-sanctions-intellexa-removed\"\u003eUS removes sanctions for three execs tied to spyware maker Intellexa\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Bluetooth Headphone Jacking: A Key to Your Phone \" rel=\"nofollow\" href=\"https://media.ccc.de/v/39c3-bluetooth-headphone-jacking-a-key-to-your-phone\"\u003eBluetooth Headphone Jacking: A Key to Your Phone \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dan Geer Black Hat 2015 keynote\" rel=\"nofollow\" href=\"http://geer.tinho.net/geer.blackhat.6viii14.txt\"\u003eDan Geer Black Hat 2015 keynote\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Book Review: Infected - A Candid Look at VirusTotal’s Birth and Legacy\" rel=\"nofollow\" href=\"https://www.securityweek.com/book-review-infected-a-candid-look-at-virustotals-birth-and-legacy/\"\u003eBook Review: Infected - A Candid Look at VirusTotal’s Birth and Legacy\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Infected: From Side Project to Google: The Journey Behind VirusTotal \" rel=\"nofollow\" href=\"https://www.amazon.com/Infected-Project-Google-Journey-VirusTotal/dp/8409683660\"\u003eInfected: From Side Project to Google: The Journey Behind VirusTotal \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Human Factor (Inside the CIA\u0026#39;s dysfunctional intelligence culture)\" rel=\"nofollow\" href=\"https://www.encounterbooks.com/books/the-human-factor-inside-the-cias-dysfunctional-intelligence-culture/?srsltid=AfmBOooKdoaZJkHxT2kjEpF8xemImXcVk9w-OtqZ-c4MJRxoyYHB_jve\"\u003eThe Human Factor (Inside the CIA's dysfunctional intelligence culture)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"A Killing Art: The Untold History of Tae Kwon Do\" rel=\"nofollow\" href=\"https://akillingart.com/read-the-book/\"\u003eA Killing Art: The Untold History of Tae Kwon Do\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Thou Shall Prosper: Ten Commandments for Making Money\" rel=\"nofollow\" href=\"https://www.goodreads.com/book/show/944278.Thou_Shall_Prosper\"\u003eThou Shall Prosper: Ten Commandments for Making Money\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cult of the Dead Cow (by Joseph Menn)\" rel=\"nofollow\" href=\"https://pageaday.com/products/cult-of-the-dead-cow-9781541706118?srsltid=AfmBOoo_14mI_IdJhn7tohBg_w05Y0o0IT0UzLNrekwl_b5kwK-j8mUQ\"\u003eCult of the Dead Cow (by Joseph Menn)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Nvidia Way: Jensen Huang and the Making of a Tech Giant\" rel=\"nofollow\" href=\"https://www.goodreads.com/book/show/218319936-the-nvidia-way\"\u003eThe Nvidia Way: Jensen Huang and the Making of a Tech Giant\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"From Third World to First: The Singapore Story\" rel=\"nofollow\" href=\"https://www.goodreads.com/book/show/144409.From_Third_World_to_First\"\u003eFrom Third World to First: The Singapore Story\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Thinking in Systems (PDF)\" rel=\"nofollow\" href=\"https://research.fit.edu/media/site-specific/researchfitedu/coast-climate-adaptation-library/climate-communications/psychology-amp-behavior/Meadows-2008.-Thinking-in-Systems.pdf\"\u003eThinking in Systems (PDF)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AI Superpowers: China, Silicon Valley, and the New World Order\" rel=\"nofollow\" href=\"https://www.goodreads.com/book/show/38242135-ai-superpowers\"\u003eAI Superpowers: China, Silicon Valley, and the New World Order\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Denial of Death: Ernest Becker\" rel=\"nofollow\" href=\"https://www.amazon.com/Denial-Death-Ernest-Becker/dp/0684832402\"\u003eThe Denial of Death: Ernest Becker\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Energy and Civilization: A History by Vaclav Smil\" rel=\"nofollow\" href=\"https://www.goodreads.com/book/show/31850765-energy-and-civilization\"\u003eEnergy and Civilization: A History by Vaclav Smil\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DeepLearning.AI\" rel=\"nofollow\" href=\"https://www.deeplearning.ai/short-courses/claude-code-a-highly-agentic-coding-assistant/\"\u003eDeepLearning.AI\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices).\r\n\r\nThree Buddy Problem - Episode 79: We cover MongoBleed (CVE‑2025‑14847), exposed MongoDB deployments, and the sad realization that zero-day attacks are a normal, everyday occurrence. Plus, AI’s expanding role and misuse across products and workflows, proximity attacks against Bluetooth audio devices, spyware sanctions de-listings, and ransomware economics.\r\n\r\nIn a special mailbag segment, we give our book recommendations and respond to common questions from the listeners. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2026-01-02T13:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/3e2f17a7-107f-4709-8697-d066d253fde2.mp3","mime_type":"audio/mpeg","size_in_bytes":146032941,"duration_in_seconds":10875}]},{"id":"1137add6-e8ef-419f-9e3e-ddf5bd1ecefb","title":"Quiet Wins, Loud Failures: A Year-End Cybersecurity Reckoning","url":"https://securityconversations.fireside.fm/quiet-wins-loud-failures-yearend-awards","content_text":"(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)\n\nThree Buddy Problem - Episode 78: We close out the year with a no-budget, no-permission awards show, spotlighting the cybersecurity stories that actually mattered. \n\nPlus, a bizarre polygraph scandal at CISA, Chinese APT research dumps, ransomware pre-notification hiccups, foreign drone bans, and the growing gap between cyber theater and real operational value.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nThreatLocker Solutions\nActing CISA director failed a polygraph\nLANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices\nQianxin’s research on the CSDN watering hole attack\nViciousTrap - Turning edge devices into honeypots en masse\nAyySSHush: Tradecraft of an emergent ASUS botnet\nIntellexa’s Global Corporate Web (Recorded Future)\nFrozen in transit: Secret Blizzard’s AiTM hits embassies in Russia\nGitHub - KittenBusters/CharmingKitten\nBunnie Huang Black Hat keynote (YouTube)\nHow I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation\nDeepSeek Debates: Chinese Leadership On Cost, True Training Cost, Closed Model Margin Impacts\nBehind the Dismantling of Hezbollah \nIsrael Secretly Recruited Iranian Dissidents to Attack Iran From Within\nFollow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets\nCode Orange: Cloudflare resilience plan following recent incidents\nApple SEAR: Memory Integrity Enforcement\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://threatlocker.com/threebuddyproblem\" target=\"_blank\" rel=\"nofollow noopener\"\u003eThreatLocker\u003c/a\u003e: Allow what you need. Block everything else by default, including ransomware and rogue code.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 78\u003c/strong\u003e: We close out the year with a no-budget, no-permission awards show, spotlighting the cybersecurity stories that actually mattered. \u003c/p\u003e\n\n\u003cp\u003ePlus, a bizarre polygraph scandal at CISA, Chinese APT research dumps, ransomware pre-notification hiccups, foreign drone bans, and the growing gap between cyber theater and real operational value.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1uPUah0en4wBwUMpyQLWpSK26VZ4MeaQBtddaZQmwPec/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ThreatLocker Solutions\" rel=\"nofollow\" href=\"https://www.threatlocker.com/threebuddyproblem\"\u003eThreatLocker Solutions\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Acting CISA director failed a polygraph\" rel=\"nofollow\" href=\"https://www.politico.com/news/2025/12/21/cisa-acting-director-madhu-gottumukkala-polygraph-investigation-00701996\"\u003eActing CISA director failed a polygraph\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/\"\u003eLANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Qianxin’s research on the CSDN watering hole attack\" rel=\"nofollow\" href=\"https://mp.weixin.qq.com/s/qQw1DXE25Gkz_P8pEPVaHg\"\u003eQianxin’s research on the CSDN watering hole attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ViciousTrap - Turning edge devices into honeypots en masse\" rel=\"nofollow\" href=\"https://blog.sekoia.io/vicioustrap-infiltrate-control-lure-turning-edge-devices-into-honeypots-en-masse/\"\u003eViciousTrap - Turning edge devices into honeypots en masse\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AyySSHush: Tradecraft of an emergent ASUS botnet\" rel=\"nofollow\" href=\"https://www.labs.greynoise.io/grimoire/2025-03-28-ayysshush/?_ga=2.23890233.202841663.1766426904-1550568476.1766426904\"\u003eAyySSHush: Tradecraft of an emergent ASUS botnet\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Intellexa’s Global Corporate Web (Recorded Future)\" rel=\"nofollow\" href=\"https://www.recordedfuture.com/research/intellexas-global-corporate-web\"\u003eIntellexa’s Global Corporate Web (Recorded Future)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Frozen in transit: Secret Blizzard’s AiTM hits embassies in Russia\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/\"\u003eFrozen in transit: Secret Blizzard’s AiTM hits embassies in Russia\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"GitHub - KittenBusters/CharmingKitten\" rel=\"nofollow\" href=\"https://github.com/KittenBusters/CharmingKitten\"\u003eGitHub - KittenBusters/CharmingKitten\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Bunnie Huang Black Hat keynote (YouTube)\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=Nv92TuocnwA\"\u003eBunnie Huang Black Hat keynote (YouTube)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation\" rel=\"nofollow\" href=\"https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/\"\u003eHow I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DeepSeek Debates: Chinese Leadership On Cost, True Training Cost, Closed Model Margin Impacts\" rel=\"nofollow\" href=\"https://newsletter.semianalysis.com/p/deepseek-debates\"\u003eDeepSeek Debates: Chinese Leadership On Cost, True Training Cost, Closed Model Margin Impacts\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Behind the Dismantling of Hezbollah \" rel=\"nofollow\" href=\"https://archive.ph/xcBeL\"\u003eBehind the Dismantling of Hezbollah \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Israel Secretly Recruited Iranian Dissidents to Attack Iran From Within\" rel=\"nofollow\" href=\"https://www.propublica.org/article/israel-iran-war-mossad-iranian-recruits\"\u003eIsrael Secretly Recruited Iranian Dissidents to Attack Iran From Within\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets/\"\u003eFollow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Code Orange: Cloudflare resilience plan following recent incidents\" rel=\"nofollow\" href=\"https://blog.cloudflare.com/fail-small-resilience-plan/\"\u003eCode Orange: Cloudflare resilience plan following recent incidents\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple SEAR: Memory Integrity Enforcement\" rel=\"nofollow\" href=\"https://security.apple.com/blog/memory-integrity-enforcement/\"\u003eApple SEAR: Memory Integrity Enforcement\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code).\r\n\r\nThree Buddy Problem - Episode 78: We close out the year with a no-budget, no-permission awards show, spotlighting the cybersecurity stories that actually mattered. \r\n\r\nPlus, a bizarre polygraph scandal at CISA, Chinese APT research dumps, ransomware pre-notification hiccups, foreign drone bans, and the growing gap between cyber theater and real operational value. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2025-12-26T16:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1137add6-e8ef-419f-9e3e-ddf5bd1ecefb.mp3","mime_type":"audio/mpeg","size_in_bytes":159884829,"duration_in_seconds":11944}]},{"id":"7c985910-acfc-4782-aa15-94055ff20afc","title":"What's behind US gov push to 'privatize' offensive cyber operations?","url":"https://securityconversations.fireside.fm/us-gov-privatization-of-cyber-operations","content_text":"(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)\n\nThree Buddy Problem - Episode 77: New React2Shell data from Microsoft, fresh Apple and Cisco zero-days already in the wild, and state-linked campaigns from Russia and China that show a merging of espionage, crime, and infrastructure disruption.\n\nPlus, the US government's push to enlist private firms in offensive hacking, letters of marque for cartels, new discovery of spyware used against journalists in Belarus, and Amazon catching North Koreans via keystroke latency.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:ThreatLocker Solutions \nTranscript (unedited, AI-generated)\nTrump Admin Turning to Private Firms in Cyber Offensive\nMicrosoft on React2Shell\nReact2Shell and OpenAI (shoutout Andrew MacPherson)\nApple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw\niOS 26.2 Security Patches\nReporters Without Borders uncovers new spyware from Belarus\nCisco Talos on Cisco 0day attacks\nHack of Chinese state time center hints at U.S. advanced missile defense\nAmazon on Russian APT targeting Western critical infrastructure\nNorth Korean infiltrator caught in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location\nTracing a Paper Werewolf campaign through AI-generated decoys and Excel XLLs\nRussian defense firms targeted by hackers using AI\nTLPBLACK looks back at 2025\nInside Google's basement in Malaga: ChatGPT of Cybersecurity\nGitHub - xdanx/open-klara: Open KLara Project\nGepetto Web\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://threatlocker.com/threebuddyproblem\" target=\"_blank\" rel=\"nofollow noopener\"\u003eThreatLocker\u003c/a\u003e: Allow what you need. Block everything else by default, including ransomware and rogue code.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 77\u003c/strong\u003e: New React2Shell data from Microsoft, fresh Apple and Cisco zero-days already in the wild, and state-linked campaigns from Russia and China that show a merging of espionage, crime, and infrastructure disruption.\u003c/p\u003e\n\n\u003cp\u003ePlus, the US government's push to enlist private firms in offensive hacking, letters of marque for cartels, new discovery of spyware used against journalists in Belarus, and Amazon catching North Koreans via keystroke latency.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"ThreatLocker Solutions \" rel=\"nofollow\" href=\"https://www.threatlocker.com/threebuddyproblem\"\u003eThreatLocker Solutions \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1DHHlaWwcW0CyTEEO6anEDavihfIqb7sxklsdXJzBNEQ/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Trump Admin Turning to Private Firms in Cyber Offensive\" rel=\"nofollow\" href=\"https://archive.ph/GIb8s\"\u003eTrump Admin Turning to Private Firms in Cyber Offensive\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft on React2Shell\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2025/12/15/defending-against-the-cve-2025-55182-react2shell-vulnerability-in-react-server-components/\"\u003eMicrosoft on React2Shell\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"React2Shell and OpenAI (shoutout Andrew MacPherson)\" rel=\"nofollow\" href=\"https://openai.com/index/introducing-gpt-5-2-codex/\"\u003eReact2Shell and OpenAI (shoutout Andrew MacPherson)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw\" rel=\"nofollow\" href=\"https://www.securityweek.com/apple-patches-two-zero-days-tied-to-mysterious-exploited-chrome-flaw/\"\u003eApple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"iOS 26.2 Security Patches\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/125884\"\u003eiOS 26.2 Security Patches\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Reporters Without Borders uncovers new spyware from Belarus\" rel=\"nofollow\" href=\"https://rsf.org/en/exclusive-rsf-uncovers-new-spyware-belarus\"\u003eReporters Without Borders uncovers new spyware from Belarus\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cisco Talos on Cisco 0day attacks\" rel=\"nofollow\" href=\"https://blog.talosintelligence.com/uat-9686/\"\u003eCisco Talos on Cisco 0day attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Hack of Chinese state time center hints at U.S. advanced missile defense\" rel=\"nofollow\" href=\"https://www.washingtontimes.com/news/2025/dec/17/hack-chinese-state-time-center-hints-us-advanced-missile-defense/\"\u003eHack of Chinese state time center hints at U.S. advanced missile defense\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Amazon on Russian APT targeting Western critical infrastructure\" rel=\"nofollow\" href=\"https://aws.amazon.com/blogs/security/amazon-threat-intelligence-identifies-russian-cyber-threat-group-targeting-western-critical-infrastructure/\"\u003eAmazon on Russian APT targeting Western critical infrastructure\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"North Korean infiltrator caught in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location\" rel=\"nofollow\" href=\"https://www.tomshardware.com/tech-industry/cyber-security/north-korean-infiltrator-caught-working-in-amazon-it-department-thanks-to-lag-110ms-keystroke-input-raises-red-flags-over-true-location\"\u003eNorth Korean infiltrator caught in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Tracing a Paper Werewolf campaign through AI-generated decoys and Excel XLLs\" rel=\"nofollow\" href=\"https://intezer.com/blog/tracing-a-paper-werewolf-campaign-through-ai-generated-decoys-and-excel-xlls/\"\u003eTracing a Paper Werewolf campaign through AI-generated decoys and Excel XLLs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian defense firms targeted by hackers using AI\" rel=\"nofollow\" href=\"https://www.reuters.com/world/europe/russian-defense-firms-targeted-by-hackers-using-ai-other-tactics-2025-12-19/\"\u003eRussian defense firms targeted by hackers using AI\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK looks back at 2025\" rel=\"nofollow\" href=\"https://tlpblack.net/blog/20251218-cybersecurity-year-in-review\"\u003eTLPBLACK looks back at 2025\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Inside Google\u0026#39;s basement in Malaga: ChatGPT of Cybersecurity\" rel=\"nofollow\" href=\"https://www.surinenglish.com/malaga/malaga-city/inside-googles-basement-malaga-bernardo-quintero-and-20250929151803-nt.html\"\u003eInside Google's basement in Malaga: ChatGPT of Cybersecurity\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"GitHub - xdanx/open-klara: Open KLara Project\" rel=\"nofollow\" href=\"https://github.com/xdanx/open-klara\"\u003eGitHub - xdanx/open-klara: Open KLara Project\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Gepetto Web\" rel=\"nofollow\" href=\"https://blog.kwiatkowski.fr/gepetto-web\"\u003eGepetto Web\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code).\r\n\r\nThree Buddy Problem - Episode 77: New React2Shell data from Microsoft, fresh Apple and Cisco zero-days already in the wild, and state-linked campaigns from Russia and China that show a merging of espionage, crime, and infrastructure disruption.\r\n\r\nPlus, the US government's push to enlist private firms in offensive hacking, letters of marque for cartels, new discovery of spyware used against journalists in Belarus, and Amazon catching North Koreans via keystroke latency.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2025-12-20T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/7c985910-acfc-4782-aa15-94055ff20afc.mp3","mime_type":"audio/mpeg","size_in_bytes":98212017,"duration_in_seconds":7317}]},{"id":"19aa0c04-e5f9-41d8-aaf1-ff63afa670c2","title":"Legal corruption, React2Shell exploitation, dual-use AI risks","url":"https://securityconversations.fireside.fm/legal-corruption-react2shell-dual-use-ai","content_text":"(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)\n\nThree Buddy Problem - Episode 76: On the show this week, Costin walks through how a single Romanian documentary kick-started nationwide protests, exposing how corruption can be perfectly legal when the law itself is gamed, and why this moment feels different, darker, and more consequential than past flare-ups. \n\nPlus, news on the React-to-Shell exploitation wave overwhelming the internet, why patching is structurally hard, and how APTs and criminals are converging on the same fragile dependency chain. Along the way, they take aim at Microsoft’s shrinking transparency, the limits of vendor trust, and what it really means when defenders are told (again) to just patch and pray.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nThreatLocker : A security platform that prevents ransomware\nThe Anatomy of a React2Shell Compromise (TLPBLACK)\nCVE-2025-55182 Analysis Report (GreyNoise)\nExploitation of Critical Vulnerability in React Server Components\nPeerBlight Linux Backdoor Exploits React2Shell (Huntress)\nPatch Tuesday round-up (ZDI)\nHow Two Hackers Went From Cisco Academy to Cisco CVEs\nTwo Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’ \nOpenAI on dual-use AI risks\nHamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite\nDOJ Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups\nMicrosoft paying bounties for vulns in third-party code\nCybersecurity 2026 Predictions (SentinelLABS)\nDakota Cary is in the \"anti-China Chorus\"\nComparing AI Agents to Cybersecurity Professionals in Real-World Penetration Testing\nAutomated React2Shell vulnerability patching is now available - Vercel\nComputer Olympiad enters new era as IITPSA hands over to Thinkst Applied Research\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://threatlocker.com/threebuddyproblem\" target=\"_blank\" rel=\"nofollow noopener\"\u003eThreatLocker\u003c/a\u003e: Allow what you need. Block everything else by default, including ransomware and rogue code.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 76\u003c/strong\u003e: On the show this week, Costin walks through how a single Romanian documentary kick-started nationwide protests, exposing how corruption can be perfectly legal when the law itself is gamed, and why this moment feels different, darker, and more consequential than past flare-ups. \u003c/p\u003e\n\n\u003cp\u003ePlus, news on the React-to-Shell exploitation wave overwhelming the internet, why patching is structurally hard, and how APTs and criminals are converging on the same fragile dependency chain. Along the way, they take aim at Microsoft’s shrinking transparency, the limits of vendor trust, and what it really means when defenders are told (again) to just patch and pray.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1QvJifziSlBUyaXKXsXw3-hdK5nXZpyi8ucx1YSr60gE/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ThreatLocker : A security platform that prevents ransomware\" rel=\"nofollow\" href=\"https://www.threatlocker.com/threebuddyproblem\"\u003eThreatLocker : A security platform that prevents ransomware\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Anatomy of a React2Shell Compromise (TLPBLACK)\" rel=\"nofollow\" href=\"https://tlpblack.net/blog/20251209-the-anatomy-of-a-react2shell-compromise\"\u003eThe Anatomy of a React2Shell Compromise (TLPBLACK)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CVE-2025-55182 Analysis Report (GreyNoise)\" rel=\"nofollow\" href=\"https://react2025cve-analysis.pages.dev/\"\u003eCVE-2025-55182 Analysis Report (GreyNoise)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Exploitation of Critical Vulnerability in React Server Components\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/cve-2025-55182-react-and-CVE-2025-66478-next/\"\u003eExploitation of Critical Vulnerability in React Server Components\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PeerBlight Linux Backdoor Exploits React2Shell (Huntress)\" rel=\"nofollow\" href=\"https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shell\"\u003ePeerBlight Linux Backdoor Exploits React2Shell (Huntress)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Patch Tuesday round-up (ZDI)\" rel=\"nofollow\" href=\"https://www.zerodayinitiative.com/blog/2025/12/9/the-december-2025-security-update-review\"\u003ePatch Tuesday round-up (ZDI)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How Two Hackers Went From Cisco Academy to Cisco CVEs\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/malicious-apprentice-how-two-hackers-went-from-cisco-academy-to-cisco-cves/\"\u003eHow Two Hackers Went From Cisco Academy to Cisco CVEs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Two Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’ \" rel=\"nofollow\" href=\"https://archive.ph/bpdaU\"\u003eTwo Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’ \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OpenAI on dual-use AI risks\" rel=\"nofollow\" href=\"https://openai.com/index/strengthening-cyber-resilience/\"\u003eOpenAI on dual-use AI risks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/hamas-affiliate-ashen-lepus-uses-new-malware-suite-ashtag/\"\u003eHamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DOJ Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups\" rel=\"nofollow\" href=\"https://www.justice.gov/opa/pr/justice-department-announces-actions-combat-two-russian-state-sponsored-cyber-criminal\"\u003eDOJ Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft paying bounties for vulns in third-party code\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/msrc/blog/2025/12/in-scope-by-default\"\u003eMicrosoft paying bounties for vulns in third-party code\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cybersecurity 2026 Predictions (SentinelLABS)\" rel=\"nofollow\" href=\"https://www.sentinelone.com/blog/cybersecurity-2026-the-year-ahead-in-ai-adversaries-and-global-change/\"\u003eCybersecurity 2026 Predictions (SentinelLABS)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dakota Cary is in the \u0026quot;anti-China Chorus\u0026quot;\" rel=\"nofollow\" href=\"https://www.linkedin.com/posts/dakotacary_thanks-for-the-love-china-happy-to-be-part-activity-7402094307261706240-Bjr6/\"\u003eDakota Cary is in the \"anti-China Chorus\"\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Comparing AI Agents to Cybersecurity Professionals in Real-World Penetration Testing\" rel=\"nofollow\" href=\"https://arxiv.org/abs/2512.09882\"\u003eComparing AI Agents to Cybersecurity Professionals in Real-World Penetration Testing\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Automated React2Shell vulnerability patching is now available - Vercel\" rel=\"nofollow\" href=\"https://vercel.com/changelog/automated-react2shell-vulnerability-patching-is-now-available\"\u003eAutomated React2Shell vulnerability patching is now available - Vercel\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Computer Olympiad enters new era as IITPSA hands over to Thinkst Applied Research\" rel=\"nofollow\" href=\"https://www.itweb.co.za/article/computer-olympiad-enters-new-era-as-iitpsa-hands-over-to-thinkst-applied-research/j5alrMQALdWMpYQk\"\u003eComputer Olympiad enters new era as IITPSA hands over to Thinkst Applied Research\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code).\r\n\r\nThree Buddy Problem - Episode 76: On the show this week, Costin walks through how a single Romanian documentary kick-started nationwide protests, exposing how corruption can be perfectly legal when the law itself is gamed, and why this moment feels different, darker, and more consequential than past flare-ups. \r\n\r\nPlus, news on the React-to-Shell exploitation wave overwhelming the internet, why patching is structurally hard, and how APTs and criminals are converging on the same fragile dependency chain. Along the way, they take aim at Microsoft’s shrinking transparency, the limits of vendor trust, and what it really means when defenders are told (again) to just patch and pray.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2025-12-11T00:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/19aa0c04-e5f9-41d8-aaf1-ff63afa670c2.mp3","mime_type":"audio/mpeg","size_in_bytes":109850621,"duration_in_seconds":7945}]},{"id":"e6afdf9b-3a12-408d-a9c0-59ed0c3b899a","title":"APTs pounce on React2Shell; BRICKSTORM backdoors; .gov surveillance","url":"https://securityconversations.fireside.fm/react2shell-group78-brickstorm-ai-smart-contract","content_text":"(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)\n\nThree Buddy Problem - Episode 75: We dig into a CVSS 10/10 unauthenticated RCE bug causing chaos across the internet and early signs that Chinese APTs are already launching exploits, the cascading patch chaos, and a long tail of malware intrusions to come.\n\nPlus, commentary on Chrome’s telemetry collection, Microsoft and the \"SFI success story,\" newest BRICKSTORM backdoor intrusions, the US national security strategy, Anthropic's AI popping smart-contract bugs, a secret FBI ransomware-hunting unit getting weird, and a pair of sad stories in the security community.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nThreatLocker\n — Meet the cybersecurity platform that prevents ransomware\nAn essay by Vess\nRIP Stealth\nGoogle Goodbye to the Chrome Cleanup Tool\nUS National Security Strategy (PDF)\nCritical Security Vulnerability in React Server Components (CVE-2025-55182) \nChinese threat groups rapidly exploit React2Shell vuln\nAWS MadPot\nBRICKSTORM Backdoor (PDF)\nWARP PANDA: A New Sophisticated China-Nexus Adversary\nMeet Group 78, the secret US task force that fights cybercriminals\nRecorded Future: Intellexa’s Global Corporate Web\nIntellexa’s Prolific Zero-Day Exploits Continue\nTo Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware\nApple, Google send new round of threat notifications to users around world\nCalisto Targets Reporters Without Borders in Phishing Campaign\nAnthropic AI agents find $4.6M in blockchain smart contract exploits\nLazarus hack largest South Korean crypto exchange\nEU countries reach breakthrough on chat-scanning law despite intense pushback\nThe Denial of Death - by Ernest Becker\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://threatlocker.com/threebuddyproblem\" target=\"_blank\" rel=\"nofollow noopener\"\u003eThreatLocker\u003c/a\u003e: Allow what you need. Block everything else by default, including ransomware and rogue code.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 75\u003c/strong\u003e: We dig into a CVSS 10/10 unauthenticated RCE bug causing chaos across the internet and early signs that Chinese APTs are already launching exploits, the cascading patch chaos, and a long tail of malware intrusions to come.\u003c/p\u003e\n\n\u003cp\u003ePlus, commentary on Chrome’s telemetry collection, Microsoft and the \"SFI success story,\" newest BRICKSTORM backdoor intrusions, the US national security strategy, Anthropic's AI popping smart-contract bugs, a secret FBI ransomware-hunting unit getting weird, and a pair of sad stories in the security community.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1DZ0EOVM_wbkXbdlKkiSsf1PpbjYqBTAcJLAxnO2TeYU/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ThreatLocker\" rel=\"nofollow\" href=\"https://www.threatlocker.com/threebuddyproblem\"\u003eThreatLocker\n\u003c/a\u003e \u0026mdash; Meet the cybersecurity platform that prevents ransomware\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"An essay by Vess\" rel=\"nofollow\" href=\"https://bontchev.nlcv.bas.bg/bye.html\"\u003eAn essay by Vess\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"RIP Stealth\" rel=\"nofollow\" href=\"https://www.thc.org/404/stealth/eulogy.txt\"\u003eRIP Stealth\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google Goodbye to the Chrome Cleanup Tool\" rel=\"nofollow\" href=\"https://security.googleblog.com/2023/03/thank-you-and-goodbye-to-chrome-cleanup.html\"\u003eGoogle Goodbye to the Chrome Cleanup Tool\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US National Security Strategy (PDF)\" rel=\"nofollow\" href=\"https://www.whitehouse.gov/wp-content/uploads/2025/12/2025-National-Security-Strategy.pdf\"\u003eUS National Security Strategy (PDF)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Critical Security Vulnerability in React Server Components (CVE-2025-55182) \" rel=\"nofollow\" href=\"https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components\"\u003eCritical Security Vulnerability in React Server Components (CVE-2025-55182) \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chinese threat groups rapidly exploit React2Shell vuln\" rel=\"nofollow\" href=\"https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/\"\u003eChinese threat groups rapidly exploit React2Shell vuln\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AWS MadPot\" rel=\"nofollow\" href=\"https://aws.amazon.com/blogs/security/how-aws-tracks-the-clouds-biggest-security-threats-and-helps-shut-them-down/\"\u003eAWS MadPot\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"BRICKSTORM Backdoor (PDF)\" rel=\"nofollow\" href=\"https://media.defense.gov/2025/Dec/04/2003834878/-1/-1/0/MALWARE-ANALYSIS-REPORT-BRICKSTORM-BACKDOOR.PDF\"\u003eBRICKSTORM Backdoor (PDF)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"WARP PANDA: A New Sophisticated China-Nexus Adversary\" rel=\"nofollow\" href=\"https://www.crowdstrike.com/en-us/blog/warp-panda-cloud-threats/\"\u003eWARP PANDA: A New Sophisticated China-Nexus Adversary\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Meet Group 78, the secret US task force that fights cybercriminals\" rel=\"nofollow\" href=\"https://archive.vn/UKEmz\"\u003eMeet Group 78, the secret US task force that fights cybercriminals\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Recorded Future: Intellexa’s Global Corporate Web\" rel=\"nofollow\" href=\"https://www.recordedfuture.com/research/intellexas-global-corporate-web\"\u003eRecorded Future: Intellexa’s Global Corporate Web\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Intellexa’s Prolific Zero-Day Exploits Continue\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/intellexa-zero-day-exploits-continue\"\u003eIntellexa’s Prolific Zero-Day Exploits Continue\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware\" rel=\"nofollow\" href=\"https://securitylab.amnesty.org/latest/2025/12/intellexa-leaks-predator-spyware-operations-exposed/\"\u003eTo Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple, Google send new round of threat notifications to users around world\" rel=\"nofollow\" href=\"https://www.reuters.com/technology/apple-sent-new-round-cyber-threat-notifications-users-84-countries-2025-12-05/\"\u003eApple, Google send\u0026nbsp;new round of threat notifications to users around world\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Calisto Targets Reporters Without Borders in Phishing Campaign\" rel=\"nofollow\" href=\"https://blog.sekoia.io/ngo-reporters-without-borders-targeted-by-calisto-in-recent-campaign/\"\u003eCalisto Targets Reporters Without Borders in Phishing Campaign\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anthropic AI agents find $4.6M in blockchain smart contract exploits\" rel=\"nofollow\" href=\"https://red.anthropic.com/2025/smart-contracts/\"\u003eAnthropic AI agents find $4.6M in blockchain smart contract exploits\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Lazarus hack largest South Korean crypto exchange\" rel=\"nofollow\" href=\"https://upbit.com/service_center/notice?id=5800\u0026amp;view=share\"\u003eLazarus hack largest South Korean crypto exchange\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"EU countries reach breakthrough on chat-scanning law despite intense pushback\" rel=\"nofollow\" href=\"https://www.euractiv.com/news/eu-countries-reach-breakthrough-on-chat-scanning-law-despite-intense-pushback/\"\u003eEU countries reach breakthrough on chat-scanning law despite intense pushback\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Denial of Death - by Ernest Becker\" rel=\"nofollow\" href=\"https://www.goodreads.com/book/show/2761.The_Denial_of_Death\"\u003eThe Denial of Death - by Ernest Becker\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code).\r\n\r\nThree Buddy Problem - Episode 75: We dig into a CVSS 10/10 unauthenticated RCE bug causing chaos across the internet and early signs that Chinese APTs are already launching exploits, the cascading patch chaos, and a long tail of malware intrusions to come.\r\n\r\nPlus, commentary on Chrome’s telemetry collection, Microsoft and the \"SFI success story,\" newest BRICKSTORM backdoor intrusions, the US national security strategy, Anthropic's AI popping smart-contract bugs, a secret FBI ransomware-hunting unit getting weird, and a pair of sad stories in the security community.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2025-12-06T10:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/e6afdf9b-3a12-408d-a9c0-59ed0c3b899a.mp3","mime_type":"audio/mpeg","size_in_bytes":80166900,"duration_in_seconds":6104}]},{"id":"7c947947-5644-4334-baea-80d629cfb457","title":"Shai-Hulud 2.0, Russia GRU Intrusions, and Microsoft’s Regulatory Capture","url":"https://securityconversations.fireside.fm/regulatory-retreats-russian-ai-fault-line","content_text":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)\n\nThree Buddy Problem - Episode 74: We attempt to parse the rumor-fog around Microsoft’s CISO at CYBERWARCON and what it reveals about the company’s shifting posture on intel sharing, regulation, and its outsized grip on the security ecosystem. Plus, coverage of the Shai-Hulud npm supply-chain mess, CISA’s mobile spyware guidance, NSO’s legal contortions, a sharp new GRU-linked intrusion from Arctic Wolf.\n\nWe also discuss the FCC retreating on telco security rules, and the emerging AI arms race shaping how cloud giants hunt threats and how Washington misunderstands all of it.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nMicrosoft CISO LinkedIn comments\nShai Hulud 2.0 Strikes Again\nWiz: Sha1-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposed\nCISA guidance on mobile spyware on iOS, Android\nNSO Group argues WhatsApp injunction threatens existence\nArctic Wolf: Russian APT targets U.S. Companies Supporting Ukraine\nFCC revokes telecom cybersecurity rules after Salt Typhoon hacks\nFCC Chairman statement on removing telco rules\nAmazon Is Using Specialized AI Agents for Deep Bug Hunting\nAnthropic CEO called to testify on AI cyber threats\nTLPBLACK\nMaterial Security (Book a demo)\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://material.security\" target=\"_blank\" rel=\"nofollow noopener\"\u003eMaterial Security\u003c/a\u003e: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 74\u003c/strong\u003e: We attempt to parse the rumor-fog around Microsoft’s CISO at CYBERWARCON and what it reveals about the company’s shifting posture on intel sharing, regulation, and its outsized grip on the security ecosystem. Plus, coverage of the Shai-Hulud npm supply-chain mess, CISA’s mobile spyware guidance, NSO’s legal contortions, a sharp new GRU-linked intrusion from Arctic Wolf.\u003c/p\u003e\n\n\u003cp\u003eWe also discuss the FCC retreating on telco security rules, and the emerging AI arms race shaping how cloud giants hunt threats and how Washington misunderstands all of it.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1t0o3sQmcv3EUJyMZCM25MH3SPB4cFAhVfB3qMvwvOQ4/edit?tab=t.0\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft CISO LinkedIn comments\" rel=\"nofollow\" href=\"https://www.linkedin.com/posts/igor-tsyganskiy-9385951_last-week-at-cyberwarcon-i-gave-a-short-activity-7398088148834086912-_Y1A/?utm_source=share\u0026amp;utm_medium=member_ios\u0026amp;rcm=ACoAAAAfLqABykGPZb2fgxnSm0cjGdhFUlQg658\"\u003eMicrosoft CISO LinkedIn comments\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Shai Hulud 2.0 Strikes Again\" rel=\"nofollow\" href=\"https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains\"\u003eShai Hulud 2.0 Strikes Again\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Wiz: Sha1-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposed\" rel=\"nofollow\" href=\"https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack\"\u003eWiz: Sha1-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposed\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA guidance on mobile spyware on iOS, Android\" rel=\"nofollow\" href=\"https://www.cisa.gov/sites/default/files/2025-11/guidance-mobile-communications-best-practices-20251124_508c.pdf\"\u003eCISA guidance on mobile spyware on iOS, Android\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NSO Group argues WhatsApp injunction threatens existence\" rel=\"nofollow\" href=\"https://cyberscoop.com/nso-group-whatsapp-injunction-appeal/\"\u003eNSO Group argues WhatsApp injunction threatens existence\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Arctic Wolf: Russian APT targets U.S. Companies Supporting Ukraine\" rel=\"nofollow\" href=\"https://arcticwolf.com/resources/blog/romcom-utilizing-socgholish-to-deliver-mythic-agent-to-usa-companies-supporting-ukraine/\"\u003eArctic Wolf: Russian APT targets U.S. Companies Supporting Ukraine\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"FCC revokes telecom cybersecurity rules after Salt Typhoon hacks\" rel=\"nofollow\" href=\"https://www.axios.com/2025/11/20/fcc-telecom-cybersecurity-rules-vote\"\u003eFCC revokes telecom cybersecurity rules after Salt Typhoon hacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"FCC Chairman statement on removing telco rules\" rel=\"nofollow\" href=\"https://www.fcc.gov/news-events/blog/2025/10/29/halloween-treats\"\u003eFCC Chairman statement on removing telco rules\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Amazon Is Using Specialized AI Agents for Deep Bug Hunting\" rel=\"nofollow\" href=\"https://archive.ph/Vq28p\"\u003eAmazon Is Using Specialized AI Agents for Deep Bug Hunting\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anthropic CEO called to testify on AI cyber threats\" rel=\"nofollow\" href=\"https://www.axios.com/2025/11/26/anthropic-google-cloud-quantum-xchange-house-homeland-hearing\"\u003eAnthropic CEO called to testify on AI cyber threats\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Material Security (Book a demo)\" rel=\"nofollow\" href=\"https://material.security/product\"\u003eMaterial Security (Book a demo)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices).\r\n\r\nThree Buddy Problem - Episode 74: We attempt to parse the rumor-fog around Microsoft’s CISO at CYBERWARCON and what it reveals about the company’s shifting posture on intel sharing, regulation, and its outsized grip on the security ecosystem. Plus, coverage of the Shai-Hulud npm supply-chain mess, CISA’s mobile spyware guidance, NSO’s legal contortions, a sharp new GRU-linked intrusion from Arctic Wolf.\r\n\r\nWe also discuss the FCC retreating on telco security rules, and the emerging AI arms race shaping how cloud giants hunt threats and how Washington misunderstands all of it.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2025-11-29T11:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/7c947947-5644-4334-baea-80d629cfb457.mp3","mime_type":"audio/mpeg","size_in_bytes":97441193,"duration_in_seconds":7032}]},{"id":"31f838fc-0034-4c68-9a05-ee1c232837dc","title":"Gemini 3 reactions, Fortinet/Chrome zero-days, a Cloudflare monoculture and a billion-dollar crypto twist","url":"https://securityconversations.fireside.fm/cyberwarcon-fortinet-chrome-zeroday-gemini","content_text":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)\n\nThree Buddy Problem - Episode 73: The buddies react to Google’s release of Gemini 3 and its early performance, new Chrome interface changes landing on users’ machines, and major highlights from CYBERWARCON. We revisit the long-running debate over APT naming conventions, examine Amazon’s latest threat-intel reporting on Iranian activity, and walk through the Cloudflare outage that briefly knocked chunks of the internet offline. \n\nPlus, new APT reports from ESET, Positive Technologies, and SecurityScorecard, and China's CN-CERT (now validated claim) that the U.S. government seized billions in Bitcoin tied to the Lubian mining-pool hack. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Material Security -- Stop Attacks, Secure Data \nTranscript (unedited, AI-generated)\nWhy Microsoft Needs to Split Windows in Two\nCYBERWARCON agenda\nAmazon: Nation-state actors bridging cyber and kinetic warfare\nCyber Warfare Startup Nabs Contracts to Give US Military Hackers AI Tools\nFortinet documents 0day attacks\nFortinet CVE-2025-64446 Under Active Attack\nGoogle Chrome zero-day exploited\nCloudflare statement on outage on November 18, 2025\nCloudflare just got faster and more secure, powered by Rust\nRussian alleged cyber-hacker faces extradition to US after arrest in Thailand\nRussian detained over connection to Void Blizzard attacks\nPositive Technologies: Attacks of the Striking Panda\nPlushDaemon compromises network devices for adversary-in-the-middle attacks\nPlushDaemon compromises supply chain of Korean VPN service\nASUS Routers Hijacked in Global 'WrtHug' Operation\nArkham on Bitcoin Chen Zhi seized funds\nUS DOJ $15 Billion Bitcoin Indictment\nTLPBLACK\nPIVOTcon 2026\nRE//verse Conference\nThe Age of Disclosure (Prime Video)\nAmazon.com: Bullshit Jobs\n","content_html":"\u003cp\u003e(\u003cem\u003ePresented by \u003ca href=\"https://material.security\" target=\"_blank\" rel=\"nofollow noopener\"\u003eMaterial Security\u003c/a\u003e: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 73\u003c/strong\u003e: The buddies react to Google’s release of Gemini 3 and its early performance, new Chrome interface changes landing on users’ machines, and major highlights from CYBERWARCON. We revisit the long-running debate over APT naming conventions, examine Amazon’s latest threat-intel reporting on Iranian activity, and walk through the Cloudflare outage that briefly knocked chunks of the internet offline. \u003c/p\u003e\n\n\u003cp\u003ePlus, new APT reports from ESET, Positive Technologies, and SecurityScorecard, and China's CN-CERT (now validated claim) that the U.S. government seized billions in Bitcoin tied to the Lubian mining-pool hack. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Material Security -- Stop Attacks, Secure Data \" rel=\"nofollow\" href=\"https://material.security/product\"\u003eMaterial Security -- Stop Attacks, Secure Data \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1se0fiX0sXOEpp5I6NiQJYfcji4_6b0uowkHl2sv8vuU/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Why Microsoft Needs to Split Windows in Two\" rel=\"nofollow\" href=\"https://medium.com/@costin.raiu/is-it-time-for-a-divorce-why-microsoft-needs-to-split-windows-in-two-29a46b0621b6?postPublishedType=initial\"\u003eWhy Microsoft Needs to Split Windows in Two\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CYBERWARCON agenda\" rel=\"nofollow\" href=\"https://www.cyberwarcon.com/agenda-25\"\u003eCYBERWARCON agenda\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Amazon: Nation-state actors bridging cyber and kinetic warfare\" rel=\"nofollow\" href=\"https://aws.amazon.com/blogs/security/new-amazon-threat-intelligence-findings-nation-state-actors-bridging-cyber-and-kinetic-warfare/\"\u003eAmazon: Nation-state actors bridging cyber and kinetic warfare\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cyber Warfare Startup Nabs Contracts to Give US Military Hackers AI Tools\" rel=\"nofollow\" href=\"https://archive.ph/YXh8Y\"\u003eCyber Warfare Startup Nabs Contracts to Give US Military Hackers AI Tools\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fortinet documents 0day attacks\" rel=\"nofollow\" href=\"https://fortiguard.fortinet.com/psirt/FG-IR-25-513\"\u003eFortinet documents 0day attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fortinet CVE-2025-64446 Under Active Attack\" rel=\"nofollow\" href=\"https://decipher.sc/2025/11/17/fortinet-cve-2025-64446-under-active-attack/\"\u003eFortinet CVE-2025-64446 Under Active Attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google Chrome zero-day exploited\" rel=\"nofollow\" href=\"https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html\"\u003eGoogle Chrome zero-day exploited\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cloudflare statement on outage on November 18, 2025\" rel=\"nofollow\" href=\"https://blog.cloudflare.com/18-november-2025-outage/\"\u003eCloudflare statement on outage on November 18, 2025\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cloudflare just got faster and more secure, powered by Rust\" rel=\"nofollow\" href=\"https://blog.cloudflare.com/20-percent-internet-upgrade/\"\u003eCloudflare just got faster and more secure, powered by Rust\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian alleged cyber-hacker faces extradition to US after arrest in Thailand\" rel=\"nofollow\" href=\"https://edition.cnn.com/2025/11/15/asia/denis-obrezko-russia-hacker-thailand-void-blizzard\"\u003eRussian alleged cyber-hacker faces extradition to US after arrest in Thailand\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian detained over connection to Void Blizzard attacks\" rel=\"nofollow\" href=\"https://repoct.org/news/105205-ekc-sotrudnik_akademii_kriptografii_fsb_i_laboratorii_kasperskogo_zaderhan_v_tailande_po_delu_o_hakerskoj_gruppe_void_bl\"\u003eRussian detained over connection to Void Blizzard attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Positive Technologies: Attacks of the Striking Panda\" rel=\"nofollow\" href=\"https://ptsecurity.com/research/pt-esc-threat-intelligence/striking-panda-attacks-apt31-today/\"\u003ePositive Technologies: Attacks of the Striking Panda\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PlushDaemon compromises network devices for adversary-in-the-middle attacks\" rel=\"nofollow\" href=\"https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/\"\u003ePlushDaemon compromises network devices for adversary-in-the-middle attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PlushDaemon compromises supply chain of Korean VPN service\" rel=\"nofollow\" href=\"https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/\"\u003ePlushDaemon compromises supply chain of Korean VPN service\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ASUS Routers Hijacked in Global \u0026#39;WrtHug\u0026#39; Operation\" rel=\"nofollow\" href=\"https://securityscorecard.com/wp-content/uploads/2025/11/STRIKE_Asus_WrtHug-Report_V6.pdf\"\u003eASUS Routers Hijacked in Global 'WrtHug' Operation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Arkham on Bitcoin Chen Zhi seized funds\" rel=\"nofollow\" href=\"https://intel.arkm.com/explorer/tx/55de9e33c7fd10705d0f1e05f5899ae27c61a3f13dd3ff5156ce794b504094ae\"\u003eArkham on Bitcoin Chen Zhi seized funds\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US DOJ $15 Billion Bitcoin Indictment\" rel=\"nofollow\" href=\"https://www.justice.gov/usao-edny/pr/chairman-prince-group-indicted-operating-cambodian-forced-labor-scam-compounds-engaged\"\u003eUS DOJ $15 Billion Bitcoin Indictment\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PIVOTcon 2026\" rel=\"nofollow\" href=\"https://pivotcon.org/\"\u003ePIVOTcon 2026\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"RE//verse Conference\" rel=\"nofollow\" href=\"https://re-verse.io/\"\u003eRE//verse Conference\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Age of Disclosure (Prime Video)\" rel=\"nofollow\" href=\"https://www.amazon.com/Age-Disclosure-Dan-Farah/dp/B0FMF29BBJ\"\u003eThe Age of Disclosure (Prime Video)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Amazon.com: Bullshit Jobs\" rel=\"nofollow\" href=\"https://www.amazon.com/dp/B079YYRGSB/\"\u003eAmazon.com: Bullshit Jobs\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices).\r\n\r\nThree Buddy Problem - Episode 73: The buddies react to Google’s release of Gemini 3 and its early performance, new Chrome interface changes landing on users’ machines, and major highlights from CYBERWARCON. We revisit the long-running debate over APT naming conventions, examine Amazon’s latest threat-intel reporting on Iranian activity, and walk through the Cloudflare outage that briefly knocked chunks of the internet offline. \r\n\r\nPlus, new APT reports from ESET, Positive Technologies, and SecurityScorecard, and China's CN-CERT (now validated claim) that the U.S. government seized billions in Bitcoin tied to the Lubian mining-pool hack. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2025-11-21T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/31f838fc-0034-4c68-9a05-ee1c232837dc.mp3","mime_type":"audio/mpeg","size_in_bytes":115839478,"duration_in_seconds":8381}]},{"id":"421221b9-44be-468b-9621-d645805efd84","title":"Anthropic Claude Code automating APT hacks, KnownSec leak, Chinese buses with remote access","url":"https://securityconversations.fireside.fm/claude-code-china-apt-knownsec-breach-bitcoin-blame","content_text":"Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.\n\nThree Buddy Problem - Episode 72: We unpack Anthropic’s conflicting self-promotion around the “first AI-orchestrated cyberattack” using Claude Code and the future of automated APT attacks. \n\nPlus, Chinese cyber vendor KnownSec falls victim to data breach, fresh accusations that the U.S. stole billions in Bitcoin, Amazon warning about Cisco/Citrix zero-days, Google’s new Private AI Compute and Microsoft kernel zero-day marked as \"actively exploited.\"\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nMaterial Security case studies\nTLPBLACK\nAnthropic: Disrupting the first reported AI-orchestrated cyber espionage campaign\nAnthropic report on AI-orchestreated APT campaign ()DF)\nData breach at Chinese infosec firm reveals weapons arsenal\nTwitter thread on KnownSec breach details\nChina Accuses US of Orchestrating $13 Billion Bitcoin Hack\nCISA finds federal agencies missing critical (exploited) vulns\nAmazon discovers APT exploiting Cisco and Citrix zero-days\nAmazon launches private AI bug bounty program\nAmazon Nova\nMicrosoft Warns of Exploited Windows Kernel Zero-Day\nGoogle intros Private AI Compute tech\nGoogle paper on Private AI Computer (PDF)\nOpenAI CISO on NYTimes request for ChatGPT conversations\nUK transport and cyber-security chiefs investigate Chinese-made buses \nRuter pen-tests Chinese electric buses\nDistrictCon\nCYBERWARCON\nDefCamp 2025\n","content_html":"\u003cp\u003e\u003cem\u003ePresented by \u003ca href=\"https://material.security\" target=\"_blank\" rel=\"nofollow noopener\"\u003eMaterial Security\u003c/a\u003e: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.\u003c/em\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 72\u003c/strong\u003e: We unpack Anthropic’s conflicting self-promotion around the “first AI-orchestrated cyberattack” using Claude Code and the future of automated APT attacks. \u003c/p\u003e\n\n\u003cp\u003ePlus, Chinese cyber vendor KnownSec falls victim to data breach, fresh accusations that the U.S. stole billions in Bitcoin, Amazon warning about Cisco/Citrix zero-days, Google’s new Private AI Compute and Microsoft kernel zero-day marked as \"actively exploited.\"\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1NrlNDzKbVm8tGd7n_ojvGTCMI6btaXLHQt0oMy57bxA/edit?tab=t.0\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Material Security case studies\" rel=\"nofollow\" href=\"https://material.security/customers\"\u003eMaterial Security case studies\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLPBLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLPBLACK\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anthropic: Disrupting the first reported AI-orchestrated cyber espionage campaign\" rel=\"nofollow\" href=\"https://www.anthropic.com/news/disrupting-AI-espionage\"\u003eAnthropic: Disrupting the first reported AI-orchestrated cyber espionage campaign\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anthropic report on AI-orchestreated APT campaign ()DF)\" rel=\"nofollow\" href=\"https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf\"\u003eAnthropic report on AI-orchestreated APT campaign ()DF)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Data breach at Chinese infosec firm reveals weapons arsenal\" rel=\"nofollow\" href=\"https://www.theregister.com/2025/11/09/asia_tech_news_roundup/\"\u003eData breach at Chinese infosec firm reveals weapons arsenal\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Twitter thread on KnownSec breach details\" rel=\"nofollow\" href=\"https://x.com/intcyberdigest/status/1988355649269387488?s=46\u0026amp;t=ePKy91eN-ionB9LpDaBXcA\"\u003eTwitter thread on KnownSec breach details\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"China Accuses US of Orchestrating $13 Billion Bitcoin Hack\" rel=\"nofollow\" href=\"https://archive.ph/5Iyes\"\u003eChina Accuses US of Orchestrating $13 Billion Bitcoin Hack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA finds federal agencies missing critical (exploited) vulns\" rel=\"nofollow\" href=\"https://www.cisa.gov/ed-25-03-guidance-device-updates-and-patching\"\u003eCISA finds federal agencies missing critical (exploited) vulns\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Amazon discovers APT exploiting Cisco and Citrix zero-days\" rel=\"nofollow\" href=\"https://aws.amazon.com/blogs/security/amazon-discovers-apt-exploiting-cisco-and-citrix-zero-days/\"\u003eAmazon discovers APT exploiting Cisco and Citrix zero-days\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Amazon launches private AI bug bounty program\" rel=\"nofollow\" href=\"https://www.amazon.science/news/amazon-launches-private-ai-bug-bounty-to-strengthen-nova-models\"\u003eAmazon launches private AI bug bounty program\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Amazon Nova\" rel=\"nofollow\" href=\"https://nova.amazon.com/chat\"\u003eAmazon Nova\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Warns of Exploited Windows Kernel Zero-Day\" rel=\"nofollow\" href=\"https://decipher.sc/2025/11/11/microsoft-warns-of-exploited-windows-kernel-zero-day/\"\u003eMicrosoft Warns of Exploited Windows Kernel Zero-Day\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google intros Private AI Compute tech\" rel=\"nofollow\" href=\"https://blog.google/technology/ai/google-private-ai-compute/\"\u003eGoogle intros Private AI Compute tech\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google paper on Private AI Computer (PDF)\" rel=\"nofollow\" href=\"https://services.google.com/fh/files/misc/private_ai_compute_technical_brief.pdf\"\u003eGoogle paper on Private AI Computer (PDF)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OpenAI CISO on NYTimes request for ChatGPT conversations\" rel=\"nofollow\" href=\"https://openai.com/index/fighting-nyt-user-privacy-invasion/\"\u003eOpenAI CISO on NYTimes request for ChatGPT conversations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"UK transport and cyber-security chiefs investigate Chinese-made buses \" rel=\"nofollow\" href=\"https://www.theguardian.com/uk-news/2025/nov/10/uk-transport-cyber-security-chiefs-investigate-chinese-made-buses\"\u003eUK transport and cyber-security chiefs investigate Chinese-made buses \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ruter pen-tests Chinese electric buses\" rel=\"nofollow\" href=\"https://ruter.no/en/ruter-with-extensive-security-testing-of-electric-buses\"\u003eRuter pen-tests Chinese electric buses\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DistrictCon\" rel=\"nofollow\" href=\"https://www.districtcon.org/\"\u003eDistrictCon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CYBERWARCON\" rel=\"nofollow\" href=\"https://www.cyberwarcon.com/\"\u003eCYBERWARCON\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DefCamp 2025\" rel=\"nofollow\" href=\"https://def.camp/\"\u003eDefCamp 2025\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.\r\n\r\nThree Buddy Problem - Episode 72: We unpack Anthropic’s conflicting self-promotion around the “first AI-orchestrated cyberattack” using Claude Code and the future of automated APT attacks. \r\n\r\nPlus, Chinese cyber vendor KnownSec falls victim to data breach, fresh accusations that the U.S. stole billions in Bitcoin, Amazon warning about Cisco/Citrix zero-days, Google’s new Private AI Compute and Microsoft kernel zero-day marked as \"actively exploited.\"\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2025-11-14T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/421221b9-44be-468b-9621-d645805efd84.mp3","mime_type":"audio/mpeg","size_in_bytes":108418078,"duration_in_seconds":7958}]},{"id":"9d487a56-a0a1-4aeb-9568-dbb4b8ae98d4","title":"LIVE from Ring0 COUNTERMEASURE: Google v FFmpeg, Ransomware Turncoats, Samsung 0days ","url":"https://securityconversations.fireside.fm/google-ffmpeg-ransomware-landfall","content_text":"Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.\n\nThree Buddy Problem - Episode 71: The buddies travel to Canada for a live recording at the Countermeasure conference, discussing the Google v FFmpeg open-source patching brouhana, ransomware negotiators charged and linked to ransomware attacks, the looming TP-Link ban in the U.S., and the discovery of LANDFALL, an APT attack caught using a Samsung mobile zero-day.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Material Security \n — We protect your company’s most valuable materials — the emails, files, and accounts that live in your Google Workspace \u0026amp; Microsoft 365 cloud offices.\nTranscript (unedited, AI-generated)\nFFmpeg complains about Google BigSleep AI\nGoogle v FFmpeg brouhaha\nCurl's Daniel Stenberg on a new breed of AI analyzers\nunit42.paloaltonetworks.com\niOS 26.1 security updates\nU.S. agencies back banning TP-Link home routers on security grounds\nTLP BLACK\n","content_html":"\u003cp\u003e\u003cem\u003ePresented by \u003ca href=\"https://material.security\" target=\"_blank\" rel=\"nofollow noopener\"\u003eMaterial Security\u003c/a\u003e: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.\u003c/em\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 71\u003c/strong\u003e: The buddies travel to Canada for a live recording at the Countermeasure conference, discussing the Google v FFmpeg open-source patching brouhana, ransomware negotiators charged and linked to ransomware attacks, the looming TP-Link ban in the U.S., and the discovery of LANDFALL, an APT attack caught using a Samsung mobile zero-day.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Material Security \" rel=\"nofollow\" href=\"https://material.security/\"\u003eMaterial Security \n\u003c/a\u003e \u0026mdash; We protect your company’s most valuable materials — the emails, files, and accounts that live in your Google Workspace \u0026amp; Microsoft 365 cloud offices.\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1qXNE6Y3Z1tib1ERSeg_W58B8tYmR2iG1vvcMQNoJGWQ/edit?tab=t.0\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"FFmpeg complains about Google BigSleep AI\" rel=\"nofollow\" href=\"https://x.com/ffmpeg/status/1984178359354483058?s=46\u0026amp;t=ePKy91eN-ionB9LpDaBXcA\"\u003eFFmpeg complains about Google BigSleep AI\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google v FFmpeg brouhaha\" rel=\"nofollow\" href=\"https://x.com/seanhn/status/1984941644517417263?s=46\u0026amp;t=ePKy91eN-ionB9LpDaBXcA\"\u003eGoogle v FFmpeg brouhaha\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Curl\u0026#39;s Daniel Stenberg on a new breed of AI analyzers\" rel=\"nofollow\" href=\"https://daniel.haxx.se/blog/2025/10/10/a-new-breed-of-analyzers/\"\u003eCurl's Daniel Stenberg on a new breed of AI analyzers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"unit42.paloaltonetworks.com\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/\"\u003eunit42.paloaltonetworks.com\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\" iOS 26.1 security updates\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/125632\"\u003eiOS 26.1 security updates\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"U.S. agencies back banning TP-Link home routers on security grounds\" rel=\"nofollow\" href=\"https://archive.ph/Ldmde\"\u003eU.S. agencies back banning TP-Link home routers on security grounds\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TLP BLACK\" rel=\"nofollow\" href=\"https://tlpblack.net/\"\u003eTLP BLACK\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.\r\n\r\nThree Buddy Problem - Episode 71: The buddies travel to Canada for a live recording at the Countermeasure conference, discussing the Google v FFmpeg open-source patching brouhana, ransomware negotiators charged and linked to ransomware attacks, the looming TP-Link ban in the U.S., and the discovery of LANDFALL, an APT attack caught using a Samsung mobile zero-day.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade. ","date_published":"2025-11-10T11:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/9d487a56-a0a1-4aeb-9568-dbb4b8ae98d4.mp3","mime_type":"audio/mpeg","size_in_bytes":62516613,"duration_in_seconds":4199}]},{"id":"2a7863a7-7d3f-4891-b8d8-618b97a676dd","title":"OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs ","url":"https://securityconversations.fireside.fm/dave-aitel-openai-aardvark-bug-hunting","content_text":"Three Buddy Problem - Episode 70: Dave Aitel from OpenAI's technical staff joins the buddies to discuss the just-launched Aardvark, OpenAI’s agentic “security researcher” that claims to read code, finds bugs, validates exploits, and ships patches. We press him on where LLMs beat fuzzers, privacy boundaries, human-in-the-loop realities, SDLC budgets, pen-test cadence, and the zero-day economy.\n\nPlus, L3 Harris/Trenchant exec pleads guilty to selling exploits to Russian brokers, Kaspersky catches the return of HackingTeam using Chrome zero-day exploit chain, and news of a proposed law in Russia to force researchers to report vulnerabilities first to goverment agencies.\n\nCast: Dave Aitel (Technical Staff, OpenAI), Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nEpisode 70 Livestream - YouTube\nAardvark: OpenAI’s agentic security researcher\nTBP episode on OpenAI’s Aardvark \nHow I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation\nEx-US cyber intel exec pleads guilty to selling spy tools to Russian broker\nEx-L3Harris Cyber Boss Pleads Guilty to Selling Trade Secrets to Russian Firm\nKim Zetter: Former Trenchant Exec Sold Stolen Code to Russian Buyer Even After Learning that Other Code He Sold Was Being \"Utilized\" by Different Broker in South Korea\nHow we linked ForumTroll APT to Dante spyware by Memento Labs\nCEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware\nRussia's new vuln disclosure law proposal\nTBP Live in Ottawa\nBinding Hook Live\nState of Statecraft\nEkoparty Miami \n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 70\u003c/strong\u003e: Dave Aitel from OpenAI's technical staff joins the buddies to discuss the just-launched Aardvark, OpenAI’s agentic “security researcher” that claims to read code, finds bugs, validates exploits, and ships patches. We press him on where LLMs beat fuzzers, privacy boundaries, human-in-the-loop realities, SDLC budgets, pen-test cadence, and the zero-day economy.\u003c/p\u003e\n\n\u003cp\u003ePlus, L3 Harris/Trenchant exec pleads guilty to selling exploits to Russian brokers, Kaspersky catches the return of HackingTeam using Chrome zero-day exploit chain, and news of a proposed law in Russia to force researchers to report vulnerabilities first to goverment agencies.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://www.linkedin.com/in/daveaitel/\" target=\"_blank\" rel=\"nofollow noopener\"\u003eDave Aitel\u003c/a\u003e (Technical Staff, OpenAI), \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1Pz8JWiwA-ZrLMHG8di264ioCO9CVtl3ac_-N9fUDrls/edit?tab=t.0\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Episode 70 Livestream - YouTube\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=7IkmOXujJTY\"\u003eEpisode 70 Livestream - YouTube\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Aardvark: OpenAI’s agentic security researcher\" rel=\"nofollow\" href=\"https://openai.com/index/introducing-aardvark/\"\u003eAardvark: OpenAI’s agentic security researcher\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TBP episode on OpenAI’s Aardvark \" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=1hBRiU1PIIY\"\u003eTBP episode on OpenAI’s Aardvark \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation\" rel=\"nofollow\" href=\"https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/\"\u003eHow I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ex-US cyber intel exec pleads guilty to selling spy tools to Russian broker\" rel=\"nofollow\" href=\"https://www.reuters.com/legal/government/ex-us-cyber-intel-exec-pleads-guilty-selling-spy-tools-russian-broker-2025-10-29/\"\u003eEx-US cyber intel exec pleads guilty to selling spy tools to Russian broker\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ex-L3Harris Cyber Boss Pleads Guilty to Selling Trade Secrets to Russian Firm\" rel=\"nofollow\" href=\"https://archive.ph/xuVuY\"\u003eEx-L3Harris Cyber Boss Pleads Guilty to Selling Trade Secrets to Russian Firm\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kim Zetter: Former Trenchant Exec Sold Stolen Code to Russian Buyer Even After Learning that Other Code He Sold Was Being \u0026quot;Utilized\u0026quot; by Different Broker in South Korea\" rel=\"nofollow\" href=\"https://www.zetter-zeroday.com/former-trenchant-exec-sold-stolen-code-to-russian-buyer-even-after-learning-that-other-code-he-sold-was-being-utilized-by-different-broker-in-south-korea/\"\u003eKim Zetter: Former Trenchant Exec Sold Stolen Code to Russian Buyer Even After Learning that Other Code He Sold Was Being \"Utilized\" by Different Broker in South Korea\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How we linked ForumTroll APT to Dante spyware by Memento Labs\" rel=\"nofollow\" href=\"https://securelist.com/forumtroll-apt-hacking-team-dante-spyware/117851/\"\u003eHow we linked ForumTroll APT to Dante spyware by Memento Labs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware\" rel=\"nofollow\" href=\"https://techcrunch.com/2025/10/28/ceo-of-spyware-maker-memento-labs-confirms-one-of-its-government-customers-was-caught-using-its-malware/\"\u003eCEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russia\u0026#39;s new vuln disclosure law proposal\" rel=\"nofollow\" href=\"https://www.rbc.ru/technology_and_media/23/10/2025/68f8d6c09a79473a09f38e93\"\u003eRussia's new vuln disclosure law proposal\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TBP Live in Ottawa\" rel=\"nofollow\" href=\"https://ringzer0.training/countermeasure25/\"\u003eTBP Live in Ottawa\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Binding Hook Live\" rel=\"nofollow\" href=\"https://bindinghooklive.com/about/\"\u003eBinding Hook Live\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"State of Statecraft\" rel=\"nofollow\" href=\"https://www.stateofstatecraft.com/\"\u003eState of Statecraft\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ekoparty Miami \" rel=\"nofollow\" href=\"https://ekoparty.org/miami/\"\u003eEkoparty Miami \n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 70: Dave Aitel from OpenAI's technical staff joins the buddies to discuss the just-launched Aardvark, OpenAI’s agentic “security researcher” that claims to read code, finds bugs, validates exploits, and ships patches. We press him on where LLMs beat fuzzers, privacy boundaries, human-in-the-loop realities, SDLC budgets, pen-test cadence, and the zero-day economy.\r\n\r\nPlus, L3 Harris/Trenchant exec pleads guilty to selling exploits to Russian brokers, Kaspersky catches the return of HackingTeam using Chrome zero-day exploit chain, and news of a proposed law in Russia to force researchers to report vulnerabilities first to goverment agencies.\r\n\r\nCast: Dave Aitel (Technical Staff, OpenAI), Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-10-31T11:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/2a7863a7-7d3f-4891-b8d8-618b97a676dd.mp3","mime_type":"audio/mpeg","size_in_bytes":106001179,"duration_in_seconds":7848}]},{"id":"4b406c2c-80d5-4def-b5ec-acf81eed0801","title":"Apple’s iOS forensics freeze, WhatsApp zero-click, China outs NSA","url":"https://securityconversations.fireside.fm/ios26-shutdown-whatsapp-zero-click-china-nsa","content_text":"Three Buddy Problem - Episode 69: We dig into news that Apple's iOS 26 has quietly killed the shutdown.log forensic artifact used to spot signs of infections and what it means for threat hunters. Plus, whispers of a million-dollar WhatsApp zero-click exploit that never materialized at Pwn2Own, a surreal court case linking a Trenchant exploit developer to Russian buyers, and Chinese threat intel reports pointing fingers at the NSA.\n\nWe also discuss calls for the US government to build a structured, lawful ecosystem for private-sector offensive operations to address existing chaos and market gaps. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nKey IOCs for iPhone Spyware Cleaned With iOS 26 Update\nExploitation of WSUS Remote Code Execution Vulnerability (CVE-2025-59287) \nHamid Kashfi on CVE-2025-59287\nPwn2Own Ireland results\nHacking Lab Boss Charged with Seeking to Sell Secrets in Russia\nCourt doc (Peter Williams case)\nCyber Insurer Sues Policyholder’s Cyber Pros\nNSA Accused of Stealing Secrets from China's National Time Centre\nChina's CN-CERT on alleged NSA espionage operation\nDanderSpritz documentation\nBuilding the US market for offensive cyber\nNetherlands Limits Intelligence-Sharing With US Amid Politicization, Russia Fears\nAgenda - Binding Hook Live\nAgenda - State of Statecraft\nTBP Live at Countermeasures (Ottawa)\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 69\u003c/strong\u003e: We dig into news that Apple's iOS 26 has quietly killed the shutdown.log forensic artifact used to spot signs of infections and what it means for threat hunters. Plus, whispers of a million-dollar WhatsApp zero-click exploit that never materialized at Pwn2Own, a surreal court case linking a Trenchant exploit developer to Russian buyers, and Chinese threat intel reports pointing fingers at the NSA.\u003c/p\u003e\n\n\u003cp\u003eWe also discuss calls for the US government to build a structured, lawful ecosystem for private-sector offensive operations to address existing chaos and market gaps. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1NVbbtz7e6xGLA4Er15yKN3M76nT9u9Yx2AkASmxZzUg/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Key IOCs for iPhone Spyware Cleaned With iOS 26 Update\" rel=\"nofollow\" href=\"https://iverify.io/blog/key-iocs-for-pegasus-and-predator-spyware-cleaned-with-ios-26-update\"\u003eKey IOCs for iPhone Spyware Cleaned With iOS 26 Update\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Exploitation of WSUS Remote Code Execution Vulnerability (CVE-2025-59287) \" rel=\"nofollow\" href=\"https://www.huntress.com/blog/exploitation-of-windows-server-update-services-remote-code-execution-vulnerability\"\u003eExploitation of WSUS Remote Code Execution Vulnerability (CVE-2025-59287) \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Hamid Kashfi on CVE-2025-59287\" rel=\"nofollow\" href=\"https://x.com/hkashfi/status/1980197996441510375\"\u003eHamid Kashfi on CVE-2025-59287\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Pwn2Own Ireland results\" rel=\"nofollow\" href=\"https://www.zerodayinitiative.com/blog/2025/10/23/pwn2own-ireland-2025-day-three-and-master-of-pwn\"\u003ePwn2Own Ireland results\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Hacking Lab Boss Charged with Seeking to Sell Secrets in Russia\" rel=\"nofollow\" href=\"https://archive.ph/YlVlm\"\u003eHacking Lab Boss Charged with Seeking to Sell Secrets in Russia\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Court doc (Peter Williams case)\" rel=\"nofollow\" href=\"https://storage.courtlistener.com/recap/gov.uscourts.dcd.285897/gov.uscourts.dcd.285897.1.0.pdf\"\u003eCourt doc (Peter Williams case)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cyber Insurer Sues Policyholder’s Cyber Pros\" rel=\"nofollow\" href=\"https://www.hunton.com/privacy-and-information-security-law/cyber-insurer-sues-policyholders-cyber-pros#page=1\"\u003eCyber Insurer Sues Policyholder’s Cyber Pros\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NSA Accused of Stealing Secrets from China\u0026#39;s National Time Centre\" rel=\"nofollow\" href=\"https://moderndiplomacy.eu/2025/10/19/nsa-accused-of-stealing-secrets-from-chinas-national-time-centre/\"\u003eNSA Accused of Stealing Secrets from China's National Time Centre\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"China\u0026#39;s CN-CERT on alleged NSA espionage operation\" rel=\"nofollow\" href=\"https://mp.weixin.qq.com/s/XPjT0BVOJPJxSmASW0tXTA\"\u003eChina's CN-CERT on alleged NSA espionage operation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DanderSpritz documentation\" rel=\"nofollow\" href=\"https://danderspritz.com/\"\u003eDanderSpritz documentation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Building the US market for offensive cyber\" rel=\"nofollow\" href=\"https://sergeybratus.gitlab.io/papers/DartmouthCyberRoundtable2025.pdf\"\u003eBuilding the US market for offensive cyber\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Netherlands Limits Intelligence-Sharing With US Amid Politicization, Russia Fears\" rel=\"nofollow\" href=\"https://www.kyivpost.com/post/62663\"\u003eNetherlands Limits Intelligence-Sharing With US Amid Politicization, Russia Fears\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Agenda - Binding Hook Live\" rel=\"nofollow\" href=\"https://bindinghooklive.com/agenda/\"\u003eAgenda - Binding Hook Live\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Agenda - State of Statecraft\" rel=\"nofollow\" href=\"https://www.stateofstatecraft.com/agenda\"\u003eAgenda - State of Statecraft\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TBP Live at Countermeasures (Ottawa)\" rel=\"nofollow\" href=\"https://ringzer0.training/countermeasure25-three-buddy-problem-live/\"\u003eTBP Live at Countermeasures (Ottawa)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 69: We dig into news that Apple's iOS 26 has quietly killed the shutdown.log forensic artifact used to spot signs of infections and what it means for threat hunters. Plus, whispers of a million-dollar WhatsApp zero-click exploit that never materialized at Pwn2Own, a surreal court case linking a Trenchant exploit developer to Russian buyers, and Chinese threat intel reports pointing fingers at the NSA.\r\n\r\nWe also discuss calls for the US government to build a structured, lawful ecosystem for private-sector offensive operations to address existing chaos and market gaps. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-10-24T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/4b406c2c-80d5-4def-b5ec-acf81eed0801.mp3","mime_type":"audio/mpeg","size_in_bytes":105748725,"duration_in_seconds":7883}]},{"id":"67946d1b-d1a0-42f1-92b3-63c256a8288e","title":"JAGS LABScon 2025 keynote: Steps to an ecology of cyber","url":"https://securityconversations.fireside.fm/jags-labscon25-keynote-steps-ecology-cyber","content_text":"Three Buddy Problem (Episode 68): The buddies are trapped in timezone hell with cross-country travel this week.\n\nIn this special episode, we present Juan Andres Guerrero-Saade's LABScon 2025 keynote-day presentation on the state of cybersecurity and why this phase of our collective project has failed, and how to build something smarter, more sustainable, and deeply interconnected in its place.\n\nJuanito traces the field’s evolution from chaos to consolidation, weaving in cybernetics, standardization, and the dawning coexistence of human and artificial evaluative power. The result is part philosophical sermon, part rallying cry, an invitation to reject the industry’s slave morality, rethink our tools, and steer the next era of defense with intention.Links:Transcript (unedited, AI-generated)\nJAGS keynote: The intricacies of wartime cyber threat intelligence - Security Conversations\nLABScon - Security Research in Real Time\nJAGS on LinkedIn\nJAGS on Twitter\nThe Consolation of Threat Intel (JAGS LABScon 2024 keynote)\n","content_html":"\u003cp\u003eThree Buddy Problem (Episode 68): The buddies are trapped in timezone hell with cross-country travel this week.\u003c/p\u003e\n\n\u003cp\u003eIn this special episode, we present Juan Andres Guerrero-Saade's LABScon 2025 keynote-day presentation on the state of cybersecurity and why this phase of our collective project has failed, and how to build something smarter, more sustainable, and deeply interconnected in its place.\u003c/p\u003e\n\n\u003cp\u003eJuanito traces the field’s evolution from chaos to consolidation, weaving in cybernetics, standardization, and the dawning coexistence of human and artificial evaluative power. The result is part philosophical sermon, part rallying cry, an invitation to reject the industry’s slave morality, rethink our tools, and steer the next era of defense with intention.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/16WgWulN_0ICWJZVBVCNIb7pQkNYETAfNxGC5smAYgfA/edit?tab=t.0#heading=h.suqk765u8dr\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"JAGS keynote: The intricacies of wartime cyber threat intelligence - Security Conversations\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/jags-keynote-the-intricacies-of-wartime-cyber-threat-intelligence/\"\u003eJAGS keynote: The intricacies of wartime cyber threat intelligence - Security Conversations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon - Security Research in Real Time\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon - Security Research in Real Time\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"JAGS on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/jags-is-fine/\"\u003eJAGS on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"JAGS on Twitter\" rel=\"nofollow\" href=\"https://x.com/juanandres_gs\"\u003eJAGS on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Consolation of Threat Intel (JAGS LABScon 2024 keynote)\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/ep13-the-consolation-of-threat-intel-jag-s-labscon-keynote/\"\u003eThe Consolation of Threat Intel (JAGS LABScon 2024 keynote)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem (Episode 68): The buddies are trapped in timezone hell with cross-country travel this week. \r\n\r\nIn this special episode, we present Juan Andres Guerrero-Saade's LABScon 2025 keynote-day presentation on the state of cybersecurity and why this phase of our collective project has failed, and how to build something smarter, more sustainable, and deeply interconnected in its place.\r\n\r\nJuanito traces the field’s evolution from chaos to consolidation, weaving in cybernetics, standardization, and the dawning coexistence of human and artificial evaluative power. The result is part philosophical sermon, part rallying cry, an invitation to reject the industry’s slave morality, rethink our tools, and steer the next era of defense with intention.\r\n","date_published":"2025-10-18T06:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/67946d1b-d1a0-42f1-92b3-63c256a8288e.mp3","mime_type":"audio/mpeg","size_in_bytes":14882499,"duration_in_seconds":1860}]},{"id":"69c83695-1bbc-4044-bf24-2168d12ad7d6","title":"Apple Exploit-Chain Bounties, Wireless Proximity Exploits and Tactical Suitcases","url":"https://securityconversations.fireside.fm/apple-spyware-bounty-oracle-ivanti-virus-total","content_text":"Three Buddy Problem - Episode 67: We discuss the rise of automated red-teaming, Apple’s $2 million exploit chain bounties aimed at outbidding spyware brokers and the iPhone maker's focus on wireless proximity attacks and “tactical suitcase” Wi-Fi exploits. We also hit the news of Paragon spyware targeting European executives and the bizarre story of NSO Group’s supposed US investor buyout.\n\nPlus, an update on Oracle’s zero-day ransomware fiasco, Ivanti’s endless patch delays, the ethics of journalists enabling ransomware operations on leak sites, Europe’s latest failed push for Chat Control, and VirusTotal’s new pricing tiers.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nApple's new exploit-chain bounties\nApple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits\nParagon Strikes Again: UniCredit CEO Among the Targets\nNSO to be acquired by U.S. investors\nOracle confirms exploited 0day - CVE-2025-61882\nOracle Security Officer comms\nOracle E-Business Suite CVE-2025-61882 Exploited in Extortion Attacks\nZDI documents Ivanti 0days waiting for patches\nOne-man spam campaign ravages EU ‘chat control’ bill\nVirusTotal new pricing tiers\nTavis Ormandy Kaspersky 0day find\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 67\u003c/strong\u003e: We discuss the rise of automated red-teaming, Apple’s $2 million exploit chain bounties aimed at outbidding spyware brokers and the iPhone maker's focus on wireless proximity attacks and “tactical suitcase” Wi-Fi exploits. We also hit the news of Paragon spyware targeting European executives and the bizarre story of NSO Group’s supposed US investor buyout.\u003c/p\u003e\n\n\u003cp\u003ePlus, an update on Oracle’s zero-day ransomware fiasco, Ivanti’s endless patch delays, the ethics of journalists enabling ransomware operations on leak sites, Europe’s latest failed push for Chat Control, and VirusTotal’s new pricing tiers.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/13DMqnlQr7mbLPWGQrVk6BT1xo2R23npj1txnkQl-ctI/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple\u0026#39;s new exploit-chain bounties\" rel=\"nofollow\" href=\"https://security.apple.com/blog/apple-security-bounty-evolved/\"\u003eApple's new exploit-chain bounties\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits\" rel=\"nofollow\" href=\"https://archive.ph/4UioF\"\u003eApple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Paragon Strikes Again: UniCredit CEO Among the Targets\" rel=\"nofollow\" href=\"https://irpimedia.irpi.eu/paragon-colpisce-ancora-anche-lad-di-unicredit-tra-i-bersagli/\"\u003eParagon Strikes Again: UniCredit CEO Among the Targets\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NSO to be acquired by U.S. investors\" rel=\"nofollow\" href=\"https://www.calcalistech.com/ctechnews/article/s1jgvmitgx\"\u003eNSO to be acquired by U.S. investors\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Oracle confirms exploited 0day - CVE-2025-61882\" rel=\"nofollow\" href=\"https://www.oracle.com/security-alerts/alert-cve-2025-61882.html\"\u003eOracle confirms exploited 0day - CVE-2025-61882\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Oracle Security Officer comms\" rel=\"nofollow\" href=\"https://blogs.oracle.com/security/post/apply-july-2025-cpu\"\u003eOracle Security Officer comms\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Oracle E-Business Suite CVE-2025-61882 Exploited in Extortion Attacks\" rel=\"nofollow\" href=\"https://www.vulncheck.com/blog/oracle-e-business-suite-cve-2025-61882-exploited-in-extortion-attacks\"\u003eOracle E-Business Suite CVE-2025-61882 Exploited in Extortion Attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ZDI documents Ivanti 0days waiting for patches\" rel=\"nofollow\" href=\"https://www.zerodayinitiative.com/advisories/published/\"\u003eZDI documents Ivanti 0days waiting for patches\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"One-man spam campaign ravages EU ‘chat control’ bill\" rel=\"nofollow\" href=\"https://www.politico.eu/article/one-man-spam-campaign-ravages-eu-chat-control-bill-fight-chat-control/\"\u003eOne-man spam campaign ravages EU ‘chat control’ bill\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"VirusTotal new pricing tiers\" rel=\"nofollow\" href=\"https://blog.virustotal.com/2025/10/simpler-access-for-stronger-virustotal.html\"\u003eVirusTotal new pricing tiers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Tavis Ormandy Kaspersky 0day find\" rel=\"nofollow\" href=\"https://x.com/taviso/status/639992212164513792\"\u003eTavis Ormandy Kaspersky 0day find\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 67: We discuss the rise of automated red-teaming, Apple’s $2 million exploit chain bounties aimed at outbidding spyware brokers and the iPhone maker's focus on wireless proximity attacks and “tactical suitcase” Wi-Fi exploits. We also hit the news of Paragon spyware targeting European executives and the bizarre story of NSO Group’s supposed US investor buyout.\r\n\r\nPlus, an update on Oracle’s zero-day ransomware fiasco, Ivanti’s endless patch delays, the ethics of journalists enabling ransomware operations on leak sites, Europe’s latest failed push for Chat Control, and VirusTotal’s new pricing tiers.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-10-11T11:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/69c83695-1bbc-4044-bf24-2168d12ad7d6.mp3","mime_type":"audio/mpeg","size_in_bytes":112087103,"duration_in_seconds":8582}]},{"id":"e7c2f699-e4d3-4236-a521-1c1934f52674","title":"Chris Eng on lessons learned from the NSA, @Stake, Veracode, and 20 years in cybersecurity","url":"https://securityconversations.fireside.fm/chris-eng-software-security-code-quality","content_text":"This week on Security Conversations, Ryan sits down with Chris Eng, former Chief Research Officer at Veracode, to talk about life after nearly two decades at one company and the lessons learned along the way. They dig into a career start at the NSA, the early days of @Stake and the Symantec acquisition, and the birth and ambitions of Veracode. \n\nPlus, thoughts on how helping startups shape product strategy, what it takes to translate technical expertise into business impact, and how security culture has evolved since the early “hacker-to-enterprise” days. The conversation touches on defining your career beyond titles, how the perception of “cybersecurity” has changed over the years, and why the industry still has plenty of room for curiosity, reinvention, and good storytelling.Links:Chris Eng on LinkedIn\nChris Eng on Twitter\nMonoculture Considered Harmful\nFired @stake CTO Says Microsoft Critique Was ‘Business as Usual’\nMicrosoft Takes LSD to Test Vista Security \nCode Red (computer worm) \n","content_html":"\u003cp\u003eThis week on \u003cem\u003eSecurity Conversations\u003c/em\u003e, Ryan sits down with Chris Eng, former Chief Research Officer at Veracode, to talk about life after nearly two decades at one company and the lessons learned along the way. They dig into a career start at the NSA, the early days of @Stake and the Symantec acquisition, and the birth and ambitions of Veracode. \u003c/p\u003e\n\n\u003cp\u003ePlus, thoughts on how helping startups shape product strategy, what it takes to translate technical expertise into business impact, and how security culture has evolved since the early “hacker-to-enterprise” days. The conversation touches on defining your career beyond titles, how the perception of “cybersecurity” has changed over the years, and why the industry still has plenty of room for curiosity, reinvention, and good storytelling.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Chris Eng on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/realchriseng/\"\u003eChris Eng on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chris Eng on Twitter\" rel=\"nofollow\" href=\"https://x.com/chriseng?lang=en\"\u003eChris Eng on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Monoculture Considered Harmful\" rel=\"nofollow\" href=\"https://www.foo.be/docs/diversity/geer.pdf\"\u003eMonoculture Considered Harmful\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fired @stake CTO Says Microsoft Critique Was ‘Business as Usual’\" rel=\"nofollow\" href=\"https://www.computerworld.com/article/1726646/fired-stake-cto-says-microsoft-critique-was-business-as-usual.html\"\u003eFired @stake CTO Says Microsoft Critique Was ‘Business as Usual’\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Takes LSD to Test Vista Security \" rel=\"nofollow\" href=\"https://www.cioinsight.com/news-trends/microsoft-takes-lsd-to-test-vista-security/\"\u003eMicrosoft Takes LSD to Test Vista Security \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Code Red (computer worm) \" rel=\"nofollow\" href=\"https://en.wikipedia.org/wiki/Code_Red_(computer_worm)\"\u003eCode Red (computer worm) \n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"This week on Security Conversations, Ryan sits down with Chris Eng, former Chief Research Officer at Veracode, to talk about life after nearly two decades at one company and the lessons learned along the way. They dig into a career start at the NSA, the early days of @Stake and the Symantec acquisition, and the birth and ambitions of Veracode. \r\n\r\nPlus, thoughts on how helping startups shape product strategy, what it takes to translate technical expertise into business impact, and how security culture has evolved since the early “hacker-to-enterprise” days. The conversation touches on defining your career beyond titles, how the perception of “cybersecurity” has changed over the years, and why the industry still has plenty of room for curiosity, reinvention, and good storytelling.","date_published":"2025-10-07T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/e7c2f699-e4d3-4236-a521-1c1934f52674.mp3","mime_type":"audio/mpeg","size_in_bytes":29886415,"duration_in_seconds":2694}]},{"id":"218ae2a2-77f7-4d79-b2f7-4e8eeec2a852","title":"Oracle cl0p ransomware crisis, EU drone sightings, Cisco bootkit fallout","url":"https://securityconversations.fireside.fm/oracle-ransomware-extortion-drones-cisco-bootkit","content_text":"Three Buddy Problem - Episode 66: We discuss drone sightings that shut down airports across Europe and what they reveal about hybrid warfare and the changing nature of conflict; Oracle ransomware/extortion campaign tied to unpatched E-Business Suite vulnerabilities and the company’s muted response. \n\nPlus, the TikTok–Oracle deal and the strange role Oracle now plays in U.S. national security; OpenAI’s Sora 2 launch and its implications for social media and human expression; Palo Alto’s “Phantom Taurus” APT report, a follow-up on Cisco’s ArcaneDoor disclosures, and the impact of the U.S. government shutdown on CISA.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nDrone sightings prompt call for German police to gain shoot-down powers \nUK arrest following aerospace cyber incident\nOracle Probes Hacks of Customers’ E-Business Suite After Extortion Campaign\nOracle Critical Patch Update Advisory - July 2025\nHere is the email Clop attackers sent to Oracle customers\nOracle statement from Chief Security Officer\nTikTok’s Algorithm to Be Secured by Oracle in Trump-Backed Deal\nPhantom Taurus: A New Chinese Nexus APT\nChina Hackers Breached Foreign Ministers’ Emails\nCisco Statement on Attacks Against Cisco Firewalls\nGreyNoise: 25,000 IPs Scanned Cisco ASA Devices in Early Sept\nKeyDrop.io\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 66\u003c/strong\u003e: We discuss drone sightings that shut down airports across Europe and what they reveal about hybrid warfare and the changing nature of conflict; Oracle ransomware/extortion campaign tied to unpatched E-Business Suite vulnerabilities and the company’s muted response. \u003c/p\u003e\n\n\u003cp\u003ePlus, the TikTok–Oracle deal and the strange role Oracle now plays in U.S. national security; OpenAI’s Sora 2 launch and its implications for social media and human expression; Palo Alto’s “Phantom Taurus” APT report, a follow-up on Cisco’s ArcaneDoor disclosures, and the impact of the U.S. government shutdown on CISA.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1NKMz33dMs9mwRUiIVi7c0EDDTavZ8ImIAWiFS-3yq-Y/edit?tab=t.0#heading=h.c4jonnkp64kg\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Drone sightings prompt call for German police to gain shoot-down powers \" rel=\"nofollow\" href=\"https://www.reuters.com/world/europe/drone-sightings-disrupt-munich-airport-halt-flights-impact-thousands-2025-10-03/\"\u003eDrone sightings prompt call for German police to gain shoot-down powers \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"UK arrest following aerospace cyber incident\" rel=\"nofollow\" href=\"https://www.nationalcrimeagency.gov.uk/news/uk-arrest-following-aerospace-cyber-incident\"\u003eUK arrest following aerospace cyber incident\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Oracle Probes Hacks of Customers’ E-Business Suite After Extortion Campaign\" rel=\"nofollow\" href=\"https://www.bloomberg.com/news/articles/2025-10-02/oracle-investigating-hacks-of-its-customers-e-business-suite?accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb3VyY2UiOiJTdWJzY3JpYmVyR2lmdGVkQXJ0aWNsZSIsImlhdCI6MTc1OTQzOTAzOCwiZXhwIjoxNzYwMDQzODM4LCJhcnRpY2xlSWQiOiJUM0lSMzhHT1lNVEgwMCIsImJjb25uZWN0SWQiOiI0OEFDOEE5MkEwNTM0MkQ4OEIyRjkwQjhDMTgzMTdDMyJ9.QuSgdjT8F9224F4JvefS8gPfyOactHpsJ5b6DDpWozA\u0026amp;leadSource=uverify%20wall\"\u003eOracle Probes Hacks of Customers’ E-Business Suite After Extortion Campaign\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Oracle Critical Patch Update Advisory - July 2025\" rel=\"nofollow\" href=\"https://www.oracle.com/security-alerts/cpujul2025.html#AppendixEBS\"\u003eOracle Critical Patch Update Advisory - July 2025\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Here is the email Clop attackers sent to Oracle customers\" rel=\"nofollow\" href=\"https://cyberscoop.com/extortion-email-clop-oracle-customers/\"\u003eHere is the email Clop attackers sent to Oracle customers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Oracle statement from Chief Security Officer\" rel=\"nofollow\" href=\"https://blogs.oracle.com/security/post/apply-july-2025-cpu\"\u003eOracle statement from Chief Security Officer\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TikTok’s Algorithm to Be Secured by Oracle in Trump-Backed Deal\" rel=\"nofollow\" href=\"https://archive.ph/ybbmk\"\u003eTikTok’s Algorithm to Be Secured by Oracle in Trump-Backed Deal\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Phantom Taurus: A New Chinese Nexus APT\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/phantom-taurus/\"\u003ePhantom Taurus: A New Chinese Nexus APT\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"China Hackers Breached Foreign Ministers’ Emails\" rel=\"nofollow\" href=\"https://archive.ph/Vpot0\"\u003eChina Hackers Breached Foreign Ministers’ Emails\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cisco Statement on Attacks Against Cisco Firewalls\" rel=\"nofollow\" href=\"https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks\"\u003eCisco Statement on Attacks Against Cisco Firewalls\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"GreyNoise: 25,000 IPs Scanned Cisco ASA Devices in Early Sept\" rel=\"nofollow\" href=\"https://www.greynoise.io/blog/scanning-surge-cisco-asa-devices\"\u003eGreyNoise: 25,000 IPs Scanned Cisco ASA Devices in Early Sept\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"KeyDrop.io\" rel=\"nofollow\" href=\"https://keydrop.io/\"\u003eKeyDrop.io\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 66: We discuss drone sightings that shut down airports across Europe and what they reveal about hybrid warfare and the changing nature of conflict; Oracle ransomware/extortion campaign tied to unpatched E-Business Suite vulnerabilities and the company’s muted response. \r\n\r\nPlus, the TikTok–Oracle deal and the strange role Oracle now plays in U.S. national security; OpenAI’s Sora 2 launch and its implications for social media and human expression; Palo Alto’s “Phantom Taurus” APT report, a follow-up on Cisco’s ArcaneDoor disclosures, and the impact of the U.S. government shutdown on CISA.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-10-03T11:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/218ae2a2-77f7-4d79-b2f7-4e8eeec2a852.mp3","mime_type":"audio/mpeg","size_in_bytes":105237292,"duration_in_seconds":7408}]},{"id":"25f09048-d490-4caa-800d-d4548e74ad12","title":"Cisco firewall zero-days and bootkits in the wild","url":"https://securityconversations.fireside.fm/cisco-bootkit-brickstorm-china-sophisticated-attacks","content_text":"Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco’s 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide.\n\nPlus, Cisco’s controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China’s long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nAnother BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors\nMandiant Brickstorm Scanner\nCisco advisory: Continued Attacks Against Cisco Firewalls\nNCSC report on Cisco ASA bootkit in the wild\nU.S. government scrambles to stop new hacking campaign blamed on China\nUS Secret Service Statement on SIM Farm Discovery\nNYTimes: Cache of Devices Capable of Crashing Cell Network Is Found Near U.N.\nAirport chaos: Ransomware hits airport check-in systems\nNCSC statement: Incident impacting Collins Aerospace\nGamaredon X Turla collab\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 65\u003c/strong\u003e: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco’s 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide.\u003c/p\u003e\n\n\u003cp\u003ePlus, Cisco’s controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China’s long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1cShztjZIHPCcCo5W0VY881-RSs37pXY_usC93b32R-E/edit?tab=t.0#heading=h.jbbo41oysex\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign\"\u003eAnother BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mandiant Brickstorm Scanner\" rel=\"nofollow\" href=\"https://github.com/mandiant/brickstorm-scanner\"\u003eMandiant Brickstorm Scanner\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cisco advisory: Continued Attacks Against Cisco Firewalls\" rel=\"nofollow\" href=\"https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks\"\u003eCisco advisory: Continued Attacks Against Cisco Firewalls\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NCSC report on Cisco ASA bootkit in the wild\" rel=\"nofollow\" href=\"https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/RayInitiator-LINE-VIPER/ncsc-mar-rayinitiator-line-viper.pdf\"\u003eNCSC report on Cisco ASA bootkit in the wild\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"U.S. government scrambles to stop new hacking campaign blamed on China\" rel=\"nofollow\" href=\"https://archive.ph/95lK1\"\u003eU.S. government scrambles to stop new hacking campaign blamed on China\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US Secret Service Statement on SIM Farm Discovery\" rel=\"nofollow\" href=\"https://www.secretservice.gov/newsroom/releases/2025/09/us-secret-service-dismantles-imminent-telecommunications-threat-new-york\"\u003eUS Secret Service Statement on SIM Farm Discovery\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NYTimes: Cache of Devices Capable of Crashing Cell Network Is Found Near U.N.\" rel=\"nofollow\" href=\"https://archive.ph/FpmSy\"\u003eNYTimes: Cache of Devices Capable of Crashing Cell Network Is Found Near U.N.\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Airport chaos: Ransomware hits airport check-in systems\" rel=\"nofollow\" href=\"https://www.airport-technology.com/analyst-comment/chaos-in-the-air-ransomware-cripples-airport-check-in-systems/\"\u003eAirport chaos: Ransomware hits airport check-in systems\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NCSC statement: Incident impacting Collins Aerospace\" rel=\"nofollow\" href=\"https://www.ncsc.gov.uk/news/collins-aerospace-incident\"\u003eNCSC statement: Incident impacting Collins Aerospace\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Gamaredon X Turla collab\" rel=\"nofollow\" href=\"https://www.welivesecurity.com/en/eset-research/gamaredon-x-turla-collab/\"\u003eGamaredon X Turla collab\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco’s 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide.\r\n\r\nPlus, Cisco’s controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China’s long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-09-27T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/25f09048-d490-4caa-800d-d4548e74ad12.mp3","mime_type":"audio/mpeg","size_in_bytes":96122969,"duration_in_seconds":6889}]},{"id":"f1783ca4-97ce-4db0-b3aa-144e6aba3db1","title":"Live at LABScon: Aurora Johnson and Trevor Hilligoss on China's 'internet toilets'","url":"https://securityconversations.fireside.fm/aurora-johnson-trevor-hilligoss-china-internet-toilets","content_text":"Three Buddy Problem - Episode 64: SpyCloud Labs researchers Aurora Johnson and Trevor Hilligoss discuss the world of “internet toilets,\" the toxic online communities in China where harassment, stalking, and sextortion thrive. We explore how these groups operate, from doxing ex-lovers and enemies to running coordinated campaigns of cyberbullying that often spill into real-world harm. (Recorded at LABScon 2025).\n\nCast: Aurora Johnson, Trevor Hilligoss, Ryan Naraine and Juan Andres Guerrero-Saade.Links:Plunging China's internet toilets (LABScon)\nSpyCloud Labs\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 64:\u003c/strong\u003e SpyCloud Labs researchers Aurora Johnson and Trevor Hilligoss discuss the world of “internet toilets,\" the toxic online communities in China where harassment, stalking, and sextortion thrive. We explore how these groups operate, from doxing ex-lovers and enemies to running coordinated campaigns of cyberbullying that often spill into real-world harm. (Recorded at LABScon 2025).\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://www.labscon.io/speakers/aurora-johnson\" target=\"_blank\" rel=\"nofollow noopener\"\u003eAurora Johnson\u003c/a\u003e, \u003ca href=\"https://www.labscon.io/speakers/trevor-hilligoss/\" target=\"_blank\" rel=\"nofollow noopener\"\u003eTrevor Hilligoss\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://www.linkedin.com/in/jags-is-fine/\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Plunging China\u0026#39;s internet toilets (LABScon)\" rel=\"nofollow\" href=\"https://www.labscon.io/speakers/aurora-johnson/\"\u003ePlunging China's internet toilets (LABScon)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"SpyCloud Labs\" rel=\"nofollow\" href=\"https://spycloud.com/resources/spycloud-labs/\"\u003eSpyCloud Labs\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 64: SpyCloud Labs researchers Aurora Johnson and Trevor Hilligoss discuss the world of “internet toilets,\" the toxic online communities in China where harassment, stalking, and sextortion thrive. We explore how these groups operate, from doxing ex-lovers and enemies to running coordinated campaigns of cyberbullying that often spill into real-world harm. (Recorded at LABScon 2025).\r\n\r\nCast: Aurora Johnson, Trevor Hilligoss Ryan Naraine and Juan Andres Guerrero-Saade.","date_published":"2025-09-24T11:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/f1783ca4-97ce-4db0-b3aa-144e6aba3db1.mp3","mime_type":"audio/mpeg","size_in_bytes":22164014,"duration_in_seconds":1333}]},{"id":"6a3b7094-57b6-438f-afe4-89b945eaf4cf","title":"Live at LABScon: Visi Stark shares memories of creating the APT1 report","url":"https://securityconversations.fireside.fm/visi-stark-vertex-project-apt1-report-recap","content_text":"Three Buddy Problem - Episode 63: Co-founder of the Vertex Project Visi Stark joins the buddies to reminisce about his work writing Mandiant's famous APT1 report, the China-nexus threat landscape, the value of cyber threat intelligence, APT-naming schemes, and more... (Recorded at LABScon 2025)\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Visi Stark.Links:How the Infamous APT-1 Report Exposing China’s PLA Hackers Came to Be\nMandiant APT1 Report\nA guide to U.S. allegations of China cyberspying\nThe Vertex Project\nLABScon 2025\nVisi Stark on LinkedIn\nLABScon 2025: Plunging the Internet Toilets in China\nAurora Johnson on Twitter\nTrevor Hilligoss\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 63\u003c/strong\u003e: Co-founder of the Vertex Project Visi Stark joins the buddies to reminisce about his work writing Mandiant's famous APT1 report, the China-nexus threat landscape, the value of cyber threat intelligence, APT-naming schemes, and more... (Recorded at LABScon 2025)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://x.com/Invisig0th\" target=\"_blank\" rel=\"nofollow noopener\"\u003eVisi Stark\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"How the Infamous APT-1 Report Exposing China’s PLA Hackers Came to Be\" rel=\"nofollow\" href=\"https://www.zetter-zeroday.com/how-the-infamous-apt-1-report-exposing-chinas-pla-hackers-came-to-be/\"\u003eHow the Infamous APT-1 Report Exposing China’s PLA Hackers Came to Be\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mandiant APT1 Report\" rel=\"nofollow\" href=\"https://services.google.com/fh/files/misc/mandiant-apt1-report.pdf?ref=zetter-zeroday.com\"\u003eMandiant APT1 Report\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"A guide to U.S. allegations of China cyberspying\" rel=\"nofollow\" href=\"https://www.pbs.org/newshour/world/guide-u-s-allegations-china-cyberspying?ref=zetter-zeroday.com\"\u003eA guide to U.S. allegations of China cyberspying\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Vertex Project\" rel=\"nofollow\" href=\"https://vertex.link/\"\u003eThe Vertex Project\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2025\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon 2025\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Visi Stark on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/visi-stark-5bb092186/\"\u003eVisi Stark on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2025: Plunging the Internet Toilets in China\" rel=\"nofollow\" href=\"https://www.labscon.io/speakers/aurora-johnson/\"\u003eLABScon 2025: Plunging the Internet Toilets in China\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Aurora Johnson on Twitter\" rel=\"nofollow\" href=\"https://x.com/princessauroraj\"\u003eAurora Johnson on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Trevor Hilligoss\" rel=\"nofollow\" href=\"https://www.labscon.io/speakers/trevor-hilligoss/\"\u003eTrevor Hilligoss\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 63: Co-founder of the Vertex Project Visi Stark joins the buddies to reminisce about his work writing Mandiant's famous APT1 report, the China-nexus threat landscape, the value of cyber threat intelligence, APT-naming schemes, and more... (Recorded at LABScon 2025).\r\n\r\nCast: Visi Stark, Ryan Naraine and Juan Andres Guerrero-Saade.","date_published":"2025-09-24T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6a3b7094-57b6-438f-afe4-89b945eaf4cf.mp3","mime_type":"audio/mpeg","size_in_bytes":29489381,"duration_in_seconds":1730}]},{"id":"2e770758-3cba-44bf-8c35-e468ad8cda65","title":"Live at LABScon: Lindsay Freeman on tracking Wagner Group war crimes ","url":"https://securityconversations.fireside.fm/labscon-live-lindsay-freeman-tracking-war-crimes","content_text":"Three Buddy Problem - Episode 62: Lindsay Freeman, Director of the Technology, Law \u0026amp; Policy program at the Human Rights Center, UC Berkeley School of Law, joins the show to discuss her team's meticulous work to document the Wagner Group's chain of command, military operations in parts of Africa, and the broadcasting of war crimes on social media platforms like Telegram. (Recorded at LABScon 2025)\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Lindsay Freeman.Links:LABScon Speaker 2025: Lindsay Freeman\nWar Crimes for Fun and Profit (Lawfare)\nMali: Army, Wagner Group Atrocities Against Civilians\nThe Wagner Group’s Atrocities in Africa: Lies and Truth \nMassacres, Executions, and Falsified Graves: The Wagner Group’s Mounting Humanitarian Cost in Mali\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 62\u003c/strong\u003e: Lindsay Freeman, Director of the Technology, Law \u0026amp; Policy program at the Human Rights Center, UC Berkeley School of Law, joins the show to discuss her team's meticulous work to document the Wagner Group's chain of command, military operations in parts of Africa, and the broadcasting of war crimes on social media platforms like Telegram. (Recorded at LABScon 2025)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://x.com/lindsaysfreeman\" target=\"_blank\" rel=\"nofollow noopener\"\u003eLindsay Freeman\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"LABScon Speaker 2025: Lindsay Freeman\" rel=\"nofollow\" href=\"https://www.labscon.io/speakers/lindsay-freeman/\"\u003eLABScon Speaker 2025: Lindsay Freeman\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"War Crimes for Fun and Profit (Lawfare)\" rel=\"nofollow\" href=\"https://www.lawfaremedia.org/article/war-crimes-for-fun-and-profit\"\u003eWar Crimes for Fun and Profit (Lawfare)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mali: Army, Wagner Group Atrocities Against Civilians\" rel=\"nofollow\" href=\"https://www.hrw.org/news/2024/03/28/mali-army-wagner-group-atrocities-against-civilians\"\u003eMali: Army, Wagner Group Atrocities Against Civilians\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Wagner Group’s Atrocities in Africa: Lies and Truth \" rel=\"nofollow\" href=\"https://2021-2025.state.gov/the-wagner-groups-atrocities-in-africa-lies-and-truth/\"\u003eThe Wagner Group’s Atrocities in Africa: Lies and Truth \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Massacres, Executions, and Falsified Graves: The Wagner Group’s Mounting Humanitarian Cost in Mali\" rel=\"nofollow\" href=\"https://www.csis.org/analysis/massacres-executions-and-falsified-graves-wagner-groups-mounting-humanitarian-cost-mali\"\u003eMassacres, Executions, and Falsified Graves: The Wagner Group’s Mounting Humanitarian Cost in Mali\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 62: Lindsay Freeman, Director of the Technology, Law \u0026 Policy program at the Human Rights Center, UC Berkeley School of Law, joins the show to discuss her team's meticulous work to document the Wagner Group's chain of command, military operations in parts of Africa, and the broadcasting of war crimes on social media platforms like Telegram. (Recorded at LABScon 2025)\r\n\r\nCast: Lindsay Freeman, Ryan Naraine and Juan Andres Guerrero-Saade.","date_published":"2025-09-24T10:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/2e770758-3cba-44bf-8c35-e468ad8cda65.mp3","mime_type":"audio/mpeg","size_in_bytes":29899880,"duration_in_seconds":1912}]},{"id":"25a25e4d-d101-4a90-af30-ae85214f326e","title":"Can Apple's New Anti-Exploit Tech Stop iPhone Spyware Attacks?","url":"https://securityconversations.fireside.fm/apple-new-memory-safety-anti-exploit-iphone-spyware","content_text":"Three Buddy Problem - Episode 61: We cover a pair of software supply chain breaches (Salesforce Salesloft Drift and NPM/GitHub) that raises big questions about SaaS integrations and the ripple effects across major security vendors. \n\nPlus, Apple’s new Memory Integrity Enforcement in iPhone 17 and discussion on commercial spyware infections and the value of Apple notifications; concerns around Chinese hardware and surveillance equipment in US infrastructure; Silicon Valley profiting from China’s surveillance ecosystem; and controversy around a Huntress disclosure of an attacker’s operations after an EDR agent was mistakenly installed.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nSalesforce advisory on Salesloft Drift hack\nSalesloft Drift Breach Tracker\nMandiant Drift and Salesloft Application Investigations\nWidespread Data Theft Targets Salesforce Instances via Salesloft Drift\nLarge-Scale NPM Attack\nNPM attack failed, with almost no victims\nChinese Hackers Pretended to Be a Top U.S. Lawmaker\nCzech cyber agency warns against using services and products that send data to China\nApple Debuts Memory Integrity Enforcement (MIE)\nHuntress: An Attacker’s Blunder Gave Us a Look Into Their Operations\nLABScon 2025 Agenda\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 61\u003c/strong\u003e: We cover a pair of software supply chain breaches (Salesforce Salesloft Drift and NPM/GitHub) that raises big questions about SaaS integrations and the ripple effects across major security vendors. \u003c/p\u003e\n\n\u003cp\u003ePlus, Apple’s new Memory Integrity Enforcement in iPhone 17 and discussion on commercial spyware infections and the value of Apple notifications; concerns around Chinese hardware and surveillance equipment in US infrastructure; Silicon Valley profiting from China’s surveillance ecosystem; and controversy around a Huntress disclosure of an attacker’s operations after an EDR agent was mistakenly installed.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1TFCmWNzyYKL35z_3jmiaXs6xpR7egZOjyY4WhScJTzg/edit?tab=t.0\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Salesforce advisory on Salesloft Drift hack\" rel=\"nofollow\" href=\"https://status.salesforce.com/generalmessages/20000217\"\u003eSalesforce advisory on Salesloft Drift hack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Salesloft Drift Breach Tracker\" rel=\"nofollow\" href=\"https://www.driftbreach.com/\"\u003eSalesloft Drift Breach Tracker\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mandiant Drift and Salesloft Application Investigations\" rel=\"nofollow\" href=\"https://trust.salesloft.com/?uid=Update+on+Mandiant+Drift+and+Salesloft+Application+Investigations\"\u003eMandiant Drift and Salesloft Application Investigations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Widespread Data Theft Targets Salesforce Instances via Salesloft Drift\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift\"\u003eWidespread Data Theft Targets Salesforce Instances via Salesloft Drift\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Large-Scale NPM Attack\" rel=\"nofollow\" href=\"https://cointelegraph.com/news/large-scale-npm-attack-compromised-less-50-dollars\"\u003eLarge-Scale NPM Attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NPM attack failed, with almost no victims\" rel=\"nofollow\" href=\"https://x.com/P3b7_/status/1965336272550899932\"\u003eNPM attack failed, with almost no victims\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chinese Hackers Pretended to Be a Top U.S. Lawmaker\" rel=\"nofollow\" href=\"https://archive.ph/KlhAo\"\u003eChinese Hackers Pretended to Be a Top U.S. Lawmaker\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Czech cyber agency warns against using services and products that send data to China\" rel=\"nofollow\" href=\"https://therecord.media/czech-nukib-warns-against-products-sending-data-china\"\u003eCzech cyber agency warns against using services and products that send data to China\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple Debuts Memory Integrity Enforcement (MIE)\" rel=\"nofollow\" href=\"https://security.apple.com/blog/memory-integrity-enforcement/\"\u003eApple Debuts Memory Integrity Enforcement (MIE)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Huntress: An Attacker’s Blunder Gave Us a Look Into Their Operations\" rel=\"nofollow\" href=\"https://www.huntress.com/blog/rare-look-inside-attacker-operation\"\u003eHuntress: An Attacker’s Blunder Gave Us a Look Into Their Operations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2025 Agenda\" rel=\"nofollow\" href=\"https://events.sentinelone.com/event/LABScon2025/agenda\"\u003eLABScon 2025 Agenda\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 61: We cover a pair of software supply chain breaches (Salesforce Salesloft Drift and NPM/GitHub) that raises big questions about SaaS integrations and the ripple effects across major security vendors. \r\n\r\nPlus, Apple’s new Memory Integrity Enforcement in iPhone 17 and discussion on commercial spyware infections and the value of Apple notifications; concerns around Chinese hardware and surveillance equipment in US infrastructure; Silicon Valley profiting from China’s surveillance ecosystem; and controversy around a Huntress disclosure of an attacker’s operations after an EDR agent was mistakenly installed.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-09-09T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/25a25e4d-d101-4a90-af30-ae85214f326e.mp3","mime_type":"audio/mpeg","size_in_bytes":133531462,"duration_in_seconds":9946}]},{"id":"1ec2ef88-a1b1-4df7-b737-24542f8462c8","title":"Salt Typhoon IOCs, Google floats ‘cyber disruption unit’, WhatsApp 0-click ","url":"https://securityconversations.fireside.fm/salt-typhoon-iocs-google-disruption-unit-whatsapp-zero-click","content_text":"Three Buddy Problem - Episode 60: We dissect a fresh multi-agency Salt Typhoon advisory (with IOCs and YARA rules!), why it landed late, why the wall of logos matters (and doesn’t), and what’s actually usable for defenders: new YARA, tool hashes, naming ambiguity across reports, the mention of Chinese vendors, and a Dutch note that smaller ISPs were hit.\n\nPlus, Costin details his hunting stack and philosophy (historic IOC/malware hoarding, fast pivots, and AI as analyst “wingman”) and a new Chinese APT report that may intersect with LightBasin and the murky PSOA world. \n\nWe also debate Google’s proposed “cyber disruption unit” versus Microsoft’s DCU (legal vs. “ethical” takedowns, PR, and business models); react to Anthropic’s report on real attacker use of Claude; note Amazon’s APT29 watering-hole disruption; and close on a fresh WhatsApp-to-ImageIO zero-click chain and practical phone OPSEC. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nNSA, Allies Report on Salt Typhoon\nUK and allies expose China tech companies\nJoint Advisory on Salt Typhoon (IOCs)\nDutch providers targeted by Salt Typhoon\nSilent Control: The Hidden Penetration of MystRodX\nGoogle previews cyber ‘disruption unit'\nAnthropic report on misuse of Claude AI\nWhatsApp 0day exploited (iOS attack chain)\nRationalEdge - Intelligence Meets Accuracy\nLABScon Speakers 2025\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 60\u003c/strong\u003e: We dissect a fresh multi-agency Salt Typhoon advisory (with IOCs and YARA rules!), why it landed late, why the wall of logos matters (and doesn’t), and what’s actually usable for defenders: new YARA, tool hashes, naming ambiguity across reports, the mention of Chinese vendors, and a Dutch note that smaller ISPs were hit.\u003c/p\u003e\n\n\u003cp\u003ePlus, Costin details his hunting stack and philosophy (historic IOC/malware hoarding, fast pivots, and AI as analyst “wingman”) and a new Chinese APT report that may intersect with LightBasin and the murky PSOA world. \u003c/p\u003e\n\n\u003cp\u003eWe also debate Google’s proposed “cyber disruption unit” versus Microsoft’s DCU (legal vs. “ethical” takedowns, PR, and business models); react to Anthropic’s report on real attacker use of Claude; note Amazon’s APT29 watering-hole disruption; and close on a fresh WhatsApp-to-ImageIO zero-click chain and practical phone OPSEC. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1s08A637odGBsqPX2lWWqtG5IM2hj6dWGtTzaxKbfWt4/edit?tab=t.0#heading=h.jbbo41oysex\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NSA, Allies Report on Salt Typhoon\" rel=\"nofollow\" href=\"https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4287371/nsa-and-others-provide-guidance-to-counter-china-state-sponsored-actors-targeti/\"\u003eNSA, Allies Report on Salt Typhoon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"UK and allies expose China tech companies\" rel=\"nofollow\" href=\"https://www.ncsc.gov.uk/news/uk-allies-expose-china-tech-companies-enabling-cyber-campaign\"\u003eUK and allies expose China tech companies\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Joint Advisory on Salt Typhoon (IOCs)\" rel=\"nofollow\" href=\"https://media.defense.gov/2025/Aug/22/2003786665/-1/-1/0/CSA_COUNTERING_CHINA_STATE_ACTORS_COMPROMISE_OF_NETWORKS.PDF\"\u003eJoint Advisory on Salt Typhoon (IOCs)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dutch providers targeted by Salt Typhoon\" rel=\"nofollow\" href=\"https://www.defensie.nl/actueel/nieuws/2025/08/28/nederlandse-providers-doelwit-van-salt-typhoon\"\u003eDutch providers targeted by Salt Typhoon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Silent Control: The Hidden Penetration of MystRodX\" rel=\"nofollow\" href=\"https://blog.xlab.qianxin.com/mystrodx_covert_dual-mode_backdoor/\"\u003eSilent Control: The Hidden Penetration of MystRodX\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google previews cyber ‘disruption unit\u0026#39;\" rel=\"nofollow\" href=\"https://cyberscoop.com/google-cybersecurity-disruption-unit-active-defense-hack-back/\"\u003eGoogle previews cyber ‘disruption unit'\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anthropic report on misuse of Claude AI\" rel=\"nofollow\" href=\"https://www.anthropic.com/news/detecting-countering-misuse-aug-2025\"\u003eAnthropic report on misuse of Claude AI\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"WhatsApp 0day exploited (iOS attack chain)\" rel=\"nofollow\" href=\"https://www.whatsapp.com/security/advisories/2025/\"\u003eWhatsApp 0day exploited (iOS attack chain)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"RationalEdge - Intelligence Meets Accuracy\" rel=\"nofollow\" href=\"https://rationaledge.io/\"\u003eRationalEdge - Intelligence Meets Accuracy\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon Speakers 2025\" rel=\"nofollow\" href=\"https://www.labscon.io/speakers/\"\u003eLABScon Speakers 2025\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 60: We dissect a fresh multi-agency Salt Typhoon advisory (with IOCs and YARA rules!), why it landed late, why the wall of logos matters (and doesn’t), and what’s actually usable for defenders: new YARA, tool hashes, naming ambiguity across reports, the mention of Chinese vendors, and a Dutch note that smaller ISPs were hit.\r\n\r\nPlus, Costin details his hunting stack and philosophy (historic IOC/malware hoarding, fast pivots, and AI as analyst “wingman”) and a new Chinese APT report that may intersect with LightBasin and the murky PSOA world. \r\n\r\nWe also debate Google’s proposed “cyber disruption unit” versus Microsoft’s DCU (legal vs. “ethical” takedowns, PR, and business models); react to Anthropic’s report on real attacker use of Claude; note Amazon’s APT29 watering-hole disruption; and close on a fresh WhatsApp-to-ImageIO zero-click chain and practical phone OPSEC. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-08-29T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1ec2ef88-a1b1-4df7-b737-24542f8462c8.mp3","mime_type":"audio/mpeg","size_in_bytes":101225542,"duration_in_seconds":8688}]},{"id":"3a700ea9-ec69-4472-bade-414c4c7a53b2","title":"Zero-day reality check: iOS exploits, MAPP in China and the hack-back temptation","url":"https://securityconversations.fireside.fm/zero-day-ios-mapp-china-letters-of-marque","content_text":"Three Buddy Problem - Episode 59: Apple drops another emergency iOS patch and we unpack what that “may have been exploited” language really means: zero-click chains, why notifications help but forensics don’t, and the uncomfortable truth that Lockdown Mode is increasingly the default for high-risk users. We connect the dots from ImageIO bugs to geopolitics, discuss who’s likely using these exploits, why Apple’s guidance stops short, and the practical playbook (ADP on, reboot often, reduce attack surface) that actually works.\n\nPlus, we debate Microsoft throttling MAPP access for Chinese vendors, the idea of “letters of marque” for cyber (outsourced offense: smart deterrent or Pandora’s box?), and dissect two case studies that blur APT and crimeware: PipeMagic’s CLFS zero-day and Russia-linked “Static Tundra” riding seven-year-old Cisco bugs. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nApple bulletin: iOS 18.6.2\nApple discloses actively exploited zero-day affecting iOS, iPadOS and macOS\nUK drops demand for backdoor into Apple encryption\nTulsi Gabbard on UK dropping Apple backdoor mandate\nMicrosoft Curbs Early Notifications for Chinese Firms on Security Flaws\nKaspersky report on PipeMagic\nMicrosoft: Dissecting PipeMagic Backdoor Framework\nCisco Talos on Static Tundra \nFBI advisory on end-of-life network devices\nSIM-Swapper, Scattered Spider Hacker Gets 10 Years\nQubic Claims Majority Control of Monero Hashrate, Raising 51% Attack Fears\nState of Statecraft Call for Papers\nLABScon 2025 Speaker Roster\nOffensive AI Con\nThree Buddy Problem: LIVE in Canada \n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 59\u003c/strong\u003e: Apple drops another emergency iOS patch and we unpack what that “may have been exploited” language really means: zero-click chains, why notifications help but forensics don’t, and the uncomfortable truth that Lockdown Mode is increasingly the default for high-risk users. We connect the dots from ImageIO bugs to geopolitics, discuss who’s likely using these exploits, why Apple’s guidance stops short, and the practical playbook (ADP on, reboot often, reduce attack surface) that actually works.\u003c/p\u003e\n\n\u003cp\u003ePlus, we debate Microsoft throttling MAPP access for Chinese vendors, the idea of “letters of marque” for cyber (outsourced offense: smart deterrent or Pandora’s box?), and dissect two case studies that blur APT and crimeware: PipeMagic’s CLFS zero-day and Russia-linked “Static Tundra” riding seven-year-old Cisco bugs. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1s08A637odGBsqPX2lWWqtG5IM2hj6dWGtTzaxKbfWt4/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple bulletin: iOS 18.6.2\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/124925\"\u003eApple bulletin: iOS 18.6.2\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple discloses actively exploited zero-day affecting iOS, iPadOS and macOS\" rel=\"nofollow\" href=\"https://cyberscoop.com/apple-zero-day-ios-macos-ipados-august-2025/\"\u003eApple discloses actively exploited zero-day affecting iOS, iPadOS and macOS\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"UK drops demand for backdoor into Apple encryption\" rel=\"nofollow\" href=\"https://www.theverge.com/news/761240/uk-apple-us-encryption-back-door-demands-dropped\"\u003eUK drops demand for backdoor into Apple encryption\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Tulsi Gabbard on UK dropping Apple backdoor mandate\" rel=\"nofollow\" href=\"https://x.com/DNIGabbard/status/1957623737232007638\"\u003eTulsi Gabbard on UK dropping Apple backdoor mandate\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Curbs Early Notifications for Chinese Firms on Security Flaws\" rel=\"nofollow\" href=\"https://archive.ph/S1Qxw\"\u003eMicrosoft Curbs Early Notifications for Chinese Firms on Security Flaws\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kaspersky report on PipeMagic\" rel=\"nofollow\" href=\"https://securelist.com/pipemagic/117270/\"\u003eKaspersky report on PipeMagic\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft: Dissecting PipeMagic Backdoor Framework\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2025/08/18/dissecting-pipemagic-inside-the-architecture-of-a-modular-backdoor-framework/\"\u003eMicrosoft: Dissecting PipeMagic Backdoor Framework\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cisco Talos on Static Tundra \" rel=\"nofollow\" href=\"https://blog.talosintelligence.com/static-tundra/\"\u003eCisco Talos on Static Tundra \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"FBI advisory on end-of-life network devices\" rel=\"nofollow\" href=\"https://www.ic3.gov/PSA/2025/PSA250820\"\u003eFBI advisory on end-of-life network devices\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"SIM-Swapper, Scattered Spider Hacker Gets 10 Years\" rel=\"nofollow\" href=\"https://krebsonsecurity.com/2025/08/sim-swapper-scattered-spider-hacker-gets-10-years/\"\u003eSIM-Swapper, Scattered Spider Hacker Gets 10 Years\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Qubic Claims Majority Control of Monero Hashrate, Raising 51% Attack Fears\" rel=\"nofollow\" href=\"https://www.coindesk.com/business/2025/08/12/qubic-claims-majority-control-of-monero-hashrate-raising-51-attack-fears\"\u003eQubic Claims Majority Control of Monero Hashrate, Raising 51% Attack Fears\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"State of Statecraft Call for Papers\" rel=\"nofollow\" href=\"https://www.stateofstatecraft.com/cfp\"\u003eState of Statecraft Call for Papers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2025 Speaker Roster\" rel=\"nofollow\" href=\"https://www.labscon.io/speakers/\"\u003eLABScon 2025 Speaker Roster\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Offensive AI Con\" rel=\"nofollow\" href=\"https://events.humanitix.com/offensive-ai-con?utm_term=\u0026amp;utm_campaign=\u0026amp;utm_source=adwords\u0026amp;utm_medium=ppc\u0026amp;hsa_acc=7180819758\u0026amp;hsa_cam=20991033514\u0026amp;hsa_grp=161185120489\u0026amp;hsa_ad=689601156905\u0026amp;hsa_src=g\u0026amp;hsa_tgt=dsa-19959388920\u0026amp;hsa_kw=\u0026amp;hsa_mt=\u0026amp;hsa_net=adwords\u0026amp;hsa_ver=3\u0026amp;gad_source=1\u0026amp;gad_campaignid=20991033514\u0026amp;gbraid=0AAAAABav_m8gbgDxsU7DmjBLke8XU8eai\u0026amp;gclid=Cj0KCQjwwZDFBhCpARIsAB95qO0xhRhywMTqp0V9unCeS1_eXiTN5xZ6F78DxunKdzZZ2VCLYm3GZqMaAuuLEALw_wcB\"\u003eOffensive AI Con\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Three Buddy Problem: LIVE in Canada \" rel=\"nofollow\" href=\"https://ringzer0.training/countermeasure25-three-buddy-problem-live/\"\u003eThree Buddy Problem: LIVE in Canada \n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 59: Apple drops another emergency iOS patch and we unpack what that “may have been exploited” language really means: zero-click chains, why notifications help but forensics don’t, and the uncomfortable truth that Lockdown Mode is increasingly the default for high-risk users. We connect the dots from ImageIO bugs to geopolitics, discuss who’s likely using these exploits, why Apple’s guidance stops short, and the practical playbook (ADP on, reboot often, reduce attack surface) that actually works.\r\n\r\nPlus, we debate Microsoft throttling MAPP access for Chinese vendors, the idea of “letters of marque” for cyber (outsourced offense: smart deterrent or Pandora’s box?), and dissect two case studies that blur APT and crimeware: PipeMagic’s CLFS zero-day and Russia-linked “Static Tundra” riding seven-year-old Cisco bugs. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-08-22T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/3a700ea9-ec69-4472-bade-414c4c7a53b2.mp3","mime_type":"audio/mpeg","size_in_bytes":118144375,"duration_in_seconds":9135}]},{"id":"a144cfba-560a-41b9-a9db-8138273862b2","title":"On AI’s future, security’s failures, and what comes next...","url":"https://securityconversations.fireside.fm/ai-futire-security-failures-whats-next","content_text":"Three Buddy Problem - Episode 58: The buddies react to the Brandon Dixon episode, digging into what it’s really like to scale products inside a tech giant, navigate politics, and bring features to millions of machines. Plus, an exploration of the AI cybersecurity gold rush, the promise and hype, and the gamble for startups versus the slow-moving advantage of incumbents. \n\nWe revisit the Chinese \"cyber militia\" discussion and the looming AI “dot-com bubble,” the value of owning infrastructure, Nvidia and export controls, China’s manufacturing edge, and the geopolitics of supply chains. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nLive from Black Hat: Brandon Dixon\nPSIRT | FortiGuard Labs\nSonicWall Firewalls – SSLVPN Recent Threat Activity\nCisco CVSS 1.0 RCE\nMargin Research: Cyber Militias Redux\nRussia Is Suspected to Be Behind Breach of Federal Court Filing System\nRussian hackers seized control of Norwegian dam\nPoland foiled cyberattack on big city's water supply\nEU Parliament pressing for agreement on chat scanning bill\nLABScon 2025\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 58\u003c/strong\u003e: The buddies react to the Brandon Dixon episode, digging into what it’s really like to scale products inside a tech giant, navigate politics, and bring features to millions of machines. Plus, an exploration of the AI cybersecurity gold rush, the promise and hype, and the gamble for startups versus the slow-moving advantage of incumbents. \u003c/p\u003e\n\n\u003cp\u003eWe revisit the Chinese \"cyber militia\" discussion and the looming AI “dot-com bubble,” the value of owning infrastructure, Nvidia and export controls, China’s manufacturing edge, and the geopolitics of supply chains. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1VZcPDkqbuB4MZihxH8wKDEnpcFo7Kq70Kl-JV9i_p5s/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Live from Black Hat: Brandon Dixon\" rel=\"nofollow\" href=\"https://podcasts.apple.com/us/podcast/live-from-black-hat-brandon-dixon-parses-the-ai/id1414525622?i=1000721209590\"\u003eLive from Black Hat: Brandon Dixon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PSIRT | FortiGuard Labs\" rel=\"nofollow\" href=\"https://www.fortiguard.com/psirt/FG-IR-25-152\"\u003ePSIRT | FortiGuard Labs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"SonicWall Firewalls – SSLVPN Recent Threat Activity\" rel=\"nofollow\" href=\"https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430\"\u003eSonicWall Firewalls – SSLVPN Recent Threat Activity\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cisco CVSS 1.0 RCE\" rel=\"nofollow\" href=\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79\"\u003eCisco CVSS 1.0 RCE\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Margin Research: Cyber Militias Redux\" rel=\"nofollow\" href=\"https://margin.re/2025/08/cyber-militias-redux-or-why-your-boss-might-also-be-your-platoon-leader-in-china-2/\"\u003eMargin Research: Cyber Militias Redux\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russia Is Suspected to Be Behind Breach of Federal Court Filing System\" rel=\"nofollow\" href=\"https://archive.ph/iVhTS\"\u003eRussia Is Suspected to Be Behind Breach of Federal Court Filing System\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian hackers seized control of Norwegian dam\" rel=\"nofollow\" href=\"https://www.theguardian.com/world/2025/aug/14/russian-hackers-control-norwegian-dam-norway\"\u003eRussian hackers seized control of Norwegian dam\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Poland foiled cyberattack on big city\u0026#39;s water supply\" rel=\"nofollow\" href=\"https://www.reuters.com/en/poland-foiled-cyberattack-big-citys-water-supply-deputy-pm-says-2025-08-14/\"\u003ePoland foiled cyberattack on big city's water supply\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"EU Parliament pressing for agreement on chat scanning bill\" rel=\"nofollow\" href=\"https://www.techradar.com/computing/cyber-security/a-political-blackmail-the-eu-parliament-is-pressing-for-new-mandatory-scanning-of-your-private-chats?utm_source=chatgpt.com\"\u003eEU Parliament pressing for agreement on chat scanning bill\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2025\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon 2025\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 58: Indepth reaction to the Brandon Dixon episode, digging into what it’s really like to scale products inside a tech giant, navigate politics, and bring features to millions of machines. Plus, an exploration of the AI cybersecurity gold-rush, the promise and hype, and the gamble for startups versus the slow-moving advantage of incumbents. \r\n\r\nWe revisit the Chinese \"cyber militia\" discussion and the looming AI “dot-com bubble,” the value of owning infrastructure, Nvidia and export controls, China’s manufacturing edge, and the geopolitics of supply chains. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-08-15T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a144cfba-560a-41b9-a9db-8138273862b2.mp3","mime_type":"audio/mpeg","size_in_bytes":56518966,"duration_in_seconds":7064}]},{"id":"e0829cc5-9719-41bd-92d8-865d133d21cf","title":"Live from Black Hat: Brandon Dixon parses the AI security hype","url":"https://securityconversations.fireside.fm/live-black-hat-brandon-dixon-ai-security-hype","content_text":"Three Buddy Problem - Episode 57: Brandon Dixon (PassiveTotal/RiskIQ, Microsoft) leads a deep-dive into the collision of AI and cybersecurity. We tackle Google’s “Big Sleep” project, XBOW’s HackerOne automation hype, the long-running tension between big tech ownership of critical security tools and the community’s need for open access.\n\nPlus, the future of SOC automation to AI-assisted pen testing, how agentic AI could transform the cyber talent bottlenecks and operational inefficiencies, geopolitical debates over backdoors in GPUs and the strategic implications of China’s AI model development. \n\nCast: Brandon Dixon, Juan Andres Guerrero-Saade, and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nBrandon Dixon | LinkedIn\nGoogle 'Big Sleep' AI Issue Tracker\nXBOW - The road to Top 1: How XBOW did it\nDoes “XBOW AI Hacker” Deserve the Hype?\nXBOW - Taking the Top Hacker in the US to New Heights: XBOW Raises $75M Series B\nNVIDIA: No Backdoors. No Kill Switches. No Spyware \nNvidia reiterates its chips have no backdoors, urges US against location verification\nGoogle: Our Big Sleep agent makes a big leap\nMicrosoft announces acquisition of RiskIQ \nRiskIQ attack surface management\nBrandon Dixon (SecurityConversations podcast)\nProject Zero: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 57\u003c/strong\u003e: Brandon Dixon (PassiveTotal/RiskIQ, Microsoft) leads a deep-dive into the collision of AI and cybersecurity. We tackle Google’s “Big Sleep” project, XBOW’s HackerOne automation hype, the long-running tension between big tech ownership of critical security tools and the community’s need for open access.\u003c/p\u003e\n\n\u003cp\u003ePlus, the future of SOC automation to AI-assisted pen testing, how agentic AI could transform the cyber talent bottlenecks and operational inefficiencies, geopolitical debates over backdoors in GPUs and the strategic implications of China’s AI model development. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://www.linkedin.com/in/brandonsdixon/\" target=\"_blank\" rel=\"nofollow noopener\"\u003eBrandon Dixon\u003c/a\u003e, \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1qK9qf59EbwAZvr_zjR3FvmEN_nlpFPGAaTKNZYCVQFY/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Brandon Dixon | LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/brandonsdixon/\"\u003eBrandon Dixon | LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google \u0026#39;Big Sleep\u0026#39; AI Issue Tracker\" rel=\"nofollow\" href=\"https://issuetracker.google.com/issues?q=componentid:1836411\u0026amp;s=type:desc\u0026amp;s=issue_id:desc\"\u003eGoogle 'Big Sleep' AI Issue Tracker\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"XBOW - The road to Top 1: How XBOW did it\" rel=\"nofollow\" href=\"https://xbow.com/blog/top-1-how-xbow-did-it?utm_source=chatgpt.com\"\u003eXBOW - The road to Top 1: How XBOW did it\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Does “XBOW AI Hacker” Deserve the Hype?\" rel=\"nofollow\" href=\"https://utkusen.substack.com/p/does-xbow-ai-hacker-deserve-the-hype\"\u003eDoes “XBOW AI Hacker” Deserve the Hype?\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"XBOW - Taking the Top Hacker in the US to New Heights: XBOW Raises $75M Series B\" rel=\"nofollow\" href=\"https://xbow.com/blog/series-b\"\u003eXBOW - Taking the Top Hacker in the US to New Heights: XBOW Raises $75M Series B\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NVIDIA: No Backdoors. No Kill Switches. No Spyware \" rel=\"nofollow\" href=\"https://blogs.nvidia.com/blog/no-backdoors-no-kill-switches-no-spyware/\"\u003eNVIDIA: No Backdoors. No Kill Switches. No Spyware \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Nvidia reiterates its chips have no backdoors, urges US against location verification\" rel=\"nofollow\" href=\"https://www.reuters.com/world/china/nvidia-reiterates-its-chips-have-no-backdoors-urges-us-against-location-2025-08-06/?utm_source=chatgpt.com\"\u003eNvidia reiterates its chips have no backdoors, urges US against location verification\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google: Our Big Sleep agent makes a big leap\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-our-big-sleep-agent-makes-big-leap\"\u003eGoogle: Our Big Sleep agent makes a big leap\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft announces acquisition of RiskIQ \" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2021/07/12/microsoft-to-acquire-riskiq-to-strengthen-cybersecurity-of-digital-transformation-and-hybrid-work/\"\u003eMicrosoft announces acquisition of RiskIQ \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"RiskIQ attack surface management\" rel=\"nofollow\" href=\"https://azuremarketplace.microsoft.com/en-us/marketplace/apps/riskiq1592493552392.riskiq-saas?tab=overview\"\u003eRiskIQ attack surface management\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Brandon Dixon (SecurityConversations podcast)\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/brandon-dixon-vice-president-riskiq/\"\u003eBrandon Dixon (SecurityConversations podcast)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Project Zero: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution\" rel=\"nofollow\" href=\"https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html\"\u003eProject Zero: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 57: Brandon Dixon (PassiveTotal/RiskIQ, Microsoft) leads a deep-dive into the collision of AI and cybersecurity. We tackle Google’s “Big Sleep” project, XBOW’s automation hype, the long-running tension between big tech ownership of critical security tools and the community’s need for open access.\r\n\r\nPlus, the future of SOC automation to AI-assisted pen testing, how agentic AI could transform cyber talent bottlenecks and operational inefficiencies, geopolitical debates over backdoors in GPUs and the strategic implications of China’s AI model development. \r\n\r\nCast: Brandon Dixon, Juan Andres Guerrero-Saade and Ryan Naraine.","date_published":"2025-08-07T09:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/e0829cc5-9719-41bd-92d8-865d133d21cf.mp3","mime_type":"audio/mpeg","size_in_bytes":43316889,"duration_in_seconds":5414}]},{"id":"7d8831a2-e2e9-4a1f-aef7-a7c2ae778589","title":"Rethinking APT Attribution: Dakota Cary on Chinese Contractors and Espionage-as-a-Service","url":"https://securityconversations.fireside.fm/china-microsoft-mapp-zero-days-singapore-warning","content_text":"Three Buddy Problem - Episode 56: China-focused researcher Dakota Cary joins the buddies to dig into China’s sprawling cyber ecosystem, from the HAFNIUM indictments and MSS tasking pipelines to the murky world of APT contractors and the ransomware hustle. We break down China’s “entrepreneurial” model of intelligence collection, why public visibility into these threat actors is so hard to get right, and how companies like Microsoft get caught in the geopolitical crossfire. \n\nPlus: a deep dive on suspected MAPP leaks and Sharepoint zero-days, Singapore targeted by extremely sophisticated China-nexus hacking group, soft censorship in corporate threat-intel, and whether the U.S. should rethink how it fills its intelligence gaps.\n\nCast: Dakota Cary, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nDakota Cary on LinkedIn\nChina’s Covert Capabilities -- Silk Spun From Hafnium\nHAFNIUM-Linked Hacker Xu Zewei: Riding the Tides of China’s Cyber Ecosystem\nMicrosoft Probing Whether Chinese Hackers Found Flaw Via MAPP \nCybersecurity Law of the People’s Republic of China\nFrozen in transit: Secret Blizzard’s AiTM campaign against diplomats\nFire Ant: Hypervisor-Level Espionage Targeting VMware ESXi \u0026amp; vCenter\nSingapore actively dealing with ongoing China cyberattack\nIranians Targeted With Spyware in Lead-Up to War With Israel\n — all inside Iran and working either in the country’s technology sector or for the government.\nLABScon 2025\nApple in China (book)\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 56\u003c/strong\u003e: China-focused researcher Dakota Cary joins the buddies to dig into China’s sprawling cyber ecosystem, from the HAFNIUM indictments and MSS tasking pipelines to the murky world of APT contractors and the ransomware hustle. We break down China’s “entrepreneurial” model of intelligence collection, why public visibility into these threat actors is so hard to get right, and how companies like Microsoft get caught in the geopolitical crossfire. \u003c/p\u003e\n\n\u003cp\u003ePlus: a deep dive on suspected MAPP leaks and Sharepoint zero-days, Singapore targeted by extremely sophisticated China-nexus hacking group, soft censorship in corporate threat-intel, and whether the U.S. should rethink how it fills its intelligence gaps.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://www.linkedin.com/in/dakotacary/\" target=\"_blank\" rel=\"nofollow noopener\"\u003eDakota Cary\u003c/a\u003e, \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1gBEQbXUnmY-LmQ8f8SsaW9IgDIn8b4Sis6vHl8xoaJU/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dakota Cary on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/dakotacary/\"\u003eDakota Cary on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"China’s Covert Capabilities -- Silk Spun From Hafnium\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/chinas-covert-capabilities-silk-spun-from-hafnium/\"\u003eChina’s Covert Capabilities -- Silk Spun From Hafnium\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"HAFNIUM-Linked Hacker Xu Zewei: Riding the Tides of China’s Cyber Ecosystem\" rel=\"nofollow\" href=\"https://nattothoughts.substack.com/p/hafnium-linked-hacker-xu-zewei-riding\"\u003eHAFNIUM-Linked Hacker Xu Zewei: Riding the Tides of China’s Cyber Ecosystem\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Probing Whether Chinese Hackers Found Flaw Via MAPP \" rel=\"nofollow\" href=\"https://archive.ph/txvJ5\"\u003eMicrosoft Probing Whether Chinese Hackers Found Flaw Via MAPP \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cybersecurity Law of the People’s Republic of China\" rel=\"nofollow\" href=\"https://digichina.stanford.edu/work/translation-cybersecurity-law-of-the-peoples-republic-of-china-effective-june-1-2017/\"\u003eCybersecurity Law of the People’s Republic of China\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/\"\u003eFrozen in transit: Secret Blizzard’s AiTM campaign against diplomats\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fire Ant: Hypervisor-Level Espionage Targeting VMware ESXi \u0026amp; vCenter\" rel=\"nofollow\" href=\"https://www.sygnia.co/blog/fire-ant-a-deep-dive-into-hypervisor-level-espionage/\"\u003eFire Ant: Hypervisor-Level Espionage Targeting VMware ESXi \u0026amp; vCenter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Singapore actively dealing with ongoing China cyberattack\" rel=\"nofollow\" href=\"https://www.channelnewsasia.com/singapore/unc3886-cyber-security-threat-actor-attack-singapore-5245791\"\u003eSingapore actively dealing with ongoing China cyberattack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Iranians Targeted With Spyware in Lead-Up to War With Israel\" rel=\"nofollow\" href=\"https://archive.ph/GDKIo#selection-1523.32-1523.125\"\u003eIranians Targeted With Spyware in Lead-Up to War With Israel\n\u003c/a\u003e \u0026mdash; all inside Iran and working either in the country’s technology sector or for the government.\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2025\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon 2025\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple in China (book)\" rel=\"nofollow\" href=\"https://www.simonandschuster.com/books/Apple-in-China/Patrick-McGee/9781668053379\"\u003eApple in China (book)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 56: China-focused researcher Dakota Cary joins the buddies to dig into China’s sprawling cyber ecosystem, from the HAFNIUM indictments and MSS tasking pipelines to the murky world of APT contractors and the ransomware hustle. We break down China’s “entrepreneurial” model of intelligence collection, why public visibility into these threat actors is so hard to get right, and how companies like Microsoft get caught in the geopolitical crossfire. \r\n\r\nPlus: a deep dive on suspected MAPP leaks and Sharepoint zero-days, Singapore targeted by extremely sophisticated China-nexus hacking group, soft censorship in corporate threat-intel, and whether the U.S. should rethink how it fills its intelligence gaps.\r\n\r\nCast: Dakota Cary, Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-08-01T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/7d8831a2-e2e9-4a1f-aef7-a7c2ae778589.mp3","mime_type":"audio/mpeg","size_in_bytes":53618956,"duration_in_seconds":6702}]},{"id":"fe4d62a3-cad0-4b3d-b729-d0e94654c458","title":"Microsoft Sharepoint security crisis: Faulty patches, Toolshell zero-days","url":"https://securityconversations.fireside.fm/msft-sharepoint-zero-day-faulty-patches-","content_text":"Three Buddy Problem - Episode 55: A SharePoint zero-day exploit chain from Pwn2Own Berlin becomes a full-blown security crisis with Chinese nation-state actors exploiting vulnerabilities that Microsoft struggled to patch properly, leading to trivial bypasses and a cascade of new CVEs. The timeline is messy, the patches are faulty, and ransomware groups are lining up to join the party.\n\nWe also revisit the ProPublica bombshell about Microsoft's \"digital escorts\" and U.S. government data exposure to Chinese adversaries and the company's \"oops, we will stop\" response. Plus, trusting Google's Big Sleep AI claims and a cautionary tale about AI agents gone rogue that wiped out a production database. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nThree Buddy Problem LIVE at Black Hat\nTBP at Countermeasures 2025\nCODE WHITE GmbH ToolShell exploit\nMicrosoft guidance for SharePoint vulnerability CVE-2025-53770\nKaspersky on ToolShell: A story of five Sharepoint vulns\nRyan's EkoParty keynote on Microsoft culture\nMicrosoft Disrupting active exploitation of on-prem SharePoint flaws\nSentinelLabs on Sharepoint zero-day in-the-wild\nESET on ToolShell: An all-you-can-eat buffet for threat actors\nMicrosoft Stops Using China-Based Engineers for DoD Computer Systems\nAI coding platform goes rogue during code freeze and deletes entire company database\nJason Lemkin: Replit goes rogue\nJohn Hultquist on Big Dream AI\nLABScon 2025 \n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 55\u003c/strong\u003e: A SharePoint zero-day exploit chain from Pwn2Own Berlin becomes a full-blown security crisis with Chinese nation-state actors exploiting vulnerabilities that Microsoft struggled to patch properly, leading to trivial bypasses and a cascade of new CVEs. The timeline is messy, the patches are faulty, and ransomware groups are lining up to join the party.\u003c/p\u003e\n\n\u003cp\u003eWe also revisit the ProPublica bombshell about Microsoft's \"digital escorts\" and U.S. government data exposure to Chinese adversaries and the company's \"oops, we will stop\" response. Plus, trusting Google's Big Sleep AI claims and a cautionary tale about AI agents gone rogue that wiped out a production database. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1G_OoBEvmZiGCO-FUMr9dr87X5g80K7fHPda6QY_avQQ/edit?tab=t.0\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Three Buddy Problem LIVE at Black Hat\" rel=\"nofollow\" href=\"https://lu.ma/e2ys3k72\"\u003eThree Buddy Problem LIVE at Black Hat\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TBP at Countermeasures 2025\" rel=\"nofollow\" href=\"https://ringzer0.training/countermeasure25-three-buddy-problem-live/\"\u003eTBP at Countermeasures 2025\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CODE WHITE GmbH ToolShell exploit\" rel=\"nofollow\" href=\"https://infosec.exchange/@codewhitesec/114851715379861407\"\u003eCODE WHITE GmbH ToolShell exploit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft guidance for SharePoint vulnerability CVE-2025-53770\" rel=\"nofollow\" href=\"https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/\"\u003eMicrosoft guidance for SharePoint vulnerability CVE-2025-53770\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kaspersky on ToolShell: A story of five Sharepoint vulns\" rel=\"nofollow\" href=\"https://securelist.com/toolshell-explained/117045/\"\u003eKaspersky on ToolShell: A story of five Sharepoint vulns\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ryan\u0026#39;s EkoParty keynote on Microsoft culture\" rel=\"nofollow\" href=\"https://x.com/juanandres_gs/status/1587794147448016896\"\u003eRyan's EkoParty keynote on Microsoft culture\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Disrupting active exploitation of on-prem SharePoint flaws\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/\"\u003eMicrosoft Disrupting active exploitation of on-prem SharePoint flaws\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"SentinelLabs on Sharepoint zero-day in-the-wild\" rel=\"nofollow\" href=\"https://www.sentinelone.com/blog/sharepoint-toolshell-zero-day-exploited-in-the-wild-targets-enterprise-servers/\"\u003eSentinelLabs on Sharepoint zero-day in-the-wild\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ESET on ToolShell: An all-you-can-eat buffet for threat actors\" rel=\"nofollow\" href=\"https://www.welivesecurity.com/en/eset-research/toolshell-an-all-you-can-eat-buffet-for-threat-actors/\"\u003eESET on ToolShell: An all-you-can-eat buffet for threat actors\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Stops Using China-Based Engineers for DoD Computer Systems\" rel=\"nofollow\" href=\"https://www.propublica.org/article/defense-department-pentagon-microsoft-digital-escort-china\"\u003eMicrosoft Stops Using China-Based Engineers for DoD Computer Systems\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AI coding platform goes rogue during code freeze and deletes entire company database\" rel=\"nofollow\" href=\"https://www.tomshardware.com/tech-industry/artificial-intelligence/ai-coding-platform-goes-rogue-during-code-freeze-and-deletes-entire-company-database-replit-ceo-apologizes-after-ai-engine-says-it-made-a-catastrophic-error-in-judgment-and-destroyed-all-production-data\"\u003eAI coding platform goes rogue during code freeze and deletes entire company database\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Jason Lemkin: Replit goes rogue\" rel=\"nofollow\" href=\"https://x.com/jasonlk/status/1946069562723897802\"\u003eJason Lemkin: Replit goes rogue\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"John Hultquist on Big Dream AI\" rel=\"nofollow\" href=\"https://x.com/JohnHultquist/status/1947309146581119369\"\u003eJohn Hultquist on Big Dream AI\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2025 \" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon 2025 \n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 55: We dig into Microsoft's latest security nightmare: a SharePoint zero-day exploit chain from Pwn2Own Berlin becomes a full-blown security crisis, with Chinese nation-state actors exploiting vulnerabilities that Microsoft struggled to patch properly, leading to trivial bypasses and a cascade of new CVEs. The timeline is messy, the patches are faulty, and ransomware groups are lining up to join the party.\r\n\r\nWe also revisit the ProPublica bombshell about Microsoft's \"digital escorts\" and U.S. government data exposure to Chinese adversaries and the company's \"oops, we will stop\" response. Plus, trusting Google's Big Sleep AI claims and a cautionary tale about AI agents gone rogue that wiped out a production database. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-07-25T02:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/fe4d62a3-cad0-4b3d-b729-d0e94654c458.mp3","mime_type":"audio/mpeg","size_in_bytes":93250682,"duration_in_seconds":6913}]},{"id":"c52fc482-8ee7-498e-adeb-8e3584f74824","title":"Train brake hack, GRU sanctions, Wagner war crimes, Microsoft's Chinese ‘digital escorts’","url":"https://securityconversations.fireside.fm/train-brakes-gru-sanctions-wagner-telegram-digital-escorts","content_text":"Three Buddy Problem - Episode 54: Europol busted pro‑Russian hacktivist crew NoName 057(16), the Brits announce sanctions on Russia’s GRU cyber units, Wagner‑linked “war influencers” streamed atrocities from Africa, and fresh tech worries ranged from a $500 RF flaw that can hijack U.S. train brakes.\n\nPlus, ProPublica on Microsoft’s China‑based “digital escorts,” Google’s headline‑grabbing AI‑found SQLite zero‑day, and OpenAI’s new task‑running agents. Meanwhile, Ukraine’s hackers wiped a Russian drone maker, ransomware crippled a major vodka producer, and another Chrome zero‑day quietly underscored how routine critical exploits have become.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nEuropol targets NoName057(16) pro-Russian cybercrime network\nEurope's most wanted list\nUK sanctions Russian spies linked to Mariupol strikes\nProfile: GRU cyber and hybrid threat operations\nLindsay Freeman: War Crimes for Fun and Profit\nLindsay Freeman bio\nCISA: End-of-Train and Head-of-Train Remote Linking Protocol\nBackground of train vulnerability (CVE-2025-1727)\nProPublica on Microsoft “Digital Escorts”\nGoogle’s Big Sleep AI bug-finding claims\nEchoLeak (CVE-2025-32711)\nRussian vodka producer reports disruptions after ransomware attack\nUkrainian Hackers Cripple IT Infrastructure of Russian Drone Manufacturer\nAnother exploited Google Chrome zero-day\nThree Buddy Problem LIVE at Black Hat\nRingzer0 COUNTERMEASURE\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 54\u003c/strong\u003e: Europol busted pro‑Russian hacktivist crew NoName 057(16), the Brits announce sanctions on Russia’s GRU cyber units, Wagner‑linked “war influencers” streamed atrocities from Africa, and fresh tech worries ranged from a $500 RF flaw that can hijack U.S. train brakes.\u003c/p\u003e\n\n\u003cp\u003ePlus, ProPublica on Microsoft’s China‑based “digital escorts,” Google’s headline‑grabbing AI‑found SQLite zero‑day, and OpenAI’s new task‑running agents. Meanwhile, Ukraine’s hackers wiped a Russian drone maker, ransomware crippled a major vodka producer, and another Chrome zero‑day quietly underscored how routine critical exploits have become.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1GBR7FpP8x6DamPjUA_YKRT1QJ3PeH5K_lFwib1XmeA0/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Europol targets NoName057(16) pro-Russian cybercrime network\" rel=\"nofollow\" href=\"https://www.europol.europa.eu/media-press/newsroom/news/global-operation-targets-noname05716-pro-russian-cybercrime-network\"\u003eEuropol targets NoName057(16) pro-Russian cybercrime network\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Europe\u0026#39;s most wanted list\" rel=\"nofollow\" href=\"https://eumostwanted.eu/\"\u003eEurope's most wanted list\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"UK sanctions Russian spies linked to Mariupol strikes\" rel=\"nofollow\" href=\"https://www.politico.eu/article/uk-sanctions-russian-spies-mariupol-strikes/\"\u003eUK sanctions Russian spies linked to Mariupol strikes\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Profile: GRU cyber and hybrid threat operations\" rel=\"nofollow\" href=\"https://www.gov.uk/government/publications/profile-gru-cyber-and-hybrid-threat-operations\"\u003eProfile: GRU cyber and hybrid threat operations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Lindsay Freeman: War Crimes for Fun and Profit\" rel=\"nofollow\" href=\"https://www.lawfaremedia.org/article/war-crimes-for-fun-and-profit\"\u003eLindsay Freeman: War Crimes for Fun and Profit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Lindsay Freeman bio\" rel=\"nofollow\" href=\"https://www.lawfaremedia.org/contributors/lfreeman\"\u003eLindsay Freeman bio\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA: End-of-Train and Head-of-Train Remote Linking Protocol\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-10\"\u003eCISA: End-of-Train and Head-of-Train Remote Linking Protocol\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Background of train vulnerability (CVE-2025-1727)\" rel=\"nofollow\" href=\"https://x.com/midwestneil/status/1943708133421101446\"\u003eBackground of train vulnerability (CVE-2025-1727)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ProPublica on Microsoft “Digital Escorts”\" rel=\"nofollow\" href=\"https://www.propublica.org/article/microsoft-digital-escorts-pentagon-defense-department-china-hackers\"\u003eProPublica on Microsoft “Digital Escorts”\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google’s Big Sleep AI bug-finding claims\" rel=\"nofollow\" href=\"https://blog.google/technology/safety-security/cybersecurity-updates-summer-2025/\"\u003eGoogle’s Big Sleep AI bug-finding claims\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"EchoLeak (CVE-2025-32711)\" rel=\"nofollow\" href=\"https://www.trendmicro.com/en_us/research/25/g/preventing-zero-click-ai-threats-insights-from-echoleak.html\"\u003eEchoLeak (CVE-2025-32711)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian vodka producer reports disruptions after ransomware attack\" rel=\"nofollow\" href=\"https://therecord.media/novabev-russia-vodka-maker-ransomware-attack\"\u003eRussian vodka producer reports disruptions after ransomware attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ukrainian Hackers Cripple IT Infrastructure of Russian Drone Manufacturer\" rel=\"nofollow\" href=\"https://prm.ua/en/ukrainian-hackers-destroyed-the-it-infrastructure-of-a-russian-drone-manufacturer-what-is-known/\"\u003eUkrainian Hackers Cripple IT Infrastructure of Russian Drone Manufacturer\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Another exploited Google Chrome zero-day\" rel=\"nofollow\" href=\"https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html\"\u003eAnother exploited Google Chrome zero-day\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Three Buddy Problem LIVE at Black Hat\" rel=\"nofollow\" href=\"https://lu.ma/e2ys3k72\"\u003eThree Buddy Problem LIVE at Black Hat\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ringzer0 COUNTERMEASURE\" rel=\"nofollow\" href=\"https://ringzer0.training/countermeasure25/\"\u003eRingzer0 COUNTERMEASURE\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 54: Europol busted pro‑Russian hacktivist crew NoName 057(16), the Brits announce sanctions on Russia’s GRU cyber units, Wagner‑linked “war influencers” streamed atrocities from Africa, and fresh tech worries ranged from a $500 RF flaw that can hijack U.S. train brakes.\r\n\r\nPlus, ProPublica on Microsoft’s China‑based “digital escorts,” Google’s headline‑grabbing AI‑found SQLite zero‑day, and OpenAI’s new task‑running agents. Meanwhile, Ukraine’s hackers wiped a Russian drone maker, ransomware crippled a major vodka producer, and another Chrome zero‑day quietly underscored how routine critical exploits have become.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-07-18T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/c52fc482-8ee7-498e-adeb-8e3584f74824.mp3","mime_type":"audio/mpeg","size_in_bytes":86833367,"duration_in_seconds":6525}]},{"id":"05ea91d2-dd79-43f9-a534-4b641cacfe9b","title":"How did China get Microsoft's zero-day exploits?","url":"https://securityconversations.fireside.fm/hafnium-hacker-arrested-china-microsoft-zerodays","content_text":"Three Buddy Problem - Episode 53: We dig into news of the first-ever arrest of a Chinese intelligence-linked hacker in Italy, unpack the mystery behind HAFNIUM and how they somehow got their hands on the same Microsoft Exchange zero-days that researcher Orange Tsai discovered - was it coincidence, inside access, or something more sinister?\n\nPlus, China's massive cyber capabilities pipeline, ‘theCom’ teenagers arrested in the UK after ransomware binge, and spyware attacks against Russian organizations.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nUS Gov: Prolific Chinese state-sponsored contract hacker arrested\nMicrosoft: HAFNIUM targeting Exchange Servers with 0-day exploits\nMicrosoft Exchange Server Attack Timeline\nYouTube: Orange Tsai on ProxyLogon\nCrash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace\nThe Growing Role of Cyber Militias in China’s Network Warfare Force Structure\nNCA arrest four for attacks on M\u0026amp;S, Co-op and Harrods\nFour arrested by UK police over ransomware attacks on M\u0026amp;S, Co-op and Harrods\nCyberattack deals blow to Russian firmware used to repurpose civilian drones for Ukraine war\nCyberattack deals blow to Russian firmware used to repurpose civilian drones for Ukraine war\nBatavia spyware targeting Russian organizations\nChainalysis: First-ever crypto seizure in Greece\nRingzer0 COUNTERMEASURE\n — Three Buddy Problem discount code for training: CM25-3BUDDY\nLABScon 2025\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 53\u003c/strong\u003e: We dig into news of the first-ever arrest of a Chinese intelligence-linked hacker in Italy, unpack the mystery behind HAFNIUM and how they somehow got their hands on the same Microsoft Exchange zero-days that researcher Orange Tsai discovered - was it coincidence, inside access, or something more sinister?\u003c/p\u003e\n\n\u003cp\u003ePlus, China's massive cyber capabilities pipeline, ‘theCom’ teenagers arrested in the UK after ransomware binge, and spyware attacks against Russian organizations.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1XBzJY0yzS-1jzb7u4TIq0SKkGFCYalbYS15LdYX7a3o/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\" US Gov: Prolific Chinese state-sponsored contract hacker arrested\" rel=\"nofollow\" href=\"https://www.justice.gov/opa/pr/justice-department-announces-arrest-prolific-chinese-state-sponsored-contract-hacker\"\u003eUS Gov: Prolific Chinese state-sponsored contract hacker arrested\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft: HAFNIUM targeting Exchange Servers with 0-day exploits\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/\"\u003eMicrosoft: HAFNIUM targeting Exchange Servers with 0-day exploits\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Exchange Server Attack Timeline\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/microsoft-exchange-server-attack-timeline/\"\u003eMicrosoft Exchange Server Attack Timeline\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"YouTube: Orange Tsai on ProxyLogon\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=5mqid-7zp8k\u0026amp;ab_channel=DEFCONConference\"\u003eYouTube: Orange Tsai on ProxyLogon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace\" rel=\"nofollow\" href=\"https://www.atlanticcouncil.org/in-depth-research-reports/report/crash-exploit-and-burn/\"\u003eCrash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Growing Role of Cyber Militias in China’s Network Warfare Force Structure\" rel=\"nofollow\" href=\"https://margin.re/mobilizing-cyber-power-the-growing-role-of-cyber-militias-in-chinas-network-warfare-force-structure-2/\"\u003eThe Growing Role of Cyber Militias in China’s Network Warfare Force Structure\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NCA arrest four for attacks on M\u0026amp;S, Co-op and Harrods\" rel=\"nofollow\" href=\"https://www.nationalcrimeagency.gov.uk/news/retail-cyber-attacks-nca-arrest-four-for-attacks-on-m-s-co-op-and-harrods\"\u003eNCA arrest four for attacks on M\u0026amp;S, Co-op and Harrods\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Four arrested by UK police over ransomware attacks on M\u0026amp;S, Co-op and Harrods\" rel=\"nofollow\" href=\"https://therecord.media/uk-arrests-four-ransomware-ms-harrods-co-op\"\u003eFour arrested by UK police over ransomware attacks on M\u0026amp;S, Co-op and Harrods\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cyberattack deals blow to Russian firmware used to repurpose civilian drones for Ukraine war\" rel=\"nofollow\" href=\"https://therecord.media/cyberattack-russia-firmware-blow-hackers\"\u003eCyberattack deals blow to Russian firmware used to repurpose civilian drones for Ukraine war\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cyberattack deals blow to Russian firmware used to repurpose civilian drones for Ukraine war\" rel=\"nofollow\" href=\"https://therecord.media/cyberattack-russia-firmware-blow-hackers\"\u003eCyberattack deals blow to Russian firmware used to repurpose civilian drones for Ukraine war\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Batavia spyware targeting Russian organizations\" rel=\"nofollow\" href=\"https://securelist.com/batavia-spyware-steals-data-from-russian-organizations/116866/\"\u003eBatavia spyware targeting Russian organizations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chainalysis: First-ever crypto seizure in Greece\" rel=\"nofollow\" href=\"https://www.chainalysis.com/blog/greece-first-ever-crypto-seizure-bybit-hack-2025/\"\u003eChainalysis: First-ever crypto seizure in Greece\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ringzer0 COUNTERMEASURE\" rel=\"nofollow\" href=\"https://ringzer0.training/countermeasure25/\"\u003eRingzer0 COUNTERMEASURE\n\u003c/a\u003e \u0026mdash; Three Buddy Problem discount code for training: CM25-3BUDDY\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2025\" rel=\"nofollow\" href=\"https://labscon.io\"\u003eLABScon 2025\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 53: We dig into news of the first-ever arrest of a Chinese intelligence-linked hacker in Italy, unpack the mystery behind HAFNIUM and how they somehow got their hands on the same Microsoft Exchange zero-days that researcher Orange Tsai discovered - was it coincidence, inside access, or something more sinister? \r\n\r\nPlus, China's massive cyber capabilities pipeline, ‘theCom’ teenagers arrested in the UK after ransomware binge, and spyware attacks against Russian organizations.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-07-10T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/05ea91d2-dd79-43f9-a534-4b641cacfe9b.mp3","mime_type":"audio/mpeg","size_in_bytes":88964480,"duration_in_seconds":6545}]},{"id":"b604bf91-d5a1-45a7-bd2e-223ecfeee15b","title":"Who’s hacking who? Ivanti 0-days in France, China outs 'Night Eagle' APT","url":"https://securityconversations.fireside.fm/whos-hacking-who-ivanti-0days-france-night-eagle","content_text":"Three Buddy Problem - Episode 52: Fresh intelligence reports out of Europe and China: France’s ANSSI documents a string of Ivanti VPN zero-days ('Houken'), and Quanxin frames a stealth Microsoft Exchange-zero-day chain linked to a North American 'Night Eagle' threat actor. We dissect the technical bread-crumbs, questions the attribution math, and connects Houken to SentinelOne’s “Purple Haze” research.\n\nPlus, the FBI’s claim that China’s “Salt Typhoon” has been “contained,” Iran’s Nobitex crypto-exchange breach (Predatory Sparrow torches $90 million and leaks the source code), Iranian cyber capabilities and sanctions avoidance.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nHouken: Seeking a path by living on the edge with zero-days\nChina-nexus APTs recon on top-tier targets\nFrench cybersecurity agency confirms government affected by Ivanti hacks\nTop FBI cyber official: Salt Typhoon ‘largely contained’\nOperation Blockbuster (Novetta)\nIsrael-Iran cyberwar: Predatory Sparrow, vanishing crypto, bank hacks\nInside the Nobitex Breach: What the Leaked Source Code Reveals About Iran’s Crypto Infrastructure\ncisagov/thorium\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 52\u003c/strong\u003e: Fresh intelligence reports out of Europe and China: France’s ANSSI documents a string of Ivanti VPN zero-days ('Houken'), and Quanxin frames a stealth Microsoft Exchange-zero-day chain linked to a North American 'Night Eagle' threat actor. We dissect the technical bread-crumbs, questions the attribution math, and connects Houken to SentinelOne’s “Purple Haze” research.\u003c/p\u003e\n\n\u003cp\u003ePlus, the FBI’s claim that China’s “Salt Typhoon” has been “contained,” Iran’s Nobitex crypto-exchange breach (Predatory Sparrow torches $90 million and leaks the source code), Iranian cyber capabilities and sanctions avoidance.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/19xE1kF3peywdmaH9j5xEdCvLmspni0s6p68KY1laYhg/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Houken: Seeking a path by living on the edge with zero-days\" rel=\"nofollow\" href=\"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2025-CTI-009.pdf\"\u003eHouken: Seeking a path by living on the edge with zero-days\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"China-nexus APTs recon on top-tier targets\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets/\"\u003eChina-nexus APTs recon on top-tier targets\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"French cybersecurity agency confirms government affected by Ivanti hacks\" rel=\"nofollow\" href=\"https://therecord.media/france-anssi-report-ivanti-bugs-exploited\"\u003eFrench cybersecurity agency confirms government affected by Ivanti hacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Top FBI cyber official: Salt Typhoon ‘largely contained’\" rel=\"nofollow\" href=\"https://cyberscoop.com/top-fbi-cyber-official-salt-typhoon-largely-contained-in-telecom-networks/\"\u003eTop FBI cyber official: Salt Typhoon ‘largely contained’\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Operation Blockbuster (Novetta)\" rel=\"nofollow\" href=\"https://www.usna.edu/CyberCenter/_files/documents/Operation-Blockbuster-Report.pdf\"\u003eOperation Blockbuster (Novetta)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\" Israel-Iran cyberwar: Predatory Sparrow, vanishing crypto, bank hacks\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=MKKzHseTUUQ\u0026amp;t=5007s\u0026amp;ab_channel=ThreeBuddyProblem\"\u003eIsrael-Iran cyberwar: Predatory Sparrow, vanishing crypto, bank hacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Inside the Nobitex Breach: What the Leaked Source Code Reveals About Iran’s Crypto Infrastructure\" rel=\"nofollow\" href=\"https://www.trmlabs.com/resources/blog/inside-the-nobitex-breach-what-the-leaked-source-code-reveals-about-irans-crypto-infrastructure\"\u003eInside the Nobitex Breach: What the Leaked Source Code Reveals About Iran’s Crypto Infrastructure\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"cisagov/thorium\" rel=\"nofollow\" href=\"https://github.com/cisagov/thorium\"\u003ecisagov/thorium\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 52: Fresh intelligence reports out of Europe and China: France’s ANSSI documents a string of Ivanti VPN zero-days ('Houken'), and Quanxin frames a stealth Microsoft Exchange-zero-day chain linked to a North American 'Night Eagle' threat actor. We dissect the technical bread-crumbs, questions the attribution math, and connects Houken to SentinelOne’s “Purple Haze” research.\r\n\r\nPlus, the FBI’s claim that China’s “Salt Typhoon” has been “contained,” Iran’s Nobitex crypto-exchange breach (Predatory Sparrow torches $90 million and leaks the source code), Iranian cyber capabilities and sanctions avoidance.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-07-03T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/b604bf91-d5a1-45a7-bd2e-223ecfeee15b.mp3","mime_type":"audio/mpeg","size_in_bytes":77845642,"duration_in_seconds":5656}]},{"id":"01c3eb2d-69d5-4ea4-bc65-8a356a4f2b68","title":"Israel-Iran cyberwar: Predatory Sparrow, vanishing crypto, destructive bank hacks","url":"https://securityconversations.fireside.fm/cyberwar-and-vanishing-bitcoins","content_text":"Three Buddy Problem - Episode 51: Former Immunity/Trail of Bits researcher Hamid Kashfi joins the buddies for a fast-moving tour of cyber activities in the Israel-Iran war. The crew unpacks who 'Predatory Sparrow' is, why Sepah Bank and the Nobitex crypto exchange were hit, and what a $90 million cryptocurrency burn really means. Plus, radar-blinding cyberattacks that paved the way for Israel’s air raid, the human cost of sudden ATM outages and unpaid salaries, and the puzzling “Code Breakers” data leak that preceded it all.\n\nHamid shares on-the-ground context, the buddies debate whether cyber operations can sway a shooting war, and everyone tries to gauge Iran’s true offensive muscle under sanctions.\n\nCast: Hamid Kashfi, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nPro-Israel hackers take credit for cyberattack on Iran's Bank Sepah\nPredatory Sparrow Burns $90 Million on Iranian Crypto Exchange in Cyber Shadow War\nCodebreakers and Predatory Sparrow\nIranian Exchange Nobitex: The $90M Exploit\nIranian newspaper: Defense system was hacked\nIranian state TV shows footage of Israeli drone\nTemple of Oats: Iran’s Hidden Hand in Middle Eastern Networks\nIsraeli Officials Warn Iran Is Hijacking Security Cameras to Spy\nLABScon - Security Research in Real Time\nThree Buddy Problem LIVE\nHamid Kashfi: The curious case of Predatory Sparrow\nGlasshouse episode with Hamid Kashfi\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 51\u003c/strong\u003e: Former Immunity/Trail of Bits researcher Hamid Kashfi joins the buddies for a fast-moving tour of cyber activities in the Israel-Iran war. The crew unpacks who 'Predatory Sparrow' is, why Sepah Bank and the Nobitex crypto exchange were hit, and what a $90 million cryptocurrency burn really means. Plus, radar-blinding cyberattacks that paved the way for Israel’s air raid, the human cost of sudden ATM outages and unpaid salaries, and the puzzling “Code Breakers” data leak that preceded it all.\u003c/p\u003e\n\n\u003cp\u003eHamid shares on-the-ground context, the buddies debate whether cyber operations can sway a shooting war, and everyone tries to gauge Iran’s true offensive muscle under sanctions.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/hkashfi\" target=\"_blank\" rel=\"nofollow noopener\"\u003eHamid Kashfi\u003c/a\u003e, \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1yKeeXGR_b7gfGWwIVv_dV5RmIFCrYAZQs5BUMClyFtU/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Pro-Israel hackers take credit for cyberattack on Iran\u0026#39;s Bank Sepah\" rel=\"nofollow\" href=\"https://www.axios.com/2025/06/17/iran-bank-sepah-cyberattack-israel\"\u003ePro-Israel hackers take credit for cyberattack on Iran's Bank Sepah\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Predatory Sparrow Burns $90 Million on Iranian Crypto Exchange in Cyber Shadow War\" rel=\"nofollow\" href=\"https://www.securityweek.com/predatory-sparrow-burns-90-million-on-iranian-crypto-exchange-in-cyber-shadow-war/\"\u003ePredatory Sparrow Burns $90 Million on Iranian Crypto Exchange in Cyber Shadow War\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Codebreakers and Predatory Sparrow\" rel=\"nofollow\" href=\"https://x.com/hkashfi/status/1934898014658654226?s=46\u0026amp;t=NxSQbkIl4wl2Ei8yYr-9IQ\"\u003eCodebreakers and Predatory Sparrow\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Iranian Exchange Nobitex: The $90M Exploit\" rel=\"nofollow\" href=\"https://www.chainalysis.com/blog/nobitex-iranian-exchange-exploit-june-2025/\"\u003eIranian Exchange Nobitex: The $90M Exploit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Iranian newspaper: Defense system was hacked\" rel=\"nofollow\" href=\"https://www.iranintl.com/fa/202506150578\"\u003eIranian newspaper: Defense system was hacked\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Iranian state TV shows footage of Israeli drone\" rel=\"nofollow\" href=\"https://www.cnn.com/2025/06/18/world/video/iran-state-tv-israel-drone-ldn-digvid\"\u003eIranian state TV shows footage of Israeli drone\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks\"\u003eTemple of Oats: Iran’s Hidden Hand in Middle Eastern Networks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Israeli Officials Warn Iran Is Hijacking Security Cameras to Spy\" rel=\"nofollow\" href=\"https://archive.ph/cCMt9\"\u003eIsraeli Officials Warn Iran Is Hijacking Security Cameras to Spy\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon - Security Research in Real Time\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon - Security Research in Real Time\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Three Buddy Problem LIVE\" rel=\"nofollow\" href=\"https://ringzer0.training/countermeasure25-three-buddy-problem-live/\"\u003eThree Buddy Problem LIVE\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Hamid Kashfi: The curious case of Predatory Sparrow\" rel=\"nofollow\" href=\"https://www.darkcell.se/sparrows\"\u003eHamid Kashfi: The curious case of Predatory Sparrow\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Glasshouse episode with Hamid Kashfi\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=z05lKD0R5jo\u0026amp;ab_channel=TheGlasshouseCenter\"\u003eGlasshouse episode with Hamid Kashfi\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 51: Former Immunity/Trail of Bits researcher Hamid Kashfi joins the buddies for a fast-moving tour of cyber activities in the Israel-Iran war. The crew unpacks who 'Predatory Sparrow' is, why Sepah Bank and the Nobitex crypto exchange were hit, and what a $90 million cryptocurrency burn really means. Plus, radar-blinding cyberattacks that paved the way for Israel’s air raid, the human cost of sudden ATM outages and unpaid salaries, and the puzzling “Code Breakers” data leak that preceded it all.\r\n\r\nHamid shares on-the-ground context, the buddies debate whether cyber operations can sway a shooting war, and everyone tries to gauge Iran’s true offensive muscle under sanctions.\r\n\r\nCast: Hamid Kashfi, Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine. ","date_published":"2025-06-20T02:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/01c3eb2d-69d5-4ea4-bc65-8a356a4f2b68.mp3","mime_type":"audio/mpeg","size_in_bytes":144334262,"duration_in_seconds":11233}]},{"id":"f5778cef-4751-4110-b0ec-6d82e3b4b504","title":"Cyber flashpoints in Israel-Iran war, the 'magnet of threats', Mossad drone swarms","url":"https://securityconversations.fireside.fm/israel-iran-war-magnet-of-threats-drone-swarms","content_text":"Three Buddy Problem - Episode 50: This week, we dissect cyber flashpoints in the Iran-Israel war, revisit the “magnet of threats” server in Iran that attracted APTs from multiple nation-states, and react to Israel's Mossad sneaking explosive drone swarms deep into Iran to support airstrikes.\n\nPlus, Stealth Falcon’s new WebDAV zero-day, SentinelOne’s brush with Chinese APTs, Citizen Lab’s forensic takedown of Paragon’s iPhone spyware, and the sneaky Meta/Yandex trick that links Android web browsing to app IDs.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nIsrael-Iran war breaks out\n'The magnet of threats'\nMossad set up drone swarm base in Iran \nStealth Falcon's Exploit of Microsoft Zero Day \nCVE-2025-33053 - WebDAV remote code execution\nCISA, Microsoft warn of Windows zero-day \nChina-nexus Threat actors target SentinelOne \nChinese Espionage Crews Circle SentinelOne\nCitizen Lab: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted - The Citizen Lab\nMeta and Yandex are de-anonymizing Android users’ web browsing identifiers\nDreadnode Offensive AI Conference\nLABScon Call for Papers\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 50\u003c/strong\u003e: This week, we dissect cyber flashpoints in the Iran-Israel war, revisit the “magnet of threats” server in Iran that attracted APTs from multiple nation-states, and react to Israel's Mossad sneaking explosive drone swarms deep into Iran to support airstrikes.\u003c/p\u003e\n\n\u003cp\u003ePlus, Stealth Falcon’s new WebDAV zero-day, SentinelOne’s brush with Chinese APTs, Citizen Lab’s forensic takedown of Paragon’s iPhone spyware, and the sneaky Meta/Yandex trick that links Android web browsing to app IDs.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1tbYrbhOmz1LKRzB1TBkoRds50jCwZRGHMsMBnwTl3nc/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Israel-Iran war breaks out\" rel=\"nofollow\" href=\"https://www.bbc.com/news/live/c93ydeqyq71t\"\u003eIsrael-Iran war breaks out\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"\u0026#39;The magnet of threats\u0026#39;\" rel=\"nofollow\" href=\"https://www.kaspersky.com/about/press-releases/spy-wars-how-nation-state-backed-threat-actors-steal-from-and-copy-each-other\"\u003e'The magnet of threats'\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mossad set up drone swarm base in Iran \" rel=\"nofollow\" href=\"https://www.timesofisrael.com/liveblog_entry/mossad-set-up-a-drone-base-in-iran-uavs-were-activated-overnight-to-strike-surface-to-surface-missile-launchers-aimed-at-israel/\"\u003eMossad set up drone swarm base in Iran \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Stealth Falcon\u0026#39;s Exploit of Microsoft Zero Day \" rel=\"nofollow\" href=\"https://research.checkpoint.com/2025/stealth-falcon-zero-day/\"\u003eStealth Falcon's Exploit of Microsoft Zero Day \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CVE-2025-33053 - WebDAV remote code execution\" rel=\"nofollow\" href=\"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33053\"\u003eCVE-2025-33053 - WebDAV remote code execution\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA, Microsoft warn of Windows zero-day \" rel=\"nofollow\" href=\"https://therecord.media/microsoft-cisa-zero-day-turkish-defense-org\"\u003eCISA, Microsoft warn of Windows zero-day \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"China-nexus Threat actors target SentinelOne \" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets/\"\u003eChina-nexus Threat actors target SentinelOne \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chinese Espionage Crews Circle SentinelOne\" rel=\"nofollow\" href=\"https://www.securityweek.com/chinese-espionage-crews-circle-sentinelone-in-year-long-reconnaissance-campaign/\"\u003eChinese Espionage Crews Circle SentinelOne\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Citizen Lab: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted - The Citizen Lab\" rel=\"nofollow\" href=\"https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/\"\u003eCitizen Lab: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted - The Citizen Lab\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Meta and Yandex are de-anonymizing Android users’ web browsing identifiers\" rel=\"nofollow\" href=\"https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/\"\u003eMeta and Yandex are de-anonymizing Android users’ web browsing identifiers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dreadnode Offensive AI Conference\" rel=\"nofollow\" href=\"https://www.offensiveaicon.com/\"\u003eDreadnode Offensive AI Conference\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon Call for Papers\" rel=\"nofollow\" href=\"https://www.labscon.io/cfp/\"\u003eLABScon Call for Papers\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 50: This week, we dissect cyber flashpoints in the Iran-Israel war, revisit the “magnet of threats” server in Iran that attracted APTs from multiple nation-states, and react to Israel's Mossad sneaking explosive drone swarms deep into Iran to support airstrikes.\r\n\r\nPlus, Stealth Falcon’s new WebDAV zero-day, SentinelOne’s brush with Chinese APTs, Citizen Lab’s forensic takedown of Paragon’s iPhone spyware, and the sneaky Meta/Yandex trick that links Android web browsing to app IDs.\r\n\r\nCast: Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.","date_published":"2025-06-13T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/f5778cef-4751-4110-b0ec-6d82e3b4b504.mp3","mime_type":"audio/mpeg","size_in_bytes":81069877,"duration_in_seconds":6708}]},{"id":"bb8df579-ce5b-4644-9e58-c03a46a5b736","title":"Mikko Hypponen talks drone warfare, APT naming schemes","url":"https://securityconversations.fireside.fm/mikko-hypponen-talks-drone-warfare-apt-naming","content_text":"Three Buddy Problem - Episode 49: Cybersecurity veteran Mikko Hypponen joins the show to discuss the fast-changing life and times on NATO’s newest frontline, how Ukraine’s long-range “Spiderweb” drone swarms punched holes in Russian air bases, the cyber connections to the escalating drone warfare, and the coming wave of autonomous “killer robots”.\n\nPlus, news on Ukraine’s hack of bomber-maker Tupolev, the industry’s never-ending APT naming mess, iVerify’s newly disclosed iMessage zero-click bug, fresh Qualcomm GPU exploits still unpatched on Android devices, and Cellebrite’s purchase of Corellium. \n\nCast: Ryan Naraine, Costin Raiu and Mikko Hypponen\n\n\nJuan Andres Guerrero-Saade is out this week at Sleuthcon.\nLinks:Transcript (unedited, AI-generated)\nMikko Hyppönen pivots from infosec to drones inspired by war\nMikko Hypponen Leaves Anti-Malware Industry to Fight Against Drones\nAnti-drone system | Sensofusion\nUkraine's military intelligence claims cyberattack on Russian strategic bomber maker\nHow Microsoft names threat actors\nCrowdStrike and Microsoft Unite to Deconflict Cyber Threat Attribution\nQualcomm GPU driver 0days (exploitation detected)\nChrome 0day exploited in the wild\niVerify documents 'Nickname' iMessage exploitation\nCellebrite to acquire mobile testing firm Corellium\nHacker Chris Wade reveals the story of his presidential pardon, US government collaboration\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 49\u003c/strong\u003e: Cybersecurity veteran Mikko Hypponen joins the show to discuss the fast-changing life and times on NATO’s newest frontline, how Ukraine’s long-range “Spiderweb” drone swarms punched holes in Russian air bases, the cyber connections to the escalating drone warfare, and the coming wave of autonomous “killer robots”.\u003c/p\u003e\n\n\u003cp\u003ePlus, news on Ukraine’s hack of bomber-maker Tupolev, the industry’s never-ending APT naming mess, iVerify’s newly disclosed iMessage zero-click bug, fresh Qualcomm GPU exploits still unpatched on Android devices, and Cellebrite’s purchase of Corellium. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://x.com/mikko\" target=\"_blank\" rel=\"nofollow noopener\"\u003eMikko Hypponen\u003c/a\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eJuan Andres Guerrero-Saade is out this week at Sleuthcon.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/12-laS3yVtXJhfnR4V-qtjbhUpYdZcTZM5PQ5fdWMPsM/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mikko Hyppönen pivots from infosec to drones inspired by war\" rel=\"nofollow\" href=\"https://www.theregister.com/2025/06/04/mikko_hypponen_drone/\"\u003eMikko Hyppönen pivots from infosec to drones inspired by war\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mikko Hypponen Leaves Anti-Malware Industry to Fight Against Drones\" rel=\"nofollow\" href=\"https://www.securityweek.com/mikko-hypponen-joins-anti-drone-company-sensofusion/\"\u003eMikko Hypponen Leaves Anti-Malware Industry to Fight Against Drones\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anti-drone system | Sensofusion\" rel=\"nofollow\" href=\"https://sensofusion.com/\"\u003eAnti-drone system | Sensofusion\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ukraine\u0026#39;s military intelligence claims cyberattack on Russian strategic bomber maker\" rel=\"nofollow\" href=\"https://therecord.media/ukraine-military-russia-strategic-bomber\"\u003eUkraine's military intelligence claims cyberattack on Russian strategic bomber maker\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How Microsoft names threat actors\" rel=\"nofollow\" href=\"https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming\"\u003eHow Microsoft names threat actors\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CrowdStrike and Microsoft Unite to Deconflict Cyber Threat Attribution\" rel=\"nofollow\" href=\"https://www.crowdstrike.com/en-us/blog/crowdstrike-and-microsoft-unite-to-deconflict-cyber-threat-attribution/\"\u003eCrowdStrike and Microsoft Unite to Deconflict Cyber Threat Attribution\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Qualcomm GPU driver 0days (exploitation detected)\" rel=\"nofollow\" href=\"https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html\"\u003eQualcomm GPU driver 0days (exploitation detected)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chrome 0day exploited in the wild\" rel=\"nofollow\" href=\"https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html\"\u003eChrome 0day exploited in the wild\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"iVerify documents \u0026#39;Nickname\u0026#39; iMessage exploitation\" rel=\"nofollow\" href=\"https://welcome.iverify.io/hubfs/iVerify-Nickname-Vulnerability-Report.pdf\"\u003eiVerify documents 'Nickname' iMessage exploitation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cellebrite to acquire mobile testing firm Corellium\" rel=\"nofollow\" href=\"https://cyberscoop.com/cellebrite-correllium-acquisition-ios-android/\"\u003eCellebrite to acquire mobile testing firm Corellium\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Hacker Chris Wade reveals the story of his presidential pardon, US government collaboration\" rel=\"nofollow\" href=\"https://www.semafor.com/article/01/10/2025/citizen-wade-the-life-of-a-legendary-hacker-to-receive-a-rare-presidential-pardon\"\u003eHacker Chris Wade reveals the story of his presidential pardon, US government collaboration\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 49: Cybersecurity veteran Mikko Hypponen joins the show to discuss the fast-changing life and times on NATO’s newest frontline, how Ukraine’s long-range “Spiderweb” drone swarms punched holes in Russian air bases, the cyber connections to the escalating drone warfare, and the coming wave of autonomous “killer robots”.\r\n\r\nPlus, news on Ukraine’s hack of bomber-maker Tupolev, the industry’s never-ending APT naming mess, iVerify’s newly disclosed iMessage zero-click bug, fresh Qualcomm GPU exploits still unpatched on Android devices, and Cellebrite’s purchase of Corellium. \r\n\r\nCast: Costin Raiu, Ryan Naraine and Mikko Hypponen.\r\n\r\n* Juan Andres Guerrero-Saade is out this week at Sleuthcon.","date_published":"2025-06-06T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/bb8df579-ce5b-4644-9e58-c03a46a5b736.mp3","mime_type":"audio/mpeg","size_in_bytes":72656095,"duration_in_seconds":5344}]},{"id":"f98d445d-0600-4a4d-b800-332b7653b71e","title":"The dark hole of 'friendlies' and Western APTs","url":"https://securityconversations.fireside.fm/western-on-western-apt-research-dark-hole","content_text":"Three Buddy Problem - Episode 48: We unpack a Dutch intelligence agencies report on ‘Laundry Bear’ and Microsoft’s parallel ‘Void Blizzard’ write-up, finding major gaps and bemoaning the absence of IOCs. Plus, discussion on why threat-intel naming is so messy, how initial-access brokers are powering even nation-state break-ins, and whether customers (or vendors) are to blame for the confusion.\n\nPlus, thoughts on an academic paper on the vanishing art of Western companies exposing Western (friendly) APT operations, debate whether stealth or self-censorship is to blame, and the long-tail effects on cyber paleontology.\n\nWe also dig into Sean Heelan’s proof that OpenAI’s new reasoning model can spot a Linux kernel 0-day and the implications for humans in the bug-hunting chain. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nDutch intelligence agency outs 'Laundry Bear' Russian APT\nRussian gov hackers buying passwords from cybercriminals\nMicrosoft: Russian actor Void Blizzard targets critical sectors for espionage\nCensys data on AyySSHush ASUS router botnet\nCzech Republic statement on Chinese hack\nCzech gov condemns Chinese hack on critical infrastructure\nNATO floats cybersecurity included in new spending target\nMark your Google Calendar: APT41 innovative tactics\nThe rise of responsible behavior: Western commercial reports on Western cyber threat actors\nHow I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation\nASUS Botnet Tracker\nCISA: Logging Made Easy (LME)\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 48\u003c/strong\u003e: We unpack a Dutch intelligence agencies report on ‘Laundry Bear’ and Microsoft’s parallel ‘Void Blizzard’ write-up, finding major gaps and bemoaning the absence of IOCs. Plus, discussion on why threat-intel naming is so messy, how initial-access brokers are powering even nation-state break-ins, and whether customers (or vendors) are to blame for the confusion.\u003c/p\u003e\n\n\u003cp\u003ePlus, thoughts on an academic paper on the vanishing art of Western companies exposing Western (friendly) APT operations, debate whether stealth or self-censorship is to blame, and the long-tail effects on cyber paleontology.\u003c/p\u003e\n\n\u003cp\u003eWe also dig into Sean Heelan’s proof that OpenAI’s new reasoning model can spot a Linux kernel 0-day and the implications for humans in the bug-hunting chain. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1dw-7Zl4toiXBQ8nEWseDz82pk2Ss3NEXAUPsJ7CnDcU/edit?tab=t.0\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dutch intelligence agency outs \u0026#39;Laundry Bear\u0026#39; Russian APT\" rel=\"nofollow\" href=\"https://www.defensie.nl/actueel/nieuws/2025/05/27/onbekende-russische-groep-achter-hacks-nederlandse-doelen\"\u003eDutch intelligence agency outs 'Laundry Bear' Russian APT\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian gov hackers buying passwords from cybercriminals\" rel=\"nofollow\" href=\"https://www.securityweek.com/russian-government-hackers-caught-buying-passwords-from-cybercriminals/\"\u003eRussian gov hackers buying passwords from cybercriminals\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft: Russian actor Void Blizzard targets critical sectors for espionage\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/\"\u003eMicrosoft: Russian actor Void Blizzard targets critical sectors for espionage\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Censys data on AyySSHush ASUS router botnet\" rel=\"nofollow\" href=\"https://censys.com/blog/tracking-ayysshush-a-newly-discovered-asus-router-botnet-campaign\"\u003eCensys data on AyySSHush ASUS router botnet\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Czech Republic statement on Chinese hack\" rel=\"nofollow\" href=\"https://mzv.gov.cz/jnp/en/issues_and_press/press_releases/statement_by_the_government_of_the_czech.html\"\u003eCzech Republic statement on Chinese hack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Czech gov condemns Chinese hack on critical infrastructure\" rel=\"nofollow\" href=\"https://www.securityweek.com/czech-government-condemns-chinese-hack-on-critical-infrastructure/\"\u003eCzech gov condemns Chinese hack on critical infrastructure\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NATO floats cybersecurity included in new spending target\" rel=\"nofollow\" href=\"https://archive.ph/M9EaX\"\u003eNATO floats cybersecurity included in new spending target\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mark your Google Calendar: APT41 innovative tactics\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics\"\u003eMark your Google Calendar: APT41 innovative tactics\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The rise of responsible behavior: Western commercial reports on Western cyber threat actors\" rel=\"nofollow\" href=\"https://www.tandfonline.com/doi/full/10.1080/13523260.2025.2498711\"\u003eThe rise of responsible behavior: Western commercial reports on Western cyber threat actors\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation\" rel=\"nofollow\" href=\"https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/\"\u003eHow I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ASUS Botnet Tracker\" rel=\"nofollow\" href=\"https://lookerstudio.google.com/u/0/reporting/15a9fcb0-7ca3-4ba0-b5fc-a98904f32224/page/tEnnC\"\u003eASUS Botnet Tracker\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA: Logging Made Easy (LME)\" rel=\"nofollow\" href=\"https://github.com/cisagov/LME\"\u003eCISA: Logging Made Easy (LME)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 48: We unpack a Dutch intelligence agencies report on ‘Laundry Bear’ and Microsoft’s parallel ‘Void Blizzard’ write-up, finding major gaps and bemoaning the absence of IOCs. Plus, discussion on why threat-intel naming is so messy, how initial-access brokers are powering even nation-state break-ins, and whether customers (or vendors) are to blame for the confusion.\r\n\r\nPlus, thoughts on an academic paper on the vanishing art of Western companies exposing Western (friendly) APT operations, debate whether stealth or self-censorship is to blame, and the long-tail effects on cyber paleontology.\r\n\r\nWe also dig into Sean Heelan’s proof that OpenAI’s new reasoning model can spot a Linux kernel 0-day and the implications for humans in the bug-hunting chain. \r\n\r\nCast: Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.","date_published":"2025-05-30T11:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/f98d445d-0600-4a4d-b800-332b7653b71e.mp3","mime_type":"audio/mpeg","size_in_bytes":103003832,"duration_in_seconds":7879}]},{"id":"c29a1c55-dabb-4e6c-849f-9ce8e38326ac","title":"Russia hacks Ukraine war supply lines, Signal blocks Windows screenshots, BadSuccessor vuln disclosure debate","url":"https://securityconversations.fireside.fm/russia-ukraine-badsuccessor-debate","content_text":"Three Buddy Problem - Episode 47: We unpack a multi-agency report on Russia’s APT28/Fancy Bear hacking and spying on Ukraine war supply lines, CISA’s sloppy YARA rules riddled with false positives, the ethics of full-disclosure after Akamai dropped Windows Server “BadSuccessor” exploit details, and Sekoia’s discovery of thousands of hijacked edge devices repurposed as honeypots.\n\nThe back half veers into Microsoft’s resurrected Windows Recall, Signal’s new screenshot-blocking countermeasure, Japan’s fresh legal mandate for pre-emptive cyber strikes, and why appliance vendors like Ivanti keep landing in the headlines. \n\nAlong the way you get hot takes on techno-feudalism, Johnny Ive’s rumored AI gadget, and a lively debate over whether publishing exploit code ever helps defenders. \n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nRussian hackers hitting logistics companies supplying Ukraine\nCISA says Russian hackers targeting Ukraine war supply lines\nViciousTrap: Turning edge devices into honeypots\nBadSuccessor: Abusing dMSA to escalate privileges in Active Directory\nSignal adds anti-screenshot to thwart Windows Recall\nControversial Windows Recall gets security makeover\nMicrosoft's International Criminal Court blockade\nJapan enacts active cyberdefense law\nUAE recruiting US personnel Displaced by DOGE\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 47\u003c/strong\u003e: We unpack a multi-agency report on Russia’s APT28/Fancy Bear hacking and spying on Ukraine war supply lines, CISA’s sloppy YARA rules riddled with false positives, the ethics of full-disclosure after Akamai dropped Windows Server “BadSuccessor” exploit details, and Sekoia’s discovery of thousands of hijacked edge devices repurposed as honeypots.\u003c/p\u003e\n\n\u003cp\u003eThe back half veers into Microsoft’s resurrected Windows Recall, Signal’s new screenshot-blocking countermeasure, Japan’s fresh legal mandate for pre-emptive cyber strikes, and why appliance vendors like Ivanti keep landing in the headlines. \u003c/p\u003e\n\n\u003cp\u003eAlong the way you get hot takes on techno-feudalism, Johnny Ive’s rumored AI gadget, and a lively debate over whether publishing exploit code ever helps defenders. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1LS6j5WB33HBmDELA1HTO9VWQaq-xtEmsdZdRvbrxBIE/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian hackers hitting logistics companies supplying Ukraine\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141a\"\u003eRussian hackers hitting logistics companies supplying Ukraine\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA says Russian hackers targeting Ukraine war supply lines\" rel=\"nofollow\" href=\"https://www.securityweek.com/cisa-says-russian-hackers-targeting-western-supply-lines-to-ukraine/\"\u003eCISA says Russian hackers targeting Ukraine war supply lines\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ViciousTrap: Turning edge devices into honeypots\" rel=\"nofollow\" href=\"https://blog.sekoia.io/vicioustrap-infiltrate-control-lure-turning-edge-devices-into-honeypots-en-masse/\"\u003eViciousTrap: Turning edge devices into honeypots\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"BadSuccessor: Abusing dMSA to escalate privileges in Active Directory\" rel=\"nofollow\" href=\"https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory\"\u003eBadSuccessor: Abusing dMSA to escalate privileges in Active Directory\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Signal adds anti-screenshot to thwart Windows Recall\" rel=\"nofollow\" href=\"https://signal.org/blog/signal-doesnt-recall/\"\u003eSignal adds anti-screenshot to thwart Windows Recall\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Controversial Windows Recall gets security makeover\" rel=\"nofollow\" href=\"https://www.securityweek.com/microsofts-controversial-recall-returns-with-proof-of-presence-encryption-data-isolation-opt-in-model/\"\u003eControversial Windows Recall gets security makeover\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft\u0026#39;s International Criminal Court blockade\" rel=\"nofollow\" href=\"https://www.techzine.eu/news/privacy-compliance/131536/microsofts-icc-blockade-digital-dependence-comes-at-a-cost/\"\u003eMicrosoft's International Criminal Court blockade\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Japan enacts active cyberdefense law\" rel=\"nofollow\" href=\"https://www.japantimes.co.jp/news/2025/05/16/japan/politics/cyber-bill-enactment/\"\u003eJapan enacts active cyberdefense law\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"UAE recruiting US personnel Displaced by DOGE\" rel=\"nofollow\" href=\"https://www.zetter-zeroday.com/uae-recruiting-us-personnel-displaced-by-doge-to-work-on-ai-for-its-military/\"\u003eUAE recruiting US personnel Displaced by DOGE\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 47: We unpack a multi-agency report on Russia’s APT28/Fancy Bear hacking and spying on Ukraine war supply lines, CISA’s sloppy YARA rules riddled with false positives, the ethics of full-disclosure after Akamai dropped Windows Server “BadSuccessor” exploit details, and Sekoia’s discovery of thousands of hijacked edge devices repurposed as honeypots.\r\n\r\nThe back half veers into Microsoft’s resurrected Windows Recall, Signal’s new screenshot-blocking countermeasure, Japan’s fresh legal mandate for pre-emptive cyber strikes, and why appliance vendors like Ivanti keep landing in the headlines. \r\n\r\nAlong the way you get hot takes on techno-feudalism, Johnny Ive’s rumored AI gadget, and a lively debate over whether publishing exploit code ever helps defenders. \r\n\r\nCast: Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.","date_published":"2025-05-23T11:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/c29a1c55-dabb-4e6c-849f-9ce8e38326ac.mp3","mime_type":"audio/mpeg","size_in_bytes":117693808,"duration_in_seconds":9037}]},{"id":"e41fa5a7-38a9-4b9f-ab7a-ad6f9d00c2ad","title":"A Coinbase breach with bribes, rogue contractors and a $20M ransom demand","url":"https://securityconversations.fireside.fm/coinbase-breach-ivanti-zero-days-android-intrusion-logging","content_text":"Three Buddy Problem - Episode 46: We dig into a Coinbase breach headlined by bribes, rogue contractors and a $20 million ransom demand. Plus, (another!) batch of Ivanti and Microsoft zero-days being exploited in the wild, a new 'Intrusion Logging' feature coming to Android, Apple's iOS 18.5 patches, and the EU announcing its own vulnerability database and software vendor secure-coding pledge.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nCoinbase on $20m ransom demand\nSEC filing on Coinbase breach\nCoinbase Rogue Contractors Bribed to Leak Customer Data\nIvanti 0day exploit chain (CVE-2025-4427 and CVE-2025-4428)\nWatchtowr blog on new Ivanti 0days\nCISA Known Exploited Vulnerabilities (KEV)\n'Advanced Protection' comes to Android 16\nEurope launches it own vulnerability database\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 46\u003c/strong\u003e: We dig into a Coinbase breach headlined by bribes, rogue contractors and a $20 million ransom demand. Plus, (another!) batch of Ivanti and Microsoft zero-days being exploited in the wild, a new 'Intrusion Logging' feature coming to Android, Apple's iOS 18.5 patches, and the EU announcing its own vulnerability database and software vendor secure-coding pledge.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/18lG0HnPcDS4zsR7aVdhv6q5qnHBDF7wsbCkEuMU8iDc/edit?tab=t.0#heading=h.xoy008k76n3z\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Coinbase on $20m ransom demand\" rel=\"nofollow\" href=\"https://www.coinbase.com/blog/protecting-our-customers-standing-up-to-extortionists\"\u003eCoinbase on $20m ransom demand\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"SEC filing on Coinbase breach\" rel=\"nofollow\" href=\"https://www.sec.gov/Archives/edgar/data/1679788/000167978825000094/coin-20250514.htm?7194ef805fa2d04b0f7e8c9521f97343\"\u003eSEC filing on Coinbase breach\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Coinbase Rogue Contractors Bribed to Leak Customer Data\" rel=\"nofollow\" href=\"https://www.securityweek.com/coinbase-rejects-20m-ransom-after-rogue-contractors-bribed-to-leak-customer-data/\"\u003eCoinbase Rogue Contractors Bribed to Leak Customer Data\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ivanti 0day exploit chain (CVE-2025-4427 and CVE-2025-4428)\" rel=\"nofollow\" href=\"https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US\u0026amp;_gl=1*nrofxr*_gcl_au*MjQ3MzY1MzY5LjE3NDcxOTkyODY\"\u003eIvanti 0day exploit chain (CVE-2025-4427 and CVE-2025-4428)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Watchtowr blog on new Ivanti 0days\" rel=\"nofollow\" href=\"https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/\"\u003eWatchtowr blog on new Ivanti 0days\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA Known Exploited Vulnerabilities (KEV)\" rel=\"nofollow\" href=\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\"\u003eCISA Known Exploited Vulnerabilities (KEV)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"\u0026#39;Advanced Protection\u0026#39; comes to Android 16\" rel=\"nofollow\" href=\"https://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html?m=1\"\u003e'Advanced Protection' comes to Android 16\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Europe launches it own vulnerability database\" rel=\"nofollow\" href=\"https://www.enisa.europa.eu/news/consult-the-european-vulnerability-database-to-enhance-your-digital-security\"\u003eEurope launches it own vulnerability database\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 46: We dig into a Coinbase breach headlined by bribes, rogue contractors and a $20 million ransom demands. Plus, (another!) batch of Ivanti and Microsoft zero-days being exploited in the wild, a new 'Intrusion Logging' feature coming to Android, Apple's iOS 18.5 patches, and the EU announcing its own vulnerability database and software vendor secure-coding pledge.\r\n\r\nCast: Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.","date_published":"2025-05-16T11:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/e41fa5a7-38a9-4b9f-ab7a-ad6f9d00c2ad.mp3","mime_type":"audio/mpeg","size_in_bytes":101815632,"duration_in_seconds":8614}]},{"id":"e86c0a26-27c7-44e7-a6fd-1d85e4e5b3d2","title":"JAGS keynote: The intricacies of wartime cyber threat intelligence ","url":"https://securityconversations.fireside.fm/wartime-cyber-threat-intel-counterthreats-keynote","content_text":"Three Buddy Problem - Episode 45: (The buddies are trapped in timezone hell with cross-continent travel this week). \n\nIn the meantime, absorb this keynote presented by Juan Andres Guerrero-Saade (JAG-S) at CounterThreats 2023. It's a frank discussion on the role of cyber threat intelligence (CTI) during wartime and its importance in bridging information gaps between adversaries. Includes talk on the ethical challenges in CTI, questioning the impact of intelligence-sharing and how cyber operations affect real-world conflicts. He pointed to Ukraine and Israel as examples where CTI plays a critical, yet complicated, role. His message: cybersecurity pros need to be aware of the real-world consequences of their work and the ethical responsibility that comes with it.\n\nAcknowledgment: Credit for the audio goes to CyberThreat 2023, SANS Institute, NCSC, and SentinelOne.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Keynote transcript\nThe ethics and perils of APT research\nRecommended Talks\nThe Lost APT Reports\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 45\u003c/strong\u003e: (The buddies are trapped in timezone hell with cross-continent travel this week). \u003c/p\u003e\n\n\u003cp\u003eIn the meantime, absorb this keynote presented by Juan Andres Guerrero-Saade (JAG-S) at CounterThreats 2023. It's a frank discussion on the role of cyber threat intelligence (CTI) during wartime and its importance in bridging information gaps between adversaries. Includes talk on the ethical challenges in CTI, questioning the impact of intelligence-sharing and how cyber operations affect real-world conflicts. He pointed to Ukraine and Israel as examples where CTI plays a critical, yet complicated, role. His message: cybersecurity pros need to be aware of the real-world consequences of their work and the ethical responsibility that comes with it.\u003c/p\u003e\n\n\u003cp\u003e\u003cem\u003eAcknowledgment: Credit for the audio goes to CyberThreat 2023, SANS Institute, NCSC, and SentinelOne.\u003c/em\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Keynote transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1ZBQuHSF3sAwT9acg8ng4AtCw04jPLFOwkuZjS1nnpbI/edit?tab=t.0#heading=h.pi42p8chtkss\"\u003eKeynote transcript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The ethics and perils of APT research\" rel=\"nofollow\" href=\"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/10/20080228/Guerrero-Saade-VB2015.pdf\"\u003eThe ethics and perils of APT research\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Recommended Talks\" rel=\"nofollow\" href=\"https://www.epicturla.com/recommended-material\"\u003eRecommended Talks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Lost APT Reports\" rel=\"nofollow\" href=\"https://www.epicturla.com/blog\"\u003eThe Lost APT Reports\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 45: (The buddies are trapped in timezone hell with cross-continent travel this week). \r\n\r\nIn the meantime, absorb this keynote presented by Juan Andres Guerrero-Saade (JAG-S) at CounterThreats 2023. It's a frank discussion on the role of cyber threat intelligence (CTI) during wartime and its importance in bridging information gaps between adversaries. Includes talk on the ethical challenges in CTI, questioning the impact of intelligence-sharing and how cyber operations affect real-world conflicts. He pointed to Ukraine and Israel as examples where CTI plays a critical, yet complicated, role. His message: cybersecurity pros need to be aware of the real-world consequences of their work and the ethical responsibility that comes with it.\r\n\r\nAcknowledgment: Credit for the audio goes to CyberThreat 2023, SANS Institute, NCSC, and SentinelOne.\r\n\r\nCast: Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.","date_published":"2025-05-09T09:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/e86c0a26-27c7-44e7-a6fd-1d85e4e5b3d2.mp3","mime_type":"audio/mpeg","size_in_bytes":26254337,"duration_in_seconds":1867}]},{"id":"6b6d31fa-9f59-4c43-81ac-cafcf58c799e","title":"Signalgate redux, OpenAI's Aardvark, normalizing cyber offense","url":"https://securityconversations.fireside.fm/signal-archiving-open-ai-aardvark-hacking-back-","content_text":"Three Buddy Problem - Episode 44: We unpack news that US government officials are using an obscure app to archive Signal messages, OpenAI’s new “Aardvark” code-evaluation and reasoning model and leapfrog implications, NSC cyber lead Alexei Bulazel on normalizing US offensive operations, and JP Morgan Chase CISO’s warning to software vendors.\n\nPlus, fresh SentinelOne threat-intel notes, France’s attribution of GRU activity and a head-scratching $330 million Bitcoin heist.\n\nCast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)\nUS government using obscure app to archive Signal messages\nReuters photo of Mike Waltz phone\nUS revokes Romania visa waiver program\nOpenSSH bug found by OpenAI 'Aardvark'\nJP Morgan Chase CISO: An open letter to third-party suppliers\nJPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference\nSentinelOne LABS on DPRK threat actor targeting\nAlexei Bulazel comments at RSA conference\nGoogle report on 0day exploitation in 2024\nApple notifies new victims of spyware attacks across the world\nFrance attributes cyberattacks to Russia's military intelligence\nRT-Solar on ViPNet backdoor from 2021\nKaspersky: Sophisticated backdoor mimicking secure networking software updates\n$330m Bitcoin heist\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 44\u003c/strong\u003e: We unpack news that US government officials are using an obscure app to archive Signal messages, OpenAI’s new “Aardvark” code-evaluation and reasoning model and leapfrog implications, NSC cyber lead Alexei Bulazel on normalizing US offensive operations, and JP Morgan Chase CISO’s warning to software vendors.\u003c/p\u003e\n\n\u003cp\u003ePlus, fresh SentinelOne threat-intel notes, France’s attribution of GRU activity and a head-scratching $330 million Bitcoin heist.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e and \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1K6oD3WVGNtnQZQy-1hBW3qoRNgVo1UrNKy2dktwL7RA/edit?tab=t.0#heading=h.iyimfr9zwj2b\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US government using obscure app to archive Signal messages\" rel=\"nofollow\" href=\"https://www.404media.co/mike-waltz-accidentally-reveals-obscure-app-the-government-is-using-to-archive-signal-messages/\"\u003eUS government using obscure app to archive Signal messages\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Reuters photo of Mike Waltz phone\" rel=\"nofollow\" href=\"https://www.reutersconnect.com/item/us-national-security-advisor-mike-waltz-attends-a-cabinet-meeting-held-by-president-trump-at-the-white-house-in-washington/dGFnOnJldXRlcnMuY29tLDIwMjU6bmV3c21sX1JDMkg4RUFEOEtGRw%3D%3D?ref=404media.co\"\u003eReuters photo of Mike Waltz phone\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US revokes Romania visa waiver program\" rel=\"nofollow\" href=\"https://www.dhs.gov/news/2025/05/02/dhs-announces-rescission-romanias-designation-visa-waiver-program\"\u003eUS revokes Romania visa waiver program\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OpenSSH bug found by OpenAI \u0026#39;Aardvark\u0026#39;\" rel=\"nofollow\" href=\"https://github.com/openssh/openssh-portable/commit/c991273c18afc490313a9f282383eaf59d9c13b9\"\u003eOpenSSH bug found by OpenAI 'Aardvark'\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"JP Morgan Chase CISO: An open letter to third-party suppliers\" rel=\"nofollow\" href=\"https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliers\"\u003eJP Morgan Chase CISO: An open letter to third-party suppliers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference\" rel=\"nofollow\" href=\"https://www.securityweek.com/jpmorgan-chase-ciso-fires-warning-shot-ahead-of-rsa-conference/\"\u003eJPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"SentinelOne LABS on DPRK threat actor targeting\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/top-tier-target-what-it-takes-to-defend-a-cybersecurity-company-from-todays-adversaries/\"\u003eSentinelOne LABS on DPRK threat actor targeting\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Alexei Bulazel comments at RSA conference\" rel=\"nofollow\" href=\"https://cyberscoop.com/alexei-bulazel-white-house-national-security-councial-destigmatize-offensive-cyber-rsac-2025/\"\u003eAlexei Bulazel comments at RSA conference\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google report on 0day exploitation in 2024\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends\"\u003eGoogle report on 0day exploitation in 2024\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple notifies new victims of spyware attacks across the world\" rel=\"nofollow\" href=\"https://techcrunch.com/2025/04/30/apple-notifies-new-victims-of-spyware-attacks-across-the-world/\"\u003eApple notifies new victims of spyware attacks across the world\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"France attributes cyberattacks to Russia\u0026#39;s military intelligence\" rel=\"nofollow\" href=\"https://www.diplomatie.gouv.fr/fr/dossiers-pays/russie/evenements/evenements-de-l-annee-2025/article/russie-attribution-de-cyberattaques-contre-la-france-au-service-de\"\u003eFrance attributes cyberattacks to Russia's military intelligence\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"RT-Solar on ViPNet backdoor from 2021\" rel=\"nofollow\" href=\"https://rt-solar.ru/solar-4rays/blog/5487/\"\u003eRT-Solar on ViPNet backdoor from 2021\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kaspersky: Sophisticated backdoor mimicking secure networking software updates\" rel=\"nofollow\" href=\"https://securelist.com/new-backdoor-mimics-security-software-update/116246/\"\u003eKaspersky: Sophisticated backdoor mimicking secure networking software updates\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"$330m Bitcoin heist\" rel=\"nofollow\" href=\"https://x.com/zachxbt/status/1916756932763046273?s=46\u0026amp;t=ePKy91eN-ionB9LpDaBXcA\"\u003e$330m Bitcoin heist\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 44: We unpack news that US government officials are using an obscure app to archive Signal messages, OpenAI’s new “Aardvark” code-evaluation and reasoning model and leapfrog implications, NSC cyber lead Alexei Bulazel on normalizing US offensive operations, and JP Morgan Chase CISO’s warning to software vendors.\r\nPlus, fresh SentinelOne threat-intel notes, France’s attribution of GRU activity and a head-scratching $330 million Bitcoin heist.\r\n\r\nCast: Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.","date_published":"2025-05-03T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6b6d31fa-9f59-4c43-81ac-cafcf58c799e.mp3","mime_type":"audio/mpeg","size_in_bytes":123764937,"duration_in_seconds":9520}]},{"id":"a43a154a-06cd-4cf3-97fa-3945dc08f544","title":"Thomas Rid joins the show: AI consciousness, TP-Link's China connection, trust in hardware security","url":"https://securityconversations.fireside.fm/tom-rid-joins-the-show","content_text":"Three Buddy Problem - Episode 43: Director of the Alperovitch Institute for Cybersecurity Studies Thomas Rid joins the show for a deep-dive into the philosophical and ethical considerations surrounding AI consciousness and anthropomorphism. We dig into the multifaceted implications of AI technology, particularly focusing on data privacy, national security, and the philosophical questions surrounding AI consciousness and rights. \n\nPlus, TP-Link under US government investigation and the broader issues of consumer trust in hardware security, the need for regulation and inspectability of technology, and the struggles with patching network devices. \n\nCast: Thomas Rid, Juan Andres Guerrero-Saade and Ryan Naraine. Costin Raiu is away this week.Links:Transcript (unedited, AI-generated)\nAnthropic: Exploring AI model welfare, consciousness\nDavid Chalmers: Taking AI Welfare Seriously\nSam Altman: AI privacy safeguards can’t be established before ‘problems emerge’\nTP-Link router pricing and China ties under US gov probe\nBloomberg: TP-Link’s US Future Hinges on Claimed Split From China\nVerizon DBIR 2015 (full report)\nMandiant M-Trends 2025 Report\nFBI seeking tips about China's 'Salt Typhoon' hackers\nNorth Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature\nDan Geer on the realpolitik of cybersecurity\nLABScon 2025 CFP is open\nRansom War by Max Smeets\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 43\u003c/strong\u003e: Director of the Alperovitch Institute for Cybersecurity Studies Thomas Rid joins the show for a deep-dive into the philosophical and ethical considerations surrounding AI consciousness and anthropomorphism. We dig into the multifaceted implications of AI technology, particularly focusing on data privacy, national security, and the philosophical questions surrounding AI consciousness and rights. \u003c/p\u003e\n\n\u003cp\u003ePlus, TP-Link under US government investigation and the broader issues of consumer trust in hardware security, the need for regulation and inspectability of technology, and the struggles with patching network devices. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://sais.jhu.edu/users/trid2\" target=\"_blank\" rel=\"nofollow noopener\"\u003eThomas Rid\u003c/a\u003e, \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e. \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e is away this week.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1NJq0S9X5LyFVv3-X9EpljGIOVsOszEGA82ZFHSfA428/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anthropic: Exploring AI model welfare, consciousness\" rel=\"nofollow\" href=\"https://www.anthropic.com/research/exploring-model-welfare\"\u003eAnthropic: Exploring AI model welfare, consciousness\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"David Chalmers: Taking AI Welfare Seriously\" rel=\"nofollow\" href=\"https://arxiv.org/pdf/2411.00986\"\u003eDavid Chalmers: Taking AI Welfare Seriously\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sam Altman: AI privacy safeguards can’t be established before ‘problems emerge’\" rel=\"nofollow\" href=\"https://therecord.media/sam-altman-openai-privacy-safeguards\"\u003eSam Altman: AI privacy safeguards can’t be established before ‘problems emerge’\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TP-Link router pricing and China ties under US gov probe\" rel=\"nofollow\" href=\"https://www.techspot.com/news/107682-tp-link-router-pricing-china-ties-under-us.html\"\u003eTP-Link router pricing and China ties under US gov probe\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Bloomberg: TP-Link’s US Future Hinges on Claimed Split From China\" rel=\"nofollow\" href=\"https://archive.ph/YWpQA\"\u003eBloomberg: TP-Link’s US Future Hinges on Claimed Split From China\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Verizon DBIR 2015 (full report)\" rel=\"nofollow\" href=\"https://www.verizon.com/business/resources/T2ff/reports/2025-dbir-data-breach-investigations-report.pdf\"\u003eVerizon DBIR 2015 (full report)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mandiant M-Trends 2025 Report\" rel=\"nofollow\" href=\"https://services.google.com/fh/files/misc/m-trends-2025-en.pdf\"\u003eMandiant M-Trends 2025 Report\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"FBI seeking tips about China\u0026#39;s \u0026#39;Salt Typhoon\u0026#39; hackers\" rel=\"nofollow\" href=\"https://www.ic3.gov/PSA/2025/PSA250424-2\"\u003eFBI seeking tips about China's 'Salt Typhoon' hackers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"North Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature\" rel=\"nofollow\" href=\"https://www.securityweek.com/north-korean-cryptocurrency-thieves-caught-hijacking-zoom-remote-control-feature/\"\u003eNorth Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dan Geer on the realpolitik of cybersecurity\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=nT-TGvYOBpI\u0026amp;ab_channel=BlackHat\"\u003eDan Geer on the realpolitik of cybersecurity\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2025 CFP is open\" rel=\"nofollow\" href=\"https://www.cvent.com/c/abstracts/fe3bffe0-6e1f-482d-9435-fb39af52138c\"\u003eLABScon 2025 CFP is open\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ransom War by Max Smeets\" rel=\"nofollow\" href=\"https://www.hurstpublishers.com/book/ransom-war/\"\u003eRansom War by Max Smeets\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 43: Director of the Alperovitch Institute for Cybersecurity Studies Thomas Rid joins the show for a deep-dive into the philosophical and ethical considerations surrounding AI consciousness and anthropomorphism. We dig into the multifaceted implications of AI technology, particularly focusing on data privacy, national security, and the philosophical questions surrounding AI consciousness and rights. \r\n\r\nPlus, TP-Link under US government investigation and the broader issues of consumer trust in hardware security, the need for regulation and inspectability of technology, and the struggles with patching network devices. \r\n\r\nCast: Thomas Rid, Juan Andres Guerrero-Saade and Ryan Naraine. \r\n\r\n* Costin Raiu is away this week.","date_published":"2025-04-25T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a43a154a-06cd-4cf3-97fa-3945dc08f544.mp3","mime_type":"audio/mpeg","size_in_bytes":77152373,"duration_in_seconds":5622}]},{"id":"4ef18f59-700b-4713-93c0-db500e43ed18","title":"China doxxes NSA, CVE's funding crisis, Apple's zero-day troubles","url":"https://securityconversations.fireside.fm/china-doxxes-nsa-cisa-cve-apple-zero-days","content_text":"Three Buddy Problem - Episode 42: We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days. \n\nPlus, the effectiveness of Lockdown Mode, the rising costs of mobile exploits, Chris Krebs' exit from SentinelOne after a presidential executive order, and the value and effectiveness of security clearances.\n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nChina names alleged NSA cyberattack agents\nWSJ: In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks\nApple Quashes Two Zero-Days With iOS, MacOS Patches\nApple bulletin - iOS 18.4.1 Security Vulnerabilities\nAndroid zero-days documented\nMITRE CVE Program Gets Last-Hour Funding Reprieve\nNIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD\nEU issues US-bound staff with burner phones to avoid espionage\nExploitation of CLFS zero-day leads to ransomware \nGoogle announces Sec-Gemini v1 cybersecurity model\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 42\u003c/strong\u003e: We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days. \u003c/p\u003e\n\n\u003cp\u003ePlus, the effectiveness of Lockdown Mode, the rising costs of mobile exploits, Chris Krebs' exit from SentinelOne after a presidential executive order, and the value and effectiveness of security clearances.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1LM4EHnm8-uHKIur7iqOp3y4Z1wrItETvASD5IRnKJqo/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"China names alleged NSA cyberattack agents\" rel=\"nofollow\" href=\"https://www.reuters.com/technology/cybersecurity/chinas-harbin-says-us-launched-advanced-cyber-attacks-winter-games-2025-04-15/\"\u003eChina names alleged NSA cyberattack agents\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"WSJ: In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks\" rel=\"nofollow\" href=\"https://archive.ph/yDvP3\"\u003eWSJ: In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple Quashes Two Zero-Days With iOS, MacOS Patches\" rel=\"nofollow\" href=\"https://www.securityweek.com/apple-pushes-ios-macos-patches-to-quash-two-zero-days/\"\u003eApple Quashes Two Zero-Days With iOS, MacOS Patches\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple bulletin - iOS 18.4.1 Security Vulnerabilities\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/122282\"\u003eApple bulletin - iOS 18.4.1 Security Vulnerabilities\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Android zero-days documented\" rel=\"nofollow\" href=\"https://source.android.com/docs/security/bulletin/2025-04-01\"\u003eAndroid zero-days documented\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"MITRE CVE Program Gets Last-Hour Funding Reprieve\" rel=\"nofollow\" href=\"https://www.securityweek.com/mitre-cve-program-gets-last-hour-funding-reprieve/\"\u003eMITRE CVE Program Gets Last-Hour Funding Reprieve\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD\" rel=\"nofollow\" href=\"https://www.securityweek.com/nist-still-struggling-to-clear-vulnerability-submissions-backlog-in-nvd/\"\u003eNIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"EU issues US-bound staff with burner phones to avoid espionage\" rel=\"nofollow\" href=\"https://archive.ph/VcBLY\"\u003eEU issues US-bound staff with burner phones to avoid espionage\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Exploitation of CLFS zero-day leads to ransomware \" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2025/04/08/exploitation-of-clfs-zero-day-leads-to-ransomware-activity/\"\u003eExploitation of CLFS zero-day leads to ransomware \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google announces Sec-Gemini v1 cybersecurity model\" rel=\"nofollow\" href=\"https://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html\"\u003eGoogle announces Sec-Gemini v1 cybersecurity model\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 42: We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days. \r\n\r\nPlus, the effectiveness of Lockdown Mode, the rising costs of mobile exploits, Chris Krebs' exit from SentinelOne after a presidential executive order, and the value and effectiveness of security clearances.\r\n\r\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.","date_published":"2025-04-17T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/4ef18f59-700b-4713-93c0-db500e43ed18.mp3","mime_type":"audio/mpeg","size_in_bytes":82057286,"duration_in_seconds":5959}]},{"id":"8ee6db1b-3fe7-45d5-ae76-01d697ffdff9","title":"NSA director fired, Ivanti's 0day screw-up, backdoor in robot dogs","url":"https://securityconversations.fireside.fm/bunnie-huang-black-hat-ivanti-zeroday-robodog","content_text":"Three Buddy Problem - Episode 41: Costin and Juanito join the show from Black Hat Asia in Singapore. We discuss Bunnie Huang's keynote on hardware supply chains and a classification system to establish a grounded perspective on trust in hardware, Ivanti's misdiagnosis of a critical VPN applicance flaw and Mandiant reporting on a Chinese APT exploiting Ivanti devices. Plus, breaking news on the sudden firing of NSA director and head of Cyber Command Tim Haugh.\n\nWe also discuss Microsoft touting AI's value in finding open-source bootloader bugs, Silent Push report on a RUssian APT impersonating the CIA, a backdoor in a popular Chinese robot dog, and Chinese dominance of the robotics market.\n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nNational Security Agency chief ousted after far-right activist urged his removal\nMandiant: China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability \nIvanti security bulletin (CVE-2025-22457)\nChinese APT exploits misdiagnosed RCE in Ivanti VPNs\nAnother exploited 0day in Apple iOS \nAndroid version of Lockdown Mode coming\nMicrosoft: Using AI to find open-source bootloader flaws\nIndiana University cybersecurity \"safe\" after FBI home searches\nSilent Push: Russians impersonate CIA to target Ukraine sympathizers\nUnitree Go1 robot dog backdoor documentation\nAmerica is missing in the robotics race\nAutomated AI Reverse Engineering with MCP for IDA and Ghidra\nBunny Huang: Perspectives on trust in hardware supply chains\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 41\u003c/strong\u003e: Costin and Juanito join the show from Black Hat Asia in Singapore. We discuss Bunnie Huang's keynote on hardware supply chains and a classification system to establish a grounded perspective on trust in hardware, Ivanti's misdiagnosis of a critical VPN applicance flaw and Mandiant reporting on a Chinese APT exploiting Ivanti devices. Plus, breaking news on the sudden firing of NSA director and head of Cyber Command Tim Haugh.\u003c/p\u003e\n\n\u003cp\u003eWe also discuss Microsoft touting AI's value in finding open-source bootloader bugs, Silent Push report on a RUssian APT impersonating the CIA, a backdoor in a popular Chinese robot dog, and Chinese dominance of the robotics market.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1kgNSEX2RyhL2Ph0OoTk1GwNRPaKGITQbe-XSMU21fgk/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"National Security Agency chief ousted after far-right activist urged his removal\" rel=\"nofollow\" href=\"https://archive.ph/tWaVv\"\u003eNational Security Agency chief ousted after far-right activist urged his removal\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mandiant: China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability \" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability\"\u003eMandiant: China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ivanti security bulletin (CVE-2025-22457)\" rel=\"nofollow\" href=\"https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US\"\u003eIvanti security bulletin (CVE-2025-22457)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chinese APT exploits misdiagnosed RCE in Ivanti VPNs\" rel=\"nofollow\" href=\"https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/\"\u003eChinese APT exploits misdiagnosed RCE in Ivanti VPNs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Another exploited 0day in Apple iOS \" rel=\"nofollow\" href=\"https://support.apple.com/en-us/122346\"\u003eAnother exploited 0day in Apple iOS \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Android version of Lockdown Mode coming\" rel=\"nofollow\" href=\"https://www.androidauthority.com/android-inactivity-reboot-android-16-3539949/\"\u003eAndroid version of Lockdown Mode coming\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft: Using AI to find open-source bootloader flaws\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2025/03/31/analyzing-open-source-bootloaders-finding-vulnerabilities-faster-with-ai/\"\u003eMicrosoft: Using AI to find open-source bootloader flaws\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Indiana University cybersecurity \u0026quot;safe\u0026quot; after FBI home searches\" rel=\"nofollow\" href=\"https://archive.ph/KIX8k#selection-465.0-465.84\"\u003eIndiana University cybersecurity \"safe\" after FBI home searches\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Silent Push: Russians impersonate CIA to target Ukraine sympathizers\" rel=\"nofollow\" href=\"https://www.silentpush.com/blog/russian-intelligence-phishing/\"\u003eSilent Push: Russians impersonate CIA to target Ukraine sympathizers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Unitree Go1 robot dog backdoor documentation\" rel=\"nofollow\" href=\"https://think-awesome.com/download_unitree_report\"\u003eUnitree Go1 robot dog backdoor documentation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"America is missing in the robotics race\" rel=\"nofollow\" href=\"https://semianalysis.com/2025/03/11/america-is-missing-the-new-labor-economy-robotics-part-1/\"\u003eAmerica is missing in the robotics race\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Automated AI Reverse Engineering with MCP for IDA and Ghidra\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=iFxNuk3kxhk\u0026amp;ab_channel=OALabs\"\u003eAutomated AI Reverse Engineering with MCP for IDA and Ghidra\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Bunny Huang: Perspectives on trust in hardware supply chains\" rel=\"nofollow\" href=\"https://www.blackhat.com/asia-25/briefings/schedule/#keynote-perspectives-on-trust-in-hardware-supply-chains-44613\"\u003eBunny Huang: Perspectives on trust in hardware supply chains\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 41: Costin and Juanito join the show from Black Hat Asia in Singapore. We discuss Bunnie Huang's keynote on hardware supply chains and a classification system to establish a grounded perspective on trust in hardware, Ivanti's misdiagnosis of a critical VPN applicance flaw and Mandiant reporting on a Chinese APT exploiting Ivanti devices. Plus, breaking news on the sudden firing of NSA director and head of Cyber Command Tim Haugh.\r\n\r\nWe also discuss Microsoft touting AI's value in finding open-source bootloader bugs, Silent Push report on a RUssian APT impersonating the CIA, a backdoor in a popular Chinese robot dog, and Chinese dominance of the robotics market.\r\n\r\n Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.","date_published":"2025-04-04T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/8ee6db1b-3fe7-45d5-ae76-01d697ffdff9.mp3","mime_type":"audio/mpeg","size_in_bytes":84762978,"duration_in_seconds":5817}]},{"id":"b9f48f51-2a3a-4f4e-8e3a-1c9c5bf76f9c","title":"Signalgate and ID management hiccups, PuzzleMaker and Chrome 0days, Lab Dookhtegan returns","url":"https://securityconversations.fireside.fm/signalgate-id-management-puzzlemaker-chrome-zero-day","content_text":"Three Buddy Problem - Episode 40: On the show this week, we look at the technical deficiencies and opsec concerns around the use of Signal for ultra-sensitive communications. Plus, some speculation on who's behind Kaspersky’s ‘Operation Forum Troll’ report, Chinese discussion on NSA/CIA mobile networks exploitation, and the return of ‘Lab Dookhtegan’ hack-and-leak exposures.\n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nThe Atlantic: The Trump admin accidentally texted me its war plans\nThe Atlantic: Here are the attack plans shared on Signal\nSignal statement on SignalGate\nOur experts separate Signal from noise in the Trump team group chat\nOperation ForumTroll exploits zero-days in Google Chrome\nPuzzleMaker attacks with Chrome zero-day exploit chain\nTen most mysterious APT campaigns that remain unattributed\nOperation FishMedley linked to i-SOON\nChinese gov agency on mobile attacks by US intel agencies\nLabDookhtegan Telegram channel\nTornado Cash sanctions removed\nIntrusion Truth \nLab Dookhtegan archives on CyberScoop\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 40\u003c/strong\u003e: On the show this week, we look at the technical deficiencies and opsec concerns around the use of Signal for ultra-sensitive communications. Plus, some speculation on who's behind Kaspersky’s ‘Operation Forum Troll’ report, Chinese discussion on NSA/CIA mobile networks exploitation, and the return of ‘Lab Dookhtegan’ hack-and-leak exposures.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1u3s6n977qAHCEIChdXeRTrbseZ_2ZFYofneh8a5BMTg/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Atlantic: The Trump admin accidentally texted me its war plans\" rel=\"nofollow\" href=\"https://archive.ph/JEYep\"\u003eThe Atlantic: The Trump admin accidentally texted me its war plans\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Atlantic: Here are the attack plans shared on Signal\" rel=\"nofollow\" href=\"https://archive.ph/fNUm7\"\u003eThe Atlantic: Here are the attack plans shared on Signal\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Signal statement on SignalGate\" rel=\"nofollow\" href=\"https://x.com/signalapp/status/1904666111989166408\"\u003eSignal statement on SignalGate\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Our experts separate Signal from noise in the Trump team group chat\" rel=\"nofollow\" href=\"https://www.atlanticcouncil.org/blogs/new-atlanticist/our-experts-separate-signal-from-noise-in-the-trump-teams-messages-about-bombing-the-houthis/\"\u003eOur experts separate Signal from noise in the Trump team group chat\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Operation ForumTroll exploits zero-days in Google Chrome\" rel=\"nofollow\" href=\"https://securelist.com/operation-forumtroll/115989/\"\u003eOperation ForumTroll exploits zero-days in Google Chrome\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PuzzleMaker attacks with Chrome zero-day exploit chain\" rel=\"nofollow\" href=\"https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/\"\u003ePuzzleMaker attacks with Chrome zero-day exploit chain\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ten most mysterious APT campaigns that remain unattributed\" rel=\"nofollow\" href=\"https://securelist.com/top-10-unattributed-apt-mysteries/107676/\"\u003eTen most mysterious APT campaigns that remain unattributed\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Operation FishMedley linked to i-SOON\" rel=\"nofollow\" href=\"https://www.welivesecurity.com/en/eset-research/operation-fishmedley/\"\u003eOperation FishMedley linked to i-SOON\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chinese gov agency on mobile attacks by US intel agencies\" rel=\"nofollow\" href=\"http://www.news.cn/world/20250325/02ba448744ac4b75a81df613a88b4d26/2025032522b55fd15b244a5fac54e424c62be9b7_1616350dfed1c44ba786a82d574c86c30f.pdf\"\u003eChinese gov agency on mobile attacks by US intel agencies\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LabDookhtegan Telegram channel\" rel=\"nofollow\" href=\"https://t.me/Lab_Dookhtegan_Channel/254\"\u003eLabDookhtegan Telegram channel\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Tornado Cash sanctions removed\" rel=\"nofollow\" href=\"https://home.treasury.gov/news/press-releases/sb0057\"\u003eTornado Cash sanctions removed\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Intrusion Truth \" rel=\"nofollow\" href=\"https://intrusiontruth.wordpress.com/\"\u003eIntrusion Truth \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Lab Dookhtegan archives on CyberScoop\" rel=\"nofollow\" href=\"https://cyberscoop.com/tag/lab-dookhtegan/\"\u003eLab Dookhtegan archives on CyberScoop\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 40: On the show this week, we look at the technical deficiencies and opsec concerns around the use of Signal for ultra-sensitive communications. Plus, some speculation on who's behind Kaspersky’s ‘Operation Forum Troll’ report, Chinese discussion on NSA/CIA mobile networks exploitation, and the return of ‘Lab Dookhtegan’ hack-and-leak exposures.\r\n\r\n Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.","date_published":"2025-03-28T11:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/b9f48f51-2a3a-4f4e-8e3a-1c9c5bf76f9c.mp3","mime_type":"audio/mpeg","size_in_bytes":88112428,"duration_in_seconds":6754}]},{"id":"eaa3f669-ac3a-4173-ad61-053f13fb6253","title":"China exposing Taiwan hacks, Paragon spyware and WhatsApp exploits, CISA budget cuts","url":"https://securityconversations.fireside.fm/china-taiwan-paragon-whatsapp-cisa","content_text":"Three Buddy Problem - Episode 39: Luta Security CEO Katie Moussouris joins the buddies to parse news around a coordinated Chinese exposure of Taiwan APT actors, CitizenLab's report on Paragon spyware and WhatsApp exploits, an “official” Russian government exploit-buying operation shopping for Telegram exploits, the fragmentation of exploit markets and the future of CISA in the face of budget cuts and layoffs.\n\nCast: Katie Moussouris, Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nChina's MSS discloses Taiwan APTs \nAntiy report Taiwan's \"Green Spot\" attack group\nCitizen Lab on Paragon’s Proliferating Spyware Operations\nOperation Zero wants Telegram 1-click RCE exploits\nOperation Zero 0day Vulnerability Platform\nGitHub Action supply chain attack\nBlast radius of GitHub Action supply chain attack\nWindows .lnk shortcut exploit abused as zero-day\nSean Plankey nominated to lead CISA\nTrump admin halts funding for two cybersecurity efforts\nCISA publishes Jen Easterley's calendars\nCISA statement on 'red-team' layoff reports\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 39\u003c/strong\u003e: Luta Security CEO Katie Moussouris joins the buddies to parse news around a coordinated Chinese exposure of Taiwan APT actors, CitizenLab's report on Paragon spyware and WhatsApp exploits, an “official” Russian government exploit-buying operation shopping for Telegram exploits, the fragmentation of exploit markets and the future of CISA in the face of budget cuts and layoffs.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://lutasecurity.com\" target=\"_blank\" rel=\"nofollow noopener\"\u003eKatie Moussouris\u003c/a\u003e, \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1nr3Ug3XbuqcsIf7btZ2bdAQhTbBTUEfzphKG49_uYZ4/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"China\u0026#39;s MSS discloses Taiwan APTs \" rel=\"nofollow\" href=\"http://eng.mod.gov.cn/xb/News_213114/TopStories/16375392.html\"\u003eChina's MSS discloses Taiwan APTs \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Antiy report Taiwan\u0026#39;s \u0026quot;Green Spot\u0026quot; attack group\" rel=\"nofollow\" href=\"https://www.antiy.cn/research/notice\u0026amp;report/research_report/GreenSpot_Analysis_202503.html\"\u003eAntiy report Taiwan's \"Green Spot\" attack group\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Citizen Lab on Paragon’s Proliferating Spyware Operations\" rel=\"nofollow\" href=\"https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/\"\u003eCitizen Lab on Paragon’s Proliferating Spyware Operations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Operation Zero wants Telegram 1-click RCE exploits\" rel=\"nofollow\" href=\"https://x.com/opzero_en/status/1902665005675295186?s=46\u0026amp;t=NxSQbkIl4wl2Ei8yYr-9IQ\"\u003eOperation Zero wants Telegram 1-click RCE exploits\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Operation Zero 0day Vulnerability Platform\" rel=\"nofollow\" href=\"https://opzero.ru/en/\"\u003eOperation Zero 0day Vulnerability Platform\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"GitHub Action supply chain attack\" rel=\"nofollow\" href=\"https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised\"\u003eGitHub Action supply chain attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Blast radius of GitHub Action supply chain attack\" rel=\"nofollow\" href=\"https://www.endorlabs.com/learn/blast-radius-of-the-tj-actions-changed-files-supply-chain-attack\"\u003eBlast radius of GitHub Action supply chain attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Windows .lnk shortcut exploit abused as zero-day\" rel=\"nofollow\" href=\"https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html\"\u003eWindows .lnk shortcut exploit abused as zero-day\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sean Plankey nominated to lead CISA\" rel=\"nofollow\" href=\"https://www.congress.gov/nomination/119th-congress/26/38\"\u003eSean Plankey nominated to lead CISA\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Trump admin halts funding for two cybersecurity efforts\" rel=\"nofollow\" href=\"https://www.securityweek.com/trump-administration-halts-funding-for-two-cybersecurity-efforts-including-one-for-elections/\"\u003eTrump admin halts funding for two cybersecurity efforts\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA publishes Jen Easterley\u0026#39;s calendars\" rel=\"nofollow\" href=\"https://www.dhs.gov/publication/cisa-calendars\"\u003eCISA publishes Jen Easterley's calendars\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA statement on \u0026#39;red-team\u0026#39; layoff reports\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/news/statement-cisas-red-team\"\u003eCISA statement on 'red-team' layoff reports\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 39: Luta Security CEO Katie Moussouris joins the buddies to parse news around a coordinated Chinese exposure of Taiwan APT actors, CitizenLab's report on Paragon spyware and WhatsApp exploits, an “official” Russian government exploit-buying operation shopping for Telegram exploits, the fragmentation of exploit markets and the future of CISA in the face of budget cuts and layoffs.\r\n\r\n Cast: Katie Moussouris (Luta Security), Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.","date_published":"2025-03-21T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/eaa3f669-ac3a-4173-ad61-053f13fb6253.mp3","mime_type":"audio/mpeg","size_in_bytes":94023970,"duration_in_seconds":6982}]},{"id":"e8ceaea1-2a65-4964-9062-3aca6da98d36","title":"A half-dozen Microsoft zero-days, Juniper router backdoors, advanced bootkit hunting","url":"https://securityconversations.fireside.fm/zero-day-tuesday-juniper-custom-backdoor-bootkit-hunting","content_text":"Three Buddy Problem - Episode 38: On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS 18.3.2 fixing an exploited WebKit bug, a mysterious Unpatched.ai being credited with Microsoft Access RCE flaws, and OpenAI lobbying for the US to ban China's DeepSeek.\n\nPlus, discussion on a Binarly technical paper with new approach to finding UEFI bootkits, Mandiant flagging custom backdoors on Juniper routers, and MEV 'sandwich attacks' front-running cryptocurrency transactions.\n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nMicrosoft Flags Six Active Zero-Days, Patches 57 Flaws\nUnpatched.ai discoveries\nApple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw\nApple iOS 18.3.2 and iPadOS 18.3.2 documentation\nCitizen Lab: Predator in the wires\nFreeType Zero-Day Being Exploited in the Wild\nCVE-2020-15999: FreeType Heap Buffer Overflow\nMandiant : Ghost in the Juniper router\nJun OS out-of-cycle security bulletin (CVE-2025-21590)\nJuniper Malware Removal Tool\nBinarly: UEFI Bootkit Hunting -- In-Depth Search for Unique Code Behavior\nCrypto Trader Loses $215,000 in MEV Sandwich Attack on Uniswap\nThe Secretive World Of MEV, Where Bots Front-Run Crypto Investors For Big Profits\nReuters journalist Raphael Satter loses overseas citizenship\nYanis Varoufakis: Trump’s tariff chaos explained\nTechnofeudalism: What Killed Capitalism (Yanis Varoufakis)\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 38\u003c/strong\u003e: On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS 18.3.2 fixing an exploited WebKit bug, a mysterious Unpatched.ai being credited with Microsoft Access RCE flaws, and OpenAI lobbying for the US to ban China's DeepSeek.\u003c/p\u003e\n\n\u003cp\u003ePlus, discussion on a Binarly technical paper with new approach to finding UEFI bootkits, Mandiant flagging custom backdoors on Juniper routers, and MEV 'sandwich attacks' front-running cryptocurrency transactions.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1eGHr2QVVzfFht4x-6NqNpiXOvU7qPYNbNoYLbnXo9JA/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Flags Six Active Zero-Days, Patches 57 Flaws\" rel=\"nofollow\" href=\"https://www.securityweek.com/patch-tuesday-microsoft-patches-57-flaws-flags-six-active-zero-days/\"\u003eMicrosoft Flags Six Active Zero-Days, Patches 57 Flaws\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Unpatched.ai discoveries\" rel=\"nofollow\" href=\"https://www.unpatched.ai/reports\"\u003eUnpatched.ai discoveries\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw\" rel=\"nofollow\" href=\"https://www.securityweek.com/apple-ships-ios-18-3-2-to-fix-already-exploited-webkit-flaw/\"\u003eApple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple iOS 18.3.2 and iPadOS 18.3.2 documentation\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/122281\"\u003eApple iOS 18.3.2 and iPadOS 18.3.2 documentation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Citizen Lab: Predator in the wires\" rel=\"nofollow\" href=\"https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/\"\u003eCitizen Lab: Predator in the wires\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"FreeType Zero-Day Being Exploited in the Wild\" rel=\"nofollow\" href=\"https://www.securityweek.com/freetype-zero-day-being-exploited-in-the-wild/\"\u003eFreeType Zero-Day Being Exploited in the Wild\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CVE-2020-15999: FreeType Heap Buffer Overflow\" rel=\"nofollow\" href=\"https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2020/CVE-2020-15999.html\"\u003eCVE-2020-15999: FreeType Heap Buffer Overflow\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mandiant : Ghost in the Juniper router\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers\"\u003eMandiant : Ghost in the Juniper router\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Jun OS out-of-cycle security bulletin (CVE-2025-21590)\" rel=\"nofollow\" href=\"https://supportportal.juniper.net/s/article/2025-03-Out-of-Cycle-Security-Bulletin-Junos-OS-A-local-attacker-with-shell-access-can-execute-arbitrary-code-CVE-2025-21590?language=en_US\"\u003eJun OS out-of-cycle security bulletin (CVE-2025-21590)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Juniper Malware Removal Tool\" rel=\"nofollow\" href=\"https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/concept/juniper-malware-removal-tool.html\"\u003eJuniper Malware Removal Tool\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Binarly: UEFI Bootkit Hunting -- In-Depth Search for Unique Code Behavior\" rel=\"nofollow\" href=\"https://www.binarly.io/blog/uefi-bootkit-hunting-in-depth-search-for-unique-code-behavior\"\u003eBinarly: UEFI Bootkit Hunting -- In-Depth Search for Unique Code Behavior\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Crypto Trader Loses $215,000 in MEV Sandwich Attack on Uniswap\" rel=\"nofollow\" href=\"https://blockonomi.com/crypto-trader-loses-215000-in-mev-sandwich-attack-on-uniswap/\"\u003eCrypto Trader Loses $215,000 in MEV Sandwich Attack on Uniswap\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Secretive World Of MEV, Where Bots Front-Run Crypto Investors For Big Profits\" rel=\"nofollow\" href=\"https://www.forbes.com/sites/jeffkauflin/2022/10/11/the-secretive-world-of-mev-where-crypto-bots-scalp-investors-for-big-profits/\"\u003eThe Secretive World Of MEV, Where Bots Front-Run Crypto Investors For Big Profits\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Reuters journalist Raphael Satter loses overseas citizenship\" rel=\"nofollow\" href=\"https://www.theguardian.com/world/2025/mar/13/us-journalist-sues-indian-government-after-losing-his-overseas-citizenship\"\u003eReuters journalist Raphael Satter loses overseas citizenship\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Yanis Varoufakis: Trump’s tariff chaos explained\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=f1CdbCsetpw\u0026amp;ab_channel=TimesRadio\"\u003eYanis Varoufakis: Trump’s tariff chaos explained\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Technofeudalism: What Killed Capitalism (Yanis Varoufakis)\" rel=\"nofollow\" href=\"https://www.goodreads.com/book/show/75560037-techno-feudalism\"\u003eTechnofeudalism: What Killed Capitalism (Yanis Varoufakis)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 38: On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS 18.3.2 fixing an exploited WebKit bug, a mysterious Unpatched.ai being credited with Microsoft Access RCE flaws, and OpenAI lobbying for the US to ban China's DeepSeek.\r\n\r\nPlus, discussion on a Binarly technical paper with new approach to finding UEFI bootkits, Mandiant flagging custom backdoors on Juniper routers, and MEV 'sandwich attacks' front-running cryptocurrency transactions.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-03-14T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/e8ceaea1-2a65-4964-9062-3aca6da98d36.mp3","mime_type":"audio/mpeg","size_in_bytes":99623327,"duration_in_seconds":7543}]},{"id":"63a92335-8a4c-4f44-8bc4-b1f6a374ffed","title":"Revisiting the Lamberts, i-Soon indictments, VMware zero-days","url":"https://securityconversations.fireside.fm/revisiting-the-lamberts-apt","content_text":"Three Buddy Problem - Episode 37: This week, we revisit the public reporting on a US/Russia cyber stand down order, CISA declaring no change to its position on tracking Russian threats, and the high-level diplomatic optics at play. \n\nPlus, a dissection of ‘The Lamberts’ APT and connections to US intelligence agencies, attribution around ‘Operation Triangulation’ and the lack of recent visibility into these actors. We also discuss a fresh batch of VMware zero-days, China’s i-Soon ‘hackers-for-hire’ indictments, the Pangu/i-Soon connection, and a new wave of Apple threat-intel warnings about mercenary spyware infections.\n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nKim Zetter: Did Trump admin order a stand-down on Russia? \nUnraveling the Lamberts Toolkit (Securelist)\nVB2019: King of the hill: nation-state counterintelligence for victim deconfliction\nVB2018: Draw me like one of your French APTs \nSymantec: Who is Longhorn?\nVMware: Three new zero-days exploited\nBroadcom patches 3 VMware zero-days exploited in the wild\nDOJ indictments: i-Soon hackers for hire and APT27\nUnmasking I-Soon \nCatalan court orders former NSO Group execs be indicted for spyware abuses\nApple sending 'mercenary spyware' threat notifications\nHow Social Engineering Sparked a Billion-Dollar Supply Chain Cryptocurrency Heist\nSafe{Wallet] post-mortem on ByBit $1.4B crypto heist\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 37\u003c/strong\u003e: This week, we revisit the public reporting on a US/Russia cyber stand down order, CISA declaring no change to its position on tracking Russian threats, and the high-level diplomatic optics at play. \u003c/p\u003e\n\n\u003cp\u003ePlus, a dissection of ‘The Lamberts’ APT and connections to US intelligence agencies, attribution around ‘Operation Triangulation’ and the lack of recent visibility into these actors. We also discuss a fresh batch of VMware zero-days, China’s i-Soon ‘hackers-for-hire’ indictments, the Pangu/i-Soon connection, and a new wave of Apple threat-intel warnings about mercenary spyware infections.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/18Jv-csHfMCuSBFRIjwA55PKys4YIVDYCpc0Eq-BHWbU/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kim Zetter: Did Trump admin order a stand-down on Russia? \" rel=\"nofollow\" href=\"https://www.zetter-zeroday.com/did-trump-admin-order-u-s-cyber-command-and-cisa-to-stand-down-on-russia/\"\u003eKim Zetter: Did Trump admin order a stand-down on Russia? \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Unraveling the Lamberts Toolkit (Securelist)\" rel=\"nofollow\" href=\"https://securelist.com/unraveling-the-lamberts-toolkit/77990/\"\u003eUnraveling the Lamberts Toolkit (Securelist)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"VB2019: King of the hill: nation-state counterintelligence for victim deconfliction\" rel=\"nofollow\" href=\"https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-king-hill-nation-state-counterintelligence-victim-deconfliction/\"\u003eVB2019: King of the hill: nation-state counterintelligence for victim deconfliction\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"VB2018: Draw me like one of your French APTs \" rel=\"nofollow\" href=\"https://www.virusbulletin.com/virusbulletin/2019/01/vb2018-paper-draw-me-one-your-french-apts-expanding-our-descriptive-palette-cyber-threat-actors/\"\u003eVB2018: Draw me like one of your French APTs \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Symantec: Who is Longhorn?\" rel=\"nofollow\" href=\"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7ca2e331-2209-46a8-9e60-4cb83f9602de\u0026amp;CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68\u0026amp;tab=librarydocuments\"\u003eSymantec: Who is Longhorn?\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"VMware: Three new zero-days exploited\" rel=\"nofollow\" href=\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390?utm_campaign=VCF_FY25_VCF_Security-Alert-VMSA-2025-0004_MKT_EM_2938\u0026amp;utm_content=VCF_FY25_VCF_Security-Alert_2938_VMSA-2025-0004_MKT_TRANS_EM_5308\u0026amp;utm_medium=email\u0026amp;utm_source=eloqua\"\u003eVMware: Three new zero-days exploited\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Broadcom patches 3 VMware zero-days exploited in the wild\" rel=\"nofollow\" href=\"https://www.securityweek.com/broadcom-patches-3-vmware-zero-days-exploited-in-the-wild/\"\u003eBroadcom patches 3 VMware zero-days exploited in the wild\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DOJ indictments: i-Soon hackers for hire and APT27\" rel=\"nofollow\" href=\"https://www.justice.gov/opa/pr/justice-department-charges-12-chinese-contract-hackers-and-law-enforcement-officers-global\"\u003eDOJ indictments: i-Soon hackers for hire and APT27\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Unmasking I-Soon \" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/unmasking-i-soon-the-leak-that-revealed-chinas-cyber-operations/\"\u003eUnmasking I-Soon \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Catalan court orders former NSO Group execs be indicted for spyware abuses\" rel=\"nofollow\" href=\"https://therecord.media/catalan-court-orders-nso-execs-investigated\"\u003eCatalan court orders former NSO Group execs be indicted for spyware abuses\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple sending \u0026#39;mercenary spyware\u0026#39; threat notifications\" rel=\"nofollow\" href=\"https://bsky.app/profile/donncha.is/post/3ljnm2u7tf225\"\u003eApple sending 'mercenary spyware' threat notifications\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How Social Engineering Sparked a Billion-Dollar Supply Chain Cryptocurrency Heist\" rel=\"nofollow\" href=\"https://www.securityweek.com/how-social-engineering-sparked-a-billion-dollar-supply-chain-cryptocurrency-heist/\"\u003eHow Social Engineering Sparked a Billion-Dollar Supply Chain Cryptocurrency Heist\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Safe{Wallet] post-mortem on ByBit $1.4B crypto heist\" rel=\"nofollow\" href=\"https://x.com/safe/status/1897663514975649938\"\u003eSafe{Wallet] post-mortem on ByBit $1.4B crypto heist\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 37: This week, we revisit the public reporting on a US/Russia cyber stand down order, CISA declaring no change to its position on tracking Russian threats, and the high-level diplomatic optics at play. \r\n\r\nPlus, a dissection of ‘The Lamberts’ APT and connections to US intelligence agencies, attribution around ‘Operation Triangulation’ and the lack of recent visibility into these actors. We also discuss a fresh batch of VMware zero-days, China’s i-Soon ‘hackers-for-hire’ indictments, the Pangu/i-Soon connection, and a new wave of Apple threat-intel warnings about mercenary spyware infections.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-03-08T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/63a92335-8a4c-4f44-8bc4-b1f6a374ffed.mp3","mime_type":"audio/mpeg","size_in_bytes":79756556,"duration_in_seconds":5972}]},{"id":"f12cd870-ed46-4801-84cc-74161e588723","title":"Lazarus ByBit $1.4B heist was supply chain attack on developer","url":"https://securityconversations.fireside.fm/lazarus-bybit-supply-chain-cellebrite-cisa-russia","content_text":"Three Buddy Problem - Episode 36: Ryan and Juanito join the show from the RE//verse conference with discussion on Natalie Silvanovic’s keynote on hunting for bugs in mobile messengers, the thrill of looking at exposed attack surfaces and the grueling “losses” bug hunters endure before a breakthrough. \n\nWe also cover the latest on the $1.4 billion ByBit hack pinned on the Lazarus Group and the malicious JavaScript supply chain attack at the center of the cryptocurrency heist. Plus, the ethical gray zones of tethered exploits via Cellebrite, the whiplash of AI-driven threat intel, and the looming pivot in U.S. cyber policy signaling a stand-down on Russia-focused ops. \n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nRE//verse Conference\nFBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge\nFBI alert on $1.5b crypto heist\nCISA report on TraderTraitor \nBybit launches bug bounty program\nLazarus Bounty \nCellebrite zero-day exploit used to target phone of Serbian student activist \nTrump administration retreats in fight against Russian cyber threats\nHegseth orders Cyber Command to stand down on Russia planning\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 36\u003c/strong\u003e: Ryan and Juanito join the show from the RE//verse conference with discussion on Natalie Silvanovic’s keynote on hunting for bugs in mobile messengers, the thrill of looking at exposed attack surfaces and the grueling “losses” bug hunters endure before a breakthrough. \u003c/p\u003e\n\n\u003cp\u003eWe also cover the latest on the $1.4 billion ByBit hack pinned on the Lazarus Group and the malicious JavaScript supply chain attack at the center of the cryptocurrency heist. Plus, the ethical gray zones of tethered exploits via Cellebrite, the whiplash of AI-driven threat intel, and the looming pivot in U.S. cyber policy signaling a stand-down on Russia-focused ops. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1fIXGfKfpyh0ltjAvW31z-g1fGhQvtMV6SsEusbZlJo0/edit?tab=t.0#heading=h.m2k4a9q509q9\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"RE//verse Conference\" rel=\"nofollow\" href=\"https://re-verse.io/\"\u003eRE//verse Conference\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge\" rel=\"nofollow\" href=\"https://www.securityweek.com/fbi-says-north-korea-hacked-bybit-as-details-of-1-5b-heist-emerge/\"\u003eFBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"FBI alert on $1.5b crypto heist\" rel=\"nofollow\" href=\"https://www.ic3.gov/PSA/2025/PSA250226\"\u003eFBI alert on $1.5b crypto heist\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA report on TraderTraitor \" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-108a\"\u003eCISA report on TraderTraitor \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Bybit launches bug bounty program\" rel=\"nofollow\" href=\"https://www.bybit.com/en/press/post/bybit-launches-recovery-bounty-program-with-rewards-up-to-10-of-stolen-funds-bltcd3ebbb9445d5b74\"\u003eBybit launches bug bounty program\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Lazarus Bounty \" rel=\"nofollow\" href=\"https://www.lazarusbounty.com/en/\"\u003eLazarus Bounty \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cellebrite zero-day exploit used to target phone of Serbian student activist \" rel=\"nofollow\" href=\"https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/\"\u003eCellebrite zero-day exploit used to target phone of Serbian student activist \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Trump administration retreats in fight against Russian cyber threats\" rel=\"nofollow\" href=\"https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security\"\u003eTrump administration retreats in fight against Russian cyber threats\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Hegseth orders Cyber Command to stand down on Russia planning\" rel=\"nofollow\" href=\"https://therecord.media/hegseth-orders-cyber-command-stand-down-russia-planning\"\u003eHegseth orders Cyber Command to stand down on Russia planning\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 36: Ryan and Juanito join the show from the RE//verse conference with discussion on Natalie Silvanovic’s keynote on hunting for bugs in mobile messengers, the thrill of looking at exposed attack surfaces and the grueling “losses” bug hunters endure before a breakthrough. \r\n\r\nWe also cover the latest on the $1.4 billion ByBit hack pinned on the Lazarus Group and the malicious JavaScript supply chain attack at the center of the cryptocurrency heist. Plus, the ethical gray zones of tethered exploits via Cellebrite, the whiplash of AI-driven threat intel, and the looming pivot in U.S. cyber policy signaling a stand-down on Russia-focused APT ops. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-03-01T09:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/f12cd870-ed46-4801-84cc-74161e588723.mp3","mime_type":"audio/mpeg","size_in_bytes":95539533,"duration_in_seconds":6802}]},{"id":"55aed9b5-d21a-47d5-8be2-1b104468b4fe","title":"North Korea's biggest ever crypto heist: $1.4B stolen from Bybit","url":"https://securityconversations.fireside.fm/north-korea-biggest-crypto-heist-apple-icloud-backups","content_text":"Three Buddy Problem - Episode 35: Juanito is live from DistrictCon with notes on discussion of an elusive iOS zero-day by a company called QuaDream and Apple’s controversial removal of iCloud backup end-to-end encryption in the UK. We also cover a staggering $1.4 billion hack by the Lazarus Group against Bybit, new angles in NSA-linked cyber-espionage against China’s top universities, Chinese hacking gangs moonlighting as ransomware criminals, and Russian APTs abusing Signal’s “linked devices” feature. Plus, Costin explains Microsoft’s quantum computing breakthrough.\n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nDistrictCon: Dissecting a QuaDream iOS zero-day\nUnpacking the UK government's secret iCloud backdoor demand\nU.K. orders Apple to let it spy on users’ encrypted accounts\nApple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand\nBybit Sees Over $4 Billion ‘Bank Run’ After Crypto’s Biggest Hack\nByBit CEO explains crypto heist\niVerify on Pegasus infections\nIs there a Pangu Team/i-SOON connection?\nRussian hackers actively targeting Signal Messenger\nHow Russian APTs abuse Signal 'linked devices' for real-time spying\nCisco Talos: In the midst of a Typhoon\nSatya Nadella: Reflections on a quantum computing breakthrough\nTaiwan wants to ban Fortinet, Zoom\nPangu Team Bvp47 report\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 35\u003c/strong\u003e: Juanito is live from DistrictCon with notes on discussion of an elusive iOS zero-day by a company called QuaDream and Apple’s controversial removal of iCloud backup end-to-end encryption in the UK. We also cover a staggering $1.4 billion hack by the Lazarus Group against Bybit, new angles in NSA-linked cyber-espionage against China’s top universities, Chinese hacking gangs moonlighting as ransomware criminals, and Russian APTs abusing Signal’s “linked devices” feature. Plus, Costin explains Microsoft’s quantum computing breakthrough.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1ZDN0kPbt0SY0cL2draq1L0347ZKSmMAoIVynCOz-1ns/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DistrictCon: Dissecting a QuaDream iOS zero-day\" rel=\"nofollow\" href=\"https://www.districtcon.org/bios-and-talks-2025/sweetquadreams-or-nightmare-before-christmas\"\u003eDistrictCon: Dissecting a QuaDream iOS zero-day\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Unpacking the UK government\u0026#39;s secret iCloud backdoor demand\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/unpacking-the-uk-governments-secret-icloud-backdoor-demand/\"\u003eUnpacking the UK government's secret iCloud backdoor demand\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"U.K. orders Apple to let it spy on users’ encrypted accounts\" rel=\"nofollow\" href=\"https://archive.ph/E6l15\"\u003eU.K. orders Apple to let it spy on users’ encrypted accounts\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand\" rel=\"nofollow\" href=\"https://www.securityweek.com/apple-pulls-advanced-data-protection-for-new-uk-users-amid-backdoor-demand/\"\u003eApple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Bybit Sees Over $4 Billion ‘Bank Run’ After Crypto’s Biggest Hack\" rel=\"nofollow\" href=\"https://www.coindesk.com/business/2025/02/22/bybit-sees-over-usd4-billion-bank-run-after-crypto-s-biggest-hack\"\u003eBybit Sees Over $4 Billion ‘Bank Run’ After Crypto’s Biggest Hack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ByBit CEO explains crypto heist\" rel=\"nofollow\" href=\"https://x.com/benbybit/status/1892963530422505586\"\u003eByBit CEO explains crypto heist\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"iVerify on Pegasus infections\" rel=\"nofollow\" href=\"https://iverify.io/blog/how-democratizing-threat-hunting-is-changing-mobile-security\"\u003eiVerify on Pegasus infections\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Is there a Pangu Team/i-SOON connection?\" rel=\"nofollow\" href=\"https://nattothoughts.substack.com/p/the-pangu-teamios-jailbreak-and-vulnerability\"\u003eIs there a Pangu Team/i-SOON connection?\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian hackers actively targeting Signal Messenger\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger\"\u003eRussian hackers actively targeting Signal Messenger\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How Russian APTs abuse Signal \u0026#39;linked devices\u0026#39; for real-time spying\" rel=\"nofollow\" href=\"https://www.securityweek.com/how-russian-hackers-are-exploiting-signals-linked-devices-for-real-time-spying/\"\u003eHow Russian APTs abuse Signal 'linked devices' for real-time spying\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cisco Talos: In the midst of a Typhoon\" rel=\"nofollow\" href=\"https://blog.talosintelligence.com/salt-typhoon-analysis/\"\u003eCisco Talos: In the midst of a Typhoon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Satya Nadella: Reflections on a quantum computing breakthrough\" rel=\"nofollow\" href=\"https://x.com/satyanadella/status/1892242895094313420\"\u003eSatya Nadella: Reflections on a quantum computing breakthrough\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Taiwan wants to ban Fortinet, Zoom\" rel=\"nofollow\" href=\"https://www.taipeitimes.com/News/taiwan/archives/2020/06/18/2003738438\"\u003eTaiwan wants to ban Fortinet, Zoom\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Pangu Team Bvp47 report\" rel=\"nofollow\" href=\"https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf\"\u003ePangu Team Bvp47 report\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 35: Juanito is live from DistrictCon with notes on discussion of an elusive iOS zero-day by a company called QuaDream and Apple’s controversial removal of iCloud backup end-to-end encryption in the UK. We also cover a staggering $1.4 billion hack by the Lazarus Group against Bybit, new angles in NSA-linked cyber-espionage against China’s top universities, Chinese hacking gangs moonlighting as ransomware criminals, and Russian APTs abusing Signal’s “linked devices” feature. Plus, Costin explains Microsoft’s quantum computing breakthrough.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-02-23T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/55aed9b5-d21a-47d5-8be2-1b104468b4fe.mp3","mime_type":"audio/mpeg","size_in_bytes":102684885,"duration_in_seconds":7627}]},{"id":"5ba11788-5a89-4134-81c1-fae481c8c05f","title":"An 'extremely sophisticated' iPhone hack; Google flags major AMD microcode bug","url":"https://securityconversations.fireside.fm/iphone-exploited-0day-amd-microcode","content_text":"Three Buddy Problem - Episode 34: We dig into the latest exploited Apple iPhone zero-day (USB Restricted Mode bypass), an AMD microcode flaw so serious it’s not being fully disclosed, a barrage of Patch Tuesday updates, the helpless nature of trying to defend corporate networks, Russian threat actor movements, and fresh intel from Rapid7, Volexity, and Microsoft. \n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nApple iOS 18.3.1 zero-day bulletin\nApple Says iPhone USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack\nQuarkslab: Analysis of USB Restricted Mode bypass (CVE-2025-24200)\nZDI Patch Tuesday recap (exploited Windows 0days)\nThe BadPilot campaign (Seashell Blizzard subgroup)\nRapid7 on PostgreSQL zero-day linked to BeyondTrust 0days\nPostgreSQL 0day advisory (CVE-2025-1094)\nGoogle partial disclosure of high-risk flaw in AMD microcode\nAMD SEV Confidential Computing Vulnerability (CVE-2024-56161)\nFortinet documents another exploited 0day\nStorm-2372 conducts device code phishing campaign\nCrowdStrike on malware naming schemes\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 34\u003c/strong\u003e: We dig into the latest exploited Apple iPhone zero-day (USB Restricted Mode bypass), an AMD microcode flaw so serious it’s not being fully disclosed, a barrage of Patch Tuesday updates, the helpless nature of trying to defend corporate networks, Russian threat actor movements, and fresh intel from Rapid7, Volexity, and Microsoft. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1aYtBxxmypz4Tnjf4p7by8urvQ15CISg-xYC_D0_yCCU/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple iOS 18.3.1 zero-day bulletin\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/122174\"\u003eApple iOS 18.3.1 zero-day bulletin\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple Says iPhone USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack\" rel=\"nofollow\" href=\"https://www.securityweek.com/apple-confirms-usb-restricted-mode-exploited-in-extremely-sophisticated-attack/\"\u003eApple Says iPhone USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Quarkslab: Analysis of USB Restricted Mode bypass (CVE-2025-24200)\" rel=\"nofollow\" href=\"https://blog.quarkslab.com/first-analysis-of-apples-usb-restricted-mode-bypass-cve-2025-24200.html\"\u003eQuarkslab: Analysis of USB Restricted Mode bypass (CVE-2025-24200)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ZDI Patch Tuesday recap (exploited Windows 0days)\" rel=\"nofollow\" href=\"https://www.zerodayinitiative.com/blog/2025/2/11/the-february-2025-security-update-review\"\u003eZDI Patch Tuesday recap (exploited Windows 0days)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The BadPilot campaign (Seashell Blizzard subgroup)\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/\"\u003eThe BadPilot campaign (Seashell Blizzard subgroup)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Rapid7 on PostgreSQL zero-day linked to BeyondTrust 0days\" rel=\"nofollow\" href=\"https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis\"\u003eRapid7 on PostgreSQL zero-day linked to BeyondTrust 0days\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PostgreSQL 0day advisory (CVE-2025-1094)\" rel=\"nofollow\" href=\"https://www.postgresql.org/support/security/CVE-2025-1094/\"\u003ePostgreSQL 0day advisory (CVE-2025-1094)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google partial disclosure of high-risk flaw in AMD microcode\" rel=\"nofollow\" href=\"https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w\"\u003eGoogle partial disclosure of high-risk flaw in AMD microcode\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AMD SEV Confidential Computing Vulnerability (CVE-2024-56161)\" rel=\"nofollow\" href=\"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html\"\u003eAMD SEV Confidential Computing Vulnerability (CVE-2024-56161)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fortinet documents another exploited 0day\" rel=\"nofollow\" href=\"https://fortiguard.fortinet.com/psirt/FG-IR-24-535\"\u003eFortinet documents another exploited 0day\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Storm-2372 conducts device code phishing campaign\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2025/02/13/storm-2372-conducts-device-code-phishing-campaign/\"\u003eStorm-2372 conducts device code phishing campaign\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CrowdStrike on malware naming schemes\" rel=\"nofollow\" href=\"https://www.crowdstrike.com/en-us/blog/how-adversary-taxonomies-strengthen-global-security/\"\u003eCrowdStrike on malware naming schemes\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 34: We dig into the latest exploited Apple iPhone zero-day (USB Restricted Mode bypass), an AMD microcode flaw so serious it’s not being fully disclosed, a barrage of Patch Tuesday updates, the helpless nature of trying to defend corporate networks, Russian threat actor movements, and fresh intel from Rapid7, Volexity, and Microsoft. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-02-15T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/5ba11788-5a89-4134-81c1-fae481c8c05f.mp3","mime_type":"audio/mpeg","size_in_bytes":69262992,"duration_in_seconds":5112}]},{"id":"6b31620f-d604-4f80-b4b8-9c3a1acc658f","title":"Unpacking the UK government's secret iCloud backdoor demand","url":"https://securityconversations.fireside.fm/apple-cloud-back-up-backdoor","content_text":"Three Buddy Problem - Episode 33: In this episode, we unpack the UK government's secret push for backdoor access to encrypted iCloud data, Apple’s approach to iCloud encryption, and the broader implications for privacy and security on a global scale. Plus, how security agencies handle zero-day vulnerabilities, surveillance spyware and mercenary hacking, and TikTok-powered election disinformation and interference.\n\nFrom wormable exploits like Eternal Bue to the realities of AI-based spying, the episode offers a detailed look into how government oversight, private sector collaboration, and shifting market forces have reshaped the way we think about cybersecurity.\n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nUK orders Apple to let it spy on users’ iCloud data\nHow to turn on Advanced Data Protection for iCloud\nKim Zetter: US government disclosed 39 zero-days in 2023\nCISA alert on Trimble zero-day exploitation\nFrance VIGINUM report on foreign digital election interference\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 33\u003c/strong\u003e: In this episode, we unpack the UK government's secret push for backdoor access to encrypted iCloud data, Apple’s approach to iCloud encryption, and the broader implications for privacy and security on a global scale. Plus, how security agencies handle zero-day vulnerabilities, surveillance spyware and mercenary hacking, and TikTok-powered election disinformation and interference.\u003c/p\u003e\n\n\u003cp\u003eFrom wormable exploits like Eternal Bue to the realities of AI-based spying, the episode offers a detailed look into how government oversight, private sector collaboration, and shifting market forces have reshaped the way we think about cybersecurity.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/14ISO1W7s7togIynY8gUu1EkmMELRFvsCJeMSTDW3aBU/edit?tab=t.0#heading=h.jbbo41oysex\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"UK orders Apple to let it spy on users’ iCloud data\" rel=\"nofollow\" href=\"https://archive.ph/E6l15\"\u003eUK orders Apple to let it spy on users’ iCloud data\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How to turn on Advanced Data Protection for iCloud\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/108756\"\u003eHow to turn on Advanced Data Protection for iCloud\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kim Zetter: US government disclosed 39 zero-days in 2023\" rel=\"nofollow\" href=\"https://www.zetter-zeroday.com/u-s-government-disclosed-39-zero-day-vulnerabilities-in-2023-per-first-ever-report/\"\u003eKim Zetter: US government disclosed 39 zero-days in 2023\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA alert on Trimble zero-day exploitation\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/alerts/2025/02/07/trimble-releases-security-updates-address-vulnerability-cityworks-software\"\u003eCISA alert on Trimble zero-day exploitation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"France VIGINUM report on foreign digital election interference\" rel=\"nofollow\" href=\"https://www.diplomatie.gouv.fr/en/french-foreign-policy/digital-diplomacy/news/article/foreign-digital-interference-publication-of-the-viginum-report-on-information\"\u003eFrance VIGINUM report on foreign digital election interference\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 33: In this episode, we unpack the UK government's secret push for backdoor access to encrypted iCloud data, Apple’s approach to iCloud encryption, and the broader implications for privacy and security on a global scale. Plus, how security agencies handle zero-day vulnerabilities, surveillance spyware and mercenary hacking, and TikTok-powered election disinformation and interference.\r\n\r\nFrom wormable exploits like Eternal Bue to the realities of AI-based spying, the episode offers a detailed look into how government oversight, private sector collaboration, and shifting market forces have reshaped the way we think about cybersecurity.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-02-08T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6b31620f-d604-4f80-b4b8-9c3a1acc658f.mp3","mime_type":"audio/mpeg","size_in_bytes":119291664,"duration_in_seconds":8562}]},{"id":"89f0f4d2-96eb-4a23-b08e-ebd2a9b550a1","title":"Inside the DeepSeek AI existential crisis, Chinese 'backdoor' in medical devices","url":"https://securityconversations.fireside.fm/inside-the-deepseek-ai-existential-crisis","content_text":"Three Buddy Problem - Episode 32: In this episode, we rummage through the DeepSeek hype and break down what makes it different from OpenAI’s models, why it’s stirring up existential controversies, and what it means for the broader tech landscape. We get into the privacy concerns, the geo-political implications, how AI models handle data, the ongoing debate over IP theft and innovation, and the challenges that come with a Chinese company shipping an open-source alternative.\n\nBeyond AI, we dig into some of the latest headlines; from a Chinese ‘backdoor’ in medical devices, problems with CISA’s backdoor bulletin, the risks of insecure IoT, phishing attacks on influencers, and ongoing battles over censorship in the VPN space. We also touch on WhatsApp catching spyware vendor Paragon Solutions and potential shifts in U.S. government policy on commercial mercenary hacking and surveillance companies. \n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nDeepSeek Privacy Policy\nWhite House evaluates effect of China AI app DeepSeek on national security\nWhy ‘Distillation’ Has Become the Scariest Word for AI Companies\nMicrosoft Probing If DeepSeek-Linked Group Improperly Obtained OpenAI Data\nU.S. Navy bans use of DeepSeek AI\nWiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information\nScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator\nScatterBrain: Deobfuscation library for PoisionPlug.SHADOW's ScatterBrain obfuscator\nCISA, FDA Warn of Dangerous Backdoor in Contec Patient Monitors\nCISA advisory: Contec CMS8000 contains a backdoor\nContec CMS 8000 product manual\nNordVPN NordWhisper\nWhatsApp: Spyware company Paragon targeted users in two dozen countries\nX Phishing Campaign Targeting High Profile Accounts, Promoting Crypto Scams\nLABScon24: Follow the Money -- CCP’s Ownership of Firms Investing in the USA (Elly Rostoum)\nBinarly Post-Quantum Readiness Technology\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 32\u003c/strong\u003e: In this episode, we rummage through the DeepSeek hype and break down what makes it different from OpenAI’s models, why it’s stirring up existential controversies, and what it means for the broader tech landscape. We get into the privacy concerns, the geo-political implications, how AI models handle data, the ongoing debate over IP theft and innovation, and the challenges that come with a Chinese company shipping an open-source alternative.\u003c/p\u003e\n\n\u003cp\u003eBeyond AI, we dig into some of the latest headlines; from a Chinese ‘backdoor’ in medical devices, problems with CISA’s backdoor bulletin, the risks of insecure IoT, phishing attacks on influencers, and ongoing battles over censorship in the VPN space. We also touch on WhatsApp catching spyware vendor Paragon Solutions and potential shifts in U.S. government policy on commercial mercenary hacking and surveillance companies. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1Vg9du9EcqqdpQ-p4QJIcRu84XynZ5pFSAn8Q2CAoij8/edit?tab=t.0#heading=h.ywmge3vqzj3r\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DeepSeek Privacy Policy\" rel=\"nofollow\" href=\"https://archive.ph/PS9lR\"\u003eDeepSeek Privacy Policy\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"White House evaluates effect of China AI app DeepSeek on national security\" rel=\"nofollow\" href=\"https://www.reuters.com/technology/artificial-intelligence/white-house-evaluates-china-ai-app-deepseeks-affect-national-security-official-2025-01-28/\"\u003eWhite House evaluates effect of China AI app DeepSeek on national security\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Why ‘Distillation’ Has Become the Scariest Word for AI Companies\" rel=\"nofollow\" href=\"https://archive.ph/uLjU4\"\u003eWhy ‘Distillation’ Has Become the Scariest Word\u0026nbsp;for AI Companies\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Probing If DeepSeek-Linked Group Improperly Obtained OpenAI Data\" rel=\"nofollow\" href=\"https://archive.ph/QAZNI\"\u003eMicrosoft Probing If DeepSeek-Linked Group Improperly Obtained OpenAI Data\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"U.S. Navy bans use of DeepSeek AI\" rel=\"nofollow\" href=\"https://www.cnbc.com/2025/01/28/us-navy-restricts-use-of-deepseek-ai-imperative-to-avoid-using.html\"\u003eU.S. Navy bans use of DeepSeek AI\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information\" rel=\"nofollow\" href=\"https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak\"\u003eWiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ScatterBrain: Unmasking the Shadow of PoisonPlug\u0026#39;s Obfuscator\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/scatterbrain-unmasking-poisonplug-obfuscator\"\u003eScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ScatterBrain: Deobfuscation library for PoisionPlug.SHADOW\u0026#39;s ScatterBrain obfuscator\" rel=\"nofollow\" href=\"https://github.com/mandiant/poisonplug-scatterbrain\"\u003eScatterBrain: Deobfuscation library for PoisionPlug.SHADOW's ScatterBrain obfuscator\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA, FDA Warn of Dangerous Backdoor in Contec Patient Monitors\" rel=\"nofollow\" href=\"https://www.securityweek.com/cisa-fda-warn-of-dangerous-backdoor-in-contec-patient-monitors/\"\u003eCISA, FDA Warn of Dangerous Backdoor in Contec Patient Monitors\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA advisory: Contec CMS8000 contains a backdoor\" rel=\"nofollow\" href=\"https://www.cisa.gov/sites/default/files/2025-01/fact-sheet-contec-cms8000-contains-a-backdoor-508c.pdf\"\u003eCISA advisory: Contec CMS8000 contains a backdoor\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Contec CMS 8000 product manual\" rel=\"nofollow\" href=\"https://www.gimaitaly.com/DocumentiGIMA/Manuali/EN/M35152EN.pdf\"\u003eContec CMS 8000 product manual\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NordVPN NordWhisper\" rel=\"nofollow\" href=\"https://nordvpn.com/blog/nordwhisper-protocol/\"\u003eNordVPN NordWhisper\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"WhatsApp: Spyware company Paragon targeted users in two dozen countries\" rel=\"nofollow\" href=\"https://www.reuters.com/technology/cybersecurity/metas-whatsapp-says-israeli-spyware-company-paragon-targeted-scores-users-2025-01-31/\"\u003eWhatsApp: Spyware company Paragon targeted users in two dozen countries\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"X Phishing Campaign Targeting High Profile Accounts, Promoting Crypto Scams\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/phishing-on-x-high-profile-account-targeting-campaign-returns/\"\u003eX Phishing Campaign Targeting High Profile Accounts, Promoting Crypto Scams\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon24: Follow the Money -- CCP’s Ownership of Firms Investing in the USA (Elly Rostoum)\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=glyHKbaS4Fs\u0026amp;ab_channel=SentinelOne\"\u003eLABScon24: Follow the Money -- CCP’s Ownership of Firms Investing in the USA (Elly Rostoum)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Binarly Post-Quantum Readiness Technology\" rel=\"nofollow\" href=\"https://www.binarly.io/blog/binarly-transparency-platform-v2-7-propels-enterprises-toward-post-quantum-readiness\"\u003eBinarly Post-Quantum Readiness Technology\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 32: In this episode, we rummage through the DeepSeek hype and break down what makes it different from OpenAI’s models, why it’s stirring up existential controversies, and what it means for the broader tech landscape. We get into the privacy concerns, the geo-political implications, how AI models handle data, the ongoing debate over IP theft and innovation, and the challenges that come with a Chinese company shipping an open-source alternative.\r\n\r\nBeyond AI, we dig into some of the latest headlines; from a Chinese ‘backdoor’ in medical devices, problems with CISA’s backdoor bulletin, the risks of insecure IoT, phishing attacks on influencers, and ongoing battles over censorship in the VPN space. We also touch on WhatsApp catching spyware vendor Paragon Solutions and potential shifts in U.S. government policy on commercial mercenary hacking and surveillance companies. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.","date_published":"2025-01-31T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/89f0f4d2-96eb-4a23-b08e-ebd2a9b550a1.mp3","mime_type":"audio/mpeg","size_in_bytes":110179568,"duration_in_seconds":8384}]},{"id":"a8b5e326-37a9-40ab-b769-f92834d95934","title":"Death of the CSRB, zero-days storms at the edge, Juniper router backdoors","url":"https://securityconversations.fireside.fm/zero-day-storms-death-of-crsb","content_text":"Three Buddy Problem - Episode 31: Dennis Fisher steps in for Ryan Naraine to moderate discussion on a very busy week in cybersecurity. The cast dig into the wave of big research reports, the disbanding of the Cyber Safety Review Board (CSRB), the ongoing flood of exploits targeting security appliances from Ivanti and SonicWall, and the recent Lumen research on Juniper router backdoors. \n\nPlus, the challenges of coordinating disclosures, the tough realities of intelligence work, and the complex landscape of nation-state attacks -- especially around Chinese threat actors and Western defenses. \n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Dennis Fisher.\n\n\nRyan Naraine in on work travel.\nLinks:Transcript (unedited, AI-generated)\nDHS Disbands Cyber Safety Review Board, Ending One of CISA’s Few Bright Spots\nCSRB report on Microsoft Exchange Online Intrusion\nSenator Ron Wyden on CSRB disbandment\nCISA CSRB: good riddance\nThreat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications\nSonicWall confirms new 0day exploited in the wild\nThe J-Magic Show: Magic Packets and Where to Find Them\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 31\u003c/strong\u003e: Dennis Fisher steps in for Ryan Naraine to moderate discussion on a very busy week in cybersecurity. The cast dig into the wave of big research reports, the disbanding of the Cyber Safety Review Board (CSRB), the ongoing flood of exploits targeting security appliances from Ivanti and SonicWall, and the recent Lumen research on Juniper router backdoors. \u003c/p\u003e\n\n\u003cp\u003ePlus, the challenges of coordinating disclosures, the tough realities of intelligence work, and the complex landscape of nation-state attacks -- especially around Chinese threat actors and Western defenses. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and Dennis Fisher.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e in on work travel.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1qT2olnStWy4-0PWd6KdBNHAG20hJxe83zyGqXO7_B9Y/edit?tab=t.0#heading=h.ywmge3vqzj3r\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DHS Disbands Cyber Safety Review Board, Ending One of CISA’s Few Bright Spots\" rel=\"nofollow\" href=\"https://www.securityweek.com/dhs-disbands-cyber-safety-review-board-ending-one-of-cisas-few-bright-spots/\"\u003eDHS Disbands Cyber Safety Review Board, Ending One of CISA’s Few Bright Spots\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CSRB report on Microsoft Exchange Online Intrusion\" rel=\"nofollow\" href=\"https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf\"\u003eCSRB report on Microsoft Exchange Online Intrusion\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Senator Ron Wyden on CSRB disbandment\" rel=\"nofollow\" href=\"https://bsky.app/profile/wyden.senate.gov/post/3lgbvtdltic2h\"\u003eSenator Ron Wyden on CSRB disbandment\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA CSRB: good riddance\" rel=\"nofollow\" href=\"https://cybersect.substack.com/p/cisa-csrb-good-riddance\"\u003eCISA CSRB: good riddance\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a\"\u003eThreat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"SonicWall confirms new 0day exploited in the wild\" rel=\"nofollow\" href=\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002\"\u003eSonicWall confirms new 0day exploited in the wild\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The J-Magic Show: Magic Packets and Where to Find Them\" rel=\"nofollow\" href=\"https://blog.lumen.com/the-j-magic-show-magic-packets-and-where-to-find-them/\"\u003eThe J-Magic Show: Magic Packets and Where to Find Them\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 31: Dennis Fisher steps in for Ryan Naraine to moderate discussion on a very busy week in cybersecurity. The cast dig into the wave of big research reports, the disbanding of the Cyber Safety Review Board (CSRB), the ongoing flood of exploits targeting security appliances from Ivanti and SonicWall, and the recent Lumen research on Juniper router backdoors. \r\n\r\nPlus, the challenges of coordinating disclosures, the tough realities of intelligence work, and the complex landscape of nation-state attacks -- especially around Chinese threat actors and Western defenses. \r\n\r\nCast: Dennis Fisher (guest host), Costin Raiu and Juan Andres Guerrero-Saade.\r\n\r\n* Ryan Naraine is on work travel.","date_published":"2025-01-24T14:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a8b5e326-37a9-40ab-b769-f92834d95934.mp3","mime_type":"audio/mpeg","size_in_bytes":91593748,"duration_in_seconds":6539}]},{"id":"f31e117e-f570-453a-862f-604a0314c90b","title":"Inside the PlugX malware removal operation, CISA takes victory lap and another Fortinet 0day","url":"https://securityconversations.fireside.fm/cisa-victory-lap-plugx-removal-tiktok-ban","content_text":"Three Buddy Problem - Episode 30: We discuss French threat-intel Sekoia creating a portal to handle “sovereign disinfections” of the PlugX malware, CISA leadership taking a victory lap using the ‘Secure by Design’ pledge as a trophy, the new Biden cybersecurity Executive Order, another Fortinet zero-day, the TikTok ban and Ukrainian hackers targeting Russian companies. \n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nCourt-Authorized Operation Removes PlugX Malware from Over 4,200 Infected U.S. Computers\nPlugX removal affidavit\nSekoia -- PlugX worm disinfection campaign\nJen Easterly: Building a secure by Design ecosystem \nTrump zeroes in on Sean Plankey to lead CISA\nSean Plankey bio\nBiden cybersecurity executive order\nBiden executive order aims to shore up US cyber defenses\nGravy Analytics accused of negligence over location data breach\nTracking the mobile trackers (Costin Raiu) - YouTube\nRussia's largest platform for state procurement hit by cyberattack from pro-Ukraine group\nNew Star Blizzard spear-phishing campaign targets WhatsApp accounts\nUK proposes ransomware payment ban\nFortinet authentication bypass zero-day \nFortinet: Deep dive into a Linux rootkit malware\nBernardo Quintero's new book on VirusTotal (Spanish-language)\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 30\u003c/strong\u003e: We discuss French threat-intel Sekoia creating a portal to handle “sovereign disinfections” of the PlugX malware, CISA leadership taking a victory lap using the ‘Secure by Design’ pledge as a trophy, the new Biden cybersecurity Executive Order, another Fortinet zero-day, the TikTok ban and Ukrainian hackers targeting Russian companies. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1HS3gbpFtueD9eaOkBNbgS5Hg-x7SNSKudF9gx84_qMU/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Court-Authorized Operation Removes PlugX Malware from Over 4,200 Infected U.S. Computers\" rel=\"nofollow\" href=\"https://www.justice.gov/opa/pr/justice-department-and-fbi-conduct-international-operation-delete-malware-used-china-backed\"\u003eCourt-Authorized Operation Removes PlugX Malware from Over 4,200 Infected U.S. Computers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PlugX removal affidavit\" rel=\"nofollow\" href=\"https://www.justice.gov/opa/media/1384136/dl\"\u003ePlugX removal affidavit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sekoia -- PlugX worm disinfection campaign\" rel=\"nofollow\" href=\"https://blog.sekoia.io/plugx-worm-disinfection-campaign-feedbacks/\"\u003eSekoia -- PlugX worm disinfection campaign\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Jen Easterly: Building a secure by Design ecosystem \" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/news/building-secure-design-ecosystem\"\u003eJen Easterly: Building a secure by Design ecosystem \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Trump zeroes in on Sean Plankey to lead CISA\" rel=\"nofollow\" href=\"https://www.politico.com/live-updates/2025/01/15/congress/sean-plankey-likely-to-lead-u-s-cyber-agency-00198382\"\u003eTrump zeroes in on Sean Plankey to lead CISA\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sean Plankey bio\" rel=\"nofollow\" href=\"https://www.sans.org/profiles/sean-plankey/\"\u003eSean Plankey bio\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Biden cybersecurity executive order\" rel=\"nofollow\" href=\"https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/\"\u003eBiden cybersecurity executive order\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Biden executive order aims to shore up US cyber defenses\" rel=\"nofollow\" href=\"https://apnews.com/article/cybersecurity-biden-trump-china-russia-ai-quantum-3fc53784ad9d1c05d7de85224a762a36\"\u003eBiden executive order aims to shore up US cyber defenses\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Gravy Analytics accused of negligence over location data breach\" rel=\"nofollow\" href=\"https://news.bloomberglaw.com/privacy-and-data-security/gravy-analytics-accused-of-negligence-over-location-data-breach\"\u003eGravy Analytics accused of negligence over location data breach\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Tracking the mobile trackers (Costin Raiu) - YouTube\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=EG6sZA1N8NU\u0026amp;ab_channel=OPCDE\"\u003eTracking the mobile trackers (Costin Raiu) - YouTube\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russia\u0026#39;s largest platform for state procurement hit by cyberattack from pro-Ukraine group\" rel=\"nofollow\" href=\"https://therecord.media/russian-platform-for-state-procurement-hit-cyberattack\"\u003eRussia's largest platform for state procurement hit by cyberattack from pro-Ukraine group\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"New Star Blizzard spear-phishing campaign targets WhatsApp accounts\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2025/01/16/new-star-blizzard-spear-phishing-campaign-targets-whatsapp-accounts/\"\u003eNew Star Blizzard spear-phishing campaign targets WhatsApp accounts\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"UK proposes ransomware payment ban\" rel=\"nofollow\" href=\"https://www.gov.uk/government/news/world-leading-proposals-to-protect-businesses-from-cybercrime\"\u003eUK proposes ransomware payment ban\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fortinet authentication bypass zero-day \" rel=\"nofollow\" href=\"https://fortiguard.fortinet.com/psirt/FG-IR-24-535\"\u003eFortinet authentication bypass zero-day \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fortinet: Deep dive into a Linux rootkit malware\" rel=\"nofollow\" href=\"https://www.fortinet.com/blog/threat-research/deep-dive-into-a-linux-rootkit-malware\"\u003eFortinet: Deep dive into a Linux rootkit malware\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Bernardo Quintero\u0026#39;s new book on VirusTotal (Spanish-language)\" rel=\"nofollow\" href=\"https://www.amazon.com/Infectado-Spectrum-emprendedor-accidental-Spanish/dp/8409666227/ref=sr_1_1?crid=27KFPUV4ECRH7\u0026amp;dib=eyJ2IjoiMSJ9.RtftyW4qSxl2Q07QPDYz0JgOYLm_jlK0D5e4quXsVNSmjtQQ8abhBlRIA-Nf7U52lLy4zw2gX2NTgPAbcbW6n4rBuiAXNmN3-GgGABAjMjDXf_3a6-W0W9zIyiKdEYRWl2rlphl_tl5MwyE5wHHlBouzn8aE8_GS_Lk478PIl5G-bFxbGPG9Gd8OAzKjHaxqUbf7P4jpSzKvIsumlR5eaI3rVPfdcdYXyLaGM_LpxGk.B0D0HYHfmenDvtslyNwXiMtNFrsxLEiihfv4twDd4t8\u0026amp;dib_tag=se\u0026amp;keywords=bernardo+quintero\u0026amp;qid=1737143167\u0026amp;sprefix=%2Caps%2C143\u0026amp;sr=8-1\"\u003eBernardo Quintero's new book on VirusTotal (Spanish-language)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 30: We discuss French threat-intel Sekoia creating a portal to handle “sovereign disinfections” of the PlugX malware, CISA leadership taking a victory lap using the ‘Secure by Design’ pledge as a trophy, the new Biden cybersecurity Executive Order, another Fortinet zero-day, the TikTok ban and Ukrainian hackers targeting Russian companies. \r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade","date_published":"2025-01-17T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/f31e117e-f570-453a-862f-604a0314c90b.mp3","mime_type":"audio/mpeg","size_in_bytes":95741011,"duration_in_seconds":7192}]},{"id":"84744251-fc7f-4c4c-bee0-e328e8ae3c02","title":"Hijacking .gov backdoors, Ivanti 0days and a Samsung 0-click vuln","url":"https://securityconversations.fireside.fm/ivanti-zero-day-samsung-zero-click-china-blame","content_text":"Three Buddy Problem - Episode 29: Another day, another Ivanti zero-day being exploited in the wild. Plus, China's strange response to Volt Typhoon attribution, Japan blames China for hacks, a Samsung 0-click vulnerability found by Project Zero, Kim Zetter's reporting on drone sightings and a nuclear scare. Plus, hijacking abandoned .gov backdoors and Ukrainian hacktivists wiping a major Russian ISP.\n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nIvanti Connect Secure zero-day advisory\nMandiant report on new Ivanti zero-day\nChina Daily responds to Volt Typhoon attribution\nJapan warns about Chinese 'MirrorFace' attacks\nWho is MirrorFace?\nNatalie Silvanovich on new Samsung 0-click\nKim Zetter: Anatomy of a Nuclear Scare\nBackdooring .gov backdoors via $20 domains\nAPT32 poisoning GitHub, targeting Chinese security pros\nUkraine wipes Russian ISP\nRussian internet provider confirms network ‘destroyed’ by Ukrainian hackers\nMullvad: Quantum-resistant tunnels on desktop VPN\nFundraiser for Marc Rogers\nCNN: Amit Yoran has died at 54 \n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 29\u003c/strong\u003e: Another day, another Ivanti zero-day being exploited in the wild. Plus, China's strange response to Volt Typhoon attribution, Japan blames China for hacks, a Samsung 0-click vulnerability found by Project Zero, Kim Zetter's reporting on drone sightings and a nuclear scare. Plus, hijacking abandoned .gov backdoors and Ukrainian hacktivists wiping a major Russian ISP.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1v4WDMg3bTW_lQ0cYU7LBrlLND9eVBt-wkpw4tLJI3f4/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ivanti Connect Secure zero-day advisory\" rel=\"nofollow\" href=\"https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US\"\u003eIvanti Connect Secure zero-day advisory\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mandiant report on new Ivanti zero-day\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day/\"\u003eMandiant report on new Ivanti zero-day\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"China Daily responds to Volt Typhoon attribution\" rel=\"nofollow\" href=\"https://x.com/chinadaily/status/1876581637762457694?s=46\u0026amp;t=NxSQbkIl4wl2Ei8yYr-9IQ\"\u003eChina Daily responds to Volt Typhoon attribution\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Japan warns about Chinese \u0026#39;MirrorFace\u0026#39; attacks\" rel=\"nofollow\" href=\"https://www.npa.go.jp/bureau/cyber/koho/caution/caution20250108.html\"\u003eJapan warns about Chinese 'MirrorFace' attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Who is MirrorFace?\" rel=\"nofollow\" href=\"https://malpedia.caad.fkie.fraunhofer.de/actor/mirrorface\"\u003eWho is MirrorFace?\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Natalie Silvanovich on new Samsung 0-click\" rel=\"nofollow\" href=\"https://x.com/natashenka/status/1877507134474109437\"\u003eNatalie Silvanovich on new Samsung 0-click\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kim Zetter: Anatomy of a Nuclear Scare\" rel=\"nofollow\" href=\"https://www.zetter-zeroday.com/anatomy-of-a-nuclear-scare/\"\u003eKim Zetter: Anatomy of a Nuclear Scare\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Backdooring .gov backdoors via $20 domains\" rel=\"nofollow\" href=\"https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/\"\u003eBackdooring .gov backdoors via $20 domains\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"APT32 poisoning GitHub, targeting Chinese security pros\" rel=\"nofollow\" href=\"https://threatbook.io/blog/APT32-Poisoning-GitHub,-Targeting-Chinese-Cybersecurity-Professionals-and-Specific-Large-Enterprises\"\u003eAPT32 poisoning GitHub, targeting Chinese security pros\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ukraine wipes Russian ISP\" rel=\"nofollow\" href=\"https://vk.com/wall-7622_825\"\u003eUkraine wipes Russian ISP\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian internet provider confirms network ‘destroyed’ by Ukrainian hackers\" rel=\"nofollow\" href=\"https://therecord.media/russian-internet-provider-says-network-destroyed-cyberattack\"\u003eRussian internet provider confirms network ‘destroyed’ by Ukrainian hackers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mullvad: Quantum-resistant tunnels on desktop VPN\" rel=\"nofollow\" href=\"https://mullvad.net/en/blog/quantum-resistant-tunnels-are-now-the-default-on-desktop\"\u003eMullvad: Quantum-resistant tunnels on desktop VPN\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fundraiser for Marc Rogers\" rel=\"nofollow\" href=\"https://www.gofundme.com/f/support-marc-rogers-road-to-recovery\"\u003eFundraiser for Marc Rogers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CNN: Amit Yoran has died at 54 \" rel=\"nofollow\" href=\"https://www.cnn.com/2025/01/04/business/amit-yoran-dies-tenable-ceo/index.html\"\u003eCNN: Amit Yoran has died at 54 \n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 29: Another day, another Ivanti zero-day being exploited in the wild. Plus, China's strange response to Volt Typhoon attribution, Japan blames China for hacks, a Samsung 0-click vulnerability found by Project Zero, Kim Zetter's reporting on drone sightings and a nuclear scare. Plus, hijacking abandoned .gov backdoors and Ukrainian hacktivists wiping a major Russian ISP.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade","date_published":"2025-01-10T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/84744251-fc7f-4c4c-bee0-e328e8ae3c02.mp3","mime_type":"audio/mpeg","size_in_bytes":91922860,"duration_in_seconds":6501}]},{"id":"2702a1ec-2c6e-4d8c-902a-5f462b1a93be","title":"US Treasury hacked via BeyondTrust, MISP and the threat actor naming mess","url":"https://securityconversations.fireside.fm/fixing-threat-actor-naming-mess","content_text":"Three Buddy Problem - Episode 28: In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by a lack of standardization, methodological inconsistencies and skewed, marketing-driven incentives. \n\nPlus, the US Treasury/BeyondTrust hack, the surge in 0day discoveries, a new variant of the Xdr33 CIA Hive malware, and exclusive new information on the Cyberhaven Chrome extension security incident.\n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nBeyondTrust statement on hack investigation\nU.S. Treasury says it was hacked by China-backed actors\nAnother Palo Alto 0day exploited in the wild\nUS telcos say they've evicted Salt Typhoon Chinese hackers\nGoogle: What is BeyondCorp?\nIntroducing the MISP Threat Actor Naming Standard\nMISP: Recommendations on Naming Threat Actors\nNew variant of the CIA HIVE attack kit\nXdr33 Variant Of CIA's HIVE Attack Kit Emerges\nSavvy Seahorse connection to Cyberhaven incident\nUS sanctions China's Integrity Technology over Flax Typhoon hacks\nOperation Aurora\nAPT1 Exposing One of China’s Cyber Espionage Units\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 28\u003c/strong\u003e: In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by a lack of standardization, methodological inconsistencies and skewed, marketing-driven incentives. \u003c/p\u003e\n\n\u003cp\u003ePlus, the US Treasury/BeyondTrust hack, the surge in 0day discoveries, a new variant of the Xdr33 CIA Hive malware, and exclusive new information on the Cyberhaven Chrome extension security incident.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1Fozuh0j1k3EiKJr8mSxP__6O6dQ3iLgAxeEq8f9GKxI/edit?tab=t.0#heading=h.1u39inyn4ent\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"BeyondTrust statement on hack investigation\" rel=\"nofollow\" href=\"https://www.beyondtrust.com/remote-support-saas-service-security-investigation\"\u003eBeyondTrust statement on hack investigation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"U.S. Treasury says it was hacked by China-backed actors\" rel=\"nofollow\" href=\"https://archive.ph/0ELY2\"\u003eU.S. Treasury says it was hacked by China-backed actors\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Another Palo Alto 0day exploited in the wild\" rel=\"nofollow\" href=\"https://security.paloaltonetworks.com/CVE-2024-3393\"\u003eAnother Palo Alto 0day exploited in the wild\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US telcos say they\u0026#39;ve evicted Salt Typhoon Chinese hackers\" rel=\"nofollow\" href=\"https://www.reuters.com/technology/cybersecurity/chinese-salt-typhoon-cyberespionage-targets-att-networks-secure-carrier-says-2024-12-29/\"\u003eUS telcos say they've evicted Salt Typhoon Chinese hackers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google: What is BeyondCorp?\" rel=\"nofollow\" href=\"https://cloud.google.com/beyondcorp\"\u003eGoogle: What is BeyondCorp?\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Introducing the MISP Threat Actor Naming Standard\" rel=\"nofollow\" href=\"https://www.misp-standard.org/blog/Naming-Threat-Actor/\"\u003eIntroducing the MISP Threat Actor Naming Standard\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"MISP: Recommendations on Naming Threat Actors\" rel=\"nofollow\" href=\"https://www.misp-standard.org/rfc/threat-actor-naming.html\"\u003eMISP: Recommendations on Naming Threat Actors\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"New variant of the CIA HIVE attack kit\" rel=\"nofollow\" href=\"https://x.com/nextronresearch/status/1874690494930014703\"\u003eNew variant of the CIA HIVE attack kit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Xdr33 Variant Of CIA\u0026#39;s HIVE Attack Kit Emerges\" rel=\"nofollow\" href=\"https://blog.netlab.360.com/headsup_xdr33_variant_of_ciahive_emeerges/\"\u003eXdr33 Variant Of CIA's HIVE Attack Kit Emerges\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Savvy Seahorse connection to Cyberhaven incident\" rel=\"nofollow\" href=\"https://blogs.infoblox.com/threat-intelligence/beware-the-shallow-waters-savvy-seahorse-lures-victims-to-fake-investment-platforms-through-facebook-ads/\"\u003eSavvy Seahorse connection to Cyberhaven incident\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US sanctions China\u0026#39;s Integrity Technology over Flax Typhoon hacks\" rel=\"nofollow\" href=\"https://www.reuters.com/technology/cybersecurity/us-issues-cybersecurity-sanctions-against-chinas-integrity-technology-2025-01-03/\"\u003eUS sanctions China's Integrity Technology over Flax Typhoon hacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Operation Aurora\" rel=\"nofollow\" href=\"https://en.wikipedia.org/wiki/Operation_Aurora\"\u003eOperation Aurora\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"APT1 Exposing One of China’s Cyber Espionage Units\" rel=\"nofollow\" href=\"https://www.mandiant.com/sites/default/files/2021-09/mandiant-apt1-report.pdf\"\u003eAPT1 Exposing One of China’s Cyber Espionage Units\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 28: In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by a lack of standardization, methodological inconsistencies and skewed, marketing-driven incentives. \r\n\r\nPlus, the US Treasury/BeyondTrust hack, the surge in 0day discoveries, a new variant of the Xdr33 CIA Hive malware, and exclusive new information on the Cyberhaven Chrome extension security incident.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade","date_published":"2025-01-03T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/2702a1ec-2c6e-4d8c-902a-5f462b1a93be.mp3","mime_type":"audio/mpeg","size_in_bytes":88069225,"duration_in_seconds":6556}]},{"id":"55fe71f1-b9b4-4a31-8a0b-8f6a8d59b903","title":"Palo Alto network edge device backdoor, Cyberhaven browser extension hack, 2024 research highlights","url":"https://securityconversations.fireside.fm/palo-alto-backdoor-cyberhaven-hack-year-review","content_text":"Three Buddy Problem - Episode 27: We discuss the discovery of a Palo Alto network firewall attack and a stealthy network ed ge device backdoor (LITTLELAMB.WOOLTEA), the Cyberhaven hack and the shady world of browser extensions, and a look back at the top research projects that caught our attention in 2025.\n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nLITTLELAMB.WOOLTEA: Stealthy Network Edge Device Backdoor \nPalo Alto: Operation Lunar Peek\nInvestigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts\n“A Digital Prison”: Surveillance and the suppression of civil society in Serbia\nCyberhaven breach reported. Employee phished and pushed malicious chrome extension\nGRU 29155 doing cyber operations\nHow a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar \nSophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days\nOperation MiddleFloor: Unmasking the Disinformation Campaign Targeting Moldova's National Elections\nNSPX30: A sophisticated AitM-enabled implant evolving since 2005\nbackdoor in upstream xz/liblzma leading to ssh server compromise\nPKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem\nThe Tech Coup - How to Save Democracy from Silicon Valley\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 27\u003c/strong\u003e: We discuss the discovery of a Palo Alto network firewall attack and a stealthy network ed ge device backdoor (LITTLELAMB.WOOLTEA), the Cyberhaven hack and the shady world of browser extensions, and a look back at the top research projects that caught our attention in 2025.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1321LDAuU5PosOnXODrFvvXAx8TiTXr1kbtQZE1PhhLw/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LITTLELAMB.WOOLTEA: Stealthy Network Edge Device Backdoor \" rel=\"nofollow\" href=\"https://northwave-cybersecurity.com/hubfs/LITTLELAMB%20WOOLTEA%20technical%20writeup%20Schrijver%20and%20Oudenaarden.pdf\"\u003eLITTLELAMB.WOOLTEA: Stealthy Network Edge Device Backdoor \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Palo Alto: Operation Lunar Peek\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/\"\u003ePalo Alto: Operation Lunar Peek\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-exploitation-persistence/\"\u003eInvestigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"“A Digital Prison”: Surveillance and the suppression of civil society in Serbia\" rel=\"nofollow\" href=\"https://securitylab.amnesty.org/latest/2024/12/a-digital-prison-surveillance-and-the-suppression-of-civil-society-in-serbia/\"\u003e“A Digital Prison”: Surveillance and the suppression of civil society in Serbia\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cyberhaven breach reported. Employee phished and pushed malicious chrome extension\" rel=\"nofollow\" href=\"https://x.com/cstanley/status/1872365853318225931\"\u003eCyberhaven breach reported. Employee phished and pushed malicious chrome extension\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"GRU 29155 doing cyber operations\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a\"\u003eGRU 29155 doing cyber operations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar \" rel=\"nofollow\" href=\"https://www.wired.com/story/predatory-sparrow-cyberattack-timeline/\"\u003eHow a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days\" rel=\"nofollow\" href=\"https://www.securityweek.com/sophos-used-custom-implants-to-surveil-chinese-hackers-targeting-firewall-zero-days/\"\u003eSophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Operation MiddleFloor: Unmasking the Disinformation Campaign Targeting Moldova\u0026#39;s National Elections\" rel=\"nofollow\" href=\"https://blog.checkpoint.com/research/operation-middlefloor-unmasking-the-disinformation-campaign-targeting-moldovas-national-elections/\"\u003eOperation MiddleFloor: Unmasking the Disinformation Campaign Targeting Moldova's National Elections\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NSPX30: A sophisticated AitM-enabled implant evolving since 2005\" rel=\"nofollow\" href=\"https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/\"\u003eNSPX30: A sophisticated AitM-enabled implant evolving since 2005\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"backdoor in upstream xz/liblzma leading to ssh server compromise\" rel=\"nofollow\" href=\"https://seclists.org/oss-sec/2024/q1/268\"\u003ebackdoor in upstream xz/liblzma leading to ssh server compromise\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem\" rel=\"nofollow\" href=\"https://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem\"\u003ePKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Tech Coup - How to Save Democracy from Silicon Valley\" rel=\"nofollow\" href=\"https://press.princeton.edu/books/hardcover/9780691241173/the-tech-coup?srsltid=AfmBOoq7pNBk27MtRxluxXHgYpx1hk2misTivpgZBRfkrplbw9t3q81i\"\u003eThe Tech Coup - How to Save Democracy from Silicon Valley\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 27: We discuss the discovery of a Palo Alto network firewall attack and a stealthy network edge device backdoor (LITTLELAMB.WOOLTEA), the Cyberhaven hack and the shady world of browser extensions, and a look back at the top research projects that caught our attention in 2025.\r\n\r\nCast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade","date_published":"2024-12-27T11:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/55fe71f1-b9b4-4a31-8a0b-8f6a8d59b903.mp3","mime_type":"audio/mpeg","size_in_bytes":91383420,"duration_in_seconds":6791}]},{"id":"4e8b8384-f9ae-4e42-87fe-d72ab006ab10","title":"US government's VPN advice, dropping bombs on ransomware gangs","url":"https://securityconversations.fireside.fm/cisa-vpn-advice-tp-link-cellebrite-novispy","content_text":"Three Buddy Problem - Episode 26: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite.\n\nPlus, thoughts on the US government’s controversial guidance on VPNs, Chinese reports on US intel agency hacking, TP-Link sanctions chatter, Mossad's dramatic exploding beeper operation and the ethical, legal, and security implications of escalating cyber-deterrence. Also, a mysterious BeyondTrust 0-day!\n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nSurveillance and the suppression of civil society in Serbia\nCISA: VPN and mobile device security guidance\nCostin Raiu: Staying safe from Pegasus, Chrysaor and other APT mobile malware (2024 update)\nBitsight: The Aftermath of the Kaspersky Ban\nUS Probes China-Founded Router Maker TP-Link\nRob Joyce: Move away from TP-Link\nChina report on US intelligence corporate hacking\nForeign hackers need to face real consequences\nIsrael's Mossad spent years orchestrating Hezbollah pager plot\nBeyondTrust 0day\nSophos Firewall CVSS 9.8 bulletin\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 26\u003c/strong\u003e: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite.\u003c/p\u003e\n\n\u003cp\u003ePlus, thoughts on the US government’s controversial guidance on VPNs, Chinese reports on US intel agency hacking, TP-Link sanctions chatter, Mossad's dramatic exploding beeper operation and the ethical, legal, and security implications of escalating cyber-deterrence. Also, a mysterious BeyondTrust 0-day!\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1v_-VcFPFydOVKG42d5hAO5MPx50HNR10l95h8Gh12WA/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Surveillance and the suppression of civil society in Serbia\" rel=\"nofollow\" href=\"https://www.amnesty.org/en/documents/eur70/8813/2024/en/\"\u003eSurveillance and the suppression of civil society in Serbia\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA: VPN and mobile device security guidance\" rel=\"nofollow\" href=\"https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-best-practices.pdf\"\u003eCISA: VPN and mobile device security guidance\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Costin Raiu: Staying safe from Pegasus, Chrysaor and other APT mobile malware (2024 update)\" rel=\"nofollow\" href=\"https://medium.com/@costin.raiu/staying-safe-from-pegasus-chrysaor-and-other-apt-mobile-malware-a923b56d645f\"\u003eCostin Raiu: Staying safe from Pegasus, Chrysaor and other APT mobile malware (2024 update)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Bitsight: The Aftermath of the Kaspersky Ban\" rel=\"nofollow\" href=\"https://www.bitsight.com/blog/aftermath-kaspersky-ban\"\u003eBitsight: The Aftermath of the Kaspersky Ban\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US Probes China-Founded Router Maker TP-Link\" rel=\"nofollow\" href=\"https://archive.ph/tzycz\"\u003eUS Probes China-Founded Router Maker TP-Link\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Rob Joyce: Move away from TP-Link\" rel=\"nofollow\" href=\"https://bsky.app/profile/rgblights.bsky.social/post/3ldlr2lrfe22y\"\u003eRob Joyce: Move away from TP-Link\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"China report on US intelligence corporate hacking\" rel=\"nofollow\" href=\"https://www.cert.org.cn/publish/main/8/2024/20241218184234131217571/20241218184234131217571_.html\"\u003eChina report on US intelligence corporate hacking\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Foreign hackers need to face real consequences\" rel=\"nofollow\" href=\"https://www.politico.com/news/2024/12/15/mike-waltz-hacking-foreign-penalties-00194415\"\u003eForeign hackers need to face real consequences\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Israel\u0026#39;s Mossad spent years orchestrating Hezbollah pager plot\" rel=\"nofollow\" href=\"https://www.cbsnews.com/news/israeli-mossad-pager-walkie-talkie-hezbollah-plot-60-minutes/\"\u003eIsrael's Mossad spent years orchestrating Hezbollah pager plot\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"BeyondTrust 0day\" rel=\"nofollow\" href=\"https://www.beyondtrust.com/remote-support-saas-service-security-investigation\"\u003eBeyondTrust 0day\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sophos Firewall CVSS 9.8 bulletin\" rel=\"nofollow\" href=\"https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce\"\u003eSophos Firewall CVSS 9.8 bulletin\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 26: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite.\r\n\r\nPlus, thoughts on the US government’s controversial guidance on VPNs, Chinese reports on US intel agency hacking, TP-Link sanctions chatter, Mossad's dramatic exploding beeper operation and the ethical, legal, and security implications of escalating cyber-deterrence. Also, a mysterious BeyondTrust 0-day!\r\n\r\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.","date_published":"2024-12-23T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/4e8b8384-f9ae-4e42-87fe-d72ab006ab10.mp3","mime_type":"audio/mpeg","size_in_bytes":97305809,"duration_in_seconds":7120}]},{"id":"1d7c6464-bcb3-4362-a308-5d0f46d2581a","title":"Surveillance economics, Turla and Careto, and the AI screenshots nobody asked for","url":"https://securityconversations.fireside.fm/apple-microsoft-ai-screenshots-nobody-asked-for","content_text":"Three Buddy Problem - Episode 25: An update on Romania’s cancelled election, the implications of TikTok on democratic processes, and the broader issues around surveillance capitalism and micro-targeting. \n\nPlus, news on Turla piggybacking on cybercriminal malware to hit Ukraine, the return of Careto and the absence of IOCs, Claroty report on an Iran-linked cyberweapon targeting critical infrastructure, ethical considerations in cyberwarfare, and the implications of quantum computing on security and cryptocurrencies. \n\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)\nTurla using tools of other groups to attack Ukraine (Microsoft)\nEpicTurla.com: The lost reports\nMicrosoft Recall screenshots credit cards and SSNs\nStephan Casas: macOS applications quietly capturing screenshots\nCVE-2024-49138 - MS 0day exploited in the wild\nSanctions hit Chinese company behind Sophos 0day attack\nSentinelLabs: Operation Digital Eye\nCareto APT’s recent attacks discovered\nClaroty: Inside a New OT/IoT cyberweapon\nPredatory Sparrow: cyber sabotage with a conscience?\nWillow, Google's state-of-the-art quantum chip\nWhat sucks in security? Research findings from 50+ security leaders\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 25\u003c/strong\u003e: An update on Romania’s cancelled election, the implications of TikTok on democratic processes, and the broader issues around surveillance capitalism and micro-targeting. \u003c/p\u003e\n\n\u003cp\u003ePlus, news on Turla piggybacking on cybercriminal malware to hit Ukraine, the return of Careto and the absence of IOCs, Claroty report on an Iran-linked cyberweapon targeting critical infrastructure, ethical considerations in cyberwarfare, and the implications of quantum computing on security and cryptocurrencies. \u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1iSaLwiCLiTifTLfiM0oQYIl_mBZBswfgVXOAsT8GY1g/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Turla using tools of other groups to attack Ukraine (Microsoft)\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/\"\u003eTurla using tools of other groups to attack Ukraine (Microsoft)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"EpicTurla.com: The lost reports\" rel=\"nofollow\" href=\"https://www.epicturla.com/\"\u003eEpicTurla.com: The lost reports\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Recall screenshots credit cards and SSNs\" rel=\"nofollow\" href=\"https://www.tomshardware.com/software/windows/microsoft-recall-screenshots-credit-cards-and-social-security-numbers-even-with-the-sensitive-information-filter-enabled\"\u003eMicrosoft Recall screenshots credit cards and SSNs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Stephan Casas: macOS applications quietly capturing screenshots\" rel=\"nofollow\" href=\"https://x.com/stephancasas/status/1867147973479805058?s=46\u0026amp;t=ePKy91eN-ionB9LpDaBXcA\"\u003eStephan Casas: macOS applications quietly capturing screenshots\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CVE-2024-49138 - MS 0day exploited in the wild\" rel=\"nofollow\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138\"\u003eCVE-2024-49138 - MS 0day exploited in the wild\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sanctions hit Chinese company behind Sophos 0day attack\" rel=\"nofollow\" href=\"https://home.treasury.gov/news/press-releases/jy2742\"\u003eSanctions hit Chinese company behind Sophos 0day attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"SentinelLabs: Operation Digital Eye\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/\"\u003eSentinelLabs: Operation Digital Eye\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Careto APT’s recent attacks discovered\" rel=\"nofollow\" href=\"https://securelist.com/careto-is-back/114942/\"\u003eCareto APT’s recent attacks discovered\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Claroty: Inside a New OT/IoT cyberweapon\" rel=\"nofollow\" href=\"https://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol\"\u003eClaroty: Inside a New OT/IoT cyberweapon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Predatory Sparrow: cyber sabotage with a conscience?\" rel=\"nofollow\" href=\"https://bindinghook.com/articles-binding-edge/predatory-sparrow-cyber-sabotage-with-a-conscience/\"\u003ePredatory Sparrow: cyber sabotage with a conscience?\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Willow, Google\u0026#39;s state-of-the-art quantum chip\" rel=\"nofollow\" href=\"https://blog.google/technology/research/google-willow-quantum-chip/\"\u003eWillow, Google's state-of-the-art quantum chip\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"What sucks in security? Research findings from 50+ security leaders\" rel=\"nofollow\" href=\"https://mayakaczorowski.com/blogs/what-sucks-in-security\"\u003eWhat sucks in security? Research findings from 50+ security leaders\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 25: An update on Romania’s cancelled election, the implications of TikTok on democratic processes, and the broader issues around surveillance capitalism and micro-targeting. \r\n\r\nPlus, news on Turla piggybacking on cybercriminal malware to hit Ukraine, the return of Careto and the absence of IOCs, Claroty report on an Iran-linked cyberweapon targeting critical infrastructure, ethical considerations in cyberwarfare, and the implications of quantum computing on security and cryptocurrencies. \r\n\r\nCast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.","date_published":"2024-12-13T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1d7c6464-bcb3-4362-a308-5d0f46d2581a.mp3","mime_type":"audio/mpeg","size_in_bytes":109974427,"duration_in_seconds":8047}]},{"id":"af6d806f-6e02-4b8a-b12c-ed94b0f61215","title":"Inside the Turla Playbook: Hijacking APTs and fourth-party espionage","url":"https://securityconversations.fireside.fm/inside-turla-playbook-hijacking-apt-fourth-party-collection","content_text":"Three Buddy Problem - Episode 24: In this episode, we did into Lumen/Microsoft’s revelations on Russia's Turla APT stealing from a Pakistani APT, and issues around fourth-party espionage and problems with threat actor attribution. We also discuss Citizen Lab’s findings on Monokle-like spyware implanted by Russian authorities, the slow pace of Salt Typhoon disinfection, the Solana web3.js supply chain attack affecting crypto projects, and the Romanian election crisis over Russian interference via TikTok.\n\nCast: Juan Andres Guerrero-Saade, Costin Raiuand Ryan Naraine.Links:Transcript (unedited, AI-generated)\nRussian APT Turla Caught Stealing From Pakistani APT\nSnowblind: The Invisible Hand of Secret Blizzard\nMicrosoft: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security Blog\nEpicTurla.com\nDevice Confiscated by Russian Authorities Returned with Monokle-Type Spyware\nLookout Security research paper on Monokle spyware\nParubets: How a programmer foiled his own FSB recruitment\nCISA/FBI guidance to repel Salt Typhoon\nUS officials say they still have not expelled Chinese telco hackers\nSolana backdoored in supply chain hack\nRomania's top court annuls first round of presidential vote won by far-right candidate\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 24\u003c/strong\u003e: In this episode, we did into Lumen/Microsoft’s revelations on Russia's Turla APT stealing from a Pakistani APT, and issues around fourth-party espionage and problems with threat actor attribution. We also discuss Citizen Lab’s findings on Monokle-like spyware implanted by Russian authorities, the slow pace of Salt Typhoon disinfection, the Solana web3.js supply chain attack affecting crypto projects, and the Romanian election crisis over Russian interference via TikTok.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e, \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003eand \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1agQ0TqskvYwnB69rmf2jcUReWMJQDfiIv6nrphsEWo0/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian APT Turla Caught Stealing From Pakistani APT\" rel=\"nofollow\" href=\"https://www.securityweek.com/spy-v-spy-russian-apt-turla-caught-stealing-from-pakistani-apt/\"\u003eRussian APT Turla Caught Stealing From Pakistani APT\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Snowblind: The Invisible Hand of Secret Blizzard\" rel=\"nofollow\" href=\"https://blog.lumen.com/snowblind-the-invisible-hand-of-secret-blizzard/\"\u003eSnowblind: The Invisible Hand of Secret Blizzard\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security Blog\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/\"\u003eMicrosoft: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security Blog\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"EpicTurla.com\" rel=\"nofollow\" href=\"https://epicturla.com\"\u003eEpicTurla.com\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Device Confiscated by Russian Authorities Returned with Monokle-Type Spyware\" rel=\"nofollow\" href=\"https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/\"\u003eDevice Confiscated by Russian Authorities Returned with Monokle-Type Spyware\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Lookout Security research paper on Monokle spyware\" rel=\"nofollow\" href=\"https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf\"\u003eLookout Security research paper on Monokle spyware\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Parubets: How a programmer foiled his own FSB recruitment\" rel=\"nofollow\" href=\"https://dept.one/story/parubets/\"\u003eParubets: How a programmer foiled his own FSB recruitment\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA/FBI guidance to repel Salt Typhoon\" rel=\"nofollow\" href=\"https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidance-communications-infrastructure\"\u003eCISA/FBI guidance to repel Salt Typhoon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US officials say they still have not expelled Chinese telco hackers\" rel=\"nofollow\" href=\"https://archive.ph/pncES\"\u003eUS officials say they still have not expelled Chinese telco hackers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Solana backdoored in supply chain hack\" rel=\"nofollow\" href=\"https://github.com/solana-labs/solana-web3.js/releases\"\u003eSolana backdoored in supply chain hack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Romania\u0026#39;s top court annuls first round of presidential vote won by far-right candidate\" rel=\"nofollow\" href=\"https://apnews.com/article/romania-election-president-georgescu-court-585e8f8f3ce7013951f5c7cf4054179b\"\u003eRomania's top court annuls first round of presidential vote won by far-right candidate\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 24: In this episode, we dig into Lumen/Microsoft’s revelations on Russia's Turla APT stealing from a Pakistani APT, and issues around fourth-party espionage and problems with threat actor attribution. We also discuss Citizen Lab’s findings on Monokle-like spyware implanted by Russian authorities, the slow pace of Salt Typhoon disinfection, the Solana web3.js supply chain attack affecting crypto projects, and the Romanian election crisis over Russian interference via TikTok.\r\n\r\nCast: Juan Andres Guerrero-Saade, Costin Raiu, Ryan Naraine.","date_published":"2024-12-07T11:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/af6d806f-6e02-4b8a-b12c-ed94b0f61215.mp3","mime_type":"audio/mpeg","size_in_bytes":89199523,"duration_in_seconds":6428}]},{"id":"38eb067c-05af-457d-91b4-9e809083d842","title":"Volexity’s Steven Adair on Russian Wi-Fi hacks, memory forensics, appliance 0days and network inspectability","url":"https://securityconversations.fireside.fm/steven-adair-nearest-neighbor-wifi-hack","content_text":"Three Buddy Problem - Episode 23: Volexity founder Steven Adair joins the show to explore the significance of memory analysis and the technical challenges associated with memory dumping and forensics. We dig into Volexity’s “nearest neighbor” Wi-Fi hack discovery, gaps in EDR detection and telemetry, and some real-talk on the Volt Typhoon intrusions.\n\nWe also cover news on a Firefox zero-day exploited on the Tor browser, the professionalization of ransomware, ESET's discovery of a Linux bootkit (we have a scoop on the origins of this!), Binarly research on connections to LogoFAIL, and major visibility gaps in the firmware ecosystem.\n\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).\n\nHonorary buddy: Steven Adair (Volexity)Links:Transcript (unedited, AI-generated)\nSteven Adair on LinkedIn\nThe Nearest Neighbor Wi-Fi Attack \nDetecting Compromise of Palo Alto Networks GlobalProtect Devices\nVolexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days\nVolexity Warns of 'Active Exploitation' of Zimbra Zero-Day\nRomCom exploits Firefox and Windows zero days in the wild\nBootkitty: Analyzing the first UEFI bootkit for Linux\nBinarly: LogoFAIL Exploited to Deploy Bootkitty\nT-Mobile statement on Salt Typhooon\nLABScon24 Replay -- Cristina Cifuentes\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 23\u003c/strong\u003e: Volexity founder Steven Adair joins the show to explore the significance of memory analysis and the technical challenges associated with memory dumping and forensics. We dig into Volexity’s “nearest neighbor” Wi-Fi hack discovery, gaps in EDR detection and telemetry, and some real-talk on the Volt Typhoon intrusions.\u003c/p\u003e\n\n\u003cp\u003eWe also cover news on a Firefox zero-day exploited on the Tor browser, the professionalization of ransomware, ESET's discovery of a Linux bootkit (we have a scoop on the origins of this!), Binarly research on connections to LogoFAIL, and major visibility gaps in the firmware ecosystem.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e (SentinelLabs), \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e (Art of Noh) and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e (SecurityWeek).\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eHonorary buddy:\u003c/strong\u003e \u003ca href=\"https://twitter.com/sadair\" target=\"_blank\" rel=\"nofollow noopener\"\u003eSteven Adair\u003c/a\u003e (Volexity)\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/10qv33zxzGUqQFkFc3FQ8ErRIdEdg4P8wUjBoIW5V1ZY/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Steven Adair on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/sadair/\"\u003eSteven Adair on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Nearest Neighbor Wi-Fi Attack \" rel=\"nofollow\" href=\"https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/\"\u003eThe Nearest Neighbor Wi-Fi Attack \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Detecting Compromise of Palo Alto Networks GlobalProtect Devices\" rel=\"nofollow\" href=\"https://www.volexity.com/blog/2024/05/15/detecting-compromise-of-cve-2024-3400-on-palo-alto-networks-globalprotect-devices/\"\u003eDetecting Compromise of Palo Alto Networks GlobalProtect Devices\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days\" rel=\"nofollow\" href=\"https://www.securityweek.com/volexity-catches-chinese-hackers-exploiting-ivanti-vpn-zero-days/\"\u003eVolexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Volexity Warns of \u0026#39;Active Exploitation\u0026#39; of Zimbra Zero-Day\" rel=\"nofollow\" href=\"https://www.securityweek.com/volexity-warns-active-exploitation-zimbra-zero-day/\"\u003eVolexity Warns of 'Active Exploitation' of Zimbra Zero-Day\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"RomCom exploits Firefox and Windows zero days in the wild\" rel=\"nofollow\" href=\"https://www.welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild/\"\u003eRomCom exploits Firefox and Windows zero days in the wild\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Bootkitty: Analyzing the first UEFI bootkit for Linux\" rel=\"nofollow\" href=\"https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/\"\u003eBootkitty: Analyzing the first UEFI bootkit for Linux\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Binarly: LogoFAIL Exploited to Deploy Bootkitty\" rel=\"nofollow\" href=\"https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux\"\u003eBinarly: LogoFAIL Exploited to Deploy Bootkitty\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"T-Mobile statement on Salt Typhooon\" rel=\"nofollow\" href=\"https://www.t-mobile.com/news/un-carrier/update-cyberattacks-targeting-us-wireless-companies\"\u003eT-Mobile statement on Salt Typhooon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon24 Replay -- Cristina Cifuentes\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=wo3xEa2elp4\u0026amp;ab_channel=SentinelOne\"\u003eLABScon24 Replay -- Cristina Cifuentes\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 23: Volexity founder Steven Adair joins the show to explore the significance of memory analysis and the technical challenges associated with memory dumping and forensics. We dig into Volexity’s “nearest neighbor” Wi-Fi hack discovery, gaps in EDR detection and telemetry, and some real-talk on the Volt Typhoon intrusions.\r\n\r\nWe also cover news on a Firefox zero-day exploited on the Tor browser, the professionalization of ransomware, ESET's discovery of a Linux bootkit (we have a scoop on the origins of this!), Binarly research on connections to LogoFAIL, and major visibility gaps in the firmware ecosystem.\r\n\r\nCast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).\r\n\r\nHonorary buddy: Steven Adair (Volexity)","date_published":"2024-11-30T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/38eb067c-05af-457d-91b4-9e809083d842.mp3","mime_type":"audio/mpeg","size_in_bytes":68926322,"duration_in_seconds":4713}]},{"id":"9a555cb5-87d5-444f-b6c3-56ce4cf24bde","title":"Sid Trivedi on the RSA Innovation Sandbox $5 million investment gambit","url":"https://securityconversations.fireside.fm/sid-trivedi-foundation-capital-rsa-sandbox","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nBinary Risk Hunt (https://risk.binarly.io)\n\n\nIn this reboot of the Security Conversations interview series, Foundation Capital partner Sid Trivedi weighs in on major changes to the RSA Innovation Sandbox, the mandatory $5M uncapped SAFE investment for all 10 finalists, and red-flag concerns around discounts and pro-rata rights.\n\nAlso discussed: controversial pay-for-play dynamics involving CISOs and venture capital firms, ethical implications of CISOs taking advisory positions in startups, and the challenges of investing in seed-stage startups amidst a trend towards platformization. Links:RSA’s Innovation Sandbox: Cybersecurity Startups Must Accept $5 Million Investment\nRSA Innovation Sandbox: $50 Million Annual Investment Program for Top 10 Finalists\nRSA Conference - How do SAFEs work?\nThis VC Built A Cybersecurity Unicorn Machine. Then Came A Conflict Of Interest Mess.\nThe Gili Ra’anan model: CISOs and VCs controversy\nSid Trivedi bio\nFoundation Capital\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBinary Risk Hunt (\u003ca href=\"https://risk.binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://risk.binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eIn this reboot of the Security Conversations interview series, Foundation Capital partner Sid Trivedi weighs in on major changes to the RSA Innovation Sandbox, the mandatory $5M uncapped SAFE investment for all 10 finalists, and red-flag concerns around discounts and pro-rata rights.\u003c/p\u003e\n\n\u003cp\u003eAlso discussed: controversial pay-for-play dynamics involving CISOs and venture capital firms, ethical implications of CISOs taking advisory positions in startups, and the challenges of investing in seed-stage startups amidst a trend towards platformization. \u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"RSA’s Innovation Sandbox: Cybersecurity Startups Must Accept $5 Million Investment\" rel=\"nofollow\" href=\"https://www.securityweek.com/rsa-conference-will-take-equity-in-innovation-sandbox-startup-finalists/\"\u003eRSA’s Innovation Sandbox: Cybersecurity Startups Must Accept $5 Million Investment\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"RSA Innovation Sandbox: $50 Million Annual Investment Program for Top 10 Finalists\" rel=\"nofollow\" href=\"https://www.rsaconference.com/library/press-release/rsa-conference-2025-innovation-sandbox-contest-celebrates-20th-anniversary\"\u003eRSA Innovation Sandbox: $50 Million Annual Investment Program for Top 10 Finalists\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"RSA Conference - How do SAFEs work?\" rel=\"nofollow\" href=\"https://www.rsaconference.com/usa/programs/innovation-sandbox/safe\"\u003eRSA Conference - How do SAFEs work?\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"This VC Built A Cybersecurity Unicorn Machine. Then Came A Conflict Of Interest Mess.\" rel=\"nofollow\" href=\"https://archive.ph/RRHHE\"\u003eThis VC Built A Cybersecurity Unicorn Machine. Then Came A Conflict Of Interest Mess.\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Gili Ra’anan model: CISOs and VCs controversy\" rel=\"nofollow\" href=\"https://www.calcalistech.com/ctechnews/article/b1a1jn00hc\"\u003eThe Gili Ra’anan model: CISOs and VCs controversy\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sid Trivedi bio\" rel=\"nofollow\" href=\"https://foundationcapital.com/member/sid-trivedi/\"\u003eSid Trivedi bio\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Foundation Capital\" rel=\"nofollow\" href=\"https://foundationcapital.com/\"\u003eFoundation Capital\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly, the firmware security experts (https://binarly.io)\r\n- Binary Risk Hunt (https://risk.binarly.io)\r\n\r\nIn this reboot of the Security Conversations interview series, Foundation Capital partner Sid Trivedi weighs in on major changes to the RSA Innovation Sandbox, the mandatory $5M uncapped SAFE investment for all 10 finalists, and red-flag concerns around discounts and pro-rata rights.\r\n\r\nAlso discussed: controversial pay-for-play dynamics involving CISOs and venture capital firms, ethical implications of CISOs taking advisory positions in startups, and the challenges of investing in seed-stage startups amidst a trend towards platformization. ","date_published":"2024-11-28T07:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/9a555cb5-87d5-444f-b6c3-56ce4cf24bde.mp3","mime_type":"audio/mpeg","size_in_bytes":52339389,"duration_in_seconds":3672}]},{"id":"afa36e08-3818-4a0c-ac7a-55ff9ff6c02b","title":"Russian APT weaponized nearby Wi-Fi networks in DC, new macOS zero-days, DOJ v Chrome","url":"https://securityconversations.fireside.fm/tbp-ep22","content_text":"Three Buddy Problem - Episode 22: We discuss Volexity’s presentation on Russian APT operators hacking Wi-Fi networks in “nearest neighbor attacks,” the Chinese surveillance state and its impact on global security, the NSA's strange call for better data sharing on Salt Typhoon intrusions, and the failures of regulatory bodies to address cybersecurity risks.\n\nWe also cover two new Apple zero-days being exploited in the wild, the US Government’s demand that Google sell the Chrome browser, and the value of data in the context of AI.\n\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).Links:Transcript - (unedited, AI-generated)\nRussian APT WiFI Nearest Neighbor Attack \nRussian Spies Jumped From One Network to Another Via Wi-Fi\nAdvisory: New exploited Apple zero-days\nNSA Director Wants Industry to Disclose Details of Telecom Hacks\nMicrosoft's \"Free\" Plan to Upgrade Government Cybersecurity Was Designed to Box Out Competitors and Drive Profits\nMicrosoft accuses Google of 'Shadow Campaigns'\nDOJ calls for breakup of Google and sale of Chrome\nDPRK IT Workers -- A Network of Active Front Companies and Their Links to China\nBe careful when coding with ChatGPT\nGSM-Symbolic: Understanding the Limitations of Mathematical Reasoning in Large Language Models\nPIVOTcon 2025\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 22\u003c/strong\u003e: We discuss Volexity’s presentation on Russian APT operators hacking Wi-Fi networks in “nearest neighbor attacks,” the Chinese surveillance state and its impact on global security, the NSA's strange call for better data sharing on Salt Typhoon intrusions, and the failures of regulatory bodies to address cybersecurity risks.\u003c/p\u003e\n\n\u003cp\u003eWe also cover two new Apple zero-days being exploited in the wild, the US Government’s demand that Google sell the Chrome browser, and the value of data in the context of AI.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e (SentinelLabs), \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e (Art of Noh) and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e (SecurityWeek).\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript - (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1-NW6qC6vrI-zQZMM1fQ7ldGgUwFUohtVun1CHsxl_TU/edit?tab=t.0\"\u003eTranscript - (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian APT WiFI Nearest Neighbor Attack \" rel=\"nofollow\" href=\"https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/\"\u003eRussian APT WiFI Nearest Neighbor Attack \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian Spies Jumped From One Network to Another Via Wi-Fi\" rel=\"nofollow\" href=\"https://archive.ph/f0O3n\"\u003eRussian Spies Jumped From One Network to Another Via Wi-Fi\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Advisory: New exploited Apple zero-days\" rel=\"nofollow\" href=\"https://support.apple.com/en-us/121753\"\u003eAdvisory: New exploited Apple zero-days\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NSA Director Wants Industry to Disclose Details of Telecom Hacks\" rel=\"nofollow\" href=\"https://archive.ph/2024.11.20-231241/https://www.bloomberg.com/news/articles/2024-11-20/nsa-director-wants-industry-to-disclose-details-of-telecom-hacks#selection-1321.13-1328.0\"\u003eNSA Director Wants Industry to Disclose Details of Telecom Hacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft\u0026#39;s \u0026quot;Free\u0026quot; Plan to Upgrade Government Cybersecurity Was Designed to Box Out Competitors and Drive Profits\" rel=\"nofollow\" href=\"https://www.propublica.org/article/microsoft-white-house-offer-cybersecurity-biden-nadella\"\u003eMicrosoft's \"Free\" Plan to Upgrade Government Cybersecurity Was Designed to Box Out Competitors and Drive Profits\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft accuses Google of \u0026#39;Shadow Campaigns\u0026#39;\" rel=\"nofollow\" href=\"https://blogs.microsoft.com/on-the-issues/2024/10/28/googles-shadow-campaigns/\"\u003eMicrosoft accuses Google of 'Shadow Campaigns'\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DOJ calls for breakup of Google and sale of Chrome\" rel=\"nofollow\" href=\"https://www.nbcnews.com/news/us-news/google-department-of-justice-chrome-sale-breakup-microsoft-apple-rcna181133\"\u003eDOJ calls for breakup of Google and sale of Chrome\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DPRK IT Workers -- A Network of Active Front Companies and Their Links to China\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/dprk-it-workers-a-network-of-active-front-companies-and-their-links-to-china/\"\u003eDPRK IT Workers -- A Network of Active Front Companies and Their Links to China\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Be careful when coding with ChatGPT\" rel=\"nofollow\" href=\"https://x.com/r_cky0/status/1859656430888026524\"\u003eBe careful when coding with ChatGPT\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"GSM-Symbolic: Understanding the Limitations of Mathematical Reasoning in Large Language Models\" rel=\"nofollow\" href=\"https://arxiv.org/pdf/2410.05229\"\u003eGSM-Symbolic: Understanding the Limitations of Mathematical Reasoning in Large Language Models\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PIVOTcon 2025\" rel=\"nofollow\" href=\"https://pivotcon.org/\"\u003ePIVOTcon 2025\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 22: We discuss Volexity’s presentation on Russian APT operators hacking Wi-Fi networks in “nearest neighbor attacks,” the Chinese surveillance state and its impact on global security, the NSA's strange call for better data sharing on Salt Typhoon intrusions, and the failures of regulatory bodies to address cybersecurity risks.\r\n\r\nWe also cover two new Apple zero-days being exploited in the wild, the US Government’s demand that Google sell the Chrome browser, and the value of data in the context of AI.\r\n\r\nCast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).","date_published":"2024-11-22T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/afa36e08-3818-4a0c-ac7a-55ff9ff6c02b.mp3","mime_type":"audio/mpeg","size_in_bytes":71756075,"duration_in_seconds":5302}]},{"id":"fde7baf5-5ce2-4870-ac23-2881f78b9684","title":"What happens to CISA now? Is deterrence in cyber possible?","url":"https://securityconversations.fireside.fm/tbp-ep21","content_text":"Three Buddy Problem - Episode 21: We dig into an incredible government report on Iranian hacking group Emennet Pasargad and tradecraft during the Israel/Hamas war, why Predatory Sparrow could have been aimed at deterrence in cyber, and the FBI/CISA public confirmation of the mysterious Salt Typhoon hacks. \n\nPlus, discussion on hina’s cyber capabilities, the narrative around “pre-positioning” for a Taiwan conflict, the blending of cyber and kinetic operations, and the long tail of Chinese researchers reporting Microsoft Windows vulnerabilities. The future of CISA is a recurring theme throughout this episode with some speculation about what happens to the agency under the Trump administration.\n\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).Links:Transcript (unedited, AI-generated)\nCISA/Israel gov report on Iranian hacking operations\nCheck Point: A deep-dive of Iran's WezRat malware\nTrend Micro report on Earth Estries\nFBI/CISA on China hacking US telcos\nUS accuses China of vast cyberespionage against telecoms\nVolt Typhoon hackers hit SingTel in Singapore\nNew Palo Alto firewall 0day attack\nCVE-2024-43450 - China reports Windows DNS Spoofing vuln\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 21\u003c/strong\u003e: We dig into an incredible government report on Iranian hacking group Emennet Pasargad and tradecraft during the Israel/Hamas war, why Predatory Sparrow could have been aimed at deterrence in cyber, and the FBI/CISA public confirmation of the mysterious Salt Typhoon hacks. \u003c/p\u003e\n\n\u003cp\u003ePlus, discussion on hina’s cyber capabilities, the narrative around “pre-positioning” for a Taiwan conflict, the blending of cyber and kinetic operations, and the long tail of Chinese researchers reporting Microsoft Windows vulnerabilities. The future of CISA is a recurring theme throughout this episode with some speculation about what happens to the agency under the Trump administration.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e (SentinelLabs), \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e (Art of Noh) and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e (SecurityWeek).\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/19N5nXfxOZNhXeq_dlWVNx9kKQE3ldoUtgJbcq3huNDM/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA/Israel gov report on Iranian hacking operations\" rel=\"nofollow\" href=\"https://www.ic3.gov/CSA/2024/241030.pdf\"\u003eCISA/Israel gov report on Iranian hacking operations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Check Point: A deep-dive of Iran\u0026#39;s WezRat malware\" rel=\"nofollow\" href=\"https://research.checkpoint.com/2024/wezrat-malware-deep-dive/\"\u003eCheck Point: A deep-dive of Iran's WezRat malware\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Trend Micro report on Earth Estries\" rel=\"nofollow\" href=\"https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html\"\u003eTrend Micro report on Earth Estries\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"FBI/CISA on China hacking US telcos\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/news/joint-statement-fbi-and-cisa-peoples-republic-china-prc-targeting-commercial-telecommunications\"\u003eFBI/CISA on China hacking US telcos\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US accuses China of vast cyberespionage against telecoms\" rel=\"nofollow\" href=\"https://archive.ph/kdC7a\"\u003eUS accuses China of vast cyberespionage against telecoms\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Volt Typhoon hackers hit SingTel in Singapore\" rel=\"nofollow\" href=\"https://archive.ph/PefIJ\"\u003eVolt Typhoon hackers hit SingTel in Singapore\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"New Palo Alto firewall 0day attack\" rel=\"nofollow\" href=\"https://security.paloaltonetworks.com/PAN-SA-2024-0015\"\u003eNew Palo Alto firewall 0day attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CVE-2024-43450 - China reports Windows DNS Spoofing vuln\" rel=\"nofollow\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43450\"\u003eCVE-2024-43450 - China reports Windows DNS Spoofing vuln\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 21: We dig into an incredible government report on Iranian hacking group Emennet Pasargad and tradecraft during the Israel/Hamas war, why Predatory Sparrow could have been aimed at deterrence in cyber, and the significance of the FBI/CISA public confirmation of China-linked Salt Typhoon hacks. \r\n\r\nPlus, discussion on hina’s cyber capabilities, the narrative around “pre-positioning” for a Taiwan conflict, the blending of cyber and kinetic operations, and the long tail of Chinese researchers reporting Microsoft Windows vulnerabilities. The future of CISA is a recurring theme throughout this episode with some speculation about what happens to the agency under the Trump administration.\r\n\r\nCast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).","date_published":"2024-11-15T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/fde7baf5-5ce2-4870-ac23-2881f78b9684.mp3","mime_type":"audio/mpeg","size_in_bytes":93206263,"duration_in_seconds":6831}]},{"id":"4b7375c6-6a49-4e92-8bd1-e706a996e883","title":"Mysterious rebooting iPhones, EDR vendors spying on hackers, Bitcoin 'meatspace' attacks","url":"https://securityconversations.fireside.fm/tbp-ep20","content_text":"Three Buddy Problem - Episode 20: We revisit the ‘hack-back’ debate, the threshold for spying on adversaries, Palo Alto watching EDR bypass research to track threat actors, hot nuggets in Project Zero’s Clem Lecinge’s Hexacon talk, Apple’s new iOS update rebooting iPhones in law enforcement custody, the mysterious GoblinRAT backdoor, and physical ‘meatspace’ Bitcoin attacks and more details on North Korean cryptocurrency theft.\n\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).Links:Transcript (unedited, AI-generated)\niPhones mysteriously rebooting themselves\nApple quietly ships iPhone reboot code\nFBI on China hacking US presidential campaigns iPhones\nChinese hackers Targeted Phones of Trump, Vance, Harris Campaigns\nPalo Alto: EDR Bypass Testing Reveals Threat Actor's Toolkit\nPalo Alto CVE-2024-5910 marked as exploited\nToronto crypto company CEO kidnapped\nA list of known 'meatspace' crypto attacks\nNorth Korea crypto thieves targets macOS\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 20\u003c/strong\u003e: We revisit the ‘hack-back’ debate, the threshold for spying on adversaries, Palo Alto watching EDR bypass research to track threat actors, hot nuggets in Project Zero’s Clem Lecinge’s Hexacon talk, Apple’s new iOS update rebooting iPhones in law enforcement custody, the mysterious GoblinRAT backdoor, and physical ‘meatspace’ Bitcoin attacks and more details on North Korean cryptocurrency theft.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e (SentinelLabs), \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e (Art of Noh) and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e (SecurityWeek).\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1_R5EC39CoxPRz67njLfqKVLjq8bdkdh6h7l7UwaVHAE/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"iPhones mysteriously rebooting themselves\" rel=\"nofollow\" href=\"https://archive.vn/JMEbq\"\u003eiPhones mysteriously rebooting themselves\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple quietly ships iPhone reboot code\" rel=\"nofollow\" href=\"https://archive.ph/lpoLQ\"\u003eApple quietly ships iPhone reboot code\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"FBI on China hacking US presidential campaigns iPhones\" rel=\"nofollow\" href=\"https://archive.ph/iAQzO\"\u003eFBI on China hacking US presidential campaigns iPhones\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chinese hackers Targeted Phones of Trump, Vance, Harris Campaigns\" rel=\"nofollow\" href=\"https://www.wsj.com/politics/national-security/chinese-hackers-targeted-phones-of-trump-vance-and-harris-campaign-e04abbdf?mod=article_inline\"\u003eChinese hackers Targeted Phones of Trump, Vance, Harris Campaigns\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Palo Alto: EDR Bypass Testing Reveals Threat Actor\u0026#39;s Toolkit\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/edr-bypass-extortion-attempt-thwarted/\"\u003ePalo Alto: EDR Bypass Testing Reveals Threat Actor's Toolkit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Palo Alto CVE-2024-5910 marked as exploited\" rel=\"nofollow\" href=\"https://security.paloaltonetworks.com/CVE-2024-5910\"\u003ePalo Alto CVE-2024-5910 marked as exploited\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Toronto crypto company CEO kidnapped\" rel=\"nofollow\" href=\"https://www.cbc.ca/news/canada/toronto/kidnapping-toronto-businessman-cryptocurrency-1.7376679\"\u003eToronto crypto company CEO kidnapped\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"A list of known \u0026#39;meatspace\u0026#39; crypto attacks\" rel=\"nofollow\" href=\"https://github.com/jlopp/physical-bitcoin-attacks\"\u003eA list of known 'meatspace' crypto attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"North Korea crypto thieves targets macOS\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/bluenoroff-hidden-risk-threat-actor-targets-macs-with-fake-crypto-news-and-novel-persistence/\"\u003eNorth Korea crypto thieves targets macOS\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 20: We revisit the ‘hack-back’ debate, the threshold for spying on adversaries, Palo Alto watching EDR bypass research to track threat actors, hot nuggets in Project Zero’s Clem Lecinge’s Hexacon talk, Apple’s new iOS update rebooting iPhones in law enforcement custody, the mysterious GoblinRAT backdoor, and physical ‘meatspace’ Bitcoin attacks and more details on North Korean cryptocurrency theft.\r\n\r\nCast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).","date_published":"2024-11-09T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/4b7375c6-6a49-4e92-8bd1-e706a996e883.mp3","mime_type":"audio/mpeg","size_in_bytes":76955697,"duration_in_seconds":5820}]},{"id":"afe08ad2-3625-4575-aaae-280d146e474c","title":"The Sophos kernel implant, 'hack-back' implications, CIA malware in Venezuela","url":"https://securityconversations.fireside.fm/tbp-ep19","content_text":"Three Buddy Problem - Episode 19: We explore Ivan Kwiatkowski’s essay on the limits of threat intelligence, Sophos using kernel implants to surveil Chinese hackers, the concept of ‘hack-back’ and legal implications, geopolitical layers of cyber espionage, CIA malware in Venezuela, Vatican/Mossad mentioned in high-profile Italy hacks, and Canada bracing for .gov attacks from India.\n\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).Links:Transcript (unedited, AI-generated)\nIvan Kwiatkowski: Threat intel truths inside\nJAG-S LABScon keynote\nSophos Used Custom Implants to Surveil Chinese Hackers\nSophos Pacific Rim report\nNCSC details ‘Pygmy Goat’ network backdoor\nNCSC 'Pygmy Goat' report\nMassive hack-for-hire scandal rocks Italian political elites – POLITICO\nVatican, Israel implicated in Italy hacking scandal\nWired on CIA hack of Venezuela military payroll system\nIs Now on VT!\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 19\u003c/strong\u003e: We explore Ivan Kwiatkowski’s essay on the limits of threat intelligence, Sophos using kernel implants to surveil Chinese hackers, the concept of ‘hack-back’ and legal implications, geopolitical layers of cyber espionage, CIA malware in Venezuela, Vatican/Mossad mentioned in high-profile Italy hacks, and Canada bracing for .gov attacks from India.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e (SentinelLabs), \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e (Art of Noh) and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e (SecurityWeek).\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1U8q76wqVXIs9Sdc8vuqAr2S9CtknvnYryxS6l0IALv8/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ivan Kwiatkowski: Threat intel truths inside\" rel=\"nofollow\" href=\"https://blog.kwiatkowski.fr/threat-intel-truths-inside\"\u003eIvan Kwiatkowski: Threat intel truths inside\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"JAG-S LABScon keynote\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/ep13-the-consolation-of-threat-intel-jag-s-labscon-keynote/\"\u003eJAG-S LABScon keynote\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sophos Used Custom Implants to Surveil Chinese Hackers\" rel=\"nofollow\" href=\"https://www.securityweek.com/sophos-used-custom-implants-to-surveil-chinese-hackers-targeting-firewall-zero-days/\"\u003eSophos Used Custom Implants to Surveil Chinese Hackers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sophos Pacific Rim report\" rel=\"nofollow\" href=\"https://www.sophos.com/en-us/content/pacific-rim\"\u003eSophos Pacific Rim report\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NCSC details ‘Pygmy Goat’ network backdoor\" rel=\"nofollow\" href=\"https://www.securityweek.com/ncsc-details-pygmy-goat-backdoor-planted-on-hacked-sophos-firewall-devices/\"\u003eNCSC details ‘Pygmy Goat’ network backdoor\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NCSC \u0026#39;Pygmy Goat\u0026#39; report\" rel=\"nofollow\" href=\"https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf\"\u003eNCSC 'Pygmy Goat' report\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Massive hack-for-hire scandal rocks Italian political elites – POLITICO\" rel=\"nofollow\" href=\"https://www.politico.eu/article/hacking-scandal-italy-matteo-renzi-sergio-mattarella-equalize-nunzio-samuele-calamucci/\"\u003eMassive hack-for-hire scandal rocks Italian political elites – POLITICO\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Vatican, Israel implicated in Italy hacking scandal\" rel=\"nofollow\" href=\"https://www.politico.eu/article/vatican-israel-italian-hacking-scandal-uk-lithuania-equalize/\"\u003eVatican, Israel implicated in Italy hacking scandal\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Wired on CIA hack of Venezuela military payroll system\" rel=\"nofollow\" href=\"https://www.wired.com/story/trump-cia-venezuela-maduro-regime-change-plot/?utm_medium=social\u0026amp;mbid=social_twitter\u0026amp;utm_social-type=owned\u0026amp;utm_source=twitter\u0026amp;utm_brand=wired\"\u003eWired on CIA hack of Venezuela military payroll system\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Is Now on VT!\" rel=\"nofollow\" href=\"https://x.com/Now_on_VT\"\u003eIs Now on VT!\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 19: We explore Ivan Kwiatkowski’s essay on the limits of threat intelligence, Sophos using kernel implants to surveil Chinese hackers, the concept of ‘hack-back’ and legal implications, geopolitical layers of cyber espionage, CIA malware in Venezuela, Vatican/Mossad mentioned in high-profile Italy hacks, and Canada bracing for .gov attacks from India.\r\n\r\nCast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).","date_published":"2024-11-03T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/afe08ad2-3625-4575-aaae-280d146e474c.mp3","mime_type":"audio/mpeg","size_in_bytes":89415224,"duration_in_seconds":6854}]},{"id":"90ccac79-0895-4cbf-a28e-805a46c7e3da","title":"Fortinet 0days, Appin hack-for-hire exposé, crypto heists, Russians booted from Linux kernel","url":"https://securityconversations.fireside.fm/tbp-ep18","content_text":"Three Buddy Problem - Episode 18: This week’s show covers the White House's new Traffic Light Protocol (TLP) guidance, Reuters expose of Appin as a hack-for-hire mercenary company, Fortinet zero-day exploitation and missing CSRB investigations, major cryptocurrency heists, Apple opening Private Cloud Compute to public inspection, Russians removed from Linux kernel maintenance and China’s Antiy beefing with Sentinel One over APT reporting.\n\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).Links:Transcript (AI-generated)\nWhite House TLP guidance\nApplin -- How an Indian startup hacked the world\nBurning Zero Days: FortiJump FortiManager Flaw\nMandiant on FortiManager Zero-Day Exploitation\nFortinet bulletin on new 0day exploitation\nRadiant Capital $50M cryptocurrency theft\nDPRK's Lazarus steals cryptocurrency with decoy MOBA game\nApple opens Private Cloud Compute to security inspection\nRussians booted from Linux kernel driver maintenance\nAntiy paper responding to SentinelOne\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 18\u003c/strong\u003e: This week’s show covers the White House's new Traffic Light Protocol (TLP) guidance, Reuters expose of Appin as a hack-for-hire mercenary company, Fortinet zero-day exploitation and missing CSRB investigations, major cryptocurrency heists, Apple opening Private Cloud Compute to public inspection, Russians removed from Linux kernel maintenance and China’s Antiy beefing with Sentinel One over APT reporting.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e (SentinelLabs), \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e (Art of Noh) and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e (SecurityWeek).\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1z-Dz25Mmb_97ulETvoKROgQPiN5BHQ_USGvArAqpFXs/edit?usp=sharing\"\u003eTranscript (AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"White House TLP guidance\" rel=\"nofollow\" href=\"https://www.whitehouse.gov/oncd/briefing-room/2024/10/22/doubling-down-on-trusted-partnerships-our-commitment-to-researchers/\"\u003eWhite House TLP guidance\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Applin -- How an Indian startup hacked the world\" rel=\"nofollow\" href=\"https://www.reuters.com/investigates/special-report/usa-hackers-appin/\"\u003eApplin -- How an Indian startup hacked the world\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Burning Zero Days: FortiJump FortiManager Flaw\" rel=\"nofollow\" href=\"https://doublepulsar.com/burning-zero-days-fortijump-fortimanager-vulnerability-used-by-nation-state-in-espionage-via-msps-c79abec59773\"\u003eBurning Zero Days: FortiJump FortiManager Flaw\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mandiant on FortiManager Zero-Day Exploitation\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575\"\u003eMandiant on FortiManager Zero-Day Exploitation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fortinet bulletin on new 0day exploitation\" rel=\"nofollow\" href=\"https://www.fortiguard.com/psirt/FG-IR-24-423\"\u003eFortinet bulletin on new 0day exploitation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Radiant Capital $50M cryptocurrency theft\" rel=\"nofollow\" href=\"https://medium.com/@RadiantCapital/radiant-post-mortem-fecd6cd38081\"\u003eRadiant Capital $50M cryptocurrency theft\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"DPRK\u0026#39;s Lazarus steals cryptocurrency with decoy MOBA game\" rel=\"nofollow\" href=\"https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/\"\u003eDPRK's Lazarus steals cryptocurrency with decoy MOBA game\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple opens Private Cloud Compute to security inspection\" rel=\"nofollow\" href=\"https://security.apple.com/blog/pcc-security-research\"\u003eApple opens Private Cloud Compute to security inspection\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russians booted from Linux kernel driver maintenance\" rel=\"nofollow\" href=\"https://www.phoronix.com/news/Russian-Linux-Maintainers-Drop\"\u003eRussians booted from Linux kernel driver maintenance\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Antiy paper responding to SentinelOne\" rel=\"nofollow\" href=\"https://www.antiy.net/p/fight-against-the-bald-eagle-in-the-fog-relaying-cooperating-and-specific-contribution/\"\u003eAntiy paper responding to SentinelOne\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 18: This week’s show covers the White House's new Traffic Light Protocol (TLP) guidance, Reuters expose of Appin as a hack-for-hire mercenary company, Fortinet zero-day exploitation and missing CSRB investigations, major cryptocurrency heists, Apple opening Private Cloud Compute to public inspection, Russians removed from Linux kernel maintenance and China’s Antiy beefing with Sentinel One over APT reporting.\r\n\r\nCast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).","date_published":"2024-10-25T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/90ccac79-0895-4cbf-a28e-805a46c7e3da.mp3","mime_type":"audio/mpeg","size_in_bytes":63377599,"duration_in_seconds":5204}]},{"id":"71d290f7-c156-48af-a22c-c4d3ca4b3f44","title":"ESET Israel wiper malware, China's Volt Typhoon response, Kaspersky sanctions and isolation","url":"https://securityconversations.fireside.fm/tbp-ep17","content_text":"Three Buddy Problem - Episode 17: News of a wiper malware attack in Israel implicating ESET, threats from wartime hacktivists, China's strange response to Volt Typhoon attribution and Section 702 messaging, an IE zero-day discovery and web browser rot in South Korea, the ongoing isolation of Kaspersky due to sanctions, and the geopolitical influences affecting cybersecurity reporting.\n\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).Links:ESET Israel wiper attacks\nESET comment on Israel wiper incident\nDakota Cary on China’s Volt Typhoon Influence Ops\nVolt Typhoon III (PDF)\nUS Sanctions 12 Kaspersky Executives\nKaspersky closing down its UK office\nMAPP vendor list\nVirusTotal\nTranscript (AI-generated)\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 17\u003c/strong\u003e: News of a wiper malware attack in Israel implicating ESET, threats from wartime hacktivists, China's strange response to Volt Typhoon attribution and Section 702 messaging, an IE zero-day discovery and web browser rot in South Korea, the ongoing isolation of Kaspersky due to sanctions, and the geopolitical influences affecting cybersecurity reporting.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e (SentinelLabs), \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e (Art of Noh) and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e (SecurityWeek).\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"ESET Israel wiper attacks\" rel=\"nofollow\" href=\"https://doublepulsar.com/eiw-eset-israel-wiper-used-in-active-attacks-targeting-israeli-orgs-b1210aed7021\"\u003eESET Israel wiper attacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ESET comment on Israel wiper incident\" rel=\"nofollow\" href=\"https://x.com/ESETresearch/status/1847192384448172387\"\u003eESET comment on Israel wiper incident\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dakota Cary on China’s Volt Typhoon Influence Ops\" rel=\"nofollow\" href=\"https://www.sentinelone.com/labs/chinas-influence-ops-twisting-tales-of-volt-typhoon-at-home-and-abroad/\"\u003eDakota Cary on China’s Volt Typhoon Influence Ops\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Volt Typhoon III (PDF)\" rel=\"nofollow\" href=\"https://www.cverc.org.cn/head/zhaiyao/futetaifeng3_EN.pdf\"\u003eVolt Typhoon III (PDF)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US Sanctions 12 Kaspersky Executives\" rel=\"nofollow\" href=\"https://www.securityweek.com/us-sanctions-12-kaspersky-executives/\"\u003eUS Sanctions 12 Kaspersky Executives\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kaspersky closing down its UK office\" rel=\"nofollow\" href=\"https://techcrunch.com/2024/10/08/kasperksy-says-its-closing-down-its-uk-office-and-laying-off-dozens/\"\u003eKaspersky closing down its UK office\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"MAPP vendor list\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/msrc/mapp\"\u003eMAPP vendor list\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"VirusTotal\" rel=\"nofollow\" href=\"https://www.virustotal.com/gui/home/upload\"\u003eVirusTotal\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Transcript (AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1w7-KN0SiU-wHiGlOXAfuydgwAgKkmEw-xKLEubNm19k/edit?usp=sharing\"\u003eTranscript (AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 17: News of a wiper malware attack in Israel implicating ESET, threats from wartime hacktivists, China's strange response to Volt Typhoon attribution and Section 702 messaging, an IE zero-day discovery and web browser rot in South Korea, the ongoing isolation of Kaspersky due to sanctions, and the geopolitical influences affecting cybersecurity reporting.\r\n\r\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).","date_published":"2024-10-18T12:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/71d290f7-c156-48af-a22c-c4d3ca4b3f44.mp3","mime_type":"audio/mpeg","size_in_bytes":78696217,"duration_in_seconds":5898}]},{"id":"b270f0b1-359a-43e1-b218-7b1329f43093","title":"Typhoons and Blizzards: Cyberespionage and national security on front burner","url":"https://securityconversations.fireside.fm/tbp-ep16","content_text":"Three Buddy Problem - Episode 16: We break down the new GCHQ advisory on the history and tactics of Russia’s APT29, the challenges of tracking and defending against these sophisticated espionage programs, the mysterious Salt Typhoon intrusions, the absence of technical indicators (IOCs), the risks of supply chain attacks. We also touch on the surge in zero-day discoveries, the nonstop flow of exploited Ivanti security bugs, and why the CSRB should investigate these network edge device and appliance vendors.\n\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).Links:NCSC exposé on SVR/APT29 history and tactics\nAPT29 / Midnight Blizzard\nVIDEO: A Surprise Encounter With A Telco APT\nThe Athens Affair - IEEE Spectrum\n — How some extremely smart hackers pulled off the most audacious cell-network break-in ever\nWikipedia: The Athens Affair\nWSJ report on Salt Typhoon hacks\nIn-the-wild zero-day counter\nMicrosoft Confirms Exploited Zero-Day in Windows Management Console\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 16\u003c/strong\u003e: We break down the new GCHQ advisory on the history and tactics of Russia’s APT29, the challenges of tracking and defending against these sophisticated espionage programs, the mysterious Salt Typhoon intrusions, the absence of technical indicators (IOCs), the risks of supply chain attacks. We also touch on the surge in zero-day discoveries, the nonstop flow of exploited Ivanti security bugs, and why the CSRB should investigate these network edge device and appliance vendors.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e (SentinelLabs), \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e (Art of Noh) and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e (SecurityWeek).\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"NCSC exposé on SVR/APT29 history and tactics\" rel=\"nofollow\" href=\"https://www.ncsc.gov.uk/news/russian-foreign-intelligence-poses-global-threat-with-cyber-campaign-exploiting-established-vulnerabilities\"\u003eNCSC exposé on SVR/APT29 history and tactics\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"APT29 / Midnight Blizzard\" rel=\"nofollow\" href=\"https://attack.mitre.org/groups/G0016/\"\u003eAPT29 / Midnight Blizzard\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"VIDEO: A Surprise Encounter With A Telco APT\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=xCU47bJoLho\u0026amp;ab_channel=HackInTheBoxSecurityConference\"\u003eVIDEO: A Surprise Encounter With A Telco APT\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Athens Affair - IEEE Spectrum\" rel=\"nofollow\" href=\"https://spectrum.ieee.org/the-athens-affair\"\u003eThe Athens Affair - IEEE Spectrum\n\u003c/a\u003e \u0026mdash; How some extremely smart hackers pulled off the most audacious cell-network break-in ever\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Wikipedia: The Athens Affair\" rel=\"nofollow\" href=\"https://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%80%9305\"\u003eWikipedia: The Athens Affair\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"WSJ report on Salt Typhoon hacks\" rel=\"nofollow\" href=\"https://www.wsj.com/politics/national-security/u-s-officials-race-to-understand-severity-of-chinas-salt-typhoon-hacks-6e7c3951\"\u003eWSJ report on Salt Typhoon hacks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"In-the-wild zero-day counter\" rel=\"nofollow\" href=\"https://www.zero-day.cz/\"\u003eIn-the-wild zero-day counter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Confirms Exploited Zero-Day in Windows Management Console\" rel=\"nofollow\" href=\"https://www.securityweek.com/patch-tuesday-microsoft-confirms-exploited-zero-day-in-windows-management-console/\"\u003eMicrosoft Confirms Exploited Zero-Day in Windows Management Console\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 16: We break down the new GCHQ advisory on the history and tactics of Russia’s APT29, the challenges of tracking and defending against these sophisticated espionage programs, the mysterious Salt Typhoon intrusions, the absence of technical indicators (IOCs), the risks of supply chain attacks. We also touch on the surge in zero-day discoveries, the nonstop flow of exploited Ivanti security bugs, and why the CSRB should investigate these network edge device and appliance vendors.\r\n\r\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).","date_published":"2024-10-11T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/b270f0b1-359a-43e1-b218-7b1329f43093.mp3","mime_type":"audio/mpeg","size_in_bytes":52742416,"duration_in_seconds":4149}]},{"id":"dae2bdfe-9bc3-41af-88f1-c41782d35f84","title":"Careto returns, IDA Pro pricing controversy, crypto's North Korea problem","url":"https://securityconversations.fireside.fm/tbp-ep15","content_text":"Three Buddy Problem - Episode 15: Juanito checks in from Virus Bulletin with news on the return of Careto/Mask, a ‘milk-carton’ APT linked to Spain. We also cover the latest controversy surrounding IDA Pro's subscription model, a major new YARA update, and ongoing issues with VirusTotal's value and pricing. The conversation shifts to North Korean cyber operations, particularly the infiltration of prominent crypto companies, Tom Rid's essay on Russian disinformation results, and the US government's ICE department using commercial spyware from an Israeli vendor.\n\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).Links:Transcript (unedited, AI-generated)\nVB abstract: The Mask has been unmasked again\nDiscover IDA 9.0\nBinary Ninja\nVertex Synapse\nYARA-X\nMicrosoft on Star Blizzard disruption\nTom Rid: The lies Russia tells itself\nNorth Korea caught targeting German missile manufacturer\nHow North Korea infiltrated the crypto industry\nICE signs $2M contract with spyware maker Paragon\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 15\u003c/strong\u003e: Juanito checks in from Virus Bulletin with news on the return of Careto/Mask, a ‘milk-carton’ APT linked to Spain. We also cover the latest controversy surrounding IDA Pro's subscription model, a major new YARA update, and ongoing issues with VirusTotal's value and pricing. The conversation shifts to North Korean cyber operations, particularly the infiltration of prominent crypto companies, Tom Rid's essay on Russian disinformation results, and the US government's ICE department using commercial spyware from an Israeli vendor.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade\u003c/a\u003e (SentinelLabs), \u003ca href=\"https://twitter.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e (Art of Noh) and \u003ca href=\"https://twitter.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e (SecurityWeek).\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1UaVJw7KE2Bl1p1ftqiE5g_CvMXe91eqNfv1_pKAx9uY/edit?usp=sharing\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"VB abstract: The Mask has been unmasked again\" rel=\"nofollow\" href=\"https://www.virusbulletin.com/conference/vb2024/abstracts/mask-has-been-unmasked-again/\"\u003eVB abstract: The Mask has been unmasked again\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Discover IDA 9.0\" rel=\"nofollow\" href=\"https://hex-rays.com/blog/discover-ida-9.0-exciting-new-features-and-improvements\"\u003eDiscover IDA 9.0\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Binary Ninja\" rel=\"nofollow\" href=\"https://binary.ninja/\"\u003eBinary Ninja\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Vertex Synapse\" rel=\"nofollow\" href=\"https://vertex.link/synapse\"\u003eVertex Synapse\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"YARA-X\" rel=\"nofollow\" href=\"https://virustotal.github.io/yara-x/\"\u003eYARA-X\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft on Star Blizzard disruption\" rel=\"nofollow\" href=\"https://blogs.microsoft.com/on-the-issues/2024/10/03/protecting-democratic-institutions-from-cyber-threats/\"\u003eMicrosoft on Star Blizzard disruption\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Tom Rid: The lies Russia tells itself\" rel=\"nofollow\" href=\"https://archive.ph/ZCFqK\"\u003eTom Rid: The lies Russia tells itself\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"North Korea caught targeting German missile manufacturer\" rel=\"nofollow\" href=\"https://www.securityweek.com/north-korea-hackers-linked-to-breach-of-german-missile-manufacturer/\"\u003eNorth Korea caught targeting German missile manufacturer\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How North Korea infiltrated the crypto industry\" rel=\"nofollow\" href=\"https://www.coindesk.com/tech/2024/10/02/how-north-korea-infiltrated-the-crypto-industry/\"\u003eHow North Korea infiltrated the crypto industry\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ICE signs $2M contract with spyware maker Paragon\" rel=\"nofollow\" href=\"https://archive.ph/nCEjT\"\u003eICE signs $2M contract with spyware maker Paragon\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 15: Juanito checks in from Virus Bulletin with news on the return of Careto/Mask, a ‘milk-carton’ APT linked to Spain. We also cover the latest controversy surrounding IDA Pro's subscription model, a major new YARA update, and ongoing issues with VirusTotal's value and pricing. The conversation shifts to North Korean cyber operations, particularly the infiltration of prominent crypto companies, Tom Rid's essay on Russian disinformation results, and the US government's ICE department using commercial spyware from an Israeli vendor.\r\n\r\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).","date_published":"2024-10-04T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/dae2bdfe-9bc3-41af-88f1-c41782d35f84.mp3","mime_type":"audio/mpeg","size_in_bytes":73939478,"duration_in_seconds":5438}]},{"id":"7bd21833-9dcc-4396-a991-be2d3271f727","title":"Exploding beepers, critical CUPS flaws, Windows Recall rebuilt for security","url":"https://securityconversations.fireside.fm/tbp-ep14","content_text":"Three Buddy Problem - Episode 14: The buddies are back together for a discussion on Juan’s LABScon keynote and mental health realities, Microsoft rewriting the Windows Recall security architecture, a new CVSS 9.9 Linux CUPS flaw, Kaspersky's controversial transition to Ultra AV, and the intelligence operations surrounding exploding pagers in Lebanon.\n\n(This episode is dedicated to the memory of Jeff Wade from Solis, who was an important part of the LABScon family.)\n\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).Links:The Consolation of Threat Intel (JAG-S LABScon keynote)\nLABScon - Security Research in Real Time\nWindows Recall gets major security makeover\nDavid Weston on Windows Recall security reboot\nCritical Linux CUPS remote code execution \nHow Israel Built Exploding Pagers\n — How Israel Built a Modern-Day Trojan Horse: Exploding Pagers\nApple Suddenly Drops NSO Group Spyware Lawsuit\nCrowdStrike Overhauls Testing and Rollout Procedures\nMicrosoft Redesigning EDR Vendor Access to Windows Kernel - SecurityWeek\nKaspersky Sparks Outrage as UltraAV Takes Over Systems Without Consent\nTranscript (unedited, AI-generated)\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 14\u003c/strong\u003e: The buddies are back together for a discussion on Juan’s LABScon keynote and mental health realities, Microsoft rewriting the Windows Recall security architecture, a new CVSS 9.9 Linux CUPS flaw, Kaspersky's controversial transition to Ultra AV, and the intelligence operations surrounding exploding pagers in Lebanon.\u003c/p\u003e\n\n\u003cp\u003e(\u003cem\u003eThis episode is dedicated to the memory of Jeff Wade from Solis, who was an important part of the LABScon family.\u003c/em\u003e)\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"The Consolation of Threat Intel (JAG-S LABScon keynote)\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/ep13-the-consolation-of-threat-intel-jag-s-labscon-keynote/\"\u003eThe Consolation of Threat Intel (JAG-S LABScon keynote)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon - Security Research in Real Time\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon - Security Research in Real Time\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Windows Recall gets major security makeover\" rel=\"nofollow\" href=\"https://www.securityweek.com/microsofts-controversial-recall-returns-with-proof-of-presence-encryption-data-isolation-opt-in-model/\"\u003eWindows Recall gets major security makeover\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"David Weston on Windows Recall security reboot\" rel=\"nofollow\" href=\"https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/\"\u003eDavid Weston on Windows Recall security reboot\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Critical Linux CUPS remote code execution \" rel=\"nofollow\" href=\"https://www.theregister.com/2024/09/26/cups_linux_rce_disclosed/\"\u003eCritical Linux CUPS remote code execution \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How Israel Built Exploding Pagers\" rel=\"nofollow\" href=\"https://archive.ph/kKDVy\"\u003eHow Israel Built Exploding Pagers\n\u003c/a\u003e \u0026mdash; How Israel Built a Modern-Day Trojan Horse: Exploding Pagers\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple Suddenly Drops NSO Group Spyware Lawsuit\" rel=\"nofollow\" href=\"https://www.securityweek.com/apple-suddenly-drops-nso-group-spyware-lawsuit/\"\u003eApple Suddenly Drops NSO Group Spyware Lawsuit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CrowdStrike Overhauls Testing and Rollout Procedures\" rel=\"nofollow\" href=\"https://www.securityweek.com/crowdstrike-overhauls-testing-and-rollout-procedures-to-avoid-bsod-crashes/\"\u003eCrowdStrike Overhauls Testing and Rollout Procedures\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Redesigning EDR Vendor Access to Windows Kernel - SecurityWeek\" rel=\"nofollow\" href=\"https://www.securityweek.com/post-crowdstrike-fallout-microsoft-redesigning-edr-vendor-access-to-windows-kernel/\"\u003eMicrosoft Redesigning EDR Vendor Access to Windows Kernel - SecurityWeek\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Kaspersky Sparks Outrage as UltraAV Takes Over Systems Without Consent\" rel=\"nofollow\" href=\"https://www.securityweek.com/users-quick-to-remove-ultraav-after-silent-transition-from-kaspersky-antivirus/\"\u003eKaspersky Sparks Outrage as UltraAV Takes Over Systems Without Consent\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/10P5vAvj_MQplH8XPtYKr6mGuNVhPjxZePgI5y4cKPBw/edit#heading=h.rbgx0o903h7o\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 14: The buddies are back together for a discussion on Juan’s LABScon keynote and mental health realities, Microsoft rewriting the Windows Recall security architecture, a new CVSS 9.9 Linux CUPS flaw, Kaspersky's controversial transition to Ultra AV, and the intelligence operations surrounding exploding pagers in Lebanon.\r\n\r\nThis episode is dedicated to the memory of Jeff Wade from Solis, who was an important part of the LABScon family.\r\n\r\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).","date_published":"2024-09-28T12:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/7bd21833-9dcc-4396-a991-be2d3271f727.mp3","mime_type":"audio/mpeg","size_in_bytes":63398046,"duration_in_seconds":4747}]},{"id":"6ceedb7b-2400-45e2-8798-027400574c18","title":"Ep13: The Consolation of Threat Intel (JAG-S LABScon keynote)","url":"https://securityconversations.fireside.fm/tbp-ep13","content_text":"Three Buddy Problem - Episode 13: This is a special edition of the show, featuring Juan Andres Guerrero-Saade's full keynote day remarks at LABScon2024. In this talk, Juanito addresses the current state of the threat intelligence industry, expressing a need for a difficult conversation about its direction and purpose. He discusses feelings of disenfranchisement among professionals, the void in meaningful work, and the importance of reclaiming control and value in cybersecurity. Juan emphasizes the need for researchers, journalists, and even VCs, to be the change to reinvigorate the industry and ensure its relevance and impact.\n\nCast: Juan Andres Guerrero-Saade (SentinelLabs). Costin Raiu and Ryan Naraine are listening to this episode.Links:LABScon 2024\nJ. A. Guerrero-Saade on Twitter\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 13\u003c/strong\u003e: This is a special edition of the show, featuring Juan Andres Guerrero-Saade's full keynote day remarks at LABScon2024. In this talk, Juanito addresses the current state of the threat intelligence industry, expressing a need for a difficult conversation about its direction and purpose. He discusses feelings of disenfranchisement among professionals, the void in meaningful work, and the importance of reclaiming control and value in cybersecurity. Juan emphasizes the need for researchers, journalists, and even VCs, to be the change to reinvigorate the industry and ensure its relevance and impact.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e Juan Andres Guerrero-Saade (SentinelLabs). Costin Raiu and Ryan Naraine are listening to this episode.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"LABScon 2024\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon 2024\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"J. A. Guerrero-Saade on Twitter\" rel=\"nofollow\" href=\"https://x.com/juanandres_gs\"\u003eJ. A. Guerrero-Saade on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem Episode 13: This is a special edition of the show, featuring Juan Andres Guerrero-Saade's full keynote day remarks at LABScon2024. In this talk, Juanito addresses the current state of the threat intelligence industry, expressing a need for a difficult conversation about its direction and purpose. He discusses feelings of disenfranchisement among professionals, the void in meaningful work, and the importance of reclaiming control and value in cybersecurity. Juan emphasizes the need for researchers, journalists, and even VCs, to be the change to reinvigorate the industry and ensure its relevance and impact.\r\n\r\nCast: Juan Andres Guerrero-Saade (SentinelLabs). Costin Raiu and Ryan Naraine are listening to this episode.","date_published":"2024-09-21T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6ceedb7b-2400-45e2-8798-027400574c18.mp3","mime_type":"audio/mpeg","size_in_bytes":30869148,"duration_in_seconds":1901}]},{"id":"ffff9da7-62a5-420f-9de7-6ff155b11720","title":"Ep12: Security use-cases for AI chain-of-thought reasoning","url":"https://securityconversations.fireside.fm/chain-of-thoughtreasoningcomestoai","content_text":"Three Buddy Problem - Episode 12: Gabriel Bernadett-Shapiro joins the show for an extended conversation on artificial intelligence and cybersecurity. We discuss the hype around OpenAI's new o1 model, AI chain-of-thought reasoning and security use-cases, pervasive chatbots and privacy concerns, and the ongoing debate between open source and closed source AI models.\n\nCast: Gabriel Bernadett-Shapiro , Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek). \n\n\nCostin Raiu is on vacation.\nLinks:Transcript\nGabe Bernadett-Shapiro at the Alperovitch Institute\nIntroducing OpenAI o1\nOpenAI's o1 model 'cheated' on an impossible test\nOpenAI o1 System Card\nLearning to Reason with LLMs\nLABScon 2024 Full Agenda\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 12\u003c/strong\u003e: Gabriel Bernadett-Shapiro joins the show for an extended conversation on artificial intelligence and cybersecurity. We discuss the hype around OpenAI's new o1 model, AI chain-of-thought reasoning and security use-cases, pervasive chatbots and privacy concerns, and the ongoing debate between open source and closed source AI models.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://x.com/Gabeincognito\" target=\"_blank\" rel=\"nofollow noopener\"\u003e Gabriel Bernadett-Shapiro \u003c/a\u003e , \u003ca href=\"https://x.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade \u003c/a\u003e(SentinelLabs), \u003ca href=\"https://x.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e (SecurityWeek). \u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eCostin Raiu is on vacation.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1VBfGw5k6ed8rjQgA-aCRKdVNIBArxA-33FvxjOVZVHY/edit?usp=sharing\"\u003eTranscript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Gabe Bernadett-Shapiro at the Alperovitch Institute\" rel=\"nofollow\" href=\"https://alperovitch.sais.jhu.edu/diving-into-the-world-of-ai-machine-learning-w-gabriel-bernadett-shapiro/\"\u003eGabe Bernadett-Shapiro at the Alperovitch Institute\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Introducing OpenAI o1\" rel=\"nofollow\" href=\"https://openai.com/index/introducing-openai-o1-preview/\"\u003eIntroducing OpenAI o1\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OpenAI\u0026#39;s o1 model \u0026#39;cheated\u0026#39; on an impossible test\" rel=\"nofollow\" href=\"https://www.tomsguide.com/ai/chatgpt/openais-new-chatgpt-o1-model-cheated-on-an-impossible-test-heres-what-happened\"\u003eOpenAI's o1 model 'cheated' on an impossible test\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OpenAI o1 System Card\" rel=\"nofollow\" href=\"https://assets.ctfassets.net/kftzwdyauwt9/67qJD51Aur3eIc96iOfeOP/71551c3d223cd97e591aa89567306912/o1_system_card.pdf\"\u003eOpenAI o1 System Card\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Learning to Reason with LLMs\" rel=\"nofollow\" href=\"https://openai.com/index/learning-to-reason-with-llms/\"\u003eLearning to Reason with LLMs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2024 Full Agenda\" rel=\"nofollow\" href=\"https://events.sentinelone.com/event/LABScon2024/websitePage:9107aab7-3c7b-47d0-bad4-4f85cf7fcecd\"\u003eLABScon 2024 Full Agenda\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 12: Gabriel Bernadett-Shapiro joins the show for an extended conversation on artificial intelligence and cybersecurity. We discuss the hype around OpenAI's new o1 model, AI chain-of-thought reasoning and security use-cases, pervasive chatbots and privacy concerns, and the ongoing debate between open source and closed source AI models.\r\n\r\nCast: Gabriel Bernadett-Shapiro, Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)\r\n\r\n* Costin Raiu is on vacation.","date_published":"2024-09-14T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/ffff9da7-62a5-420f-9de7-6ff155b11720.mp3","mime_type":"audio/mpeg","size_in_bytes":60684575,"duration_in_seconds":4460}]},{"id":"f6139b28-a754-4280-9c11-a9de522d2348","title":"Ep11: Cyberwarfare takes an ominous turn","url":"https://securityconversations.fireside.fm/cyberwarfare-takes-an-ominous-turn","content_text":"Three Buddy Problem - Episode 11: Russia's notorious GRU Unit 29155 (previously tied to assassinations, poisonings and coup attempts) now blamed for destructive cyberattacks for sabotage; FBI and DOJ take down 'Doppelganger' network spreading Russian propaganda; CISA's budget, staff, advisories and YARA rules; Influence Operations 2.0; prolific Chinese hackers and global bug-disclosure implications; North Korean hacking capabilities and 0day expertise.\n\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)Links:Transcript (unedited)\nCISA advisory on GRU Unit 29155\n — Russian Military Cyber Actors Target US and Global Critical Infrastructure\nRussian Military Unit Tied to Assassinations Caught Doing Cyber Sabotage\nDoppelganger takedown\nU.S. says Russian bots, RT operatives interfere in elections\nOutsized Impact of a Few Chinese Hackers\nKorean zero-day discovery\nNorth Korea caught exploiting Chromium zero-day\nLABScon24 Agenda\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 11\u003c/strong\u003e: Russia's notorious GRU Unit 29155 (previously tied to assassinations, poisonings and coup attempts) now blamed for destructive cyberattacks for sabotage; FBI and DOJ take down 'Doppelganger' network spreading Russian propaganda; CISA's budget, staff, advisories and YARA rules; Influence Operations 2.0; prolific Chinese hackers and global bug-disclosure implications; North Korean hacking capabilities and 0day expertise.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eCast:\u003c/strong\u003e \u003ca href=\"https://x.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade \u003c/a\u003e(SentinelLabs), \u003ca href=\"https://x.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e (Art of Noh), \u003ca href=\"https://x.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e (SecurityWeek)\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1jCRDYi37JVCLOSjO8WR15qxuH6PNacAwjTD7Xs8jblg/edit#heading=h.r1e6eglcl8gr\"\u003eTranscript (unedited)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA advisory on GRU Unit 29155\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a\"\u003eCISA advisory on GRU Unit 29155\n\u003c/a\u003e \u0026mdash; Russian Military Cyber Actors Target US and Global Critical Infrastructure\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian Military Unit Tied to Assassinations Caught Doing Cyber Sabotage\" rel=\"nofollow\" href=\"https://www.securityweek.com/russian-gru-unit-tied-to-assassinations-linked-to-global-cyber-sabotage-and-espionage/\"\u003eRussian Military Unit Tied to Assassinations Caught Doing Cyber Sabotage\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Doppelganger takedown\" rel=\"nofollow\" href=\"https://www.justice.gov/opa/pr/justice-department-disrupts-covert-russian-government-sponsored-foreign-malign-influence\"\u003eDoppelganger takedown\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"U.S. says Russian bots, RT operatives interfere in elections\" rel=\"nofollow\" href=\"https://www.npr.org/2024/09/04/nx-s1-5100329/us-russia-election-interference-bots-2024\"\u003eU.S. says Russian bots, RT operatives interfere in elections\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Outsized Impact of a Few Chinese Hackers\" rel=\"nofollow\" href=\"https://warontherocks.com/2024/09/from-world-champions-to-state-assets-the-outsized-impact-of-a-few-chinese-hackers/\"\u003eOutsized Impact of a Few Chinese Hackers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Korean zero-day discovery\" rel=\"nofollow\" href=\"https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office/\"\u003eKorean zero-day discovery\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"North Korea caught exploiting Chromium zero-day\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/\"\u003eNorth Korea caught exploiting Chromium zero-day\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"#LABScon24 Agenda\" rel=\"nofollow\" href=\"https://s1.ai/agenda24\"\u003eLABScon24 Agenda\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 11: Russia's notorious GRU Unit 29155 (previously tied to assassinations, poisonings and coup attempts) now blamed for destructive cyberattacks for sabotage; FBI and DOJ take down 'Doppelganger' network spreading Russian propaganda; CISA's budget, staff, advisories and YARA rules; Influence Operations 2.0; prolific Chinese hackers and global bug-disclosure implications; North Korean hacking capabilities and 0day expertise.\r\n\r\nCast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)","date_published":"2024-09-06T01:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/f6139b28-a754-4280-9c11-a9de522d2348.mp3","mime_type":"audio/mpeg","size_in_bytes":59083969,"duration_in_seconds":4513}]},{"id":"a8b95520-0c50-46d8-bc16-25bbab115bb9","title":"Ep10: Volt Typhoon zero-day, Russia's APT29 reusing spyware exploits, Pavel Durov's arrest","url":"https://securityconversations.fireside.fm/tbp-ep10","content_text":"Three Buddy Problem - Episode 10: Top stories this week -- Volt Typhoon zero-day exploitation of Versa Director servers, Chinese APT building botnets with EOL routers, the gap in security solutions for network devices and appliances, Russia's APT29 (Midnight Blizzard) caught reusing exploits from NSO Group and Intellexa, Microsoft’s upcoming Windows endpoint security summit in response to the CrowdStrike incident, and the arrest of Telegram’s Pavel Durov in France. Plus, the NSA is launching a podcast.\n\nHosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)Links:Transcript (unedited)\nChina's Volt Typhoon Exploiting Zero-Day in Servers Used by ISPs, MSPs\nVersa Director Zero-Day Exploitation - Black Lotus Labs\nCVE-2024-39717 – Versa Director Dangerous File Type Upload Vulnerability\nGoogle TAG: APT29 using same exploits as Intellexa, NSO Group\nRussia's APT29 Reusing Exploits From Spyware Merchants\nOfficial Pavel Durov charges (PDF)\nWSJ: Pavel Durov's iPhone was hacked by France, UAE\nMicrosoft Calls EDR Summit\nNSA to Launch ‘No Such Podcast’\nLABScon 2024 Speakers\nAPT29 / Midnight Blizzard\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 10\u003c/strong\u003e: Top stories this week -- Volt Typhoon zero-day exploitation of Versa Director servers, Chinese APT building botnets with EOL routers, the gap in security solutions for network devices and appliances, Russia's APT29 (Midnight Blizzard) caught reusing exploits from NSO Group and Intellexa, Microsoft’s upcoming Windows endpoint security summit in response to the CrowdStrike incident, and the arrest of Telegram’s Pavel Durov in France. Plus, the NSA is launching a podcast.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eHosts:\u003c/strong\u003e \u003ca href=\"https://x.com/craiu\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCostin Raiu\u003c/a\u003e (Art of Noh), \u003ca href=\"https://x.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003eJuan Andres Guerrero-Saade \u003c/a\u003e(SentinelLabs), \u003ca href=\"https://x.com/ryanaraine\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRyan Naraine\u003c/a\u003e (SecurityWeek)\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1Ke2F-qUJpxb6Mnx7wOFYeteoZqfDs_bPqg0jXAyXtGU/edit#heading=h.roy1ekwa04iz\"\u003eTranscript (unedited)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"China\u0026#39;s Volt Typhoon Exploiting Zero-Day in Servers Used by ISPs, MSPs\" rel=\"nofollow\" href=\"https://www.securityweek.com/chinese-apt-volt-typhoon-caught-exploiting-versa-networks-sd-wan-zero-day/\"\u003eChina's Volt Typhoon Exploiting Zero-Day in Servers Used by ISPs, MSPs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Versa Director Zero-Day Exploitation - Black Lotus Labs\" rel=\"nofollow\" href=\"https://blog.lumen.com/taking-the-crossroads-the-versa-director-zero-day-exploitation/\"\u003eVersa Director Zero-Day Exploitation - Black Lotus Labs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CVE-2024-39717 – Versa Director Dangerous File Type Upload Vulnerability\" rel=\"nofollow\" href=\"https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/\"\u003eCVE-2024-39717 – Versa Director Dangerous File Type Upload Vulnerability\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google TAG: APT29 using same exploits as Intellexa, NSO Group\" rel=\"nofollow\" href=\"https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/\"\u003eGoogle TAG: APT29 using same exploits as Intellexa, NSO Group\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russia\u0026#39;s APT29 Reusing Exploits From Spyware Merchants\" rel=\"nofollow\" href=\"https://www.securityweek.com/google-catches-russian-apt-re-using-exploits-from-spyware-merchants-nso-group-intellexa/\"\u003eRussia's APT29 Reusing Exploits From Spyware Merchants\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Official Pavel Durov charges (PDF)\" rel=\"nofollow\" href=\"https://www.tribunal-de-paris.justice.fr/sites/default/files/2024-08/2024-08-26%20-%20CP%20TELEGRAM%20.pdf\"\u003eOfficial Pavel Durov charges (PDF)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"WSJ: Pavel Durov\u0026#39;s iPhone was hacked by France, UAE\" rel=\"nofollow\" href=\"https://archive.ph/FFPt2\"\u003eWSJ: Pavel Durov's iPhone was hacked by France, UAE\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Calls EDR Summit\" rel=\"nofollow\" href=\"https://blogs.windows.com/windowsexperience/2024/08/23/microsoft-to-host-windows-endpoint-security-ecosystem-summit-in-september/\"\u003eMicrosoft Calls EDR Summit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NSA to Launch ‘No Such Podcast’\" rel=\"nofollow\" href=\"https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/article/3888139/nsa-to-launch-no-such-podcast-pulling-back-curtain-on-mission-culture-people/\"\u003eNSA to Launch ‘No Such Podcast’\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2024 Speakers\" rel=\"nofollow\" href=\"https://www.labscon.io/speakers/\"\u003eLABScon 2024 Speakers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"APT29 / Midnight Blizzard\" rel=\"nofollow\" href=\"https://malpedia.caad.fkie.fraunhofer.de/actor/apt29\"\u003eAPT29 / Midnight Blizzard\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Three Buddy Problem - Episode 10 -- Top stories this week: Volt Typhoon zero-day exploitation of Versa Director servers, Chinese APT building botnets with EOL routers, the gap in security solutions for network devices and appliances, Russia's APT29 (Midnight Blizzard) caught reusing exploits from NSO Group and Intellexa, Microsoft’s upcoming Windows endpoint security summit in response to the CrowdStrike incident, and the arrest of Telegram’s Pavel Durov in France. Plus, the NSA is launching a podcast.\r\n\r\nHosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)","date_published":"2024-08-30T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a8b95520-0c50-46d8-bc16-25bbab115bb9.mp3","mime_type":"audio/mpeg","size_in_bytes":60633397,"duration_in_seconds":4717}]},{"id":"7e54af0b-f1c0-4741-8b5c-e90eddd617b7","title":"Ep9: The blurring lines between nation-state APTs and the ransomware epidemic","url":"https://securityconversations.fireside.fm/tbp-ep9","content_text":"Three Buddy Problem - Episode 9: On this episode, we look at the hacking scene in Taiwan, the sad state of visibility into big malware campaigns, the absence of APTs linked to the prolific MIVD Dutch intelligence agency, the blurring lines between big ransomware heists and nation-state actors caught using ransomware as a tool for sabotage and misattribution. \n\nPlus, Chinese mobile OS vendor Xiaoimi caught disabling parts of its infrastructure -- including its global app store -- to thwart Pwn2Own contestants; and news of an addition to the LABScon 2024 keynote stage.\n\nHosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)Links:WSJ: The Real Story of the Nord Stream Pipeline Sabotage\nMIVD - The Little Spy Agency That Can\nIran behind Trump campaign hack\nXiaomi Caught Patching, Unpatching Pwn2Own RCE Vuln\nDakota Cary on Xiaomi Pwn2Own patch shenanigans\nTranscript (unedited)\nTerritorial Dispute by Boldi\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 9\u003c/strong\u003e: On this episode, we look at the hacking scene in Taiwan, the sad state of visibility into big malware campaigns, the absence of APTs linked to the prolific MIVD Dutch intelligence agency, the blurring lines between big ransomware heists and nation-state actors caught using ransomware as a tool for sabotage and misattribution. \u003c/p\u003e\n\n\u003cp\u003ePlus, Chinese mobile OS vendor Xiaoimi caught disabling parts of its infrastructure -- including its global app store -- to thwart Pwn2Own contestants; and news of an addition to the LABScon 2024 keynote stage.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eHosts:\u003c/strong\u003e Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"WSJ: The Real Story of the Nord Stream Pipeline Sabotage\" rel=\"nofollow\" href=\"https://archive.ph/TR92c\"\u003eWSJ: The Real Story of the Nord Stream Pipeline Sabotage\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"MIVD - The Little Spy Agency That Can\" rel=\"nofollow\" href=\"https://www.spytalk.co/p/the-little-spy-agency-that-can\"\u003eMIVD - The Little Spy Agency That Can\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Iran behind Trump campaign hack\" rel=\"nofollow\" href=\"https://www.reuters.com/world/trump-campaigns-iranian-hackers-have-dangerous-history-deep-expertise-2024-08-23/\"\u003eIran behind Trump campaign hack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Xiaomi Caught Patching, Unpatching Pwn2Own RCE Vuln\" rel=\"nofollow\" href=\"https://hackhunting.com/2024/08/22/xiaomi-patched-an-rce-vulnerability-before-pwn2own-toronto-2023-and-removed-the-patch-afterwards/\"\u003eXiaomi Caught Patching, Unpatching Pwn2Own RCE Vuln\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dakota Cary on Xiaomi Pwn2Own patch shenanigans\" rel=\"nofollow\" href=\"https://x.com/dakotaindc/status/1826774594159849586?s=46\u0026amp;t=ePKy91eN-ionB9LpDaBXcA\"\u003eDakota Cary on Xiaomi Pwn2Own patch shenanigans\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1l51jwxKqG3mPAe646xgu7PlbqxLee8hIf3CvuHv1lkI/edit?usp=sharing\"\u003eTranscript (unedited)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Territorial Dispute by Boldi\" rel=\"nofollow\" href=\"https://www.crysys.hu/publications/files/tedi/ukatemicrysys_territorialdispute.pdf\"\u003eTerritorial Dispute by Boldi\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"The 'Three Buddy Problem' Podcast Episode 9: On this episode, we look at the hacking scene in Taiwan, the sad state of visibility into big malware campaigns, the absence of APTs linked to the prolific MIVD Dutch intelligence agency, the blurring lines between big ransomware heists and nation-state actors caught using ransomware as a tool for sabotage and misattribution. \r\n\r\nPlus, Chinese mobile OS vendor Xiaoimi caught disabling parts of its infrastructure -- including its global app store -- to thwart Pwn2Own contestants; and news of an addition to the LABScon 2024 keynote stage.\r\n\r\nHosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)","date_published":"2024-08-23T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/7e54af0b-f1c0-4741-8b5c-e90eddd617b7.mp3","mime_type":"audio/mpeg","size_in_bytes":57472403,"duration_in_seconds":3976}]},{"id":"41525c06-937d-4766-8bb0-e94c8a297650","title":"Ep8: Microsoft's zero-days and a wormable Windows TCP/IP flaw known to China","url":"https://securityconversations.fireside.fm/tbp-ep8","content_text":"Three Buddy Problem - Episode 8: This week’s show digs into Microsoft’s in-the-wild zero-day woes, Patch Tuesday and the absence of IOCs, a wormable Windows TCP/IP flaw that the Chinese government knew about for months, Iran’s aggressive hacking US election targets, CrowdStrike v Qihoo360 and major problems with APT naming conventions.\n\nHosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)Links:Episode 8 Transcript\nSix Windows Zero-Days Being Actively Exploited\nCVE-2024-38063 - Windows Ping of Death\nWormable TCP/IP flaw known to China\n — Chinese researcher Xiao Wei of Cyber KunLun said he discovered the vulnerability “several months ago.” \nGoogle TAG: Iran steps hacking against Israel, U.S.\nMicrosoft report on Iran election hacking\nQihoo claims CrowdStrike bug exploitable\nCrowdStrike root cause analysis\nLABScon - Speakers 2024\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 8\u003c/strong\u003e: This week’s show digs into Microsoft’s in-the-wild zero-day woes, Patch Tuesday and the absence of IOCs, a wormable Windows TCP/IP flaw that the Chinese government knew about for months, Iran’s aggressive hacking US election targets, CrowdStrike v Qihoo360 and major problems with APT naming conventions.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eHosts:\u003c/strong\u003e Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Episode 8 Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1zhmvqqWPnK7FLZK38LWGBKm2u29leNXiVESA9mBtrns/edit#heading=h.79ibg3a5rrr7\"\u003eEpisode 8 Transcript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Six Windows Zero-Days Being Actively Exploited\" rel=\"nofollow\" href=\"https://www.securityweek.com/microsoft-warns-of-six-windows-zero-days-being-actively-exploited/\"\u003eSix Windows Zero-Days Being Actively Exploited\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CVE-2024-38063 - Windows Ping of Death\" rel=\"nofollow\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063\"\u003eCVE-2024-38063 - Windows Ping of Death\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Wormable TCP/IP flaw known to China\" rel=\"nofollow\" href=\"https://www.securityweek.com/zero-click-exploit-concerns-drive-urgent-patching-of-windows-tcp-ip-flaw/\"\u003eWormable TCP/IP flaw known to China\n\u003c/a\u003e \u0026mdash; Chinese researcher Xiao Wei of Cyber KunLun said he discovered the vulnerability “several months ago.” \n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google TAG: Iran steps hacking against Israel, U.S.\" rel=\"nofollow\" href=\"https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/\"\u003eGoogle TAG: Iran steps hacking against Israel, U.S.\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft report on Iran election hacking\" rel=\"nofollow\" href=\"https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/5bc57431-a7a9-49ad-944d-b93b7d35d0fc.pdf\"\u003eMicrosoft report on Iran election hacking\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Qihoo claims CrowdStrike bug exploitable\" rel=\"nofollow\" href=\"https://mp-weixin-qq-com.translate.goog/s/uD7mhzyRSX1dTW-TMg4UhQ?_x_tr_sl=auto\u0026amp;_x_tr_tl=en\u0026amp;_x_tr_hl=en\u0026amp;_x_tr_pto=wapp\"\u003eQihoo claims CrowdStrike bug exploitable\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CrowdStrike root cause analysis\" rel=\"nofollow\" href=\"https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf\"\u003eCrowdStrike root cause analysis\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon - Speakers 2024\" rel=\"nofollow\" href=\"https://www.labscon.io/speakers/\"\u003eLABScon - Speakers 2024\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"The 'Three Buddy Problem' Podcast Episode 8: This week’s show digs into Microsoft’s in-the-wild zero-day woes, Patch Tuesday and the absence of IOCs, a wormable Windows TCP/IP flaw that the Chinese government knew about for months, Iran’s aggressive hacking US election targets, CrowdStrike v Qihoo360 and major problems with APT naming conventions.\r\n\r\nHosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)","date_published":"2024-08-17T04:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/41525c06-937d-4766-8bb0-e94c8a297650.mp3","mime_type":"audio/mpeg","size_in_bytes":62622049,"duration_in_seconds":4665}]},{"id":"644134aa-4795-434a-8b2d-9a748cab7561","title":"Ep7: Crowd2K and the kernel, PKFail supply chain failures, Paris trains sabotage and Russian Olympic attacks","url":"https://securityconversations.fireside.fm/tbp-ep7","content_text":"Three Buddy Problem - Episode 7: In this episode, we try to close the book on the CrowdStrike Windows BSOD story, Microsoft VP David Weston’s technical documentation and issues around kernel access and OS resilience. We also discuss Binarly’s PKFail research, secure boot bypasses, Dan Geer and tech monoculture, software vendor liability issues and the need for inspectability in security mechanisms.\n\nThe conversation explores cyber angles to train service disruptions in Paris, the history of cyber operations targeting the Olympics, the lack of public acknowledgment and attribution of cyber operations by Western intelligence agencies, and the importance of transparency and case studies in understanding and discussing cyber operations.\n\nHosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)Links:Episode Transcript\nMicrosoft VP David Weston on CrowdStrike issue\nDelta seeking damages from CrowdStrike, Microsoft\nWealthy Russian With Kremlin Ties Gets 9 Years in Prison for Hacking and Insider Trading Scheme\nIndustroyer\nCountdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon\nLABScon Speakers\nLivestream from DEFCON 32\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 7\u003c/strong\u003e: In this episode, we try to close the book on the CrowdStrike Windows BSOD story, Microsoft VP David Weston’s technical documentation and issues around kernel access and OS resilience. We also discuss Binarly’s PKFail research, secure boot bypasses, Dan Geer and tech monoculture, software vendor liability issues and the need for inspectability in security mechanisms.\u003c/p\u003e\n\n\u003cp\u003eThe conversation explores cyber angles to train service disruptions in Paris, the history of cyber operations targeting the Olympics, the lack of public acknowledgment and attribution of cyber operations by Western intelligence agencies, and the importance of transparency and case studies in understanding and discussing cyber operations.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eHosts:\u003c/strong\u003e Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Episode Transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1Xbor_CopwaQiZpInKRXNnyf5CF80bInYP1Yvl_2-wQ0/edit?usp=sharing\"\u003eEpisode Transcript\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft VP David Weston on CrowdStrike issue\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2024/07/27/windows-security-best-practices-for-integrating-and-managing-security-tools/\"\u003eMicrosoft VP David Weston on CrowdStrike issue\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Delta seeking damages from CrowdStrike, Microsoft\" rel=\"nofollow\" href=\"https://www.cnbc.com/2024/07/29/delta-hires-david-boies-to-seek-damages-from-crowdstrike-microsoft-.html\"\u003eDelta seeking damages from CrowdStrike, Microsoft\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Wealthy Russian With Kremlin Ties Gets 9 Years in Prison for Hacking and Insider Trading Scheme\" rel=\"nofollow\" href=\"https://www.securityweek.com/wealthy-russian-with-kremlin-ties-gets-9-years-in-prison-for-hacking-and-insider-trading-scheme/\"\u003eWealthy Russian With Kremlin Ties Gets 9 Years in Prison for Hacking and Insider Trading Scheme\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Industroyer\" rel=\"nofollow\" href=\"https://en.wikipedia.org/wiki/Industroyer\"\u003eIndustroyer\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Countdown to Zero Day: Stuxnet and the Launch of the World\u0026#39;s First Digital Weapon\" rel=\"nofollow\" href=\"https://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/0770436196\"\u003eCountdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon Speakers\" rel=\"nofollow\" href=\"https://www.labscon.io/speakers/\"\u003eLABScon Speakers\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Livestream from DEFCON 32\" rel=\"nofollow\" href=\"https://bishopfox.com/defcon-32-livestream\"\u003eLivestream from DEFCON 32\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"The 'Three Buddy Problem' Podcast Episode 7: In this episode, we try to close the book on the CrowdStrike Windows BSOD story, Microsoft VP David Weston’s technical documentation and issues around kernel access and OS resilience. We also discuss Binarly’s PKFail research, secure boot bypasses, Dan Geer and tech monoculture, software vendor liability issues and the need for inspectability in security mechanisms.\r\n\r\nThe conversation explores cyber angles to train service disruptions in Paris, the history of cyber operations targeting the Olympics, the lack of public acknowledgment and attribution of cyber operations by Western intelligence agencies, and the importance of transparency and case studies in understanding and discussing cyber operations.\r\n\r\nHosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)","date_published":"2024-08-02T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/644134aa-4795-434a-8b2d-9a748cab7561.mp3","mime_type":"audio/mpeg","size_in_bytes":66162188,"duration_in_seconds":4203}]},{"id":"874c67ec-26cd-4395-8713-df1b58629041","title":"Ep6: After CrowdStrike chaos, should Microsoft kick EDR agents out of Windows kernel?","url":"https://securityconversations.fireside.fm/tbp-ep6","content_text":"Three Buddy Problem - Episode 6: As the dust settles on the CrowdStrike incident that blue-screened 8.5 million Windows computers worldwide, we dig into CrowdStrike’s preliminary incident report, the lack of transparency in the update process and the need for more robust testing and validation. We also discuss Microsoft's responsibility to avoid infinite BSOD loops, risks of deploying EDR agents on critical systems, and how an EU settlement is being blamed for EDR vendors having access to the Windows kernel.\n\nOther topics on the show include Mandiant's attribution capabilities, North Korea’s gov-backed hacking teams launching ransomware on hospitals, KnowBe4 hiring a fake North Korean IT worker, and new developments in the NSO Group surveillance-ware lawsuit.\n\nHosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)Links:Episode transcript (Unedited, AI-generated)\nOfficial CrowdStrike preliminary post-mortem\nMicrosoft VP David Weston on CrowdStrike outage\nMicrosoft VP John Cable on the path forward\nMatt Suiche: Bob and Alice in Kernel-land\nRe-learning Lessons from the CrowdStrike Outage\nEp5: CrowdStrike's faulty update\nMandiant Report on North Korea's APT45\nCISA Advisory on North Korea APT45\nKnowBe4 Hires North Korean Fake IT Worker\nIsrael’s attempt to sway NSO/WhatsApp spyware case\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 6\u003c/strong\u003e: As the dust settles on the CrowdStrike incident that blue-screened 8.5 million Windows computers worldwide, we dig into CrowdStrike’s preliminary incident report, the lack of transparency in the update process and the need for more robust testing and validation. We also discuss Microsoft's responsibility to avoid infinite BSOD loops, risks of deploying EDR agents on critical systems, and how an EU settlement is being blamed for EDR vendors having access to the Windows kernel.\u003c/p\u003e\n\n\u003cp\u003eOther topics on the show include Mandiant's attribution capabilities, North Korea’s gov-backed hacking teams launching ransomware on hospitals, KnowBe4 hiring a fake North Korean IT worker, and new developments in the NSO Group surveillance-ware lawsuit.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eHosts:\u003c/strong\u003e Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Episode transcript (Unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1ulo0dHr89aShLeHG4TFScq7wErMO7KvJdGX_7oCNlH4/edit?usp=sharing\"\u003eEpisode transcript (Unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Official CrowdStrike preliminary post-mortem\" rel=\"nofollow\" href=\"https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/\"\u003eOfficial CrowdStrike preliminary post-mortem\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft VP David Weston on CrowdStrike outage\" rel=\"nofollow\" href=\"https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/\"\u003eMicrosoft VP David Weston on CrowdStrike outage\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft VP John Cable on the path forward\" rel=\"nofollow\" href=\"https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-resiliency-best-practices-and-the-path-forward/ba-p/4201550\"\u003eMicrosoft VP John Cable on the path forward\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Matt Suiche: Bob and Alice in Kernel-land\" rel=\"nofollow\" href=\"https://www.msuiche.com/posts/bob-and-alice-in-kernel-land/\"\u003eMatt Suiche: Bob and Alice in Kernel-land\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Re-learning Lessons from the CrowdStrike Outage\" rel=\"nofollow\" href=\"https://www.lutasecurity.com/post/re-learning-lessons-from-the-crowdstrike-outage\"\u003eRe-learning Lessons from the CrowdStrike Outage\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ep5: CrowdStrike\u0026#39;s faulty update\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/ep5-crowdstrikes-faulty-update-shuts-down-global-networks/\"\u003eEp5: CrowdStrike's faulty update\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mandiant Report on North Korea\u0026#39;s APT45\" rel=\"nofollow\" href=\"https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine\"\u003eMandiant Report on North Korea's APT45\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA Advisory on North Korea APT45\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a\"\u003eCISA Advisory on North Korea APT45\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"KnowBe4 Hires North Korean Fake IT Worker\" rel=\"nofollow\" href=\"https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us\"\u003eKnowBe4 Hires North Korean Fake IT Worker\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Israel’s attempt to sway NSO/WhatsApp spyware case\" rel=\"nofollow\" href=\"https://securitylab.amnesty.org/latest/2024/07/israels-attempt-to-sway-whatsapp-case-casts-doubt-on-its-ability-to-deal-with-nso-spyware/?ref=news.risky.biz\"\u003eIsrael’s attempt to sway NSO/WhatsApp spyware case\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"The 'Three Buddy Problem' Podcast Episode 6: As the dust settles on the CrowdStrike incident that blue-screened 8.5 million Windows computers worldwide, we dig into CrowdStrike’s preliminary incident report, the lack of transparency in the update process and the need for more robust testing and validation. We also discuss Microsoft's responsibility to avoid infinite BSOD loops, risks of deploying EDR agents on critical systems, and how an EU settlement is being blamed for EDR vendors having access to the Windows kernel.\r\n\r\nOther topics on the show include Mandiant's attribution capabilities, North Korea’s gov-backed hacking teams launching ransomware on hospitals, KnowBe4 hiring a fake North Korean IT worker, and new developments in the NSO Group surveillance-ware lawsuit.\r\n\r\nHosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)","date_published":"2024-07-26T01:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/874c67ec-26cd-4395-8713-df1b58629041.mp3","mime_type":"audio/mpeg","size_in_bytes":71350827,"duration_in_seconds":4597}]},{"id":"85b284cc-9ab4-4a38-8a4e-9d6439345bcb","title":"Ep5: CrowdStrike's faulty update shuts down global networks","url":"https://securityconversations.fireside.fm/tbp-ep5","content_text":"Three Buddy Problem - Episode 5: Hot off the press, we dive into the news of the CrowdStrike software update that caused blue screens on computers worldwide, the resulting chaos and potential connections to the Microsoft 365 outage, the fragility of modern computing and the risks of new software paradigms.\n\nWe also discuss the AT\u0026amp;T mega-breach and the ransom paid to delete the stolen data; the challenges of ransomware and the uncertainty surrounding the deletion of stolen data; the FBI gaining access to a password-protected phone, the prices for zero-click exploits; and the resurgence of APT 41 with expanding targets.\n\nPlus, some news on upcoming keynote speakers at LabsCon 2024.\n\nHosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)Links:Transcript (AI-generated, unedited)\nCrowdStrike Statement on Falcon Content Update for Windows Hosts\nMicrosoft-CrowdStrike blackout FAQ\nBad CrowdStrike Update Linked to Major IT Outages Worldwide\nCrowdStrike CEO George Kurtz statement on Twitter\nAT\u0026amp;T Paid a Hacker $370,000 to Delete Stolen Phone Records\nT-Mobile Hacker Who Stole Data on 50 Million Customers: ‘Their Security Is Awful’\nLABScon 2024 Speakers\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 5\u003c/strong\u003e: Hot off the press, we dive into the news of the CrowdStrike software update that caused blue screens on computers worldwide, the resulting chaos and potential connections to the Microsoft 365 outage, the fragility of modern computing and the risks of new software paradigms.\u003c/p\u003e\n\n\u003cp\u003eWe also discuss the AT\u0026amp;T mega-breach and the ransom paid to delete the stolen data; the challenges of ransomware and the uncertainty surrounding the deletion of stolen data; the FBI gaining access to a password-protected phone, the prices for zero-click exploits; and the resurgence of APT 41 with expanding targets.\u003c/p\u003e\n\n\u003cp\u003ePlus, some news on upcoming keynote speakers at LabsCon 2024.\u003c/p\u003e\n\n\u003cp\u003eHosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (AI-generated, unedited)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/11C0JmY7o58yPUJs7jutahdmV1-ZI-fv6bL-QhoCW8ww/edit?usp=sharing\"\u003eTranscript (AI-generated, unedited)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CrowdStrike Statement on Falcon Content Update for Windows Hosts\" rel=\"nofollow\" href=\"https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/\"\u003eCrowdStrike Statement on Falcon Content Update for Windows Hosts\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft-CrowdStrike blackout FAQ\" rel=\"nofollow\" href=\"https://www.cnbc.com/2024/07/19/latest-live-updates-on-a-major-it-outage-spreading-worldwide.html\"\u003eMicrosoft-CrowdStrike blackout FAQ\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Bad CrowdStrike Update Linked to Major IT Outages Worldwide\" rel=\"nofollow\" href=\"https://www.securityweek.com/major-outages-worldwide-linked-to-bsod-caused-by-bad-crowdstrike-update/\"\u003eBad CrowdStrike Update Linked to Major IT Outages Worldwide\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CrowdStrike CEO George Kurtz statement on Twitter\" rel=\"nofollow\" href=\"https://x.com/george_kurtz/status/1814235001745027317?s=46\u0026amp;t=ePKy91eN-ionB9LpDaBXcA\"\u003eCrowdStrike CEO George Kurtz statement on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AT\u0026amp;T Paid a Hacker $370,000 to Delete Stolen Phone Records\" rel=\"nofollow\" href=\"https://archive.ph/hjbYB\"\u003eAT\u0026amp;T Paid a Hacker $370,000 to Delete Stolen Phone Records\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"T-Mobile Hacker Who Stole Data on 50 Million Customers: ‘Their Security Is Awful’\" rel=\"nofollow\" href=\"https://archive.ph/fClfV\"\u003eT-Mobile Hacker Who Stole Data on 50 Million Customers: ‘Their Security Is Awful’\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon 2024 Speakers\" rel=\"nofollow\" href=\"https://www.labscon.io/speakers/\"\u003eLABScon 2024 Speakers\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"The 'Three Buddy Problem' Podcast Episode 5: Hot off the press, we dive into the news of the CrowdStrike software update that caused blue screens on computers worldwide, the resulting chaos and potential connections to the Microsoft 365 outage, the fragility of modern computing and the risks of new software paradigms.\r\n\r\nWe also discuss the AT\u0026T mega-breach and the ransom paid to delete the stolen data; the challenges of ransomware and the uncertainty surrounding the deletion of stolen data; the FBI gaining access to a password-protected phone, the prices for zero-click exploits; and the resurgence of APT 41 with expanding targets.\r\n\r\nPlus, some news on upcoming keynote speakers at LabsCon 2024.\r\n\r\nHosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)","date_published":"2024-07-19T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/85b284cc-9ab4-4a38-8a4e-9d6439345bcb.mp3","mime_type":"audio/mpeg","size_in_bytes":54810148,"duration_in_seconds":3591}]},{"id":"37354ca4-8a6b-41e0-b4d6-e9ad5545cd8f","title":"Ep4: The AT\u0026T mega-breach, iPhone mercenary spyware, Microsoft zero-days","url":"https://securityconversations.fireside.fm/tbp-ep4","content_text":"Three Buddy Problem - Episode 4: The boys delve into the massive AT\u0026amp;T call logs breach, the Snowflake incidents and the notion of shared-fate/shared responsibilities; news on fresh Apple notifications about mercenary spyware on iPhones and the effectiveness of notifications for different types of controversial targets. Plus, thoughts on Microsoft's zero-day disclosures and useless Patch Tuesday bulletins, AI-powered disinformation campaigns, and the US government's malware sharing initiative fading away.\n\nHosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek).Links:Transcript (unedited, AI-generated)\nAT\u0026amp;T SEC Filing on mega-breach\nCNN: Nearly all AT\u0026amp;T call and text records exposed in a massive breach\nApple warns iPhone users in 98 countries of spyware\nIndia targets Apple over its phone hacking notifications\nHyper-V zero-day exploited in the wild\nLABScon Program Committee\n","content_html":"\u003cp\u003e\u003cstrong\u003eThree Buddy Problem - Episode 4\u003c/strong\u003e: The boys delve into the massive AT\u0026amp;T call logs breach, the Snowflake incidents and the notion of shared-fate/shared responsibilities; news on fresh Apple notifications about mercenary spyware on iPhones and the effectiveness of notifications for different types of controversial targets. Plus, thoughts on Microsoft's zero-day disclosures and useless Patch Tuesday bulletins, AI-powered disinformation campaigns, and the US government's malware sharing initiative fading away.\u003c/p\u003e\n\n\u003cp\u003eHosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek).\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/11WOP_5Rx-O52K8aD5utBqi6r26ZTcwF6ncjpXTAz0to/edit\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AT\u0026amp;T SEC Filing on mega-breach\" rel=\"nofollow\" href=\"https://www.sec.gov/Archives/edgar/data/732717/000073271724000046/t-20240506.htm\"\u003eAT\u0026amp;T SEC Filing on mega-breach\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CNN: Nearly all AT\u0026amp;T call and text records exposed in a massive breach\" rel=\"nofollow\" href=\"https://www.cnn.com/2024/07/12/business/att-customers-massive-breach/index.html\"\u003eCNN: Nearly all AT\u0026amp;T call and text records exposed in a massive breach\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Apple warns iPhone users in 98 countries of spyware\" rel=\"nofollow\" href=\"https://techcrunch.com/2024/07/10/apple-alerts-iphone-users-in-98-countries-to-mercenary-spyware-attacks/\"\u003eApple warns iPhone users in 98 countries of spyware\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"India targets Apple over its phone hacking notifications\" rel=\"nofollow\" href=\"https://archive.ph/NMBPd\"\u003eIndia targets Apple over its phone hacking notifications\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Hyper-V zero-day exploited in the wild\" rel=\"nofollow\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38080\"\u003eHyper-V zero-day exploited in the wild\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon Program Committee\" rel=\"nofollow\" href=\"https://www.labscon.io/#program-committee\"\u003eLABScon Program Committee\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"The 'Three Buddy Problem' Podcast Episode 4: Listen as the hosts delve into the massive AT\u0026T call logs breach, the Snowflake incidents and the notion of shared-fate/shared responsibilities; news on fresh Apple notifications about mercenary spyware on iPhones and the effectiveness of notifications for different types of controversial targets. Plus, thoughts on Microsoft's zero-day disclosures and useless Patch Tuesday bulletins, AI-powered disinformation campaigns, and the US government's malware sharing initiative fading away.\r\n\r\nHosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)","date_published":"2024-07-12T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/37354ca4-8a6b-41e0-b4d6-e9ad5545cd8f.mp3","mime_type":"audio/mpeg","size_in_bytes":61000643,"duration_in_seconds":4299}]},{"id":"068888b9-32ca-4c20-b8f9-d38c6e24608f","title":"Ep3: Dave Aitel joins debate on nation-state hacking responsibilities","url":"https://securityconversations.fireside.fm/tbp-ep3","content_text":"The 'Three Buddy Problem' Podcast Episode 3: Former NSA computer scientist Dave Aitel (Immunity Inc., Cordyceps Systems) joins Juan Andres Guerrero-Saade for a frank discussion on the OpenSSH unauthenticated remote code execution vulnerability and the challenges around patching and exploitation, the CISA 'secure-by-design' pledge and its impact on software vendor practices, Microsoft lobbying and the CSRB report, and changing face of government's attempts at cybersecurity regulations. \n\nWe discuss the disruption caused by political changes and the potential implications for cybersecurity policies, impact from the Supreme Court Chevron ruling, security regulations and the challenges of writing laws for future technology, the role of CISA and its accomplishments, the debate around offensive cyber operations and the responsibility of companies like Google in addressing vulnerabilities. \n\nThe need for clear separation between counterterrorism and espionage operations is highlighted, as well as the importance of understanding both defensive and offensive perspectives.\n\n\nCostin Raiu is on vacation.\nLinks:Transcript (unedited, AI-generated)\nQualys: Remote Unauthenticated Code Execution in OpenSSH\nCSRB report on Microsoft hack\nCISA secure-by-design pledge\nCCC Talk: Operation Triangulation \nLawfare: Responsible Cyber Offense\nGoogle: Stop Burning Counterterrorism Operations\nFollow Dave Aitel on Twitter\nJ. A. Guerrero-Saade on Twitter\nCostin Raiu on Twitter\nFollow Ryan Naraine (@ryanaraine) on Twitter\nLABScon - Security Research in Real Time\n","content_html":"\u003cp\u003e\u003cstrong\u003eThe 'Three Buddy Problem' Podcast Episode 3\u003c/strong\u003e: Former NSA computer scientist Dave Aitel (Immunity Inc., Cordyceps Systems) joins Juan Andres Guerrero-Saade for a frank discussion on the OpenSSH unauthenticated remote code execution vulnerability and the challenges around patching and exploitation, the CISA 'secure-by-design' pledge and its impact on software vendor practices, Microsoft lobbying and the CSRB report, and changing face of government's attempts at cybersecurity regulations. \u003c/p\u003e\n\n\u003cp\u003eWe discuss the disruption caused by political changes and the potential implications for cybersecurity policies, impact from the Supreme Court Chevron ruling, security regulations and the challenges of writing laws for future technology, the role of CISA and its accomplishments, the debate around offensive cyber operations and the responsibility of companies like Google in addressing vulnerabilities. \u003c/p\u003e\n\n\u003cp\u003eThe need for clear separation between counterterrorism and espionage operations is highlighted, as well as the importance of understanding both defensive and offensive perspectives.\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eCostin Raiu is on vacation.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Transcript (unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/17AOWExBNOahaUvnpmusk3ED1n7SOYIUcN9cUTSSP5bc/edit\"\u003eTranscript (unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Qualys: Remote Unauthenticated Code Execution in OpenSSH\" rel=\"nofollow\" href=\"https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server\"\u003eQualys: Remote Unauthenticated Code Execution in OpenSSH\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CSRB report on Microsoft hack\" rel=\"nofollow\" href=\"https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf\"\u003eCSRB report on Microsoft hack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA secure-by-design pledge\" rel=\"nofollow\" href=\"https://www.cisa.gov/sites/default/files/2024-05/CISA%20Secure%20by%20Design%20Pledge_508c.pdf\"\u003eCISA secure-by-design pledge\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CCC Talk: Operation Triangulation \" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=7VWNUUldBEE\u0026amp;ab_channel=auth\"\u003eCCC Talk: Operation Triangulation \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Lawfare: Responsible Cyber Offense\" rel=\"nofollow\" href=\"https://www.lawfaremedia.org/article/responsible-cyber-offense\"\u003eLawfare: Responsible Cyber Offense\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google: Stop Burning Counterterrorism Operations\" rel=\"nofollow\" href=\"https://poppopret.org/2024/06/24/google-stop-burning-counterterrorism-operations/\"\u003eGoogle: Stop Burning Counterterrorism Operations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Dave Aitel on Twitter\" rel=\"nofollow\" href=\"https://x.com/daveaitel\"\u003eFollow Dave Aitel on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"J. A. Guerrero-Saade on Twitter\" rel=\"nofollow\" href=\"https://x.com/juanandres_gs\"\u003eJ. A. Guerrero-Saade on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Costin Raiu on Twitter\" rel=\"nofollow\" href=\"https://x.com/craiu\"\u003eCostin Raiu on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Ryan Naraine (@ryanaraine) on Twitter\" rel=\"nofollow\" href=\"https://x.com/ryanaraine\"\u003eFollow Ryan Naraine (@ryanaraine) on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon - Security Research in Real Time\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon - Security Research in Real Time\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"The 'Three Buddy Problem' Podcast Episode 3: Former NSA computer scientist Dave Aitel (Immunity Inc., Cordyceps Systems) joins Juan Andres Guerrero-Saade for a frank discussion on the OpenSSH unauthenticated remote code execution vulnerability and the challenges around patching and exploitation, the CISA 'secure-by-design' pledge and its impact on software vendor practices, Microsoft lobbying and the CSRB report, and changing face of government's attempts at cybersecurity regulations. \r\n\r\nWe discuss the disruption caused by political changes and the potential implications for cybersecurity policies, impact from the Supreme Court Chevron ruling, security regulations and the challenges of writing laws for future technology, the role of CISA and its accomplishments, the debate around offensive cyber operations and the responsibility of companies like Google in addressing vulnerabilities. \r\n\r\nThe need for clear separation between counterterrorism and espionage operations is highlighted, as well as the importance of understanding both defensive and offensive perspectives.\r\n\r\n* Costin Raiu is on vacation.","date_published":"2024-07-05T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/068888b9-32ca-4c20-b8f9-d38c6e24608f.mp3","mime_type":"audio/mpeg","size_in_bytes":58460157,"duration_in_seconds":3869}]},{"id":"4a6fe671-fe7a-4699-ae08-fe99fd11f49f","title":"Ep2: A deep-dive on disrupting and exposing nation-state malware ops","url":"https://securityconversations.fireside.fm/tbp-ep2","content_text":"The 'Three Buddy Problem' Podcast Episode 2: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade go all-in on the discussion around Google Project Zero disrupting counter-terrorism malware operations. \n\nA deep dive on disruption vs exposure, the effects of US government sanctions on private mercenary hacking companies, hypocricy and the tricky relationship between malware researchers are the intelligence community, and the lack of 'success stories' from so-called benevolent malware.\n\nWe also discuss the implications of the TeamViewer breach by a skilled Russian APT, new Microsoft notifications to Midnight Blizzard victims and share thoughts on the Polyfill.io supply chain compromise.Links:Episode transcript (Unedited, AI-generated)\nGoogle: Stop Burning Counterterrorism Operations\nRussian hackers sanctioned by European Council\nTeamViewer statement on APT29 breach\nPolyfill supply chain attack\nRequest a LABScon invite\nFollow Costin Raiu on Twitter\nFollow JAG-S on Twitter\nFollow Ryan Naraine on Twitter\n","content_html":"\u003cp\u003e\u003cstrong\u003eThe 'Three Buddy Problem' Podcast Episode 2\u003c/strong\u003e: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade go all-in on the discussion around Google Project Zero disrupting counter-terrorism malware operations. \u003c/p\u003e\n\n\u003cp\u003eA deep dive on disruption vs exposure, the effects of US government sanctions on private mercenary hacking companies, hypocricy and the tricky relationship between malware researchers are the intelligence community, and the lack of 'success stories' from so-called benevolent malware.\u003c/p\u003e\n\n\u003cp\u003eWe also discuss the implications of the TeamViewer breach by a skilled Russian APT, new Microsoft notifications to Midnight Blizzard victims and share thoughts on the Polyfill.io supply chain compromise.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Episode transcript (Unedited, AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1uXCCABf3ifD1EsOgqhRKryLcs3jLJYXkRKRAe6Jc9LE/edit#heading=h.us8s7483ojgo\"\u003eEpisode transcript (Unedited, AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google: Stop Burning Counterterrorism Operations\" rel=\"nofollow\" href=\"https://poppopret.org/2024/06/24/google-stop-burning-counterterrorism-operations/\"\u003eGoogle: Stop Burning Counterterrorism Operations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Russian hackers sanctioned by European Council\" rel=\"nofollow\" href=\"https://therecord.media/six-russian-hackers-sanctioned-european-council-eu-ukraine\"\u003eRussian hackers sanctioned by European Council\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"TeamViewer statement on APT29 breach\" rel=\"nofollow\" href=\"https://www.teamviewer.com/en/resources/trust-center/statement/\"\u003eTeamViewer statement on APT29 breach\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Polyfill supply chain attack\" rel=\"nofollow\" href=\"https://sansec.io/research/polyfill-supply-chain-attack\"\u003ePolyfill supply chain attack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Request a LABScon invite\" rel=\"nofollow\" href=\"https://www.labscon.io/request-an-invite/\"\u003eRequest a LABScon invite\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Costin Raiu on Twitter\" rel=\"nofollow\" href=\"https://x.com/craiu\"\u003eFollow Costin Raiu on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow JAG-S on Twitter\" rel=\"nofollow\" href=\"https://x.com/juanandres_gs\"\u003eFollow JAG-S on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Ryan Naraine on Twitter\" rel=\"nofollow\" href=\"https://x.com/ryanaraine\"\u003eFollow Ryan Naraine on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"The 'Three Buddy Problem' Podcast Episode 2: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade go all-in on the discussion around Google Project Zero disrupting counter-terrorism malware operations. A deep dive on disruption vs exposure, the effects of US government sanctions on private mercenary hacking companies, hypocricy and the tricky relationship between malware researchers are the intelligence community, and the lack of 'success stories' from so-called benevolent malware.\r\n\r\nWe also discuss the implications of the TeamViewer breach by a skilled Russian APT, new Microsoft notifications to Midnight Blizzard victims and share thoughts on the Polyfill.io supply chain compromise.","date_published":"2024-06-29T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/4a6fe671-fe7a-4699-ae08-fe99fd11f49f.mp3","mime_type":"audio/mpeg","size_in_bytes":60890552,"duration_in_seconds":4122}]},{"id":"d0003b6f-d259-41d1-991b-18d68fc8c009","title":"Ep1: The Microsoft Recall debacle, Brad Smith and the CSRB, Apple Private Cloud Compute","url":"https://securityconversations.fireside.fm/new-show-ep-1","content_text":"Welcome to Episode 1 of a brand new cybersecurity podcast discussing the biggest news stories of the week. Ryan Naraine hosts a fast-moving conversation with Juan Andres Guerrero-Saade (LABScon) and Costin Raiu (Art of Noh) on the Microsoft Recall debacle, the dark patterns emerging as big-tech embraces AI, Brad Smith's testimony and the lingering effects of the CSRB report, Apple's new Private Cloud Compute (PCC) infrastructure and Cupertino's long game. Oh, we also talk about the KL ban.Links:Microsoft’s embarrassing Recall\nBrad Smith CSRB testimony\nInside Apple Private Cloud Compute\nLABScon - Security Research in Real Time\nFollow Costin Raiu (@craiu) / X\nFollow JAG-S (@juanandres_gs) / X\nFollow Ryan Naraine (@ryanaraine) / X\n","content_html":"\u003cp\u003eWelcome to Episode 1 of a brand new cybersecurity podcast discussing the biggest news stories of the week. Ryan Naraine hosts a fast-moving conversation with Juan Andres Guerrero-Saade (LABScon) and Costin Raiu (Art of Noh) on the Microsoft Recall debacle, the dark patterns emerging as big-tech embraces AI, Brad Smith's testimony and the lingering effects of the CSRB report, Apple's new Private Cloud Compute (PCC) infrastructure and Cupertino's long game. Oh, we also talk about the KL ban.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Microsoft’s embarrassing Recall\" rel=\"nofollow\" href=\"https://www.theverge.com/2024/6/20/24182350/microsoft-windows-recall-launch-on-arm\"\u003eMicrosoft’s embarrassing Recall\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Brad Smith CSRB testimony\" rel=\"nofollow\" href=\"https://homeland.house.gov/wp-content/uploads/2024/06/2024-06-13-HRG-Testimony-Smith.pdf\"\u003eBrad Smith CSRB testimony\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Inside Apple Private Cloud Compute\" rel=\"nofollow\" href=\"https://security.apple.com/blog/private-cloud-compute/\"\u003eInside Apple Private Cloud Compute\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon - Security Research in Real Time\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon - Security Research in Real Time\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Costin Raiu (@craiu) / X\" rel=\"nofollow\" href=\"https://x.com/craiu\"\u003eFollow Costin Raiu (@craiu) / X\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow JAG-S (@juanandres_gs) / X\" rel=\"nofollow\" href=\"https://x.com/juanandres_gs\"\u003eFollow JAG-S (@juanandres_gs) / X\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Ryan Naraine (@ryanaraine) / X\" rel=\"nofollow\" href=\"https://x.com/ryanaraine\"\u003eFollow Ryan Naraine (@ryanaraine) / X\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Welcome to Episode 1 of a brand new cybersecurity podcast discussing the biggest news stories of the week. Ryan Naraine hosts a fast-moving conversation with Juan Andres Guerrero-Saade (LABScon) and Costin Raiu (Art of Noh) on the Microsoft Recall debacle, the dark patterns emerging as big-tech embraces AI, Brad Smith's testimony and the lingering effects of the CSRB report, Apple's new Private Cloud Compute (PCC) infrastructure and Cupertino's long game. Oh, we also discuss the KL ban.","date_published":"2024-06-22T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/d0003b6f-d259-41d1-991b-18d68fc8c009.mp3","mime_type":"audio/mpeg","size_in_bytes":40341037,"duration_in_seconds":2815}]},{"id":"8151cb78-e91b-4526-95cc-6ea1dd6ddec5","title":"Cris Neckar on the early days of securing Chrome, chasing browser exploits","url":"https://securityconversations.fireside.fm/cris-neckar-chrome-security-stories","content_text":"Episode sponsors:\n\n\nBinarly, the supply chain security experts (https://binarly.io)\nXZ.fail backdoor detector (https://xz.fail)\n\n\nCris Neckar is a veteran security researcher now working as a partner at Two Bear Capital. In this episode, he reminisces on the early days of hacking at Neohapsis, his time on the Google Chrome security team, shenanigans at Pwn2Own/Pwnium, and the cat-and-mouse battle for browser exploit chains. We also discuss the zero-day exploit marketplace, the hype and promise of AI, and his mission to help highly technical founders bring products to market.Links:Unedited transcript (AI-generated)\nCris Neckar on LinkedIn\nCris Neckar Bio (Two Bear Capital)\nTeenager hacks Google Chrome with three 0days\nResearch on Trident zero-day flaws\nCris Neckar podcast transcript (Unedited)\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly, the supply chain security experts (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXZ.fail backdoor detector (\u003ca href=\"https://xz.fail\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://xz.fail\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eCris Neckar is a veteran security researcher now working as a partner at Two Bear Capital. In this episode, he reminisces on the early days of hacking at Neohapsis, his time on the Google Chrome security team, shenanigans at Pwn2Own/Pwnium, and the cat-and-mouse battle for browser exploit chains. We also discuss the zero-day exploit marketplace, the hype and promise of AI, and his mission to help highly technical founders bring products to market.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Unedited transcript (AI-generated)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1Xhf2pVxE4Trb9TVbK2VEBP6zDDe25MAbPdiAeh501h0/edit#heading=h.ulpyi4qqiq06\"\u003eUnedited transcript (AI-generated)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cris Neckar on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/crisneckar/\"\u003eCris Neckar on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cris Neckar Bio (Two Bear Capital)\" rel=\"nofollow\" href=\"https://www.twobearcapital.com/team/cris-neckar\"\u003eCris Neckar Bio (Two Bear Capital)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Teenager hacks Google Chrome with three 0days\" rel=\"nofollow\" href=\"https://www.zdnet.com/article/teenager-hacks-google-chrome-with-three-0day-vulnerabilities/\"\u003eTeenager hacks Google Chrome with three 0days\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Research on Trident zero-day flaws\" rel=\"nofollow\" href=\"https://www.lookout.com/threat-intelligence/article/trident-pegasus-technical-details\"\u003eResearch on Trident zero-day flaws\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cris Neckar podcast transcript (Unedited)\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1Xhf2pVxE4Trb9TVbK2VEBP6zDDe25MAbPdiAeh501h0/edit#heading\"\u003eCris Neckar podcast transcript (Unedited)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly, the supply chain security experts (https://binarly.io)\r\n- XZ.fail backdoor detector (https://xz.fail)\r\n\r\nCris Neckar is a veteran security researcher now working as a partner at Two Bear Capital. In this episode, he reminisces on the early days of hacking at Neohapsis, his time on the Google Chrome security team, shenanigans at Pwn2Own/Pwnium and the cat-and-mouse battle for browser exploit chains. We also discuss the zero-day exploit marketplace, the hype and promise of AI, and his mission to help highly technical founders bring products to market.","date_published":"2024-04-11T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/8151cb78-e91b-4526-95cc-6ea1dd6ddec5.mp3","mime_type":"audio/mpeg","size_in_bytes":52672988,"duration_in_seconds":3276}]},{"id":"f664c77a-dbbc-41a0-b392-7b4cd7223523","title":"Costin Raiu joins the XZ Utils backdoor investigation","url":"https://securityconversations.fireside.fm/costin-raiu-xz-backdoor","content_text":"Episode sponsors:\n\n\nBinarly, the supply chain security experts (https://binarly.io)\nXZ.fail backdoor detector (https://xz.fail)\n\n\nMalware paleontologist Costin Raiu returns for an emergency episode on the XZ Utils software supply chain backdoor. We dig into the timeline of the attack, the characteristics of the backdoor, affected Linux distributions, and the reasons why 'Tia Jan' is the handiwork of a cunning nation-state.\n\nBased on all the clues available, Costin pinpoints three main suspects -- North Korea's Lazarus, China's APT41 or Russia's APT29 -- and warns that there are more of these backdoors lurking in modern software supply chains.Links:Binarly XZ backdoor detector\nXZ Utils Backdoor FAQ (by Dan Goodin)\nCISA advisory on backdoor\nThe JiaT75 (Jia Tan) timeline\nUnedited transcript\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly, the supply chain security experts (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXZ.fail backdoor detector (\u003ca href=\"https://xz.fail\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://xz.fail\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eMalware paleontologist Costin Raiu returns for an emergency episode on the XZ Utils software supply chain backdoor. We dig into the timeline of the attack, the characteristics of the backdoor, affected Linux distributions, and the reasons why 'Tia Jan' is the handiwork of a cunning nation-state.\u003c/p\u003e\n\n\u003cp\u003eBased on all the clues available, Costin pinpoints three main suspects -- North Korea's Lazarus, China's APT41 or Russia's APT29 -- and warns that there are more of these backdoors lurking in modern software supply chains.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Binarly XZ backdoor detector\" rel=\"nofollow\" href=\"https://xz.fail/\"\u003eBinarly XZ backdoor detector\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"XZ Utils Backdoor FAQ (by Dan Goodin)\" rel=\"nofollow\" href=\"https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/\"\u003eXZ Utils Backdoor FAQ (by Dan Goodin)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA advisory on backdoor\" rel=\"nofollow\" href=\"https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094\"\u003eCISA advisory on backdoor\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The JiaT75 (Jia Tan) timeline\" rel=\"nofollow\" href=\"https://boehs.org/node/everything-i-know-about-the-xz-backdoor\"\u003eThe JiaT75 (Jia Tan) timeline\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Unedited transcript\" rel=\"nofollow\" href=\"https://docs.google.com/document/d/1S2Fs3TJyA1SHfKOHXvZr9oFdWzG7HYCd9oa17sm02zM/edit\"\u003eUnedited transcript\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly, the supply chain security experts (https://binarly.io)\r\n- XZ.fail backdoor detector (https://xz.fail)\r\n\r\nMalware paleontologist Costin Raiu returns for an emergency episode on the XZ Utils software supply chain backdoor. We dig into the timeline of the attack, the characteristics of the backdoor, affected Linux distributions, and the reasons why 'Tia Jan' is the handiwork of a cunning nation-state.\r\n\r\nBased on all the clues available, Costin pinpoints three main suspects -- North Korea's Lazarus, China's APT41 or Russia's APT29 -- and warns that there are more of these backdoors lurking in modern software supply chains.","date_published":"2024-04-05T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/f664c77a-dbbc-41a0-b392-7b4cd7223523.mp3","mime_type":"audio/mpeg","size_in_bytes":47530772,"duration_in_seconds":3093}]},{"id":"99cde65c-13eb-4fb7-9d52-86d2fc8c4aec","title":"Katie Moussouris on building a different cybersecurity businesses","url":"https://securityconversations.fireside.fm/katie-moussouris-workforce-csrb","content_text":"Episode sponsors:\n\n\nBinarly, the supply chain security experts (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nKatie Moussouris founded Luta Security in 2016 and bootstrapped it into a profitable business with a culture of equity and healthy boundaries. She is a pioneer in the world of bug bounties and vulnerability disclosure and serves in multiple advisory roles for the U.S. government, including the new CISA Cyber Safety Review Board (CSRB).\n\nIn this episode, Moussouris discusses Luta Security's new Workforce Platform profit-sharing initiative, the changing face of the job market, criticisms of the CSRB's lack of enforcement authority, and looming regulations around zero-day vulnerability data.Links:Luta Security Workforce Platform\nKatie Moussouris on Wikipedia\nMoussouris: Resist Urge to Match China Vuln Reporting Mandate\nKatie Moussouris on LinkedIn\nCyber Safety Review Board\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly, the supply chain security experts (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eKatie Moussouris founded Luta Security in 2016 and bootstrapped it into a profitable business with a culture of equity and healthy boundaries. She is a pioneer in the world of bug bounties and vulnerability disclosure and serves in multiple advisory roles for the U.S. government, including the new CISA Cyber Safety Review Board (CSRB).\u003c/p\u003e\n\n\u003cp\u003eIn this episode, Moussouris discusses Luta Security's new Workforce Platform profit-sharing initiative, the changing face of the job market, criticisms of the CSRB's lack of enforcement authority, and looming regulations around zero-day vulnerability data.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Luta Security Workforce Platform\" rel=\"nofollow\" href=\"https://www.lutasecurity.com/alpha-platform\"\u003eLuta Security Workforce Platform\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Katie Moussouris on Wikipedia\" rel=\"nofollow\" href=\"https://en.wikipedia.org/wiki/Katie_Moussouris\"\u003eKatie Moussouris on Wikipedia\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Moussouris: Resist Urge to Match China Vuln Reporting Mandate\" rel=\"nofollow\" href=\"https://www.securityweek.com/moussouris-us-should-resist-urge-match-china-vuln-reporting-mandate/\"\u003eMoussouris: Resist Urge to Match China Vuln Reporting Mandate\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Katie Moussouris on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/kmoussouris/\"\u003eKatie Moussouris on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cyber Safety Review Board\" rel=\"nofollow\" href=\"https://www.cisa.gov/cyber-safety-review-board-csrb-members\"\u003eCyber Safety Review Board\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly, the supply chain security experts (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nKatie Moussouris founded Luta Security in 2016 and bootstrapped it into a profitable business with a culture of equity and healthy boundaries, proving that businesses can be profitable by putting people first. She is a pioneer in the world of bug bounties and vulnerability disclosure and serves in multiple advisory roles for the U.S. government, including the new CISA Cyber Safety Review Board (CSRB).\r\n\r\nOn this episode, Moussouris discusses Luta Security's new Workforce Platform profit-sharing initiative, the changing face of the job market, criticisms of the CSRB's lack of enforcement authority, and looming regulations around zero-day vulnerability data.","date_published":"2024-01-19T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/99cde65c-13eb-4fb7-9d52-86d2fc8c4aec.mp3","mime_type":"audio/mpeg","size_in_bytes":25154544,"duration_in_seconds":1790}]},{"id":"b70d7b98-2823-490b-8b70-f3a051c45709","title":"Costin Raiu: The GReAT exit interview","url":"https://securityconversations.fireside.fm/costin-raiu-great-exit-interview","content_text":"Episode sponsors:\n\n\nBinarly, the supply chain security experts (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nCostin Raiu has spent a lifetime in anti-malware research, working on some of the biggest nation-state APT cases in history, including Stuxnet, Duqu, Equation Group, Red October, Turla and Lazarus. \n\nIn this exit interview, Costin digs into why he left the GReAT team after 13 years at the helm, ethical questions on exposing certain APT operations, changes in the nation-state malware attribution game, technically impressive APT attacks, and the 'dark spots' where future-thinking APTs are living.Links:Costin Raiu on Twitter\nHow to Protect Your Phone from Pegasus and Other APTs\nCostin Raiu: 10 big 'unattributed' APT mysteries\nCostin Raiu on the .gov mobile exploitation business\nWannaCry Ransomware Linked to North Korean Hackers\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly, the supply chain security experts (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eCostin Raiu has spent a lifetime in anti-malware research, working on some of the biggest nation-state APT cases in history, including Stuxnet, Duqu, Equation Group, Red October, Turla and Lazarus. \u003c/p\u003e\n\n\u003cp\u003eIn this exit interview, Costin digs into why he left the GReAT team after 13 years at the helm, ethical questions on exposing certain APT operations, changes in the nation-state malware attribution game, technically impressive APT attacks, and the 'dark spots' where future-thinking APTs are living.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Costin Raiu on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/craiu\"\u003eCostin Raiu on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How to Protect Your Phone from Pegasus and Other APTs\" rel=\"nofollow\" href=\"https://www.darkreading.com/cyber-risk/how-to-protect-your-phone-from-pegasus-and-other-apts\"\u003eHow to Protect Your Phone from Pegasus and Other APTs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Costin Raiu: 10 big \u0026#39;unattributed\u0026#39; APT mysteries\" rel=\"nofollow\" href=\"https://twitter.com/craiu/status/1573272440704319488\"\u003eCostin Raiu: 10 big 'unattributed' APT mysteries\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Costin Raiu on the .gov mobile exploitation business\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/costin-raiu-on-the-gov-mobile-exploitation-business/\"\u003eCostin Raiu on the .gov mobile exploitation business\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"WannaCry Ransomware Linked to North Korean Hackers\" rel=\"nofollow\" href=\"https://www.wired.com/2017/05/wannacry-ransomware-link-suspected-north-korean-hackers/\"\u003eWannaCry Ransomware Linked to North Korean Hackers\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly, the supply chain security experts (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nCostin Raiu has spent a lifetime in anti-malware research, working on some of the biggest nation-state APT cases in history, including Stuxnet, Duqu, Equation Group, Red October, Turla and Lazarus. \r\n\r\nIn this exit interview, Costin digs into why he left the GReAT team after 13 years at the helm, ethical questions on exposing certain APT operations, changes in the nation-state malware attribution game, technically impressive APT attacks, and the 'dark spots' where future-thinking APTs are living.","date_published":"2024-01-15T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/b70d7b98-2823-490b-8b70-f3a051c45709.mp3","mime_type":"audio/mpeg","size_in_bytes":90090088,"duration_in_seconds":5533}]},{"id":"73110ffd-bb15-40c4-924d-5bf7b89ed152","title":"Danny Adamitis on an 'unkillable' router botnet used by Chinese .gov hackers","url":"https://securityconversations.fireside.fm/danny-adamitis-volt-typhoon-botnet","content_text":"Episode sponsors:\n\n\nBinarly, the supply chain security experts (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nDanny Adamitis is a principal information security engineer at Black Lotus Labs, the threat research division within Lumen Technologies. On this episode of the show, we discuss his team's recent discovery of an impossible-to-kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting US critical infrastructure.\n\nDanny digs into the inner workings of the botnet, the global problem end-of-life devices becoming useful tools for malicious actors, and the things network defenders can do today to mitigate threats at this layer.Links:Danny Adamitis on Twitter\nChinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet\nMicrosoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure\nThe KV-botnet Investigation\nZuoRAT Hijacks SOHO Routers to Silently Stalk Networks\nDaniel Adamitis on LinkedIn\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly, the supply chain security experts (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eDanny Adamitis is a principal information security engineer at Black Lotus Labs, the threat research division within Lumen Technologies. On this episode of the show, we discuss his team's recent discovery of an impossible-to-kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting US critical infrastructure.\u003c/p\u003e\n\n\u003cp\u003eDanny digs into the inner workings of the botnet, the global problem end-of-life devices becoming useful tools for malicious actors, and the things network defenders can do today to mitigate threats at this layer.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Danny Adamitis on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/dadamitis?lang=en\"\u003eDanny Adamitis on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet\" rel=\"nofollow\" href=\"https://www.securityweek.com/chinese-apt-volt-typhoon-linked-to-unkillable-soho-router-botnet/\"\u003eChinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Microsoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure\" rel=\"nofollow\" href=\"https://www.securityweek.com/microsoft-catches-chinese-gov-hackers-in-guam-critical-infrastructure-orgs/\"\u003eMicrosoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The KV-botnet Investigation\" rel=\"nofollow\" href=\"https://blog.lumen.com/routers-roasting-on-an-open-firewall-the-kv-botnet-investigation/\"\u003eThe KV-botnet Investigation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks\" rel=\"nofollow\" href=\"https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/\"\u003eZuoRAT Hijacks SOHO Routers to Silently Stalk Networks\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Daniel Adamitis on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/daniel-a-44198047/\"\u003eDaniel Adamitis on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly, the supply chain security experts (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nDanny Adamitis is a principal information security engineer at Black Lotus Labs, the threat research division within Lumen Technologies. On this episode of the show, we discuss his team's recent discovery of an impossible-to-kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting US critical infrastructure.\r\n\r\nDanny digs into the inner workings of the botnet, the global problem end-of-life devices becoming useful tools for malicious actors, and the things network defenders can do today to mitigate threats at this layer.","date_published":"2024-01-05T09:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/73110ffd-bb15-40c4-924d-5bf7b89ed152.mp3","mime_type":"audio/mpeg","size_in_bytes":34693170,"duration_in_seconds":2047}]},{"id":"28dec282-d91f-4cce-9500-6459abf30cdf","title":"Allison Miller talks about CISO life, protecting identities at scale","url":"https://securityconversations.fireside.fm/allison-miller-cartomancy-labs","content_text":"Episode sponsors:\n\n\nBinarly, the supply chain security experts (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nAllison Miller is founder and CEO of Cartomancy Labs and former CISO and VP of Trust at Reddit. She has spent the past 20 years scaling teams and technology at Bank of America, Google, Electronic Arts, PayPal/eBay, and Visa International. \n\nIn this conversation, we discuss the convergence of security with fraud prevention and anti-abuse, the challenges and complexities in IAM implementations, the post-pandemic labor market, the evolving role of CISOs and new realities around CISO exposure to personal liability, thoughts on the 'build vs buy' debate and the nuance and dilemma of paying ransomware demands.Links:Allison Miller on LinkedIn\nCartomancy Labs\nSecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO\nNew SEC rule on breach disclosure (PDF)\nFollow Allison Miller on Twitter\nSponsor: Binarly Supply Chain Security Platform\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly, the supply chain security experts (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eAllison Miller is founder and CEO of Cartomancy Labs and former CISO and VP of Trust at Reddit. She has spent the past 20 years scaling teams and technology at Bank of America, Google, Electronic Arts, PayPal/eBay, and Visa International. \u003c/p\u003e\n\n\u003cp\u003eIn this conversation, we discuss the convergence of security with fraud prevention and anti-abuse, the challenges and complexities in IAM implementations, the post-pandemic labor market, the evolving role of CISOs and new realities around CISO exposure to personal liability, thoughts on the 'build vs buy' debate and the nuance and dilemma of paying ransomware demands.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Allison Miller on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/allisonmiller/\"\u003eAllison Miller on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cartomancy Labs\" rel=\"nofollow\" href=\"https://www.linkedin.com/company/cartomancy-labs/\"\u003eCartomancy Labs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Security Leaders Spooked by SEC Lawsuit Against SolarWinds CISO\" rel=\"nofollow\" href=\"https://www.securityweek.com/cisos-spooked-by-sec-lawsuit-against-solarwinds-ciso/\"\u003eSecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"New SEC rule on breach disclosure (PDF)\" rel=\"nofollow\" href=\"https://www.sec.gov/files/rules/final/2023/33-11216.pdf\"\u003eNew SEC rule on breach disclosure (PDF)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Allison Miller on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/selenakyle\"\u003eFollow Allison Miller on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sponsor: Binarly Supply Chain Security Platform\" rel=\"nofollow\" href=\"https://binarly.io/capabilities/index.html\"\u003eSponsor: Binarly Supply Chain Security Platform\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly, the supply chain security experts (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nAllison Miller is founder and CEO of Cartomancy Labs and former CISO and VP of Trust at Reddit. She has spent the past 20 years scaling teams and technology at Bank of America, Google, Electronic Arts, PayPal/eBay, and Visa International. \r\n\r\nIn this conversation, we discuss the convergence of security with fraud prevention and anti-abuse, the challenges and complexities in IAM implementations, the post-pandemic labor market, the evolving role of CISOs and new realities around CISO exposure to personal liability, thoughts on the 'build vs buy' debate and the nuance and dilemma of paying ransomware demands. ","date_published":"2023-12-21T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/28dec282-d91f-4cce-9500-6459abf30cdf.mp3","mime_type":"audio/mpeg","size_in_bytes":30309172,"duration_in_seconds":2292}]},{"id":"5d290c85-90a8-4e41-8e9b-f8c953259be4","title":"Rob Ragan on the excitement of AI solving security problems","url":"https://securityconversations.fireside.fm/rob-ragan-artificial-intelligence-future-of-security","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nRob Ragan, principal architect and security strategist at Bishop Fox, joins the show to share insights on scaling pen testing, the emergence of bug bounty programs, the value of attack surface management, and the role of AI in cybersecurity. We dig into the importance of proactive defense, the challenges of consolidating security tools, and the potential of AI in augmenting human intelligence. The conversation explores the potential of AI models and their impact on various aspects of technology and society and digs into the importance of improving model interaction by allowing more thoughtful and refined responses. \n\nWe also discuss how AI can be a superpower, enabling rapid prototyping and idea generation. The discussion concludes with considerations for safeguarding AI models, including transparency, explainability, and potential regulations.\n\nTakeaways:\n\n\nScaling pen testing can be challenging, and maintaining quality becomes difficult as the team grows. Bug bounty programs have been a net positive for businesses, providing valuable insights and incentivizing innovative research.\nAttack surface management plays a crucial role in identifying vulnerabilities and continuously monitoring an organization's security posture.\nSocial engineering attacks, such as SIM swapping and phishing, require a multi-faceted defense strategy that includes technical controls, policies, and user education.\nAI has the potential to augment human intelligence and improve efficiency and effectiveness in cybersecurity. Improving model interaction by allowing more thoughtful and refined responses can enhance the user experience. Algorithms can be used to delegate tasks and improve performance, leading to better results in complex tasks.\nAI is an inflection point in technology, comparable to the internet and the industrial revolution. Can be game-changing to automate time-consuming tasks, freeing up human resources for more strategic work.\nAutocomplete and code generation tools like Copilot can significantly speed up coding and reduce errors. AI can be a superpower, enabling rapid prototyping, idea generation, and creative tasks.\nSafeguarding AI models requires transparency, explainability, and consideration of potential biases. Regulations may be necessary to ensure responsible use of AI, but they should not stifle innovation. Global adoption of AI should be encouraged to prevent technological disparities between countries. \nLinks:Rob Ragan's Theoradical.ai\nTesting LLM Algorithms While AI Tests Us\n — Testing LLM Algorithms While AI Tests Us\nLLM Testing Findings Templates\n — This collection of open-source templates is designed to facilitate the reporting and documentation of vulnerabilities and opportunities for usability improvement in LLM integrations and applications.\nRob Ragan on Twitter\nRob Ragan on LinkedIn\nBishop Fox Labs\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eRob Ragan, principal architect and security strategist at Bishop Fox, joins the show to share insights on scaling pen testing, the emergence of bug bounty programs, the value of attack surface management, and the role of AI in cybersecurity. We dig into the importance of proactive defense, the challenges of consolidating security tools, and the potential of AI in augmenting human intelligence. The conversation explores the potential of AI models and their impact on various aspects of technology and society and digs into the importance of improving model interaction by allowing more thoughtful and refined responses. \u003c/p\u003e\n\n\u003cp\u003eWe also discuss how AI can be a superpower, enabling rapid prototyping and idea generation. The discussion concludes with considerations for safeguarding AI models, including transparency, explainability, and potential regulations.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eTakeaways:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eScaling pen testing can be challenging, and maintaining quality becomes difficult as the team grows. Bug bounty programs have been a net positive for businesses, providing valuable insights and incentivizing innovative research.\u003c/li\u003e\n\u003cli\u003eAttack surface management plays a crucial role in identifying vulnerabilities and continuously monitoring an organization's security posture.\u003c/li\u003e\n\u003cli\u003eSocial engineering attacks, such as SIM swapping and phishing, require a multi-faceted defense strategy that includes technical controls, policies, and user education.\u003c/li\u003e\n\u003cli\u003eAI has the potential to augment human intelligence and improve efficiency and effectiveness in cybersecurity. Improving model interaction by allowing more thoughtful and refined responses can enhance the user experience. Algorithms can be used to delegate tasks and improve performance, leading to better results in complex tasks.\u003c/li\u003e\n\u003cli\u003eAI is an inflection point in technology, comparable to the internet and the industrial revolution. Can be game-changing to automate time-consuming tasks, freeing up human resources for more strategic work.\u003c/li\u003e\n\u003cli\u003eAutocomplete and code generation tools like Copilot can significantly speed up coding and reduce errors. AI can be a superpower, enabling rapid prototyping, idea generation, and creative tasks.\u003c/li\u003e\n\u003cli\u003eSafeguarding AI models requires transparency, explainability, and consideration of potential biases. Regulations may be necessary to ensure responsible use of AI, but they should not stifle innovation. Global adoption of AI should be encouraged to prevent technological disparities between countries. \u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Rob Ragan\u0026#39;s Theoradical.ai\" rel=\"nofollow\" href=\"https://theoradical.ai/\"\u003eRob Ragan's Theoradical.ai\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Testing LLM Algorithms While AI Tests Us\" rel=\"nofollow\" href=\"https://slides.com/robragan/testing-llms\"\u003eTesting LLM Algorithms While AI Tests Us\n\u003c/a\u003e \u0026mdash; Testing LLM Algorithms While AI Tests Us\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"LLM Testing Findings Templates\" rel=\"nofollow\" href=\"https://github.com/BishopFox/llm-testing-findings/blob/main/README.md\"\u003eLLM Testing Findings Templates\n\u003c/a\u003e \u0026mdash; This collection of open-source templates is designed to facilitate the reporting and documentation of vulnerabilities and opportunities for usability improvement in LLM integrations and applications.\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Rob Ragan on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/sweepthatleg\"\u003eRob Ragan on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Rob Ragan on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/robragan/\"\u003eRob Ragan on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Bishop Fox Labs\" rel=\"nofollow\" href=\"https://bishopfox.com/labs\"\u003eBishop Fox Labs\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly, the firmware security experts (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nRob Ragan, principal architect and security strategist at Bishop Fox, joins the show to share insights on scaling pen testing, the emergence of bug bounty programs, the value of attack surface management, and the role of AI in cybersecurity. We dig into the importance of proactive defense, the challenges of consolidating security tools, and the potential of AI in augmenting human intelligence. The conversation explores the leapfrog potential of AI models and their impact on various aspects of technology and society.","date_published":"2023-12-07T07:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/5d290c85-90a8-4e41-8e9b-f8c953259be4.mp3","mime_type":"audio/mpeg","size_in_bytes":41368098,"duration_in_seconds":3076}]},{"id":"1f02640b-edf7-4549-8012-6764dcca018d","title":"Seth Spergel on venture capital bets in cybersecurity","url":"https://securityconversations.fireside.fm/seth-spergel-merlin-ventures","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nSeth Spergel is managing partner at Merlin Ventures, where he is responsible for identifying cutting-edge companies for Merlin to partner with and invest in. In this episode, Seth talks about helping startups target US federal markets, the current state of deal sizes and valuations, and the red-hot sectors in cybersecurity ripe for venture investment.Links:Seth Spergel bio\n — Seth has more than 20 years of experience building, selling, and investing in software and startups. Prior to Merlin Ventures, Seth was VP for Infrastructure Technologies at In-Q-Tel, a strategic investment firm that invests in startups that meet the mission needs of government customers. \nMerlin Ventures portfolio\nPalo Alto buys Talon, Dig Security\n — Technology powerhouse Palo Alto Networks is officially on a billion-dollar shopping spree in the cloud data security space.\nEpisode Sponsor: Binarly\n — The Binarly REsearch team leads the industry in firmware vulnerability disclosure and advisories\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eSeth Spergel is managing partner at Merlin Ventures, where he is responsible for identifying cutting-edge companies for Merlin to partner with and invest in. In this episode, Seth talks about helping startups target US federal markets, the current state of deal sizes and valuations, and the red-hot sectors in cybersecurity ripe for venture investment.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Seth Spergel bio\" rel=\"nofollow\" href=\"https://merlin.vc/team/seth-spergel/\"\u003eSeth Spergel bio\n\u003c/a\u003e \u0026mdash; Seth has more than 20 years of experience building, selling, and investing in software and startups. Prior to Merlin Ventures, Seth was VP for Infrastructure Technologies at In-Q-Tel, a strategic investment firm that invests in startups that meet the mission needs of government customers. \n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Merlin Ventures portfolio\" rel=\"nofollow\" href=\"https://merlin.vc/portfolio/\"\u003eMerlin Ventures portfolio\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Palo Alto buys Talon, Dig Security\" rel=\"nofollow\" href=\"https://www.securityweek.com/palo-alto-to-acquire-talon-intensifying-competition-in-cloud-data-security/\"\u003ePalo Alto buys Talon, Dig Security\n\u003c/a\u003e \u0026mdash; Technology powerhouse Palo Alto Networks is officially on a billion-dollar shopping spree in the cloud data security space.\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Episode Sponsor: Binarly\" rel=\"nofollow\" href=\"https://binarly.io/capabilities/index.html\"\u003eEpisode Sponsor: Binarly\n\u003c/a\u003e \u0026mdash; The Binarly REsearch team leads the industry in firmware vulnerability disclosure and advisories\n\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly, the firmware security experts (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nSeth Spergel is managing partner at Merlin Ventures, where he is responsible for identifying cutting-edge companies for Merlin to partner with and invest in. In this episode, Seth talks about helping startups target US federal markets, the current state of deal sizes and valuations, and the red-hot sectors in cybersecurity ripe for venture investment.","date_published":"2023-11-21T10:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1f02640b-edf7-4549-8012-6764dcca018d.mp3","mime_type":"audio/mpeg","size_in_bytes":17151625,"duration_in_seconds":1736}]},{"id":"aa617e3f-5689-4e88-a3ea-69bf50679c6e","title":"Dan Lorenc on fixing the 'crappy' CVE ecosystem ","url":"https://securityconversations.fireside.fm/dan-lorenc-deciphers-cve-cvss-sbom-supply-chains","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nDan Lorenc is CEO and co-founder of Chainguard, a company that raised $116 million in less than two years to tackle open source supply chain security problems. In this episode, Dan joins Ryan to chat about the demands of building a \"growth mode\" startup, massive funding rounds and VC expectations, fixing the \"crappy\" CVE and CVSS ecosystems, managing expectations around SBOMs, and how politicians and lobbyists are framing cybersecurity issues in strange ways.Links:SBOMs - All the right ingredients, but something is still missing\nOpen Source Development Threatened in Europe\nChainguard Images: Reduce your attack surface\nDan Lorenc on LinkedIn\nDan Lorenc on Twitter/X\nChainguard Raises $61 Million Series B\nBinarly -- Firmware Supply Chain Security Platform\n — Binarly is the world's first automated firmware supply chain security platform. Using cutting-edge techniques, Binarly identifies both known and unknown vulnerabilities, misconfigurations, and malicious code in firmware and hardware components.\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eDan Lorenc is CEO and co-founder of Chainguard, a company that raised $116 million in less than two years to tackle open source supply chain security problems. In this episode, Dan joins Ryan to chat about the demands of building a \"growth mode\" startup, massive funding rounds and VC expectations, fixing the \"crappy\" CVE and CVSS ecosystems, managing expectations around SBOMs, and how politicians and lobbyists are framing cybersecurity issues in strange ways.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"SBOMs - All the right ingredients, but something is still missing\" rel=\"nofollow\" href=\"https://p72.vc/perspectives/software-bills-of-material-sboms/\"\u003eSBOMs - All the right ingredients, but something is still missing\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Open Source Development Threatened in Europe\" rel=\"nofollow\" href=\"https://thenewstack.io/open-source-development-threatened-in-europe/\"\u003eOpen Source Development Threatened in Europe\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chainguard Images: Reduce your attack surface\" rel=\"nofollow\" href=\"https://www.chainguard.dev/chainguard-images\"\u003eChainguard Images: Reduce your attack surface\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dan Lorenc on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/danlorenc/\"\u003eDan Lorenc on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dan Lorenc on Twitter/X\" rel=\"nofollow\" href=\"https://twitter.com/lorenc_dan\"\u003eDan Lorenc on Twitter/X\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chainguard Raises $61 Million Series B\" rel=\"nofollow\" href=\"https://www.chainguard.dev/unchained/series-b-funding\"\u003eChainguard Raises $61 Million Series B\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Binarly -- Firmware Supply Chain Security Platform\" rel=\"nofollow\" href=\"https://binarly.io/\"\u003eBinarly -- Firmware Supply Chain Security Platform\n\u003c/a\u003e \u0026mdash; Binarly is the world's first automated firmware supply chain security platform. Using cutting-edge techniques, Binarly identifies both known and unknown vulnerabilities, misconfigurations, and malicious code in firmware and hardware components.\n\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly, the firmware security experts (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nDan Lorenc is CEO and co-founder of Chainguard, a company that raised $116 million in less than two years to tackle open source supply chain security problems. In this episode, Dan joins Ryan to chat about the demands of building a \"growth mode\" startup, massive funding rounds and VC expectations, fixing the \"crappy\" CVE and CVSS ecosystems, managing expectations around SBOMs, and how politicians and lobbyists are framing cybersecurity issues in strange ways.","date_published":"2023-11-14T06:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/aa617e3f-5689-4e88-a3ea-69bf50679c6e.mp3","mime_type":"audio/mpeg","size_in_bytes":40642471,"duration_in_seconds":2505}]},{"id":"d35fcfc2-f5e9-4b06-bbda-9a59ed8fafed","title":"Cisco Talos researcher Nick Biasini on chasing APTs, mercenary hackers","url":"https://securityconversations.fireside.fm/nick-biasini-cisco-talos","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nNick Biasini has been working in information security for nearly two decades. In his current role as head of outreach for Cisco Talos Intelligence Group, he leads a team of threat researchers tasked with tracking nation-state APTs, mercenary hacker groups and ransomware cybercriminals. In this episode, Biasini talks about the cryptic world of threat actor attribution, the rise of PSOAs (private sector offensive actors) and why network edge devices are a happy hunting ground for attackers.Links:Nick Biasini on Twitter\nCisco Talos Library of Reports\nNick Biasini on LinkedIn\nBeyond the Veil of Surveillance: Private Sector Offensive Actors (PSOAs)\nUS Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eNick Biasini has been working in information security for nearly two decades. In his current role as head of outreach for Cisco Talos Intelligence Group, he leads a team of threat researchers tasked with tracking nation-state APTs, mercenary hacker groups and ransomware cybercriminals. In this episode, Biasini talks about the cryptic world of threat actor attribution, the rise of PSOAs (private sector offensive actors) and why network edge devices are a happy hunting ground for attackers.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Nick Biasini on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/infosec_nick\"\u003eNick Biasini on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cisco Talos Library of Reports\" rel=\"nofollow\" href=\"https://talosintelligence.com/resources\"\u003eCisco Talos Library of Reports\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Nick Biasini on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/nick-biasini-00707950/\"\u003eNick Biasini on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Beyond the Veil of Surveillance: Private Sector Offensive Actors (PSOAs)\" rel=\"nofollow\" href=\"https://socradar.io/beyond-the-veil-of-surveillance-private-sector-offensive-actors-psoas/\"\u003eBeyond the Veil of Surveillance: Private Sector Offensive Actors (PSOAs)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"US Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa\" rel=\"nofollow\" href=\"https://www.securityweek.com/us-gov-mercenary-spyware-clampdown-hits-cytrox-intellexa/\"\u003eUS Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nNick Biasini has been working in information security for nearly two decades. In his current role as head of outreach for Cisco Talos Intelligence Group, he leads a team of threat researchers tasked with tracking nation-state APTs, mercenary hacker groups and ransomware cybercriminals. In this episode, Biasini talks about the cryptic world of threat actor attribution, the rise of PSOAs (private sector offensive actors) and why network edge devices are a happy hunting ground for attackers.","date_published":"2023-11-07T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/d35fcfc2-f5e9-4b06-bbda-9a59ed8fafed.mp3","mime_type":"audio/mpeg","size_in_bytes":30416978,"duration_in_seconds":1887}]},{"id":"5f9634cc-a169-42e1-8e20-a28c5480205f","title":"Allison Nixon on disturbing elements in cybercriminal ecosystem","url":"https://securityconversations.fireside.fm/allison-nixon-unit-221b-cybercrime","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nAllison Nixon is Chief Researcher at Unit 221B and a trailblazer in the world of cybercrime research. In this episode, we deep-drive into the shadowy dynamics of underground criminal communities, high-profile ransomware attacks, teenage hacking groups breaking into big companies, and the challenges of attribution and law enforcement. Allison sheds light on why companies continue to be vulnerable targets and what they're often missing in their cybersecurity strategies.Links:Allison Nixon on Twitter\nAllison Nixon - Unit 221B bio\nLas Vegas casino hackers rely on violent threats\nCrossing boundaries to facilitate extortion, encryption, and destruction\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eAllison Nixon is Chief Researcher at Unit 221B and a trailblazer in the world of cybercrime research. In this episode, we deep-drive into the shadowy dynamics of underground criminal communities, high-profile ransomware attacks, teenage hacking groups breaking into big companies, and the challenges of attribution and law enforcement. Allison sheds light on why companies continue to be vulnerable targets and what they're often missing in their cybersecurity strategies.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Allison Nixon on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/nixonnixoff\"\u003eAllison Nixon on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Allison Nixon - Unit 221B bio\" rel=\"nofollow\" href=\"https://unit221b.com/our-team\"\u003eAllison Nixon - Unit 221B bio\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Las Vegas casino hackers rely on violent threats\" rel=\"nofollow\" href=\"https://cyberscoop.com/com-scattered-spider-tradecraft/\"\u003eLas Vegas casino hackers rely on violent threats\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Crossing boundaries to facilitate extortion, encryption, and destruction\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/\"\u003eCrossing boundaries to facilitate extortion, encryption, and destruction\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nAllison Nixon is Chief Researcher at Unit 221B and a trailblazer in the world of cybercrime research. In this episode, we deep-drive into the shadowy dynamics of underground criminal communities, high-profile ransomware attacks, teenage hacking groups breaking into big companies, and the challenges of attribution and law enforcement. Allison sheds light on why companies continue to be vulnerable targets and what they're often missing in their cybersecurity strategies.","date_published":"2023-11-01T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/5f9634cc-a169-42e1-8e20-a28c5480205f.mp3","mime_type":"audio/mpeg","size_in_bytes":42292017,"duration_in_seconds":2919}]},{"id":"11696fa7-d330-4346-b5f1-078d7542cccd","title":"Dakota Cary on China's weaponization of software vulnerabilities","url":"https://securityconversations.fireside.fm/dakota-cary-global-china-hub","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nDakota Cary is a nonresident fellow at the Atlantic Council’s Global China Hub, conducting research on China’s efforts to develop its hacking capabilities, artificial-intelligence and cybersecurity research at Chinese universities, the People’s Liberation Army’s efforts to automate software vulnerability discovery, and new policies to improve China’s cybersecurity-talent pipeline. \n\nIn this episode, Cary expands on a new report -- 'Sleight of Hand' -- that delves into the changing legal landscape for vulnerability disclosure in China, the PRC's weaponization of software vulnerabilities, advanced threat actors in China and that infamous Bloomberg 'rice grain' spy chip story.Links:Sleight of hand: How China weaponizes software vulnerabilities\nDakota Cary on Twitter\nMoussouris: U.S. Should Resist Urge to Match China Vuln Reporting Mandate\nCSRB Log4j incident report (PDF)\nCISA China Cyber Threat Overview and Advisories\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eDakota Cary is a nonresident fellow at the Atlantic Council’s Global China Hub, conducting research on China’s efforts to develop its hacking capabilities, artificial-intelligence and cybersecurity research at Chinese universities, the People’s Liberation Army’s efforts to automate software vulnerability discovery, and new policies to improve China’s cybersecurity-talent pipeline. \u003c/p\u003e\n\n\u003cp\u003eIn this episode, Cary expands on a new report -- 'Sleight of Hand' -- that delves into the changing legal landscape for vulnerability disclosure in China, the PRC's weaponization of software vulnerabilities, advanced threat actors in China and that infamous Bloomberg 'rice grain' spy chip story.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Sleight of hand: How China weaponizes software vulnerabilities\" rel=\"nofollow\" href=\"https://www.atlanticcouncil.org/in-depth-research-reports/report/sleight-of-hand-how-china-weaponizes-software-vulnerability/\"\u003eSleight of hand: How China weaponizes software vulnerabilities\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dakota Cary on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/DakotaInDC?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor\"\u003eDakota Cary on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Moussouris: U.S. Should Resist Urge to Match China Vuln Reporting Mandate\" rel=\"nofollow\" href=\"https://www.securityweek.com/moussouris-us-should-resist-urge-match-china-vuln-reporting-mandate/\"\u003eMoussouris: U.S. Should Resist Urge to Match China Vuln Reporting Mandate\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CSRB Log4j incident report (PDF)\" rel=\"nofollow\" href=\"https://www.cisa.gov/sites/default/files/publications/CSRB-Report-on-Log4-July-11-2022_508.pdf\"\u003eCSRB Log4j incident report (PDF)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISA China Cyber Threat Overview and Advisories\" rel=\"nofollow\" href=\"https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/china\"\u003eCISA China Cyber Threat Overview and Advisories\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nDakota Cary is a nonresident fellow at the Atlantic Council’s Global China Hub, conducting research on China’s efforts to develop its hacking capabilities, artificial-intelligence and cybersecurity research at Chinese universities, the People’s Liberation Army’s efforts to automate software vulnerability discovery, and new policies to improve China’s cybersecurity-talent pipeline. \r\n\r\nIn this episode, Cary expands on a new report -- 'Sleight of Hand' -- that delves into the changing legal landscape for vulnerability disclosure in China, the PRC's weaponization of software vulnerabilities, nation state-backed threat actors in China and that infamous Bloomberg 'rice grain' spy chip story.","date_published":"2023-09-15T13:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/11696fa7-d330-4346-b5f1-078d7542cccd.mp3","mime_type":"audio/mpeg","size_in_bytes":51975872,"duration_in_seconds":3348}]},{"id":"013e4610-5aeb-4cb3-89d1-509db8c25ffd","title":"Abhishek Arya on Google's AI cybersecurity experiments","url":"https://securityconversations.fireside.fm/abhishek-arya-google-open-source-supply-chain","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nAbhishek Arya is director of engineering at Google, overseeing open source and supply chain security efforts that include OSS-Fuzz, SLSA, GUAC and OSV DB. \n\nIn this episode, Arya talks about some early success experimenting with AI and LLMs on fuzzing and vulnerability management, the industry's over-pivoting on SBOMs, regulations and liability for software vendors, and the long road ahead for securing software supply chains.Links:Abhishek Arya on LinkedIn\nOSS-Fuzz: Continuous fuzzing for open source software\nGoogle Brings AI Magic to Fuzz Testing\nAI-Powered Fuzzing: Breaking the Bug Hunting Barrier\nAI Cyber Challenge\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eAbhishek Arya is director of engineering at Google, overseeing open source and supply chain security efforts that include OSS-Fuzz, SLSA, GUAC and OSV DB. \u003c/p\u003e\n\n\u003cp\u003eIn this episode, Arya talks about some early success experimenting with AI and LLMs on fuzzing and vulnerability management, the industry's over-pivoting on SBOMs, regulations and liability for software vendors, and the long road ahead for securing software supply chains.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Abhishek Arya on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/abhishek-arya-a565373/\"\u003eAbhishek Arya on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OSS-Fuzz: Continuous fuzzing for open source software\" rel=\"nofollow\" href=\"https://github.com/google/oss-fuzz/blob/master/README.md\"\u003eOSS-Fuzz: Continuous fuzzing for open source software\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google Brings AI Magic to Fuzz Testing\" rel=\"nofollow\" href=\"https://www.securityweek.com/google-brings-ai-magic-to-fuzz-testing-with-eye-opening-results/\"\u003eGoogle Brings AI Magic to Fuzz Testing\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AI-Powered Fuzzing: Breaking the Bug Hunting Barrier\" rel=\"nofollow\" href=\"https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html\"\u003eAI-Powered Fuzzing: Breaking the Bug Hunting Barrier\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AI Cyber Challenge\" rel=\"nofollow\" href=\"https://aicyberchallenge.com/\"\u003eAI Cyber Challenge\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nAbhishek Arya is director of engineering at Google, overseeing open source and supply chain security efforts that include OSS-Fuzz, SLSA, GUAC and OSV DB. \r\n\r\nIn this episode, Arya talks about some early success experimenting with AI and LLMs on fuzzing and vulnerability management, the industry's over-pivoting on SBOMs, regulations and liability for software vendors, and the long road ahead for securing software supply chains.","date_published":"2023-09-12T16:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/013e4610-5aeb-4cb3-89d1-509db8c25ffd.mp3","mime_type":"audio/mpeg","size_in_bytes":31344253,"duration_in_seconds":2007}]},{"id":"22e99482-8572-494f-9416-25773647d809","title":"Dr Sergey Bratus on the 'citizen science' of hacking","url":"https://securityconversations.fireside.fm/sergey-bratus-darpa-safedocs-ai-hacking","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nDr Sergey Bratus is a Research Associate Professor of Computer Science at Dartmouth College and a program manager at DARPA. In this episode, he discusses his pioneering work on securing parsers and patching long-forgotten devices. He also puts the AI hype into context and showers praise on the labor-of-love \"citizen science\" of hacking all the things.Links:Sergey Bratus Bio\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eDr Sergey Bratus is a Research Associate Professor of Computer Science at Dartmouth College and a program manager at DARPA. In this episode, he discusses his pioneering work on securing parsers and patching long-forgotten devices. He also puts the AI hype into context and showers praise on the labor-of-love \"citizen science\" of hacking all the things.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Sergey Bratus Bio\" rel=\"nofollow\" href=\"https://faculty-directory.dartmouth.edu/sergey-bratus\"\u003eSergey Bratus Bio\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nDr Sergey Bratus is a Research Associate Professor of Computer Science at Dartmouth College and a program manager at DARPA. In this episode, he discusses his pioneering work on securing parsers and patching long-forgotten devices. He also puts the AI hype into context and showers praise on the labor-of-love \"citizen science\" of hacking all the things.","date_published":"2023-08-31T06:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/22e99482-8572-494f-9416-25773647d809.mp3","mime_type":"audio/mpeg","size_in_bytes":34605660,"duration_in_seconds":2402}]},{"id":"7a6ea79b-20e5-402f-b50e-f2c1305e8569","title":"DARPA's Perri Adams on CTF hacking, new $20M AI Cyber Challenge","url":"https://securityconversations.fireside.fm/perri-adams-darpa-ai-cyber-challenge","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nDARPA program manager Perri Adams joins the conversation to chat about her love for CTF hacking competitions, the hunt for leapfrog security technologies in DARPA’s Information Innovation Office (I2O), and the goal of the new AI Cyber Challenge (AIxCC) offering $20 million in prizes to teams competing to develop AI-driven systems to automatically secure critical code.Links:DARPA AI Cyber Challenge Aims to Secure Nation’s Most Critical Software\nAIxCC - AI Cyber Challenge\nFollow Perri Adams on Twitter \nGoogle Brings AI Magic to Fuzz Testing\nAI-Powered Fuzzing: Breaking the Bug Hunting Barrier\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eDARPA program manager Perri Adams joins the conversation to chat about her love for CTF hacking competitions, the hunt for leapfrog security technologies in DARPA’s Information Innovation Office (I2O), and the goal of the new AI Cyber Challenge (AIxCC) offering $20 million in prizes to teams competing to develop AI-driven systems to automatically secure critical code.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"DARPA AI Cyber Challenge Aims to Secure Nation’s Most Critical Software\" rel=\"nofollow\" href=\"https://www.darpa.mil/news-events/2023-08-09\"\u003eDARPA AI Cyber Challenge Aims to Secure Nation’s Most Critical Software\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AIxCC - AI Cyber Challenge\" rel=\"nofollow\" href=\"https://aicyberchallenge.com/\"\u003eAIxCC - AI Cyber Challenge\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Perri Adams on Twitter \" rel=\"nofollow\" href=\"https://twitter.com/perribus\"\u003eFollow Perri Adams on Twitter \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google Brings AI Magic to Fuzz Testing\" rel=\"nofollow\" href=\"https://www.securityweek.com/google-brings-ai-magic-to-fuzz-testing-with-eye-opening-results/\"\u003eGoogle Brings AI Magic to Fuzz Testing\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"AI-Powered Fuzzing: Breaking the Bug Hunting Barrier\" rel=\"nofollow\" href=\"https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html\"\u003eAI-Powered Fuzzing: Breaking the Bug Hunting Barrier\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nDARPA program manager Perri Adams joins the conversation to chat about her love for CTF hacking competitions, the hunt for leapfrog security technologies in DARPA’s Information Innovation Office (I2O), and the goal of the new AI Cyber Challenge (AIxCC) offering $20 million in prizes to teams competing to develop AI-driven systems to automatically secure critical code.","date_published":"2023-08-20T07:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/7a6ea79b-20e5-402f-b50e-f2c1305e8569.mp3","mime_type":"audio/mpeg","size_in_bytes":25532690,"duration_in_seconds":1607}]},{"id":"6fb48532-6cea-4136-b891-de4095a5f1fd","title":"Ryan Hurst on tech innovation and unsolved problems in security","url":"https://securityconversations.fireside.fm/ryan-hurst-peculiar-ventures","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nPeculiar Ventures chief executive Ryan Hurst joins the show to talk about a career that spanned 20 years at Microsoft and Google, his work building the plumbing for encryption on the web, unsolved problems in BGP security, the hype and promise of AI, and Microsoft's ongoing cloud security hiccups.Links:Projects - Peculiar Ventures\nRyan Hurst on LinkedIn\nBinarly - AI-powered firmware security\nSandboxAQ\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003ePeculiar Ventures chief executive Ryan Hurst joins the show to talk about a career that spanned 20 years at Microsoft and Google, his work building the plumbing for encryption on the web, unsolved problems in BGP security, the hype and promise of AI, and Microsoft's ongoing cloud security hiccups.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Projects - Peculiar Ventures\" rel=\"nofollow\" href=\"https://peculiarventures.com/projects\"\u003eProjects - Peculiar Ventures\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ryan Hurst on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/ryanmhurst/\"\u003eRyan Hurst on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Binarly - AI-powered firmware security\" rel=\"nofollow\" href=\"https://binarly.io/capabilities\"\u003eBinarly - AI-powered firmware security\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"SandboxAQ\" rel=\"nofollow\" href=\"https://www.sandboxaq.com/\"\u003eSandboxAQ\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nPeculiar Ventures chief executive Ryan Hurst joins the show to talk about a career that spanned 20 years at Microsoft and Google, his work building the plumbing for encryption on the web, unsolved problems in BGP security, the hype and promise of AI, and Microsoft's ongoing cloud security hiccups.","date_published":"2023-08-16T07:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6fb48532-6cea-4136-b891-de4095a5f1fd.mp3","mime_type":"audio/mpeg","size_in_bytes":35217292,"duration_in_seconds":2544}]},{"id":"c38cc994-c217-4b50-b5bb-07900a1bee04","title":"Jason Chan on Microsoft's security problems, layoffs and startups","url":"https://securityconversations.fireside.fm/jason-chan-bessemer-venture-partners","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nBessemer Venture Partner's Jason Chan returns to the show for a frank discussion on the state of cyber, including thoughts on Microsoft's prominent security failures, the meaning of layoffs hitting security teams, the excitement around AI, and the long road ahead. The former Netflix security chief also talks about merging of the IT and security functions and the importance of cybersecurity proving its value to the business.Links:Jason Chan, VP, Information Security, Netflix\nJason Chan on LinkedIn\nFollow Jason on Twitter / X\nJason Chan - Bessemer Venture Partners\n — Jason Chan is an operating advisor at Bessemer where he brings over twenty years of experience in cybersecurity and is especially passionate about large-scale systems, cloud security, and improving security in modern software development practices. Most recently, Jason built and led the information security team at Netflix for over a decade. His team at Netflix was known for its contributions to the security community, including over 30 open-source security releases and dozens of conference presentations. He also previously led the security team at VMware and spent most of his earlier career in security consulting. \n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eBessemer Venture Partner's Jason Chan returns to the show for a frank discussion on the state of cyber, including thoughts on Microsoft's prominent security failures, the meaning of layoffs hitting security teams, the excitement around AI, and the long road ahead. The former Netflix security chief also talks about merging of the IT and security functions and the importance of cybersecurity proving its value to the business.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Jason Chan, VP, Information Security, Netflix\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/jason-chan-vp-information-security-netflix/\"\u003eJason Chan, VP, Information Security, Netflix\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Jason Chan on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/jasonbchan/\"\u003eJason Chan on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Jason on Twitter / X\" rel=\"nofollow\" href=\"https://twitter.com/chanjbs\"\u003eFollow Jason on Twitter / X\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Jason Chan - Bessemer Venture Partners\" rel=\"nofollow\" href=\"https://www.bvp.com/team/jason-chan\"\u003eJason Chan - Bessemer Venture Partners\n\u003c/a\u003e \u0026mdash; Jason Chan\u0026nbsp;is an operating advisor at Bessemer where he brings over twenty years of experience in cybersecurity and is especially passionate about large-scale systems, cloud security, and improving security in modern software development practices. Most recently, Jason built and led the information security team at Netflix for over a decade. His team at Netflix was known for its contributions to the security community, including over 30 open-source security releases and dozens of conference presentations. He also previously led the security team at VMware and spent most of his earlier career in security consulting.\u0026nbsp;\n\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nBessemer Venture Partner's Jason Chan returns to the show for a frank discussion on the state of cyber, including thoughts on Microsoft's prominent security failures, the meaning of layoffs hitting security teams, the excitement around AI, and the long road ahead. The former Netflix security chief also talks about merging of the IT and security functions and the importance of cybersecurity proving its value to the business.","date_published":"2023-08-07T07:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/c38cc994-c217-4b50-b5bb-07900a1bee04.mp3","mime_type":"audio/mpeg","size_in_bytes":19285621,"duration_in_seconds":1627}]},{"id":"7532f1bd-4ebc-404a-9553-2f3339cc005f","title":"GitHub security chief Mike Hanley on secure coding, AI and SBOMs","url":"https://securityconversations.fireside.fm/mike-hanley-github","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nGitHub security chief Mike Hanley joins the show to discuss merging the CSO and SVP/Engineering roles, securing data and code in an organization under constant attack, the thrilling promise of AI to the future of secure code, the dangers of equating SBOMs to supply chain security, and new SEC reporting rules for CISOs.Links:Michael Hanley on LinkedIn\nGitHub Security\nGitHub Copilot AI pair programmer\nBig Tech Vendors Object to US Gov SBOM Mandate\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eGitHub security chief Mike Hanley joins the show to discuss merging the CSO and SVP/Engineering roles, securing data and code in an organization under constant attack, the thrilling promise of AI to the future of secure code, the dangers of equating SBOMs to supply chain security, and new SEC reporting rules for CISOs.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Michael Hanley on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/michael-hanley-b6508913/\"\u003eMichael Hanley on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"GitHub Security\" rel=\"nofollow\" href=\"https://github.com/security\"\u003eGitHub Security\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"GitHub Copilot AI pair programmer\" rel=\"nofollow\" href=\"https://github.com/features/copilot\"\u003eGitHub Copilot AI pair programmer\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Big Tech Vendors Object to US Gov SBOM Mandate\" rel=\"nofollow\" href=\"https://www.securityweek.com/big-tech-vendors-object-us-gov-sbom-mandate/\"\u003eBig Tech Vendors Object to US Gov SBOM Mandate\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nGitHub security chief Mike Hanley joins the show to discuss merging the CSO and SVP/Engineering roles, securing data and code in an organization under constant attack, the thrilling promise of AI to the future of secure code, the dangers of equating SBOMs to supply chain security, and new SEC reporting rules for CISOs.","date_published":"2023-08-02T07:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/7532f1bd-4ebc-404a-9553-2f3339cc005f.mp3","mime_type":"audio/mpeg","size_in_bytes":43779417,"duration_in_seconds":2429}]},{"id":"1c4c139f-1d8a-4f40-9cd2-f317b02723e3","title":"Jason Shockey, Chief Information Security Officer, Cenlar FSB","url":"https://securityconversations.fireside.fm/jason-shockey-ciso-cenlar-fsb","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nCenlar FSB security chief Jason Shockey joins the show to discuss the task of securing a financial institution, pivoting from a career in the military to the private sector, the current state of the job market, managing risk from APTs, and the mission of his My Cyberpath project.Links:Jason Shockey on LinkedIn\nMy Cyberpath\nJason Shockey joins Cenlar FSB\nNIST Cybersecurity Framework\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eCenlar FSB security chief Jason Shockey joins the show to discuss the task of securing a financial institution, pivoting from a career in the military to the private sector, the current state of the job market, managing risk from APTs, and the mission of his My Cyberpath project.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Jason Shockey on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/jason-shockey/\"\u003eJason Shockey on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"My Cyberpath\" rel=\"nofollow\" href=\"https://www.mycyberpath.com/\"\u003eMy Cyberpath\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Jason Shockey joins Cenlar FSB\" rel=\"nofollow\" href=\"https://www.cenlar.com/about-cenlar/cenlar-news/cenlar-appoints-jason-shockey-to-chief-information-security-officer\"\u003eJason Shockey joins Cenlar FSB\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"NIST Cybersecurity Framework\" rel=\"nofollow\" href=\"https://www.nist.gov/cyberframework\"\u003eNIST Cybersecurity Framework\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nCenlar FSB security chief Jason Shockey joins the show to discuss the task of securing a financial institution, pivoting from a career in the military to the private sector, the current state of the job market, managing risk from APTs, and the mission of his My Cyberpath project.","date_published":"2023-07-26T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1c4c139f-1d8a-4f40-9cd2-f317b02723e3.mp3","mime_type":"audio/mpeg","size_in_bytes":29816428,"duration_in_seconds":2027}]},{"id":"b66102f9-41e2-40e3-981c-48d2187a490d","title":"Federico Kirschbaum on a life in the Argentina hacking scene","url":"https://securityconversations.fireside.fm/federico-kirschbaum-faraday-argentina-hacking","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nFaraday chief executive Federico 'Fede' Kirschbaum joins the show to talk about building a startup in the vulnerability management space, the intricacies of the Argentinian hacking culture, stories of exploit writers and mercenary hackers, and the overwhelming U.S.-centric view of the cybersecurity industry.Links:Faraday at Black Hat 2023\nFede on LinkedIn\nFederico Kirschbaum on Twitter\nEkoparty\nPadding Oracles Everywhere (Rizzo/Duong)\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eFaraday chief executive Federico 'Fede' Kirschbaum joins the show to talk about building a startup in the vulnerability management space, the intricacies of the Argentinian hacking culture, stories of exploit writers and mercenary hackers, and the overwhelming U.S.-centric view of the cybersecurity industry.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Faraday at Black Hat 2023\" rel=\"nofollow\" href=\"https://faradaysec.com/our-tools-go-to-black-hat/\"\u003eFaraday at Black Hat 2023\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fede on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/fedek/\"\u003eFede on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Federico Kirschbaum on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/fede_k\"\u003eFederico Kirschbaum on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ekoparty\" rel=\"nofollow\" href=\"https://ekoparty.org/\"\u003eEkoparty\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Padding Oracles Everywhere (Rizzo/Duong)\" rel=\"nofollow\" href=\"https://vimeo.com/15454510\"\u003ePadding Oracles Everywhere (Rizzo/Duong)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nFaraday chief executive Federico 'Fede' Kirschbaum joins the show to talk about building a startup in the vulnerability management space, the intricacies of the Argentinian hacking culture, stories of exploit writers and mercenary hackers, and the overwhelming U.S.-centric view of the cybersecurity industry.","date_published":"2023-07-19T06:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/b66102f9-41e2-40e3-981c-48d2187a490d.mp3","mime_type":"audio/mpeg","size_in_bytes":32506033,"duration_in_seconds":2521}]},{"id":"ba435301-e21a-48fa-86e5-f60fac79d8c7","title":"Kymberlee Price reflects on life at the MSRC, hacker/vendor engagement, bug bounties","url":"https://securityconversations.fireside.fm/kymberlee-price","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nProduct security executive Kymberlee Price joins the show to gab about life in the trenches at the Microsoft Security Response Center (MSRC), the challenges of maintaining healthy hacker/vendor relationships, the harsh realities of bug-bounty programs, and thoughts on the cybersecurity job market.Links:Kymberlee Price on LinkedIn\nBlueHat Seattle Closing Remarks - YouTube\nKeynote: Defenders Assemble - Kymberlee Price\nBlueHat | Microsoft\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eProduct security executive Kymberlee Price joins the show to gab about life in the trenches at the Microsoft Security Response Center (MSRC), the challenges of maintaining healthy hacker/vendor relationships, the harsh realities of bug-bounty programs, and thoughts on the cybersecurity job market.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Kymberlee Price on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/kymberleeprice/\"\u003eKymberlee Price on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"BlueHat Seattle Closing Remarks - YouTube\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=fDoejozUz2w\u0026amp;ab_channel=MicrosoftSecurityResponseCenter%28MSRC%29\"\u003eBlueHat Seattle Closing Remarks - YouTube\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Keynote: Defenders Assemble - Kymberlee Price\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=OG-YbSwN9VA\u0026amp;ab_channel=AppSecPacificNorthwest\"\u003eKeynote: Defenders Assemble - Kymberlee Price\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"BlueHat | Microsoft\" rel=\"nofollow\" href=\"https://www.microsoft.com/bluehat/\"\u003eBlueHat | Microsoft\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nProduct security executive Kymberlee Price joins the show to gab about life in the trenches at the Microsoft Security Response Center (MSRC), the challenges of maintaining healthy hacker/vendor relationships, the harsh realities of bug-bounty programs, and thoughts on the cybersecurity job market.","date_published":"2023-07-12T09:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/ba435301-e21a-48fa-86e5-f60fac79d8c7.mp3","mime_type":"audio/mpeg","size_in_bytes":45477037,"duration_in_seconds":2918}]},{"id":"3d8d10bc-8c8d-4829-affb-597b12b849f3","title":"OpenSSF GM Omkhar Arasaratnam on open-source software security","url":"https://securityconversations.fireside.fm/omkhar-arasaratnam-open-source-security-foundation","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nNew General Manager of the Open Source Security Foundation (OpenSSF) Omkhar Arasaratnam joins Ryan for a candid conversation on the challenges surrounding open-source software security, lessons from the Log4j crisis, the value of SBOMs, and the U.S. government efforts at securing America's software supply chains.Links:OpenSSF Welcomes New General Manager\nOpenSSF Alpha-Omega\nCSRB report on Log4j\nBig Tech Object to US Gov SBOM Mandate\nOmkhar Arasaratnam on LinkedIn\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eNew General Manager of the Open Source Security Foundation (OpenSSF) Omkhar Arasaratnam joins Ryan for a candid conversation on the challenges surrounding open-source software security, lessons from the Log4j crisis, the value of SBOMs, and the U.S. government efforts at securing America's software supply chains.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"OpenSSF Welcomes New General Manager\" rel=\"nofollow\" href=\"https://openssf.org/press-release/2023/05/10/openssf-welcomes-new-members-veteran-cybersecurity-expert-as-general-manager-and-new-funding/\"\u003eOpenSSF Welcomes New General Manager\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"OpenSSF Alpha-Omega\" rel=\"nofollow\" href=\"https://openssf.org/community/alpha-omega/\"\u003eOpenSSF Alpha-Omega\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CSRB report on Log4j\" rel=\"nofollow\" href=\"https://www.cisa.gov/sites/default/files/publications/CSRB-Report-on-Log4-July-11-2022_508.pdf\"\u003eCSRB report on Log4j\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Big Tech Object to US Gov SBOM Mandate\" rel=\"nofollow\" href=\"https://www.securityweek.com/big-tech-vendors-object-us-gov-sbom-mandate/\"\u003eBig Tech Object to US Gov SBOM Mandate\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Omkhar Arasaratnam on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/omkhar/\"\u003eOmkhar Arasaratnam on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nNew General Manager of the Open Source Security Foundation (OpenSSF) Omkhar Arasaratnam joins the podcast for a candid conversation on the challenges surrounding open-source software security, lessons from the Log4j crisis, the value of SBOMs, and the U.S. government efforts at securing America's software supply chains.","date_published":"2023-07-05T06:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/3d8d10bc-8c8d-4829-affb-597b12b849f3.mp3","mime_type":"audio/mpeg","size_in_bytes":28989150,"duration_in_seconds":2171}]},{"id":"1209f95e-c427-482b-9ca9-7588a29fedbe","title":"Serial entrepreneur Rishi Bhargava on building another cybersecurity company","url":"https://securityconversations.fireside.fm/rishi-bhargava-descope","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nRishi Bhargava and the team of entrepreneurs behind Demisto’s $560 million exit are back at it with a new startup building technology in the customer identity market. The new company, called Descope, raised an abnormally large $53 million seed-stage funding round with ambitious plans to take on rivals big and small in the customer identity and authentication space.\n\nOn this episode of the podcast, Bhargava joins Ryan to talk about the VC funding landscape, the confusing 'identity' category, the responsibilities of vendors in the identity ecosystem, the emergence of Microsoft and Google as big security players, and some thoughts on the Israeli startup scene.Links:Rishi Bhargava on LinkedIn\nDescope Targets Identity Market with Massive $53M Seed Round\nPalo Alto Networks to acquire Demisto for $560M \n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eRishi Bhargava and the team of entrepreneurs behind Demisto’s $560 million exit are back at it with a new startup building technology in the customer identity market. The new company, called Descope, raised an abnormally large $53 million seed-stage funding round with ambitious plans to take on rivals big and small in the customer identity and authentication space.\u003c/p\u003e\n\n\u003cp\u003eOn this episode of the podcast, Bhargava joins Ryan to talk about the VC funding landscape, the confusing 'identity' category, the responsibilities of vendors in the identity ecosystem, the emergence of Microsoft and Google as big security players, and some thoughts on the Israeli startup scene.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Rishi Bhargava on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/bhargavarishi/\"\u003eRishi Bhargava on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Descope Targets Identity Market with Massive $53M Seed Round\" rel=\"nofollow\" href=\"https://www.securityweek.com/descope-targets-customer-identity-market-with-massive-53m-seed-round/\"\u003eDescope Targets Identity Market with Massive $53M Seed Round\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Palo Alto Networks to acquire Demisto for $560M \" rel=\"nofollow\" href=\"https://techcrunch.com/2019/02/19/palo-alto-networks-to-acquire-demisto-for-560m/\"\u003ePalo Alto Networks to acquire Demisto for $560M \n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nRishi Bhargava and the team of entrepreneurs behind Demisto’s $560 million exit are back at it with a new startup building technology in the customer identity market. The new company, called Descope, raised an abnormally large $53 million seed-stage funding round with ambitious plans to take on rivals big and small in the customer identity and authentication space.\r\n\r\nOn this episode of the podcast, Bhargava joins Ryan to talk about the VC funding landscape, the confusing 'identity' category, the responsibilities of vendors in the identity ecosystem, the emergence of Microsoft and Google as big security players, and some thoughts on the Israeli startup scene.","date_published":"2023-04-10T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1209f95e-c427-482b-9ca9-7588a29fedbe.mp3","mime_type":"audio/mpeg","size_in_bytes":27304029,"duration_in_seconds":1952}]},{"id":"00323ad0-4a33-4873-951e-5c3d06fff940","title":"Claude Mandy on CISO priorities, data security principles","url":"https://securityconversations.fireside.fm/claude-mandy-data-security-posture-management","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nSymmetry Systems executive Claude Mandy joins the show to discuss a career in the security trenches, life as a CISO during the WannaCry crisis, and first principles around data security. We dig into the emerging Data Security Posture Management (DSPM) category and how it extends the Zero Trust philosophy to hybrid cloud data stores.Links:Claude Mandy on LinkedIn\nWhat is Data Security Posture Management (DSPM)?\nThe DataGuard Solution\nFollow Claude Mandy on Twitter\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eSymmetry Systems executive Claude Mandy joins the show to discuss a career in the security trenches, life as a CISO during the WannaCry crisis, and first principles around data security. We dig into the emerging Data Security Posture Management (DSPM) category and how it extends the Zero Trust philosophy to hybrid cloud data stores.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Claude Mandy on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/claudemandy/\"\u003eClaude Mandy on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"What is Data Security Posture Management (DSPM)?\" rel=\"nofollow\" href=\"https://www.symmetry-systems.com/blog/what-is-data-security-posture-management\"\u003eWhat is Data Security Posture Management (DSPM)?\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The DataGuard Solution\" rel=\"nofollow\" href=\"https://www.symmetry-systems.com/product\"\u003eThe DataGuard Solution\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Claude Mandy on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/ClaudeMandy\"\u003eFollow Claude Mandy on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nSymmetry Systems executive Claude Mandy joins the show to discuss a career in the security trenches, life as a CISO during the WannaCry crisis, and first principles around data security. We dig into the emerging Data Security Posture Management (DSPM) category and how it extends the Zero Trust philosophy to hybrid cloud data stores.","date_published":"2023-03-06T07:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/00323ad0-4a33-4873-951e-5c3d06fff940.mp3","mime_type":"audio/mpeg","size_in_bytes":26942052,"duration_in_seconds":2102}]},{"id":"517e5949-6bfd-4225-9a75-c3d75ebf7d4c","title":"Sidra Ahmed Lefort dishes on VC investments and cyber uncertainties","url":"https://securityconversations.fireside.fm/sidra-ahmed-lefort-munich-re-ventures","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nMunich Re Ventures investment principal Sidra Ahmed Lefort joins Ryan Naraine for a frank discussion on the state of VC funding in cybersecurity, the rise (and coming correction) in the land of security 'unicorns', the massive early-stage funding rounds and what they mean, layoffs and contractions, and the places in security still ripe for innovation.Links:Sidra Ahmed Lefort on LinkedIn\nPortfolio | Munich Re Ventures\nWhat's Going on With Cybersecurity VC Investments?\nVideo: VC View - Trends in Cybersecurity Innovation\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eMunich Re Ventures investment principal Sidra Ahmed Lefort joins Ryan Naraine for a frank discussion on the state of VC funding in cybersecurity, the rise (and coming correction) in the land of security 'unicorns', the massive early-stage funding rounds and what they mean, layoffs and contractions, and the places in security still ripe for innovation.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Sidra Ahmed Lefort on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/sidra-ahmed-lefort/\"\u003eSidra Ahmed Lefort on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Portfolio | Munich Re Ventures\" rel=\"nofollow\" href=\"https://www.munichre.com/mrv/en/portfolio.html\"\u003ePortfolio | Munich Re Ventures\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"What\u0026#39;s Going on With Cybersecurity VC Investments?\" rel=\"nofollow\" href=\"https://www.securityweek.com/whats-going-cybersecurity-vc-investments/\"\u003eWhat's Going on With Cybersecurity VC Investments?\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Video: VC View - Trends in Cybersecurity Innovation\" rel=\"nofollow\" href=\"https://vimeo.com/755174743\"\u003eVideo: VC View - Trends in Cybersecurity Innovation\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nMunich Re Ventures investment principal Sidra Ahmed Lefort joins Ryan for a frank discussion on the state of VC funding in cybersecurity, the rise (and coming fall?) of 'unicorns', the massive early-stage funding rounds and what they mean, layoffs and contractions, and the areas in security still ripe for innovation.","date_published":"2023-02-15T08:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/517e5949-6bfd-4225-9a75-c3d75ebf7d4c.mp3","mime_type":"audio/mpeg","size_in_bytes":27740001,"duration_in_seconds":1860}]},{"id":"95747fe6-4e2a-4243-a050-6d4ef55e27ac","title":"Paul Roberts on wins and losses in the 'right to repair' battle","url":"https://securityconversations.fireside.fm/paul-roberts-right-to-repair","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nSecuRepairs.org co-founder Paul Roberts joins the show to discuss his passion for the right to repair consumer electronic devices, the big-ticket lobbyists working to undermine the movement, and how changing consumer spending patterns are helping to rack up regulatory wins.Links:SecuRepairs Mission\nPaul Roberts, Editor-in-Chief, Security Ledger\n — Paul Roberts, Editor-in-Chief, Security Ledger\nPaul Roberts on Twitter\nFight to Repair Substack\nTesla is a Vocal Opponent of the Right to Repair. Now we know why.\n — Tesla is a Vocal Opponent of the Right to Repair. Now we know why.\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eSecuRepairs.org co-founder Paul Roberts joins the show to discuss his passion for the right to repair consumer electronic devices, the big-ticket lobbyists working to undermine the movement, and how changing consumer spending patterns are helping to rack up regulatory wins.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"SecuRepairs Mission\" rel=\"nofollow\" href=\"https://securepairs.org/home/\"\u003eSecuRepairs Mission\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Paul Roberts, Editor-in-Chief, Security Ledger\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/paul-roberts-editor-in-chief-security-ledger/\"\u003ePaul Roberts, Editor-in-Chief, Security Ledger\n\u003c/a\u003e \u0026mdash; Paul Roberts, Editor-in-Chief, Security Ledger\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Paul Roberts on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/paulfroberts\"\u003ePaul Roberts on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fight to Repair Substack\" rel=\"nofollow\" href=\"https://fighttorepair.substack.com/\"\u003eFight to Repair Substack\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Tesla is a Vocal Opponent of the Right to Repair. Now we know why.\" rel=\"nofollow\" href=\"https://fighttorepair.substack.com/p/teslas-a-vocal-opponent-of-the-right\"\u003eTesla is a Vocal Opponent of the Right to Repair. Now we know why.\n\u003c/a\u003e \u0026mdash; Tesla is a Vocal Opponent of the Right to Repair. Now we know why.\n\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nSecuRepairs.org co-founder Paul Roberts joins the show to discuss his passion for the right to repair consumer electronic devices, the big-ticket lobbyists working to undermine the movement, and how changing consumer spending patterns are helping to rack up regulatory wins. ","date_published":"2023-01-19T07:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/95747fe6-4e2a-4243-a050-6d4ef55e27ac.mp3","mime_type":"audio/mpeg","size_in_bytes":68531445,"duration_in_seconds":2852}]},{"id":"33d9d510-6496-4c3d-b118-e77fe9f9d710","title":"Katie Moussouris on where bug bounties went wrong","url":"https://securityconversations.fireside.fm/katie-moussouris-where-bug-bounties-went-wrong","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nLuta Security founder and chief executive Katie Moussouris joins the show to dish on the bug-bounty ecosystem, the abuse of hacker labor, and the common mistakes made by even the most mature security programs. A security industry pioneer, Moussouris argues for better use of bug bounty metrics to drive decisions and a heavy focus on reducing duplicate vulnerability submissions.Links:Katie Moussouris - Wikipedia\nKatie Moussouris on Twitter\nLuta Security's Vulnerability Coordination Maturity Model\nReferral Bounty | Luta Security\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eLuta Security founder and chief executive Katie Moussouris joins the show to dish on the bug-bounty ecosystem, the abuse of hacker labor, and the common mistakes made by even the most mature security programs. A security industry pioneer, Moussouris argues for better use of bug bounty metrics to drive decisions and a heavy focus on reducing duplicate vulnerability submissions.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Katie Moussouris - Wikipedia\" rel=\"nofollow\" href=\"https://en.wikipedia.org/wiki/Katie_Moussouris\"\u003eKatie Moussouris - Wikipedia\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Katie Moussouris on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/k8em0\"\u003eKatie Moussouris on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Luta Security\u0026#39;s Vulnerability Coordination Maturity Model\" rel=\"nofollow\" href=\"https://www.lutasecurity.com/vcmm\"\u003eLuta Security's Vulnerability Coordination Maturity Model\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Referral Bounty | Luta Security\" rel=\"nofollow\" href=\"https://www.lutasecurity.com/referralbounty\"\u003eReferral Bounty | Luta Security\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nLuta Security founder and chief executive Katie Moussouris joins the show to dish on the bug-bounty ecosystem, the abuse of hacker labor, and the common mistakes made by even the most mature security programs. A security industry pioneer, Moussouris argues for better use of bug bounty metrics to drive decisions and a heavy focus on reducing duplicate vulnerability submissions.","date_published":"2022-12-08T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/33d9d510-6496-4c3d-b118-e77fe9f9d710.mp3","mime_type":"audio/mpeg","size_in_bytes":28878724,"duration_in_seconds":1998}]},{"id":"5e5c677b-2d28-448a-a72a-02495822d151","title":"Robinhood CSO Caleb Sima on a career in the security trenches","url":"https://securityconversations.fireside.fm/caleb-sima-cso-robinhood","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nCaleb Sima is a cybersecurity lifer now responsible for security at Robinhood, a mobile stock trading platform. Caleb joins Ryan on the show to discuss the early hacking scene in Atlanta, building SPI Dynamics in a webapp security powerhouse, the evolution of attack surfaces, the CISO's changing priorities, and more...Links:Caleb Sima on LinkedIn\nHP Snaps up SPI Dynamics\nCaleb Sima (@csima) on Twitter\nRobinhood Bio\nFirst 90 Days In the CISO Chair\n","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eCaleb Sima is a cybersecurity lifer now responsible for security at Robinhood, a mobile stock trading platform. Caleb joins Ryan on the show to discuss the early hacking scene in Atlanta, building SPI Dynamics in a webapp security powerhouse, the evolution of attack surfaces, the CISO's changing priorities, and more...\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Caleb Sima on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/calebsima/\"\u003eCaleb Sima on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"HP Snaps up SPI Dynamics\" rel=\"nofollow\" href=\"https://www.networkworld.com/article/2291884/hp-aims-to-snatch-up-spi-dynamics.html\"\u003eHP Snaps up SPI Dynamics\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Caleb Sima (@csima) on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/csima?lang=en\"\u003eCaleb Sima (@csima) on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Robinhood Bio\" rel=\"nofollow\" href=\"https://investors.robinhood.com/governance/board-of-directors/person-details/default.aspx?ItemId=f7e9c07f-2d9a-4f0c-a069-b7824598ac8f\"\u003eRobinhood Bio\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"First 90 Days In the CISO Chair\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=aO2fQE4zHHw\u0026amp;ab_channel=RSAConference\"\u003eFirst 90 Days In the CISO Chair\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nCaleb Sima is a cybersecurity lifer now responsible for security at Robinhood, a mobile stock trading platform. Caleb joins Ryan on the show to discuss the early hacking scene in Atlanta, building SPI Dynamics in a webapp security powerhouse, the evolution of attack surfaces, the CISO's changing priorities, and more...","date_published":"2022-11-08T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/5e5c677b-2d28-448a-a72a-02495822d151.mp3","mime_type":"audio/mpeg","size_in_bytes":23037842,"duration_in_seconds":1838}]},{"id":"c59b2c9f-f374-403d-b8dc-684cac518d43","title":"Charlie Miller on hacking iPhones, Macbooks, Jeep and Self-Driving Cars","url":"https://securityconversations.fireside.fm/charlie-miller-hacking-iphones-self-driving-cars","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nFamed hacker Charlie Miller joins Ryan on the podcast to discuss a career in vulnerability research and software exploitation. Charlie talks about hacking iPhones and Macbooks at Pwn2Own, the 'No More Free Bugs' campaign, the Jeep hack that led to a recall and his current work securing Cruise's self-driving fleet. Plus, an interesting take on iOS Lockdown Mode.","content_html":"\u003cp\u003e\u003cstrong\u003eEpisode sponsors:\u003c/strong\u003e\u003c/p\u003e\n\n\u003cul\u003e\n\u003cli\u003eBinarly (\u003ca href=\"https://binarly.io\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://binarly.io\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFwHunt (\u003ca href=\"https://fwhunt.run\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://fwhunt.run\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eFamed hacker Charlie Miller joins Ryan on the podcast to discuss a career in vulnerability research and software exploitation. Charlie talks about hacking iPhones and Macbooks at Pwn2Own, the 'No More Free Bugs' campaign, the Jeep hack that led to a recall and his current work securing Cruise's self-driving fleet. Plus, an interesting take on iOS Lockdown Mode.\u003c/p\u003e","summary":"Episode sponsors: \r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nFamed hacker Charlie Miller joins Ryan on the podcast to discuss a career in vulnerability research and software exploitation. Charlie talks about hacking iPhones and Macbooks at Pwn2Own, the 'No More Free Bugs' campaign, the Jeep hack that led to a recall and his current work securing Cruise's self-driving fleet.","date_published":"2022-10-18T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/c59b2c9f-f374-403d-b8dc-684cac518d43.mp3","mime_type":"audio/mpeg","size_in_bytes":52629491,"duration_in_seconds":3540}]},{"id":"eefa9c91-fd32-43f6-bd09-7ddedda38914","title":"JAG-S on big-game malware hunting and a very mysterious APT","url":"https://securityconversations.fireside.fm/juan-andres-guerrero-saade","content_text":"\nEpisode sponsors: Binarly and FwHunt - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence.\n\n\nSentinelLabs malware hunter Juan Andres Guerrero-Saade (JAG-S) returns to the show to discuss how big-game attribution has changed over the years, the nation-state APT landscape, Mudge and the nightmares facing CISOs, and a mysterious actor named Metador.Links:Report: The Mystery of Metador\nJ. A. Guerrero-Saade on Twitter\nLABScon - Security Research in Real Time\nResearchers Crowdsourcing Effort to Identify Mysterious Metador APT\n","content_html":"\u003cul\u003e\n\u003cli\u003eEpisode sponsors: \u003ca href=\"https://binarly.io/\" target=\"_blank\" rel=\"nofollow noopener\"\u003eBinarly\u003c/a\u003e and \u003ca href=\"https://fwhunt.run/\" target=\"_blank\" rel=\"nofollow noopener\"\u003eFwHunt\u003c/a\u003e - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eSentinelLabs malware hunter Juan Andres Guerrero-Saade (JAG-S) returns to the show to discuss how big-game attribution has changed over the years, the nation-state APT landscape, Mudge and the nightmares facing CISOs, and a mysterious actor named Metador.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Report: The Mystery of Metador\" rel=\"nofollow\" href=\"https://assets.sentinelone.com/sentinellabs22/metador\"\u003eReport: The Mystery of Metador\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"J. A. Guerrero-Saade on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/juanandres_gs\"\u003eJ. A. Guerrero-Saade on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LABScon - Security Research in Real Time\" rel=\"nofollow\" href=\"https://www.labscon.io/\"\u003eLABScon - Security Research in Real Time\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Researchers Crowdsourcing Effort to Identify Mysterious Metador APT\" rel=\"nofollow\" href=\"https://www.securityweek.com/researchers-crowdsourcing-effort-identify-mysterious-metador-apt\"\u003eResearchers Crowdsourcing Effort to Identify Mysterious Metador APT\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"* Episode sponsors: [Binarly](https://binarly.io/) and [FwHunt](https://fwhunt.run/) - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence.\r\n\r\nSentinelLabs malware hunter Juan Andres Guerrero-Saade (JAG-S) returns to the show to discuss how big-game attribution has changed over the years, the nation-state APT landscape, Mudge and the nightmares facing CISOs, and a mysterious actor named Metador.","date_published":"2022-10-17T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/eefa9c91-fd32-43f6-bd09-7ddedda38914.mp3","mime_type":"audio/mpeg","size_in_bytes":41028733,"duration_in_seconds":3160}]},{"id":"04e22eb6-dc8d-4dae-af5b-44f4d4aca81d","title":"Chainguard's Dan Lorenc gets real on software supply chain problems","url":"https://securityconversations.fireside.fm/dan-lorenc-chainguard-supply-chain","content_text":"\nEpisode sponsors: Binarly and FwHunt - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence.\n\n\nDan Lorenc and a team or ex-Googlers raised $55 million in early-stage funding to build technology to secure software supply chains. On this episode of the show, Dan joins Ryan to talk about the different faces of the supply chain problem, the security gaps that will never go away, the decision to raise an unusually large early-stage funding round, and how the U.S. government's efforts will speed up technology innovation. Links:Dan Lorenc on LinkedIn\nChainguard Enforce\nSounil Yu on SBOMs, software supply chain security\nExtending SBOMs to the firmware layer\nCybersecurity Leaders Scramble to Decipher SBOM Mandate\n","content_html":"\u003cul\u003e\n\u003cli\u003eEpisode sponsors: \u003ca href=\"https://binarly.io/\" target=\"_blank\" rel=\"nofollow noopener\"\u003eBinarly\u003c/a\u003e and \u003ca href=\"https://fwhunt.run/\" target=\"_blank\" rel=\"nofollow noopener\"\u003eFwHunt\u003c/a\u003e - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eDan Lorenc and a team or ex-Googlers raised $55 million in early-stage funding to build technology to secure software supply chains. On this episode of the show, Dan joins Ryan to talk about the different faces of the supply chain problem, the security gaps that will never go away, the decision to raise an unusually large early-stage funding round, and how the U.S. government's efforts will speed up technology innovation. \u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Dan Lorenc on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/danlorenc/\"\u003eDan Lorenc on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chainguard Enforce\" rel=\"nofollow\" href=\"https://www.chainguard.dev/chainguard-enforce\"\u003eChainguard Enforce\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sounil Yu on SBOMs, software supply chain security\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/sounil-yu-on-sboms-software-supply-chain-security/\"\u003eSounil Yu on SBOMs, software supply chain security\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Extending SBOMs to the firmware layer\" rel=\"nofollow\" href=\"https://securityconversations.com/extending-sboms-to-the-firmware-layer/\"\u003eExtending SBOMs to the firmware layer\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cybersecurity Leaders Scramble to Decipher SBOM Mandate\" rel=\"nofollow\" href=\"https://www.securityweek.com/cybersecurity-leaders-scramble-decipher-sbom-mandate\"\u003eCybersecurity Leaders Scramble to Decipher SBOM Mandate\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"* Episode sponsors: [Binarly](https://binarly.io/) and [FwHunt](https://fwhunt.run/) - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence.\r\n\r\nDan Lorenc and team or ex-Googlers raised $55 million in early-stage funding to build technology to secure software supply chains. On this episode of the show, Dan joins Ryan to talk about the different faces of the supply chain problem, the security gaps that will never go away, the decision to raise an unusually large early-stage funding round, and how the U.S. government's efforts will speed up technology innovation.","date_published":"2022-10-13T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/04e22eb6-dc8d-4dae-af5b-44f4d4aca81d.mp3","mime_type":"audio/mpeg","size_in_bytes":36469411,"duration_in_seconds":2827}]},{"id":"7a9eb978-4725-4bcf-8c04-525df6c2bcff","title":"Vinnie Liu discusses a life in the offensive security trenches","url":"https://securityconversations.fireside.fm/vinnie-liu-bishop-fox","content_text":"A conversation with Bishop Fox chief executive Vinnie Liu on the origins and evolution of the pentest services business, the emerging continuous attack surface management space, raising $75m as a 'growth mode' investment, cybersecurity's people problem, and much more...Links:Vinnie Liu on LinkedIn\nVinnie Liu at MS BlueHat v8\nAnti-Drone Tools Tested: From Shotguns To Superdrones\n","content_html":"\u003cp\u003eA conversation with Bishop Fox chief executive Vinnie Liu on the origins and evolution of the pentest services business, the emerging continuous attack surface management space, raising $75m as a 'growth mode' investment, cybersecurity's people problem, and much more...\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Vinnie Liu on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/vinnieliu/\"\u003eVinnie Liu on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Vinnie Liu at MS BlueHat v8\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=WC7kpauRr9s\u0026amp;ab_channel=BishopFox\"\u003eVinnie Liu at MS BlueHat v8\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Anti-Drone Tools Tested: From Shotguns To Superdrones\" rel=\"nofollow\" href=\"https://www.wired.com/story/watch-anti-drone-weapons-test/\"\u003eAnti-Drone Tools Tested: From Shotguns To Superdrones\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"A conversation with Bishop Fox chief executive Vinnie Liu on the origins and evolution of the pentest services business, the emerging continuous attack surface management space, raising $75m as a 'growth mode' investment, cybersecurity's people problem, and much more...","date_published":"2022-08-07T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/7a9eb978-4725-4bcf-8c04-525df6c2bcff.mp3","mime_type":"audio/mpeg","size_in_bytes":162616279,"duration_in_seconds":4054}]},{"id":"496e9c57-c664-4955-817f-3885678f1c43","title":"Down memory lane with Snort and Sourcefire creator Marty Roesch","url":"https://securityconversations.fireside.fm/marty-roesch-snort-to-netography","content_text":"Network security pioneer Marty Roesch takes listeners on a trip down memory lane, sharing stories from the creation of Snort back in the 1990s, the startup journey of building Sourcefire into an IDS/IPS powerhouse and selling the company for $2 billion, the U.S. government killing a Check Point acquisition, and his newest adventure as chief executive at Netography.Links:Martin Roesch on LinkedIn\nMartin Roesch - Wikipedia\nMartin Roesch on Twitter\nThe early days of Snort\nCisco Banks On Sourcefire And Snort For Its Security Future\nCheck Point Aborts Sourcefire Acquisition\nMartin Roesch joins Netography as CEO\n","content_html":"\u003cp\u003eNetwork security pioneer Marty Roesch takes listeners on a trip down memory lane, sharing stories from the creation of Snort back in the 1990s, the startup journey of building Sourcefire into an IDS/IPS powerhouse and selling the company for $2 billion, the U.S. government killing a Check Point acquisition, and his newest adventure as chief executive at Netography.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Martin Roesch on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/maroesch/\"\u003eMartin Roesch on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Martin Roesch - Wikipedia\" rel=\"nofollow\" href=\"https://en.wikipedia.org/wiki/Martin_Roesch\"\u003eMartin Roesch - Wikipedia\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Martin Roesch on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/mroesch\"\u003eMartin Roesch on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The early days of Snort\" rel=\"nofollow\" href=\"https://packetstormsecurity.com/sniffers/snort/page10/\"\u003eThe early days of Snort\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cisco Banks On Sourcefire And Snort For Its Security Future\" rel=\"nofollow\" href=\"https://www.darkreading.com/perimeter/cisco-banks-on-sourcefire-and-snort-for-its-security-future\"\u003eCisco Banks On Sourcefire And Snort For Its Security Future\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Check Point Aborts Sourcefire Acquisition\" rel=\"nofollow\" href=\"https://www.eweek.com/security/check-point-aborts-sourcefire-acquisition/\"\u003eCheck Point Aborts Sourcefire Acquisition\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Martin Roesch joins Netography as CEO\" rel=\"nofollow\" href=\"https://netography.com/snort-inventor-and-sourcefire-founder-martin-roesch-joins-netography-as-ceo/\"\u003eMartin Roesch joins Netography as CEO\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Network security pioneer Marty Roesch takes listeners on a trip down memory lane, sharing stories from the creation of Snort back in the 1990s, the startup journey of building Sourcefire into an IDS/IPS powerhouse and selling the company for $2 billion, the U.S. government killing a Check Point acquisition, and his newest adventure as chief executive at Netography.","date_published":"2022-07-25T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/496e9c57-c664-4955-817f-3885678f1c43.mp3","mime_type":"audio/mpeg","size_in_bytes":55669642,"duration_in_seconds":4054}]},{"id":"a7042944-dfc0-4106-81b0-ded42d786570","title":"Subbu Rama, co-founder and CEO, BalkanID","url":"https://securityconversations.fireside.fm/subbu-rama-balkan-id","content_text":"Serial entrepreneur Subbu Rama joins the show to talk about building a cybersecurity business, addressing the problem of entitlement sprawl and raising seed funding for intelligent access governance technology.Links:BalkanID Platform Architecture\nSubbu Rama on LinkedIn\nSubbu Rama on Twitter\n","content_html":"\u003cp\u003eSerial entrepreneur Subbu Rama joins the show to talk about building a cybersecurity business, addressing the problem of entitlement sprawl and raising seed funding for intelligent access governance technology.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"BalkanID Platform Architecture\" rel=\"nofollow\" href=\"https://www.balkan.id/platform\"\u003eBalkanID Platform Architecture\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Subbu Rama on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/subburama/\"\u003eSubbu Rama on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Subbu Rama on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/Subburama\"\u003eSubbu Rama on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Serial entrepreneur Subbu Rama joins the show to talk about building a cybersecurity business, addressing the problem of entitlement sprawl and raising seed funding for intelligent access governance technology.","date_published":"2022-06-01T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a7042944-dfc0-4106-81b0-ded42d786570.mp3","mime_type":"audio/mpeg","size_in_bytes":19120903,"duration_in_seconds":2057}]},{"id":"97c47b7c-f218-4b1b-a4ae-1322852da212","title":"Project Zero's Maddie Stone on the surge in zero-day discoveries","url":"https://securityconversations.fireside.fm/maddie-stone-project-zero","content_text":"Maddie Stone is a security researcher in Google's Project Zero team. Over the last few years, she has publicly tracked the discovery and disclosure of zero-day malware attacks seen in the wild. On this episode, Maddie joins Ryan to chat about three years of zero-day exploitation data, the nuances around 0day disclosures, the never-ending struggle to mitigate memory corruption attacks and the need for transparency among affected vendors.Links:A Year in Review of 0-days Used In-the-Wild in 2021\nMaddie Stone on LinkedIn\n0day \"In the Wild\" Spreadsheet\nMaddie Stone on Twitter\n","content_html":"\u003cp\u003eMaddie Stone is a security researcher in Google's Project Zero team. Over the last few years, she has publicly tracked the discovery and disclosure of zero-day malware attacks seen in the wild. On this episode, Maddie joins Ryan to chat about three years of zero-day exploitation data, the nuances around 0day disclosures, the never-ending struggle to mitigate memory corruption attacks and the need for transparency among affected vendors.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"A Year in Review of 0-days Used In-the-Wild in 2021\" rel=\"nofollow\" href=\"https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html\"\u003eA Year in Review of 0-days Used In-the-Wild in 2021\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Maddie Stone on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/maddie-stone-192a6544/\"\u003eMaddie Stone on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"0day \u0026quot;In the Wild\u0026quot; Spreadsheet\" rel=\"nofollow\" href=\"https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=0\"\u003e0day \"In the Wild\" Spreadsheet\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Maddie Stone on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/maddiestone\"\u003eMaddie Stone on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Maddie Stone is a security researcher in Google's Project Zero team. Over the last few years, she has publicly tracked the discovery and disclosure of zero-day malware attacks seen in the wild. On this episode, Maddie joins Ryan to chat about three years of zero-day exploitation data, the nuances around 0day disclosures, the never-ending struggle to mitigate memory corruption attacks and the need for transparency among affected vendors.","date_published":"2022-05-10T12:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/97c47b7c-f218-4b1b-a4ae-1322852da212.mp3","mime_type":"audio/mpeg","size_in_bytes":30298830,"duration_in_seconds":2530}]},{"id":"799a8835-058d-409d-b378-6f5f3e13c46e","title":"Prof. Mohit Tiwari on the future of securing data at scale","url":"https://securityconversations.fireside.fm/mohit-tiwari-symmetry-systems","content_text":"Symmetry Systems co-founder Mohit Tiwari has been studying data security and control flow access for more than a decade. On this episode of the podcast, he discusses his transition from academia to data security entrepreneurship, first principles around the data security and privacy, the exploding DSPM (data security posture management) space, and the mission to solve one of cybersecurity's biggest problems.Links:Mohit Tiwari | University of Texas at Austin\nMohit Tiwari on LinkedIn\nFollow Mohit on Twitter\nSymmetry Systems DataGuard\nWhy is DSOS an unsolved problem?\n","content_html":"\u003cp\u003eSymmetry Systems co-founder Mohit Tiwari has been studying data security and control flow access for more than a decade. On this episode of the podcast, he discusses his transition from academia to data security entrepreneurship, first principles around the data security and privacy, the exploding DSPM (data security posture management) space, and the mission to solve one of cybersecurity's biggest problems.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Mohit Tiwari | University of Texas at Austin\" rel=\"nofollow\" href=\"https://www.ece.utexas.edu/people/faculty/mohit-tiwari\"\u003eMohit Tiwari | University of Texas at Austin\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mohit Tiwari on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/mohit-tiwari8/\"\u003eMohit Tiwari on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Mohit on Twitter\" rel=\"nofollow\" href=\"https://mobile.twitter.com/mt_lattices\"\u003eFollow Mohit on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Symmetry Systems DataGuard\" rel=\"nofollow\" href=\"https://www.symmetry-systems.com/product\"\u003eSymmetry Systems DataGuard\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Why is DSOS an unsolved problem?\" rel=\"nofollow\" href=\"https://www.symmetry-systems.com/problem-dsos\"\u003eWhy is DSOS an unsolved problem?\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Symmetry Systems co-founder Mohit Tiwari has been studying data security and control flow access for more than a decade. On this episode of the podcast, he discusses his transition from academia to data security entrepreneurship, first principles around the data security and privacy, the exploding DSPM (data security posture management) space, and the mission to solve one of cybersecurity's biggest problems.","date_published":"2022-05-06T00:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/799a8835-058d-409d-b378-6f5f3e13c46e.mp3","mime_type":"audio/mpeg","size_in_bytes":34562435,"duration_in_seconds":2761}]},{"id":"fb354ea5-acaf-443d-a97d-373e1adc92b0","title":"Google's Shane Huntley on zero-days and the nation-state threat landscape","url":"https://securityconversations.fireside.fm/shane-huntley-google-tag","content_text":"Director at Google's Threat Analysis Group (TAG) Shane Huntley joins the show and talks about lessons from the 2009 Aurora attacks, the surge in zero-day discoveries, the usefulness of IOCs, North Korean APT operations, private sector mercenary hackers, the expanding nation-state threat actor map, and much more...Links:Shane Huntley on LinkedIn\nTwitter: @ShaneHuntley\nProject Zero: FORCEDENTRY Sandbox Escape\nGoogle and Operation Aurora \nA walk through Google Project Zero metrics\nProject Zero: 0day \"In the Wild\" Database\n","content_html":"\u003cp\u003eDirector at Google's Threat Analysis Group (TAG) Shane Huntley joins the show and talks about lessons from the 2009 Aurora attacks, the surge in zero-day discoveries, the usefulness of IOCs, North Korean APT operations, private sector mercenary hackers, the expanding nation-state threat actor map, and much more...\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Shane Huntley on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/shanehuntley/\"\u003eShane Huntley on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Twitter: @ShaneHuntley\" rel=\"nofollow\" href=\"https://mobile.twitter.com/shanehuntley\"\u003eTwitter: @ShaneHuntley\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Project Zero: FORCEDENTRY Sandbox Escape\" rel=\"nofollow\" href=\"https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html\"\u003eProject Zero: FORCEDENTRY Sandbox Escape\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Google and Operation Aurora \" rel=\"nofollow\" href=\"https://en.wikipedia.org/wiki/Operation_Aurora\"\u003eGoogle and Operation Aurora \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"A walk through Google Project Zero metrics\" rel=\"nofollow\" href=\"https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html\"\u003eA walk through Google Project Zero metrics\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Project Zero: 0day \u0026quot;In the Wild\u0026quot; Database\" rel=\"nofollow\" href=\"https://googleprojectzero.blogspot.com/p/0day.html\"\u003eProject Zero: 0day \"In the Wild\" Database\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Director at Google's Threat Analysis Group (TAG) Shane Huntley joins the show and talks about lessons from the 2009 Aurora attacks, the surge in zero-day discoveries, the usefulness of IOCs, North Korean APT operations, private sector mercenary hackers, the expanding nation-state threat actor map, and much more...","date_published":"2022-04-04T06:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/fb354ea5-acaf-443d-a97d-373e1adc92b0.mp3","mime_type":"audio/mpeg","size_in_bytes":79196359,"duration_in_seconds":2444}]},{"id":"12d22943-4ba7-4d5b-82db-f731cea697ef","title":"Lamont Orange, CISO, Netskope","url":"https://securityconversations.fireside.fm/lamont-orange-ciso-netskope","content_text":"Netskope security chief Lamont Orange joins the show to chat about the changing role of the Chief Information Security Officer (CISO), managing security as a business enabler, the cybersecurity skills shortage, and his own unique approach to security leadership.Links:Lamont Orange: A CISO's Point of View on Log4j\nFive minutes with Lamont Orange\nLamont Orange columns on DarkReading\n","content_html":"\u003cp\u003eNetskope security chief Lamont Orange joins the show to chat about the changing role of the Chief Information Security Officer (CISO), managing security as a business enabler, the cybersecurity skills shortage, and his own unique approach to security leadership.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Lamont Orange: A CISO\u0026#39;s Point of View on Log4j\" rel=\"nofollow\" href=\"https://www.netskope.com/blog/a-cisos-point-of-view-on-log4j\"\u003eLamont Orange: A CISO's Point of View on Log4j\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Five minutes with Lamont Orange\" rel=\"nofollow\" href=\"https://www.securitymagazine.com/articles/95493-minutes-with-lamont-orange---fostering-a-security-first-culture-with-sase-adoption\"\u003eFive minutes with Lamont Orange\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Lamont Orange columns on DarkReading\" rel=\"nofollow\" href=\"https://www.darkreading.com/author/lamont-orange\"\u003eLamont Orange columns on DarkReading\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Netskope security chief Lamont Orange joins the show to chat about the changing role of the Chief Information Security Officer (CISO), managing security as a business enabler, the cybersecurity skills shortage, and his own unique approach to security leadership.","date_published":"2022-03-21T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/12d22943-4ba7-4d5b-82db-f731cea697ef.mp3","mime_type":"audio/mpeg","size_in_bytes":22732322,"duration_in_seconds":1562}]},{"id":"1e1458ae-78d3-445a-8b8a-42cee0397f6c","title":"Haroon Meer on the business of cybersecurity ","url":"https://securityconversations.fireside.fm/haroon-meer-thinkst","content_text":"Thinkst founder and CEO Haroon Meer joins Ryan Naraine on the show to talk about building a successful cybersecurity company without venture capital investment, fast-moving attack surfaces and the never-ending battle to mitigate memory corruption issues.Links:Haroon Meer on Twitter\nThinkst: We bootstrapped to $11 million in ARR\nMemory Corruption and Hacker Folklore\nThinkst Canary\nPodcast: Haroon Meer, Thinkst Applied Research\n","content_html":"\u003cp\u003eThinkst founder and CEO Haroon Meer joins Ryan Naraine on the show to talk about building a successful cybersecurity company without venture capital investment, fast-moving attack surfaces and the never-ending battle to mitigate memory corruption issues.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Haroon Meer on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/haroonmeer\"\u003eHaroon Meer on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Thinkst: We bootstrapped to $11 million in ARR\" rel=\"nofollow\" href=\"https://blog.thinkst.com/2021/03/we-bootstrapped-to-11-million-in-arr.html\"\u003eThinkst: We bootstrapped to $11 million in ARR\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Memory Corruption and Hacker Folklore\" rel=\"nofollow\" href=\"https://blog.thinkst.com/2010/05/memory-corruption-and-hacker-folklore.html\"\u003eMemory Corruption and Hacker Folklore\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Thinkst Canary\" rel=\"nofollow\" href=\"https://canary.tools/\"\u003eThinkst Canary\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Podcast: Haroon Meer, Thinkst Applied Research\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/haroon-meer-ceo-thinkst-applied-research/\"\u003ePodcast: Haroon Meer, Thinkst Applied Research\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Thinkst founder and CEO Haroon Meer joins Ryan Naraine on the show to talk about building a successful cybersecurity company without venture capital investment, fast-moving attack surfaces and the never-ending battle to mitigate memory corruption issues.","date_published":"2022-03-19T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1e1458ae-78d3-445a-8b8a-42cee0397f6c.mp3","mime_type":"audio/mpeg","size_in_bytes":58885756,"duration_in_seconds":4512}]},{"id":"d26fa37e-4956-44ec-922d-de42c4ebf58f","title":"Tony Pepper, co-founder and CEO, Egress","url":"https://securityconversations.fireside.fm/tony-pepper-egress","content_text":"Chief executive officer at Egress Tony Pepper joins the show to talk about entrepreneurship in the fast-paced age of modern computing, the state of e-mail security, and his company's bet on securing the future of messaging in the enterprise.Links:About Egress\nTony Pepper on LinkedIn\nInfoSecurity Interview: Tony Pepper \n","content_html":"\u003cp\u003eChief executive officer at Egress Tony Pepper joins the show to talk about entrepreneurship in the fast-paced age of modern computing, the state of e-mail security, and his company's bet on securing the future of messaging in the enterprise.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"About Egress\" rel=\"nofollow\" href=\"https://www.egress.com/about\"\u003eAbout Egress\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Tony Pepper on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/tony-pepper-023298\"\u003eTony Pepper on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"InfoSecurity Interview: Tony Pepper \" rel=\"nofollow\" href=\"https://www.infosecurity-magazine.com/interviews/tony-pepper-egress-acquisition/\"\u003eInfoSecurity Interview: Tony Pepper \n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Chief executive officer at Egress Tony Pepper joins the show to talk about entrepreneurship in the fast-paced age of modern computing, the state of e-mail security, and his company's bet on securing the future of messaging in the enterprise.","date_published":"2022-02-22T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/d26fa37e-4956-44ec-922d-de42c4ebf58f.mp3","mime_type":"audio/mpeg","size_in_bytes":22890355,"duration_in_seconds":1177}]},{"id":"367c5dd6-8956-42a5-b804-887991a31ff3","title":"Microsoft's Justin Campbell on offensive security research","url":"https://securityconversations.fireside.fm/justin-campbell-microsoft","content_text":"Justin Campbell leads Microsoft’s Offensive Research and Security Engineering (MORSE) team. He joins the show to talk about his team's discovery of a SolarWinds in-the-wild zero-day, the never-ending stream of memory safety vulnerabilities, the evolving 'shift-left' mindset and Redmond's ongoing work to reduce attack surfaces.Links:Microsoft Flags SolarWinds Serv-U 0-day exploit\nSolarWinds Serv-U RCE advisory\nIn-the-wild zero-day counter\nHacked SolarWinds Software Lacked Basic Anti-Exploit Mitigation\n","content_html":"\u003cp\u003eJustin Campbell leads Microsoft’s Offensive Research and Security Engineering (MORSE) team. He joins the show to talk about his team's discovery of a SolarWinds in-the-wild zero-day, the never-ending stream of memory safety vulnerabilities, the evolving 'shift-left' mindset and Redmond's ongoing work to reduce attack surfaces.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Microsoft Flags SolarWinds Serv-U 0-day exploit\" rel=\"nofollow\" href=\"https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/\"\u003eMicrosoft Flags SolarWinds Serv-U 0-day exploit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"SolarWinds Serv-U RCE advisory\" rel=\"nofollow\" href=\"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211\"\u003eSolarWinds Serv-U RCE advisory\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"In-the-wild zero-day counter\" rel=\"nofollow\" href=\"https://www.zero-day.cz/\"\u003eIn-the-wild zero-day counter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Hacked SolarWinds Software Lacked Basic Anti-Exploit Mitigation\" rel=\"nofollow\" href=\"https://www.securityweek.com/microsoft-hacked-solarwinds-ftp-software-lacked-basic-anti-exploit-mitigation\"\u003eHacked SolarWinds Software Lacked Basic Anti-Exploit Mitigation\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Justin Campbell leads Microsoft’s Offensive Research and Security Engineering (MORSE) team. He joins the show to talk about his team's discovery of a SolarWinds in-the-wild zero-day, the never-ending stream of memory safety vulnerabilities, the evolving 'shift-left' mindset and Redmond's ongoing work to reduce attack surfaces.","date_published":"2022-01-08T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/367c5dd6-8956-42a5-b804-887991a31ff3.mp3","mime_type":"audio/mpeg","size_in_bytes":23909293,"duration_in_seconds":1636}]},{"id":"e7355605-c0fe-41c9-b55d-6f2775d8cc86","title":"Costin Raiu on the .gov mobile exploitation business","url":"https://securityconversations.fireside.fm/costin-raiu-mobile-exploitation","content_text":"Global director of Kaspersky's GReAT research team Costin Raiu returns to the show for an indepth discussion on the mobile surveillance business, the technically impressive FORCEDENTRY iOS exploit, the ethical questions facing exploit developers and the role of venture capitalists in the mobile malware ecosystem.Links:Google Says NSO Pegasus Zero-Click 'Most Technically Sophisticated Exploit Ever Seen'\nProject Zero: A deep dive into an NSO zero-click iMessage exploit\nThe Million Dollar Dissident: NSO Group's iPhone Zero-Days\nPegasus vs. Predator: Doubly-Infected iPhone Reveals Cytrox Mercenary Vendor\nProliferation of Cyber Capabilities in International Arms Markets\n","content_html":"\u003cp\u003eGlobal director of Kaspersky's GReAT research team Costin Raiu returns to the show for an indepth discussion on the mobile surveillance business, the technically impressive FORCEDENTRY iOS exploit, the ethical questions facing exploit developers and the role of venture capitalists in the mobile malware ecosystem.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Google Says NSO Pegasus Zero-Click \u0026#39;Most Technically Sophisticated Exploit Ever Seen\u0026#39;\" rel=\"nofollow\" href=\"https://www.securityweek.com/google-says-nso-pegasus-zero-click-most-technically-sophisticated-exploit-ever-seen\"\u003eGoogle Says NSO Pegasus Zero-Click 'Most Technically Sophisticated Exploit Ever Seen'\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Project Zero: A deep dive into an NSO zero-click iMessage exploit\" rel=\"nofollow\" href=\"https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html\"\u003eProject Zero: A deep dive into an NSO zero-click iMessage exploit\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The Million Dollar Dissident: NSO Group\u0026#39;s iPhone Zero-Days\" rel=\"nofollow\" href=\"https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/\"\u003eThe Million Dollar Dissident: NSO Group's iPhone Zero-Days\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Pegasus vs. Predator: Doubly-Infected iPhone Reveals Cytrox Mercenary Vendor\" rel=\"nofollow\" href=\"https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/\"\u003ePegasus vs. Predator: Doubly-Infected iPhone Reveals Cytrox Mercenary Vendor\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Proliferation of Cyber Capabilities in International Arms Markets\" rel=\"nofollow\" href=\"https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/surveillance-technology-at-the-fair/\"\u003eProliferation of Cyber Capabilities in International Arms Markets\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Global director of Kaspersky's GReAT research team Costin Raiu returns to the show for an indepth discussion on the mobile surveillance business, the technically impressive FORCEDENTRY iOS exploit, the ethical questions facing exploit developers and the role of venture capitalists in the mobile malware ecosystem.","date_published":"2021-12-23T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/e7355605-c0fe-41c9-b55d-6f2775d8cc86.mp3","mime_type":"audio/mpeg","size_in_bytes":39704215,"duration_in_seconds":2478}]},{"id":"718dc2f2-0bd5-4d83-a950-cd8fc0f60b12","title":"Amanda Gorton, co-founder and CEO, Corellium","url":"https://securityconversations.fireside.fm/amanda-gorton-corellium","content_text":"Corellium co-founder and chief executive Amanda Gorton joins the show to talk about raising $25 million in Series A funding, the market fit for device modeling and software virtualization products, the trials and tribulations of startup life, and the nuances of operating in the world of offensive security research.Links:Corellium Secures $25M Series A Round\nCorellium Lands $25 Million Investment for Virtualization Tech\nCorellium for Journalists\n","content_html":"\u003cp\u003eCorellium co-founder and chief executive Amanda Gorton joins the show to talk about raising $25 million in Series A funding, the market fit for device modeling and software virtualization products, the trials and tribulations of startup life, and the nuances of operating in the world of offensive security research.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Corellium Secures $25M Series A Round\" rel=\"nofollow\" href=\"https://www.businesswire.com/news/home/20211216005045/en/Corellium-Secures-25M-Series-A-Round-Led-by-Paladin-Capital-Group-with-Participation-from-Cisco-Investments\"\u003eCorellium Secures $25M Series A Round\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Corellium Lands $25 Million Investment for Virtualization Tech\" rel=\"nofollow\" href=\"https://www.securityweek.com/corellium-lands-25-million-investment-virtualization-tech\"\u003eCorellium Lands $25 Million Investment for Virtualization Tech\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Corellium for Journalists\" rel=\"nofollow\" href=\"https://www.corellium.com/journalists\"\u003eCorellium for Journalists\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Corellium co-founder and chief executive Amanda Gorton joins the show to talk about raising $25 million in Series A funding, the market fit for device modeling and software virtualization products, the trials and tribulations of startup life, and the nuances of operating in the world of offensive security research.","date_published":"2021-12-20T16:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/718dc2f2-0bd5-4d83-a950-cd8fc0f60b12.mp3","mime_type":"audio/mpeg","size_in_bytes":44159937,"duration_in_seconds":2780}]},{"id":"a0a3b03b-d1b1-4fb9-8735-8a6636b693fd","title":"Intel's Venky Venkateswaran on hardware-enabled security","url":"https://securityconversations.fireside.fm/venky-venkateswaran-intel","content_text":"Venky Venkateswaran works on client security and roadmap planning at Intel Corp. On this episode of the podcast, Venky joins Ryan to talk about a reported surge in firmware attacks, Intel's ongoing investments in cybersecurity, the importance of transparency and open documentation, and the company's push to fight ransomware with its flagship TDT (Threat Detection Technology).Links:\nExtending SBOMs to the firmware layer\n\n\nHardware Based Security for Business (Intel)\n\n\nAlex Matrosov on the state of firmware security\n\n\nMicrosoft Launches JIT-Free 'Super Duper Secure Mode' Edge Browser Experiment\n\n","content_html":"\u003cp\u003eVenky Venkateswaran works on client security and roadmap planning at Intel Corp. On this episode of the podcast, Venky joins Ryan to talk about a reported surge in firmware attacks, Intel's ongoing investments in cybersecurity, the importance of transparency and open documentation, and the company's push to fight ransomware with its flagship TDT (Threat Detection Technology).\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"\u0026gt; Extending SBOMs to the firmware layer\" rel=\"nofollow\" href=\"https://securityconversations.com/extending-sboms-to-the-firmware-layer/\"\u003e\nExtending SBOMs to the firmware layer\n\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"\u0026gt; Hardware Based Security for Business (Intel)\" rel=\"nofollow\" href=\"https://www.intel.com/content/www/us/en/business/enterprise-computers/hardware-security.html\"\u003e\nHardware Based Security for Business (Intel)\n\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"\u0026gt; Alex Matrosov on the state of firmware security\" rel=\"nofollow\" href=\"https://securityconversations.com/episode/alex-matrosov-on-the-state-of-security-at-the-firmware-layer/\"\u003e\nAlex Matrosov on the state of firmware security\n\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"\u0026gt; Microsoft Launches JIT-Free \u0026#39;Super Duper Secure Mode\u0026#39; Edge Browser Experiment\" rel=\"nofollow\" href=\"https://www.securityweek.com/microsoft-launches-jit-free-super-duper-secure-mode-edge-browser-experiment\"\u003e\nMicrosoft Launches JIT-Free 'Super Duper Secure Mode' Edge Browser Experiment\n\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Venky Venkateswaran works on client security and roadmap planning at Intel Corp. On this episode of the podcast, Venky joins Ryan to talk about a reported surge in firmware attacks, Intel's ongoing investments in cybersecurity, the importance of transparency and open documentation, and the company's push to fight ransomware with its flagship TDT (Threat Detection Technology).","date_published":"2021-09-09T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a0a3b03b-d1b1-4fb9-8735-8a6636b693fd.mp3","mime_type":"audio/mpeg","size_in_bytes":31052415,"duration_in_seconds":2120}]},{"id":"ca890116-c6d7-4107-8c9d-b4b64ed28927","title":"Sounil Yu on SBOMs, software supply chain security","url":"https://securityconversations.fireside.fm/sounil-yu-sboms-supply-chain-security","content_text":"Episode sponsored by SecurityWeek.com\n\nJupiterOne CISO Sounil Yu joins the show to sift through the noise and explain the value of SBOMs (software bill of materials), the U.S. government's response to software supply chain security gaps, and what every buyer and seller should be doing to prepare for major changes in the ecosystem.","content_html":"\u003cp\u003eEpisode sponsored by SecurityWeek.com\u003c/p\u003e\n\n\u003cp\u003eJupiterOne CISO Sounil Yu joins the show to sift through the noise and explain the value of SBOMs (software bill of materials), the U.S. government's response to software supply chain security gaps, and what every buyer and seller should be doing to prepare for major changes in the ecosystem.\u003c/p\u003e","summary":"Episode sponsored by SecurityWeek.com\r\n\r\nJupiterOne CISO Sounil Yu joins the show to sift through the noise and explain the value of SBOMs (software bill of materials), the U.S. government's response to software supply chain security gaps, and what every buyer and seller should be doing to prepare for major changes in the ecosystem.","date_published":"2021-07-13T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/ca890116-c6d7-4107-8c9d-b4b64ed28927.mp3","mime_type":"audio/mpeg","size_in_bytes":58362999,"duration_in_seconds":2906}]},{"id":"af2bae60-6a2d-49d3-856d-5cabb850cfc1","title":"Algirde Pipikaite, Centre for Cybersecurity, World Economic Forum","url":"https://securityconversations.fireside.fm/algirde-pipikaite-world-economic-forum","content_text":"Episode sponsored by MongoDB.com.\n\nAlgirde Pipikaite, the project lead of the Governance and Policy team at the Center for Cybersecurity at the World Economic Forum, joins the podcast to discuss her work to bridge the gap between cybersecurity experts and decision makers. We chat about communicating risk to different audiences, cybersecurity as a business enabler, and the need for more global private-public collaboration.Links:Algirde Pipikaite Profile\nDeveloping the Future of Policy for Cybersecurity\nCNBC: Cyberattacks on the rise amid coronavirus crisis, WEF expert says\n","content_html":"\u003cp\u003eEpisode sponsored by MongoDB.com.\u003c/p\u003e\n\n\u003cp\u003eAlgirde Pipikaite, the project lead of the Governance and Policy team at the Center for Cybersecurity at the World Economic Forum, joins the podcast to discuss her work to bridge the gap between cybersecurity experts and decision makers. We chat about communicating risk to different audiences, cybersecurity as a business enabler, and the need for more global private-public collaboration.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Algirde Pipikaite Profile\" rel=\"nofollow\" href=\"https://www.weforum.org/agenda/authors/algirde-pipikaite\"\u003eAlgirde Pipikaite Profile\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Developing the Future of Policy for Cybersecurity\" rel=\"nofollow\" href=\"https://www.hks.harvard.edu/educational-programs/executive-education/executive-education-alumni/executive-education-alumni-13\"\u003eDeveloping the Future of Policy for Cybersecurity\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CNBC: Cyberattacks on the rise amid coronavirus crisis, WEF expert says\" rel=\"nofollow\" href=\"https://www.cnbc.com/video/2020/05/22/cyberattacks-on-the-rise-amid-coronavirus-crisis-wef-expert-says.html\"\u003eCNBC: Cyberattacks on the rise amid coronavirus crisis, WEF expert says\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Episode sponsored by MongoDB.com.\r\n\r\nAlgirde Pipikaite, the project lead of the Governance and Policy team at the Center for Cybersecurity at the World Economic Forum, joins the podcast to discuss her work to bridge the gap between cybersecurity experts and decision makers. We chat about communicating risk to different audiences, cybersecurity as a business enabler, and the need for more global private-public collaboration.\r\nAlgirde Pipikaite, the project lead of the Governance and Policy team at the Center for Cybersecurity at the World Economic Forum, joins the podcast to discuss her work to bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.","date_published":"2021-07-06T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/af2bae60-6a2d-49d3-856d-5cabb850cfc1.mp3","mime_type":"audio/mpeg","size_in_bytes":26866644,"duration_in_seconds":2402}]},{"id":"1aefd66d-be45-405a-a030-d0e2d9a9e51e","title":"Josh Schwartz on red-teaming and proactive security engineering","url":"https://securityconversations.fireside.fm/josh-schwartz-verizon-media-yahoo","content_text":"Josh Schwartz, aka FuzzyNop, oversees offensive security, product engineering, and security engagement functions at Verizon Media (soon to be Yahoo). He shares insights on red-teaming, overcoming the adversarial relationship between red/blue teams. chasing the \"feeling\" of being secure, and why there's a need for more empathy in cybersecurity. \n\n(Episode sponsored by Eclypsium)","content_html":"\u003cp\u003eJosh Schwartz, aka FuzzyNop, oversees offensive security, product engineering, and security engagement functions at Verizon Media (soon to be Yahoo). He shares insights on red-teaming, overcoming the adversarial relationship between red/blue teams. chasing the \"feeling\" of being secure, and why there's a need for more empathy in cybersecurity. \u003c/p\u003e\n\n\u003cp\u003e(\u003ca href=\"https://eclypsium.com\" target=\"_blank\" rel=\"nofollow noopener\"\u003eEpisode sponsored by Eclypsium\u003c/a\u003e)\u003c/p\u003e","summary":"Josh Schwartz, aka FuzzyNop, oversees offensive security, product engineering, and security engagement functions at Verizon Media (soon to be Yahoo). He shares insights on red-teaming, overcoming the adversarial relationship between red/blue teams. chasing the \"feeling\" of being secure, and why there's a need for more empathy in cybersecurity. \r\n\r\n(Episode sponsored by Eclypsium)","date_published":"2021-06-18T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1aefd66d-be45-405a-a030-d0e2d9a9e51e.mp3","mime_type":"audio/mpeg","size_in_bytes":30521046,"duration_in_seconds":2277}]},{"id":"96f77b2a-f94c-4b25-9870-8652ddaffaa0","title":"Michael Laventure, threat detection and response, Netflix","url":"https://securityconversations.fireside.fm/michael-laventure-netflix-threat-intel","content_text":"Netflix threat detection and response practitioner Michael Laventure joins the show to talk about a simple goal to \"do security better.\" We discuss a transition from .gov security work to the fast pace of Silicon Valley, the culture clashes that can make life difficult, the value of threat-intelligence to a modern security program, and why we should all be optimistic about the future of cybersecurity.","content_html":"\u003cp\u003eNetflix threat detection and response practitioner Michael Laventure joins the show to talk about a simple goal to \"do security better.\" We discuss a transition from .gov security work to the fast pace of Silicon Valley, the culture clashes that can make life difficult, the value of threat-intelligence to a modern security program, and why we should all be optimistic about the future of cybersecurity.\u003c/p\u003e","summary":"Netflix threat detection and response practitioner Michael Laventure joins the show to talk about a simple goal to \"do security better.\" We discuss a transition from .gov security work to the fast pace of Silicon Valley, the culture clashes that can make life difficult, the value of threat-intelligence to a modern security program, and why we should all be optimistic about the future of cybersecurity.","date_published":"2021-06-10T08:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/96f77b2a-f94c-4b25-9870-8652ddaffaa0.mp3","mime_type":"audio/mpeg","size_in_bytes":23563004,"duration_in_seconds":1832}]},{"id":"97a0eeb7-c6f6-4757-9cf5-bbd21380223f","title":"Google's Heather Adkins on defenders playing the long game","url":"https://securityconversations.fireside.fm/heather-adkins-google-security","content_text":"Founding-member of the Google security team Heather Adkins joins the conversation to stress the importance of defenders playing the \"long-game,\" the need for meaningful culture-change among security leaders, the expansion of zero-trust beyond identities and devices, and some thoughts on the future of electronic voting.\n\nSponsored by Eclypsium:\nEclypsium ships an enterprise device platform that provides visibility and mitigation for malicious activity all the way down to the firmware and hardware level. Think of it as one platform to discover, inventory, assess risk, patch, and detect compromises and supply chain breaches across your entire fleet of devices. Request a demo at Eclypsium.com.","content_html":"\u003cp\u003eFounding-member of the Google security team Heather Adkins joins the conversation to stress the importance of defenders playing the \"long-game,\" the need for meaningful culture-change among security leaders, the expansion of zero-trust beyond identities and devices, and some thoughts on the future of electronic voting.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eSponsored by Eclypsium:\u003c/strong\u003e\u003cbr\u003e\nEclypsium ships an enterprise device platform that provides visibility and mitigation for malicious activity all the way down to the firmware and hardware level. Think of it as one platform to discover, inventory, assess risk, patch, and detect compromises and supply chain breaches across your entire fleet of devices. \u003ca href=\"https://eclypsium.com\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRequest a demo at Eclypsium.com\u003c/a\u003e.\u003c/p\u003e","summary":"Founding-member of the Google security team Heather Adkins joins the conversation to stress the importance of defenders playing the \"long-game,\" the need for meaningful culture-change among security leaders, the expansion of zero-trust beyond identities and devices, and some thoughts on the future of electronic voting.","date_published":"2021-05-26T16:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/97a0eeb7-c6f6-4757-9cf5-bbd21380223f.mp3","mime_type":"audio/mpeg","size_in_bytes":32532700,"duration_in_seconds":2327}]},{"id":"5ca053c8-a041-4288-add6-49c3c7f84bbd","title":"Collin Greene, head of product security, Facebook","url":"https://securityconversations.fireside.fm/collin-greene-facebook-product-security","content_text":"Facebook product security leader Collin Greene joins the show to discuss philosophies around securing code at scale, the pros and cons of relying on bug-bounty programs, the humbling lessons from being on the wrong side of a malicious hack, and why \"shift-left\" should be the priority for every defender.Links:Six Buckets of Product Security\nOutcomes \u0026gt; Bugs\n","content_html":"\u003cp\u003eFacebook product security leader Collin Greene joins the show to discuss philosophies around securing code at scale, the pros and cons of relying on bug-bounty programs, the humbling lessons from being on the wrong side of a malicious hack, and why \"shift-left\" should be the priority for every defender.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Six Buckets of Product Security\" rel=\"nofollow\" href=\"http://collingreene.com/6_buckets_of_prodsec.html\"\u003eSix Buckets of Product Security\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Outcomes \u0026gt; Bugs\" rel=\"nofollow\" href=\"http://collingreene.com/outcomes_over_bugs.html\"\u003eOutcomes \u0026gt; Bugs\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Facebook product security leader Collin Greene joins the show to discuss philosophies around securing code at scale, the pros and cons of relying on bug-bounty programs, the humbling lessons from being on the wrong side of a malicious hack, and why \"shift-left\" should be the priority for every defender.","date_published":"2021-05-25T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/5ca053c8-a041-4288-add6-49c3c7f84bbd.mp3","mime_type":"audio/mpeg","size_in_bytes":55918822,"duration_in_seconds":3692}]},{"id":"b93843f4-0c2b-4482-b8aa-c39e2fb7c02a","title":"Alex Matrosov on the state of security at the firmware layer","url":"https://securityconversations.fireside.fm/alex-matrosov-firmware-security","content_text":"Former head of offensive security research at NVIDIA Alex Matrosov joins the show to talk about the state of security at the firmware layer, the need for specialized reverse engineering skills, the limits of bug-bounty programs for hardware research, and the future of advanced malware analysis.Links:Alex Matrosov on LinkedIn\nModern Bootkit Trends: Bypassing Kernel-Mode Signing Policy\nBootkit threats: In-depth reverse engineering \u0026amp; defense\n","content_html":"\u003cp\u003eFormer head of offensive security research at NVIDIA Alex Matrosov joins the show to talk about the state of security at the firmware layer, the need for specialized reverse engineering skills, the limits of bug-bounty programs for hardware research, and the future of advanced malware analysis.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Alex Matrosov on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/matrosov/\"\u003eAlex Matrosov on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Modern Bootkit Trends: Bypassing Kernel-Mode Signing Policy\" rel=\"nofollow\" href=\"https://www.slideshare.net/matrosov/modern-bootkit-trends-bypassing-kernelmode-signing-policy\"\u003eModern Bootkit Trends: Bypassing Kernel-Mode Signing Policy\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Bootkit threats: In-depth reverse engineering \u0026amp; defense\" rel=\"nofollow\" href=\"https://www.slideshare.net/matrosov/bootkit-threats-indepth-reverse-engineering-defense\"\u003eBootkit threats: In-depth reverse engineering \u0026amp; defense\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Former head of offensive security research at NVIDIA Alex Matrosov joins the show to talk about the state of security at the firmware layer, the need for specialized reverse engineering skills, the limits of bug-bounty programs for hardware research, and the future of advanced malware analysis.","date_published":"2021-05-23T11:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/b93843f4-0c2b-4482-b8aa-c39e2fb7c02a.mp3","mime_type":"audio/mpeg","size_in_bytes":44900087,"duration_in_seconds":3512}]},{"id":"17902758-1dc9-4e4c-83cc-bbc3f9271eb4","title":"Charles Nwatu, Security Technology \u0026 Risk, Netflix","url":"https://securityconversations.fireside.fm/charles-nwatu-netflix","content_text":"Charles Nwatu is an engineering manager in Netflix's Security, Technology Assurance \u0026amp; Risk organization. He joins Ryan on the show to talk about a career pivot from U.S. gov service into cybersecurity in Silicon Valley, the exciting parts of compliance and risk management, and why newcomers should consider jobs in SOCs to kickstart security careers.Links:Charles Nwatu on LinkedIn\n — Corporate Security \u0026amp; Security, Technology Assurance \u0026amp; Risk, Netflix\nHow Netflix’s Charles Nwatu Turned His Desire to Help People Into a Career in Information Security\n","content_html":"\u003cp\u003eCharles Nwatu is an engineering manager in Netflix's Security, Technology Assurance \u0026amp; Risk organization. He joins Ryan on the show to talk about a career pivot from U.S. gov service into cybersecurity in Silicon Valley, the exciting parts of compliance and risk management, and why newcomers should consider jobs in SOCs to kickstart security careers.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Charles Nwatu on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/cnwatu/\"\u003eCharles Nwatu on LinkedIn\n\u003c/a\u003e \u0026mdash; Corporate Security \u0026amp; Security, Technology Assurance \u0026amp; Risk, Netflix\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"How Netflix’s Charles Nwatu Turned His Desire to Help People Into a Career in Information Security\" rel=\"nofollow\" href=\"https://peopleofcolorintech.com/interview/how-netflixs-charles-nwatu-turned-his-desire-to-help-people-into-a-career-in-information-security/\"\u003eHow Netflix’s Charles Nwatu Turned His Desire to Help People Into a Career in Information Security\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Charles Nwatu is an engineering manager in Netflix's Security, Technology Assurance \u0026 Risk organization. He joins Ryan on the show to talk about a career pivot from U.S. gov service into cybersecurity in Silicon Valley, the exciting parts of compliance and risk management, and why newcomers should consider jobs in SOCs to kickstart security careers.","date_published":"2021-05-11T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/17902758-1dc9-4e4c-83cc-bbc3f9271eb4.mp3","mime_type":"audio/mpeg","size_in_bytes":27630724,"duration_in_seconds":1825}]},{"id":"3e7cdf29-565f-4a2b-bac6-de85ff8e7c2a","title":"Doug Madory on the mysterious AS8003 global routing story","url":"https://securityconversations.fireside.fm/doug-madory-mystery-as8003","content_text":"Director of Internet Analyis at Kentik, Doug Madory, joins the podcast to shed light on the mysterious appearance of unused IPv4 space belonging to the US Department of Defense: the strange connection to a Florida company now managing the world's largest honeypot; the odd Inauguration Day timing of this discovery;, and why enterprise network defenders should pay very close attention.Links:The Mystery of AS8003\n — On January 20, 2021, a great mystery appeared in the internet’s global routing table. An entity that hadn’t been heard from in over a decade began announcing large swaths of formerly unused IPv4 address space belonging to the U.S. Department of Defense. \nPentagon explains odd transfer of 175 million IP addresses to obscure company | Ars Technica\n — \"Did someone at the Defense Department sell off part of the military's vast collection of sought-after IP addresses as Trump left office? Had the Pentagon finally acted on demands to unload the billions of dollars worth of IP address space the military has been sitting on, largely unused, for decades?\"\nAS8003 GRS-DOD\n","content_html":"\u003cp\u003eDirector of Internet Analyis at Kentik, Doug Madory, joins the podcast to shed light on the mysterious appearance of unused IPv4 space belonging to the US Department of Defense: the strange connection to a Florida company now managing the world's largest honeypot; the odd Inauguration Day timing of this discovery;, and why enterprise network defenders should pay very close attention.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"The Mystery of AS8003\" rel=\"nofollow\" href=\"https://www.kentik.com/blog/the-mystery-of-as8003/\"\u003eThe Mystery of AS8003\n\u003c/a\u003e \u0026mdash; On January 20, 2021, a great mystery appeared in the internet’s global routing table. An entity that hadn’t been heard from in over a decade began announcing large swaths of formerly unused IPv4 address space belonging to the U.S. Department of Defense. \n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Pentagon explains odd transfer of 175 million IP addresses to obscure company | Ars Technica\" rel=\"nofollow\" href=\"https://arstechnica.com/information-technology/2021/04/pentagon-explains-odd-transfer-of-175-million-ip-addresses-to-obscure-company/\"\u003ePentagon explains odd transfer of 175 million IP addresses to obscure company | Ars Technica\n\u003c/a\u003e \u0026mdash; \"Did someone at the Defense Department sell off part of the military's vast collection of sought-after IP addresses as Trump left office? Had the Pentagon finally acted on demands to unload the billions of dollars worth of IP address space the military has been sitting on, largely unused, for decades?\"\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"AS8003 GRS-DOD\" rel=\"nofollow\" href=\"https://bgp.he.net/AS8003#_whois\"\u003eAS8003 GRS-DOD\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Director of Internet Analyis at Kentik, Doug Madory, joins the podcast to shed light on the mysterious appearance of unused IPv4 space belonging to the US Department of Defense: the strange connection to a Florida company now managing the world's largest honeypot; the odd Inauguration Day timing of this discovery;, and why enterprise network defenders should pay very close attention.","date_published":"2021-04-29T08:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/3e7cdf29-565f-4a2b-bac6-de85ff8e7c2a.mp3","mime_type":"audio/mpeg","size_in_bytes":22227722,"duration_in_seconds":1760}]},{"id":"36c84816-ee62-408e-a68d-a928e4fb720c","title":"Crossbeam CISO Chris Castaldo on securing the start-up","url":"https://securityconversations.fireside.fm/chris-castaldo-ciso-crossbeam","content_text":"Sponsored by Eclypsium\n\nChris Castaldo has a fascinating career in cybersecurity. A U.S. army veteran who dabbled in tech during the early 2000s dot-com boom before settling on security, Castaldo is now CISO at Crossbeam and a decision-maker with a bird's eye view into how the should be protected. \n\nCastaldo joins Ryan on the show to talk about his new book on securing the startup, why he's the rare CISO that loves security vendor briefings and demos, and his vision of the CISO's top priorities.","content_html":"\u003cp\u003e\u003ca href=\"https://eclypsium.com\" target=\"_blank\" rel=\"nofollow noopener\"\u003eSponsored by Eclypsium\u003c/a\u003e\u003c/p\u003e\n\n\u003cp\u003eChris Castaldo has a fascinating career in cybersecurity. A U.S. army veteran who dabbled in tech during the early 2000s dot-com boom before settling on security, Castaldo is now CISO at Crossbeam and a decision-maker with a bird's eye view into how the should be protected. \u003c/p\u003e\n\n\u003cp\u003eCastaldo joins Ryan on the show to talk about his new book on securing the startup, why he's the rare CISO that loves security vendor briefings and demos, and his vision of the CISO's top priorities.\u003c/p\u003e","summary":"Chris Castaldo has a fascinating career in cybersecurity. A U.S. army veteran who dabbled in tech during the early 2000s dot-com boom before settling on security, Castaldo is now CISO at Crossbeam and a decision-maker with a bird's eye view into how the should be protected. \r\n\r\nCastaldo joins Ryan on the show to talk about his new book on securing the startup, why he's the rare CISO that loves security vendor briefings and demos, and his vision of the CISO's top priorities.","date_published":"2021-04-23T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/36c84816-ee62-408e-a68d-a928e4fb720c.mp3","mime_type":"audio/mpeg","size_in_bytes":28911630,"duration_in_seconds":1930}]},{"id":"8ca9fe4a-f12f-401f-80d8-f42f8c1e7504","title":"Shubs Shah on finding riches (and lessons) from bug bounty hacking","url":"https://securityconversations.fireside.fm/shuhbam-shah-assetnote","content_text":"Shubham Shah is a brilliant hacker who quit his pen-testing job to hack for cash in bug-bounty programs. He quickly mastered the game of automating automating pre-breach reconnaissance and zero in on common webapp programming and configuration errors. Shubs, now co-founder at Assetnote, joined Ryan on the show to talk about the stressful life of a fulltime bug-bounty hunter, advancements in web app security defense, and how automation is completely rewriting the bug-discovery business.Links:Assetnote\nShubs Shah: Hacking on Bug Bounties for Four Years\nHigh frequency security: 120 days, 120 bugs\nh2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)\nH2C Smuggling in the Wild\n","content_html":"\u003cp\u003eShubham Shah is a brilliant hacker who quit his pen-testing job to hack for cash in bug-bounty programs. He quickly mastered the game of automating automating pre-breach reconnaissance and zero in on common webapp programming and configuration errors. Shubs, now co-founder at Assetnote, joined Ryan on the show to talk about the stressful life of a fulltime bug-bounty hunter, advancements in web app security defense, and how automation is completely rewriting the bug-discovery business.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Assetnote\" rel=\"nofollow\" href=\"https://assetnote.io\"\u003eAssetnote\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Shubs Shah: Hacking on Bug Bounties for Four Years\" rel=\"nofollow\" href=\"https://blog.assetnote.io/2020/09/15/hacking-on-bug-bounties-for-four-years/\"\u003eShubs Shah: Hacking on Bug Bounties for Four Years\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"High frequency security: 120 days, 120 bugs\" rel=\"nofollow\" href=\"https://shubs.io/high-frequency-security-bug-hunting-120-days-120-bugs/\"\u003eHigh frequency security: 120 days, 120 bugs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)\" rel=\"nofollow\" href=\"https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c\"\u003eh2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"H2C Smuggling in the Wild\" rel=\"nofollow\" href=\"https://blog.assetnote.io/2021/03/18/h2c-smuggling/\"\u003eH2C Smuggling in the Wild\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":" Shubham Shah is a brilliant hacker who quit his pen-testing job to hack for cash in bug-bounty programs. He quickly mastered the game of automating automating pre-breach reconnaissance and zero in on common webapp programming and configuration errors. Shubs, now co-founder at Assetnote, joined Ryan on the show to talk about the stressful life of a fulltime bug-bounty hunter, advancements in web app security defense, and how automation is completely rewriting the bug-discovery business.","date_published":"2021-04-20T11:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/8ca9fe4a-f12f-401f-80d8-f42f8c1e7504.mp3","mime_type":"audio/mpeg","size_in_bytes":38562676,"duration_in_seconds":3169}]},{"id":"e3d22755-cc83-43aa-b67d-8003ad468a6b","title":"Fahmida Rashid, Executive Editor, VentureBeat","url":"https://securityconversations.fireside.fm/fahmida-rashid-venturebeat","content_text":"Newly appointed Executive Editor at VentureBeat Fahmida Rashid joins the show to talk about her introduction to computer networking in school, her winding path into cybersecurity journalism, the security stories worth telling, the venture capital ecosystem, and the surge in unicorn cybersecurity startups.Links:Follow Fahmida on Twitter\nFahmida Rashid on LinkedIn\n","content_html":"\u003cp\u003eNewly appointed Executive Editor at VentureBeat Fahmida Rashid joins the show to talk about her introduction to computer networking in school, her winding path into cybersecurity journalism, the security stories worth telling, the venture capital ecosystem, and the surge in unicorn cybersecurity startups.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Follow Fahmida on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/FYRashid\"\u003eFollow Fahmida on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Fahmida Rashid on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/fyrashid/\"\u003eFahmida Rashid on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Newly appointed Executive Editor at VentureBeat Fahmida Rashid joins the show to talk about her introduction to computer networking in school, her winding path into cybersecurity journalism, the security stories worth telling, the venture capital ecosystem, and the surge in unicorn cybersecurity startups.","date_published":"2021-04-09T10:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/e3d22755-cc83-43aa-b67d-8003ad468a6b.mp3","mime_type":"audio/mpeg","size_in_bytes":31693302,"duration_in_seconds":2222}]},{"id":"9589ad97-fc83-458f-8781-44ce8eb8bbf3","title":"Microsoft's David Weston on the surge in firmware attacks","url":"https://securityconversations.fireside.fm/david-weston-microsoft-windows","content_text":"Microsoft's David Weston joins Ryan on the show to discuss a new report that shows 83% of organizations have been hit by a firmware attack in the last two years. \n\nAs businesses continue to under-invest in resources to prevent firmware attacks, Weston warns about the inevitability of advanced attacks at the 'invisible' layer, the absence of skills and tools to find malicious activity in firmware, the nightmare of navigating the patching treadmill, and exciting tech innovation in the space.","content_html":"\u003cp\u003eMicrosoft's David Weston joins Ryan on the show to discuss a new report that shows 83% of organizations have been hit by a firmware attack in the last two years. \u003c/p\u003e\n\n\u003cp\u003eAs businesses continue to under-invest in resources to prevent firmware attacks, Weston warns about the inevitability of advanced attacks at the 'invisible' layer, the absence of skills and tools to find malicious activity in firmware, the nightmare of navigating the patching treadmill, and exciting tech innovation in the space.\u003c/p\u003e","summary":"Microsoft's David Weston joins Ryan on the show to discuss a new report that shows 83% of organizations have been hit by a firmware attack in the last two years. \r\n\r\nAs businesses continue to under-invest in resources to prevent firmware attacks, Weston warns about the inevitability of advanced attacks at the 'invisible' layer, the absence of skills and tools to find malicious activity in firmware, the nightmare of navigating the patching treadmill, and exciting tech innovation in the space.","date_published":"2021-04-06T11:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/9589ad97-fc83-458f-8781-44ce8eb8bbf3.mp3","mime_type":"audio/mpeg","size_in_bytes":35474013,"duration_in_seconds":1986}]},{"id":"ccdec073-caf0-49bc-80f3-42edab3a1c04","title":"Lena Smart, CISO, MongoDB","url":"https://securityconversations.fireside.fm/lena-smart-ciso-mongodb","content_text":"At age 16, Lena Smart finished high school and went into the workforce. At the time, a university degree and advanced education were not available to her in a single-parent household in Scotland. Today, she is CISO of MongoDB, a $16 billion company with thousands of employees around the world and she is a leading voice on education and talent-identification in cybersecurity.\n\nLena joins Ryan on the show to tell stories from her childhood, the decisions that carved a path for a successful career in security, the anguish of imposter syndrome, the joys of building a modern security program, and impressive tech innovation moving the security needle.","content_html":"\u003cp\u003eAt age 16, Lena Smart finished high school and went into the workforce. At the time, a university degree and advanced education were not available to her in a single-parent household in Scotland. Today, she is CISO of MongoDB, a $16 billion company with thousands of employees around the world and she is a leading voice on education and talent-identification in cybersecurity.\u003c/p\u003e\n\n\u003cp\u003eLena joins Ryan on the show to tell stories from her childhood, the decisions that carved a path for a successful career in security, the anguish of imposter syndrome, the joys of building a modern security program, and impressive tech innovation moving the security needle.\u003c/p\u003e","summary":"At age16, Lena Smart finished high school and went into the workforce. At the time, a university degree and advanced education was not available to her in a single-parent household in Scotland. Today, she is CISO of MongoDB, a $16 billion company with thousands of employees around the world and is leading the discussion on education and talent-identification in cybersecurity.\r\n\r\nLena joins Ryan on the show to tell stories from her childhood, the decisions that carved a path for a successful career in security, the anguish of imposter syndrome, the joys of building a modern security program, and impressive tech innovation moving the security needle.","date_published":"2021-04-02T04:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/ccdec073-caf0-49bc-80f3-42edab3a1c04.mp3","mime_type":"audio/mpeg","size_in_bytes":44804932,"duration_in_seconds":3261}]},{"id":"02fc5a7f-d41b-434f-a25d-5f6c0a046dbc","title":"Patrick Howell O'Neill, Cybersecurity Editor, MIT Technology Review","url":"https://securityconversations.fireside.fm/patrick-howell-oneill-mit-tech-review","content_text":"Patrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. In this out-of-band episode of the show, Patrick joins Ryan to discuss his latest scoop on Google Project Zero's visibility into malware used in a Western .gov counter-terrorism operation, the tricky nature of attributing nation-state backed attacks, Apple's iOS becoming a hot target and the controversies surrounding all of these conversations. Follow Patrick on Twitter.","content_html":"\u003cp\u003ePatrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. In this out-of-band episode of the show, Patrick joins Ryan to discuss \u003ca href=\"https://securityconversations.com/on-disrupting-gov-malware-attacks/\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehis latest scoop\u003c/a\u003e on Google Project Zero's visibility into malware used in a Western .gov counter-terrorism operation, the tricky nature of attributing nation-state backed attacks, Apple's iOS becoming a hot target and the controversies surrounding all of these conversations. \u003ca href=\"https://twitter.com/howelloneill\" target=\"_blank\" rel=\"nofollow noopener\"\u003eFollow Patrick on Twitter\u003c/a\u003e.\u003c/p\u003e","summary":" \r\nPatrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. In this out-of-band episode of the show, Patrick joins Ryan to discuss his latest scoop on Google Project Zero's visibility into malware used in a Western .gov counter-terrorism operation, the tricky nature of attributing nation-state backed attacks, Apple's iOS becoming a hot target and the controversies surrounding all of these conversations. [Follow Patrick on Twitter](https://twitter.com/howelloneill).","date_published":"2021-03-30T01:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/02fc5a7f-d41b-434f-a25d-5f6c0a046dbc.mp3","mime_type":"audio/mpeg","size_in_bytes":24838523,"duration_in_seconds":1552}]},{"id":"85a47563-94ed-43f9-964c-fed6c6e20eff","title":"Nico Waisman, Head of Privacy \u0026 Security, Lyft","url":"https://securityconversations.fireside.fm/nico-waisman-lyft","content_text":"After a 20-year career working in the offensive security reseach trenches, security industry pioneer Nico Waisman made the transition to defense to head up privacy and security efforts at ride-sharing firm Lyft. Waisman joins Ryan Naraine on the show to talk about early hacking in Argentina, the contributions of non-Americans to the security industry, and much much more...","content_html":"\u003cp\u003eAfter a 20-year career working in the offensive security reseach trenches, security industry pioneer Nico Waisman made the transition to defense to head up privacy and security efforts at ride-sharing firm Lyft. Waisman joins Ryan Naraine on the show to talk about early hacking in Argentina, the contributions of non-Americans to the security industry, and much much more...\u003c/p\u003e","summary":"After a 20-year career working in the offensive security reseach trenches, security industry pioneer Nico Waisman made the transition to defense to head up privacy and security efforts at ride-sharing firm Lyft. Waisman joins Ryan Naraine on the show to talk about early hacking in Argentina, the contributions of non-Americans to the security industry, and much much more...","date_published":"2021-03-26T12:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/85a47563-94ed-43f9-964c-fed6c6e20eff.mp3","mime_type":"audio/mpeg","size_in_bytes":42763209,"duration_in_seconds":3378}]},{"id":"68388f69-fd95-4df0-9083-00587ea8f41c","title":"Ron Brash on the water plant hacks and the state of ICS security","url":"https://securityconversations.fireside.fm/ron-brash-verve-industrial-protection","content_text":"Ron Brash joins Ryan Naraine on the show to talk about the recent water supply hack, the state of security in ICS/SCADA installations, the checklist of affordable things for critical infrastructure defenders, and the things we should worry -- and not worry -- about. \n\nRon is Director of Cyber Security Insights at Verve Industrial Protection, a critical infrastructure-focused organisation that sells services and products that work across IT and OT environments for effective cyber security, controls and management. ","content_html":"\u003cp\u003eRon Brash joins Ryan Naraine on the show to talk about the recent water supply hack, the state of security in ICS/SCADA installations, the checklist of affordable things for critical infrastructure defenders, and the things we should worry -- and not worry -- about. \u003c/p\u003e\n\n\u003cp\u003eRon is Director of Cyber Security Insights at Verve Industrial Protection, a critical infrastructure-focused organisation that sells services and products that work across IT and OT environments for effective cyber security, controls and management. \u003c/p\u003e","summary":" Ron Brash joins Ryan on the show talk about the recent water supply hack, the state of security in ICS/SCADA installations, the checklist of affordable things for critical infrastructure defender, and the things we should worry -- and not worry -- about. Ron is Director of Cyber Security Insights at Verve Industrial Protection, a critical infrastructure-focused organisation that sells services and products that work across IT and OT environments for effective cyber security, controls and management. ","date_published":"2021-03-11T13:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/68388f69-fd95-4df0-9083-00587ea8f41c.mp3","mime_type":"audio/mpeg","size_in_bytes":45472533,"duration_in_seconds":3006}]},{"id":"6cc88aa8-eacc-4bb0-a992-c0172b5915ea","title":"Throwback: Zero-day exploit broker Chaouki Bekrar","url":"https://securityconversations.fireside.fm/chaouki-bekrar","content_text":"This is the republication of an interview first conducted in March 2013 with then-VUPEN chief executive Chauki Bekrar. The audio file was lost in several podcast platform transfers and I'm glad to be able to retain this interview for historical purposes. \n\nThe recording was conducted in the hallways of the CanSecWest Pwn2Own hacking contest in 2013 where Bekrar's team of hackers demo'd a zero-day attack against Microsoft Internet Explorer 10 on Windows 8, an exploit that bypassed all mitigations including the browser sandbox. We chat about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Own hacker contest. \n\n(Please excuse the audio quality and background chatter, this was recorded with a small handheld device in a noisy room).","content_html":"\u003cp\u003eThis is the republication of an interview first conducted in March 2013 with then-VUPEN chief executive Chauki Bekrar. The audio file was lost in several podcast platform transfers and I'm glad to be able to retain this interview for historical purposes. \u003c/p\u003e\n\n\u003cp\u003eThe recording was conducted in the hallways of the CanSecWest Pwn2Own hacking contest in 2013 where Bekrar's team of hackers demo'd a zero-day attack against Microsoft Internet Explorer 10 on Windows 8, an exploit that bypassed all mitigations including the browser sandbox. We chat about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Own hacker contest. \u003c/p\u003e\n\n\u003cp\u003e(Please excuse the audio quality and background chatter, this was recorded with a small handheld device in a noisy room).\u003c/p\u003e","summary":"This is the republication of an interview first conducted in March 2013 with then-VUPEN chief executive Chauki Bekrar. The audio file was lost in several podcast platform transfers and I'm glad to be able to retain this interview for historical purposes. \r\n\r\nThe recording was conducted in the hallways of the CanSecWest Pwn2Own hacking contest in 2013 where Bekrar's team of hackers demo'd a zero-day attack against Microsoft Internet Explorer 10 on Windows 8, an exploit that bypassed all mitigations including the browser sandbox. We chat about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Own hacker contest. \r\n\r\nPlease excuse the audio quality and background noise.","date_published":"2021-03-03T01:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6cc88aa8-eacc-4bb0-a992-c0172b5915ea.mp3","mime_type":"audio/mpeg","size_in_bytes":21298595,"duration_in_seconds":1482}]},{"id":"9a9c9bf0-2463-42f6-9e4c-823c9a7763d8","title":"Selena Larson, Intelligence Analyst, Dragos","url":"https://securityconversations.fireside.fm/selena-larson-dragos","content_text":"Journalist-turned-intel analyst Selena Larson joins the podcast to discuss the nuances of cybersecurity journalism, making the shift to analyzing intelligence and writing for a private audience, the ransomware epidemic, and the state of critical infrastructure security.Links:Selena Larson Presentations\nFollow Selena on Twitter\nSelena Larson on Bringing New \u0026amp; Diverse People into the ICS Security Community\nICS OSINT: An Attacker’s Perspective\nSelena Larson profile\n","content_html":"\u003cp\u003eJournalist-turned-intel analyst Selena Larson joins the podcast to discuss the nuances of cybersecurity journalism, making the shift to analyzing intelligence and writing for a private audience, the ransomware epidemic, and the state of critical infrastructure security.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Selena Larson Presentations\" rel=\"nofollow\" href=\"https://www.selenalarson.com/presentations\"\u003eSelena Larson Presentations\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Selena on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/selenalarson\"\u003eFollow Selena on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Selena Larson on Bringing New \u0026amp; Diverse People into the ICS Security Community\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=WzfMsApgIl8\u0026amp;ab_channel=S4Events\"\u003eSelena Larson on Bringing New \u0026amp; Diverse People into the ICS Security Community\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"ICS OSINT: An Attacker’s Perspective\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=fW7AkbG-q-A\u0026amp;ab_channel=RSAConference\"\u003eICS OSINT: An Attacker’s Perspective\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Selena Larson profile\" rel=\"nofollow\" href=\"https://www.dragos.com/team/selena-larson/\"\u003eSelena Larson profile\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Journalist-turned-intel analyst Selena Larson joins the podcast to discuss the nuances of cybersecurity journalism, making the shift to analyzing intelligence and writing for a private audience, the ransomware epidemic, and the state of critical infrastructure security.","date_published":"2020-09-16T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/9a9c9bf0-2463-42f6-9e4c-823c9a7763d8.mp3","mime_type":"audio/mpeg","size_in_bytes":37771153,"duration_in_seconds":3137}]},{"id":"d20c248c-131d-4e66-8790-6d0a146e7fa8","title":"Fredrick Lee, Chief Security Officer, Gusto","url":"https://securityconversations.fireside.fm/frederick-lee-gusto","content_text":"Gusto chief security officer Fredrick 'Flee' Lee talks about his passion for democratizing security, solving problems for small businesses, the responsibilities of being a black security leader, and the people and experiences that influenced him along the way.Links:Gusto Appoints Fredrick Lee Chief Security Officer\nSecret CSO: Fredrick \"Flee\" Lee, Gusto\nCISO to CISO Webcast with Fredrick \"Flee\" Lee\n","content_html":"\u003cp\u003eGusto chief security officer Fredrick 'Flee' Lee talks about his passion for democratizing security, solving problems for small businesses, the responsibilities of being a black security leader, and the people and experiences that influenced him along the way.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Gusto Appoints Fredrick Lee Chief Security Officer\" rel=\"nofollow\" href=\"https://www.businesswire.com/news/home/20190305005014/en/Gusto-Appoints-Fredrick-Lee-Chief-Security-Officer\"\u003eGusto Appoints Fredrick Lee Chief Security Officer\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Secret CSO: Fredrick \u0026quot;Flee\u0026quot; Lee, Gusto\" rel=\"nofollow\" href=\"https://www.idgconnect.com/interviews/1504751/secret-cso-fredrick-flee-lee-gusto\"\u003eSecret CSO: Fredrick \"Flee\" Lee, Gusto\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"CISO to CISO Webcast with Fredrick \u0026quot;Flee\u0026quot; Lee\" rel=\"nofollow\" href=\"https://blog.altitudenetworks.com/ciso-to-ciso-live-webcast-with-fredrick-lee-cso-of-gusto/\"\u003eCISO to CISO Webcast with Fredrick \"Flee\" Lee\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Gusto chief security officer Fredrick 'Flee' Lee talks about his passion for democratizing security, solving problems for small businesses, the responsibilities of being a black security leader, and the people and experiences that influenced him along the way.","date_published":"2020-09-10T16:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/d20c248c-131d-4e66-8790-6d0a146e7fa8.mp3","mime_type":"audio/mpeg","size_in_bytes":27307999,"duration_in_seconds":2497}]},{"id":"cb83913c-2556-48c1-aff3-aa2f7b7db8c8","title":"Zack Whittaker, Security Editor, TechCrunch","url":"https://securityconversations.fireside.fm/zack-whittaker-techcrunch","content_text":"TechCrunch security writer Zack Whittaker stumbled into journalism while in college and has carved a successful career covering cybersecurity the last decade. He joins the podcast to talk about landing at ZDNet out of university and some lucky breaks along the way. Zack also talks about the trials of living and working with Tourette syndrome. ","content_html":"\u003cp\u003eTechCrunch security writer Zack Whittaker stumbled into journalism while in college and has carved a successful career covering cybersecurity the last decade. He joins the podcast to talk about landing at ZDNet out of university and some lucky breaks along the way. Zack also talks about the trials of living and working with Tourette syndrome. \u003c/p\u003e","summary":"TechCrunch security writer Zack Whittaker stumbled into journalism while in college and has carved a successful career covering cybersecurity the last decade. He joins the podcast to talk about landing at ZDNet out of university and some lucky breaks along the way. Zack also talks about the trials of living and working with Tourette syndrome.","date_published":"2020-09-01T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/cb83913c-2556-48c1-aff3-aa2f7b7db8c8.mp3","mime_type":"audio/mpeg","size_in_bytes":19170998,"duration_in_seconds":1545}]},{"id":"c238448d-c5c4-411a-b256-d6afae1ec31b","title":"Jason Chan, VP, Information Security, Netflix","url":"https://securityconversations.fireside.fm/jason-chan-netflix","content_text":"Netflix security leader Jason Chan talks about the connections between ultra-marathons and running a robust security program, his view of the defender's top priorities, the talent shortage in cybersecurity, and the shifting patterns that drive secure code delivery.Links:Jason's ultra-marathon photos\nKeynote: Keeping Developers and Security Teams Happy\nDeveloper Empathy with Jason Chan of Netflix (Podcast)\nHacktivity 2014: Jason Chan -- Building a Glass House\nI Want Your Job: Jason Chan, Netflix\n","content_html":"\u003cp\u003eNetflix security leader Jason Chan talks about the connections between ultra-marathons and running a robust security program, his view of the defender's top priorities, the talent shortage in cybersecurity, and the shifting patterns that drive secure code delivery.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Jason\u0026#39;s ultra-marathon photos\" rel=\"nofollow\" href=\"https://run200photos.com/jason/hB7475CBB#hb7475cbb\"\u003eJason's ultra-marathon photos\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Keynote: Keeping Developers and Security Teams Happy\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=WGkAf4x94rQ\"\u003eKeynote: Keeping Developers and Security Teams Happy\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Developer Empathy with Jason Chan of Netflix (Podcast)\" rel=\"nofollow\" href=\"https://www.heavybit.com/library/podcasts/the-secure-developer/ep-28-developer-empathy-with-jason-chan-of-netflix/\"\u003eDeveloper Empathy with Jason Chan of Netflix (Podcast)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Hacktivity 2014: Jason Chan -- Building a Glass House\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=wH-8610xh6s\"\u003eHacktivity 2014: Jason Chan -- Building a Glass House\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"I Want Your Job: Jason Chan, Netflix\" rel=\"nofollow\" href=\"https://today.cofc.edu/2019/04/03/jason-chan-vice-president-of-information-security-netflix/\"\u003eI Want Your Job: Jason Chan, Netflix\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Netflix security leader Jason Chan talks about the connections between ultra-marathons and running a robust security program, his view of the defender's top priorities, the talent shortage in cybersecurity, and the shifting patterns that drive secure code delivery.","date_published":"2020-08-18T16:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/c238448d-c5c4-411a-b256-d6afae1ec31b.mp3","mime_type":"audio/mpeg","size_in_bytes":22390072,"duration_in_seconds":1864}]},{"id":"6430e0f1-7e1a-4003-853b-8f19d9a34d6b","title":"Matt Honea, Senior Director, Cybersecurity, Guidewire","url":"https://securityconversations.fireside.fm/matt-honea-guidewire","content_text":"After a career in government that included physical security work for the U.S. State Department, Matt Honea transitioned to Silicon Valley and turned his attention to the cyber-insurance space. He joins the podcast for a frank discussion on cyber-insurance, ransomware payments and trends, and his opinions on innovation in security.Links:Matt Honea blog posts\nSafe Harbor Programs: Ensuring the Bounty Isn't on ...\n","content_html":"\u003cp\u003eAfter a career in government that included physical security work for the U.S. State Department, Matt Honea transitioned to Silicon Valley and turned his attention to the cyber-insurance space. He joins the podcast for a frank discussion on cyber-insurance, ransomware payments and trends, and his opinions on innovation in security.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Matt Honea blog posts\" rel=\"nofollow\" href=\"https://www.guidewire.com/our-bloggers/matthew-honea\"\u003eMatt Honea blog posts\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Safe Harbor Programs: Ensuring the Bounty Isn\u0026#39;t on ...\" rel=\"nofollow\" href=\"https://www.darkreading.com/application-security/safe-harbor-programs-ensuring-the-bounty-isnt-on-white-hat-hackers-heads/a/d-id/1334339?\"\u003eSafe Harbor Programs: Ensuring the Bounty Isn't on ...\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"After a career in government that included physical security work for the U.S. State Department, Matt Honea transitioned to Silicon Valley and turned his attention to the cyber-insurance space. He joins the podcast for a frank discussion on cyber-insurance, ransomware payments and trends, and his opinions on innovation in security.","date_published":"2020-08-11T12:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6430e0f1-7e1a-4003-853b-8f19d9a34d6b.mp3","mime_type":"audio/mpeg","size_in_bytes":30677958,"duration_in_seconds":2796}]},{"id":"1a7b0cc6-4405-4f53-81c3-653964fd377d","title":"Andy Greenberg, Senior Writer, Wired","url":"https://securityconversations.fireside.fm/andy-greenberg-wired","content_text":"Cybersecurity journalist and author Andy Greenberg joins the podcast to talk about his career as a journalist, the ins-and-outs of negotiating a big story with sources, the intricacies of writing a good book, and some of his biggest stories to date.Links:Follow Andy Greenberg on Twitter\nAndy Greenberg's Wired bio\nSandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers\n","content_html":"\u003cp\u003eCybersecurity journalist and author Andy Greenberg joins the podcast to talk about his career as a journalist, the ins-and-outs of negotiating a big story with sources, the intricacies of writing a good book, and some of his biggest stories to date.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Follow Andy Greenberg on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/a_greenberg\"\u003eFollow Andy Greenberg on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Andy Greenberg\u0026#39;s Wired bio\" rel=\"nofollow\" href=\"https://www.wired.com/author/andy-greenberg/\"\u003eAndy Greenberg's Wired bio\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin\u0026#39;s Most Dangerous Hackers\" rel=\"nofollow\" href=\"https://www.amazon.com/Sandworm-Cyberwar-Kremlins-Dangerous-Hackers/dp/0385544405?ots=1\u0026amp;slotNum=0\u0026amp;imprToken=10b9ef54-bb0c-ca8b-8b2\u0026amp;tag=w050b-20\u0026amp;linkCode=w50\"\u003eSandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Cybersecurity journalist and author Andy Greenberg joins the podcast to talk about his career as a journalist, the ins-and-outs of negotiating a big story with sources, the intricacies of writing a good book, and some of his biggest stories to date.","date_published":"2020-08-11T10:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1a7b0cc6-4405-4f53-81c3-653964fd377d.mp3","mime_type":"audio/mpeg","size_in_bytes":43116760,"duration_in_seconds":3587}]},{"id":"e2e90b4c-d2d7-4cf8-abb8-691432172793","title":"Brooke Pearson, Security Awareness, Uber","url":"https://securityconversations.fireside.fm/brooke-pearson-uber","content_text":"After a career in diplomacy at the U.S. State Department, Uber's Brooke Pearson headed to Silicon Valley to find a new path in cybersecurity. We chat about her early interest in Russia and international relations, a life-changing chance encounter during an airport layover, using non-traditional skills to find success in tech, and her passion for helping minorities find meaningful careers in security. ","content_html":"\u003cp\u003eAfter a career in diplomacy at the U.S. State Department, Uber's Brooke Pearson headed to Silicon Valley to find a new path in cybersecurity. We chat about her early interest in Russia and international relations, a life-changing chance encounter during an airport layover, using non-traditional skills to find success in tech, and her passion for helping minorities find meaningful careers in security. \u003c/p\u003e","summary":"After a career in diplomacy at the U.S. State Department, Uber's Brooke Pearson headed to Silicon Valley to find a new path in cybersecurity. We chat about her early interest in Russia and international relations, a life-changing chance encounter during an airport layover, using non-traditional skills to find success in tech, and her passion for helping minorities find meaningful careers in security. ","date_published":"2020-06-17T21:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/e2e90b4c-d2d7-4cf8-abb8-691432172793.mp3","mime_type":"audio/mpeg","size_in_bytes":44092719,"duration_in_seconds":3671}]},{"id":"768dab87-a2a6-4fa9-9a41-b74bd83665a3","title":"Tim MalcomVetter, Red Team Lead, Walmart","url":"https://securityconversations.fireside.fm/tim-malcomvetter-walmart","content_text":"[ DISCLAIMER: These are the personal opinions of Tim MalcomVetter and do not construe an official endorsement or business relationship of his employer with any product or service. ]\n\nWalmart Red Team lead Tim MalcomVetter joins the podcast to talk about red-team/blue team dynamics, the adversarial relationship between the two sides, the mentality of a determined attacker, and why everyone in cybersecurity should give jiu-jitsu a try.Links:TIm's Articles on Medium\nFollow Tim MalcomVetter on Twitter\nLinkedIn Profile\n","content_html":"\u003cp\u003e\u003cem\u003e[ DISCLAIMER: These are the personal opinions of Tim MalcomVetter and do not construe an official endorsement or business relationship of his employer with any product or service. ]\u003c/em\u003e\u003c/p\u003e\n\n\u003cp\u003eWalmart Red Team lead Tim MalcomVetter joins the podcast to talk about red-team/blue team dynamics, the adversarial relationship between the two sides, the mentality of a determined attacker, and why everyone in cybersecurity should give jiu-jitsu a try.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"TIm\u0026#39;s Articles on Medium\" rel=\"nofollow\" href=\"https://medium.com/@malcomvetter\"\u003eTIm's Articles on Medium\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Tim MalcomVetter on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/malcomvetter\"\u003eFollow Tim MalcomVetter on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"LinkedIn Profile\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/malcomvetter/\"\u003eLinkedIn Profile\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Tim joins the podcast to talk about red-team/blue team dynamics, the adversarial relationship between the two sides, the mentality of a determined attacker, and why everyone in cybersecurity should give jiu-jitsu a try.","date_published":"2020-05-04T18:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/768dab87-a2a6-4fa9-9a41-b74bd83665a3.mp3","mime_type":"audio/mpeg","size_in_bytes":43661751,"duration_in_seconds":3574}]},{"id":"9a77e22d-d2e8-4f91-a79b-f6edb4f69eaa","title":"Matt Suiche, Comae Technologies","url":"https://securityconversations.fireside.fm/matt-suiche-comae","content_text":"Hacker-turned-entrepreneur Matt Suiche reminisces about the hacking scene in France, his introduction to memory forensics and how his research led to presenting at Microsoft's Blue Hat, the grind of building and selling a company, and his passion for supporting young security researchers in developing countries. Links:OPCDE Online\nComae Technologies\nFollow Matt Suiche on Twitter\n","content_html":"\u003cp\u003eHacker-turned-entrepreneur Matt Suiche reminisces about the hacking scene in France, his introduction to memory forensics and how his research led to presenting at Microsoft's Blue Hat, the grind of building and selling a company, and his passion for supporting young security researchers in developing countries. \u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"OPCDE Online\" rel=\"nofollow\" href=\"https://online.opcde.com\"\u003eOPCDE Online\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Comae Technologies\" rel=\"nofollow\" href=\"https://www.comae.com/\"\u003eComae Technologies\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Matt Suiche on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/msuiche\"\u003eFollow Matt Suiche on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Hacker-turned-entrepreneur Matt Suiche reminisces about the hacking scene in France, his introduction to memory forensics, building a selling a company, and his passion for spreading security research in developing countries.","date_published":"2020-04-17T06:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/9a77e22d-d2e8-4f91-a79b-f6edb4f69eaa.mp3","mime_type":"audio/mpeg","size_in_bytes":35719975,"duration_in_seconds":2556}]},{"id":"3ea2877d-d3a0-44e1-98b4-e9536f831b77","title":"Jaime Blasco, AT\u0026T Cybersecurity","url":"https://securityconversations.fireside.fm/jaime-blasco-att-cybersecurity","content_text":"AT\u0026amp;T Cybersecurity's Jaime Blasco talks about falling in love with security as a high-school student in Spain, finding a career path in pen-testing and offense, shifting to building defensive technologies and his current passion for exploring the value of machine learning. Links:AT\u0026amp;T AlienLabs\nFollow Jaime on Twitter\nOpen Threat Exchange (OTX)\n","content_html":"\u003cp\u003eAT\u0026amp;T Cybersecurity's Jaime Blasco talks about falling in love with security as a high-school student in Spain, finding a career path in pen-testing and offense, shifting to building defensive technologies and his current passion for exploring the value of machine learning. \u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"AT\u0026amp;T AlienLabs\" rel=\"nofollow\" href=\"https://cybersecurity.att.com/alien-labs\"\u003eAT\u0026amp;T AlienLabs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Follow Jaime on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/jaimeblascob\"\u003eFollow Jaime on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Open Threat Exchange (OTX)\" rel=\"nofollow\" href=\"https://cybersecurity.att.com/open-threat-exchange\"\u003eOpen Threat Exchange (OTX)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"AT\u0026T Cybersecurity's Jaime Blasco talks about falling in love with security as a high-school student in Spain, finding a career path in pen-testing and offense, shifting to building defensive technologies and his current passion for exploring the value of machine learning.","date_published":"2020-04-14T15:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/3ea2877d-d3a0-44e1-98b4-e9536f831b77.mp3","mime_type":"audio/mpeg","size_in_bytes":30063613,"duration_in_seconds":1867}]},{"id":"1762300e-32da-4a5b-b925-44680cc367e6","title":"Collin Mulliner, Security Engineer, Cruise","url":"https://securityconversations.fireside.fm/collin-mulliner-cruise","content_text":"Mobile security pioneer Collin Mulliner talks about the early days of hacking PalmOS devices, the current state of smartphone platforms, his work on securing self driving cars, and why he built and open-sourced a firmware analyzer tool. Links:Firmware Analyzer\n — FwAnalyzer is a tool to analyze (ext2/3/4), FAT/VFat, SquashFS, UBIFS filesystem images, cpio archives, and directory content using a set of configurable rules. \nCollin's blog\nPDF: Continuous Automated Firmware Security Analysis\n","content_html":"\u003cp\u003eMobile security pioneer Collin Mulliner talks about the early days of hacking PalmOS devices, the current state of smartphone platforms, his work on securing self driving cars, and why he built and open-sourced a firmware analyzer tool. \u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Firmware Analyzer\" rel=\"nofollow\" href=\"https://github.com/cruise-automation/fwanalyzer\"\u003eFirmware Analyzer\n\u003c/a\u003e \u0026mdash; FwAnalyzer is a tool to analyze (ext2/3/4), FAT/VFat, SquashFS, UBIFS filesystem images, cpio archives, and directory content using a set of configurable rules. \n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Collin\u0026#39;s blog\" rel=\"nofollow\" href=\"http://www.mulliner.org/blog/\"\u003eCollin's blog\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"PDF: Continuous Automated Firmware Security Analysis\" rel=\"nofollow\" href=\"https://i.blackhat.com/USA-19/Wednesday/us-19-Mulliner-Come-Join-The-CAFSA-Continuous-Automated-Firmware-Security-Analysis.pdf\"\u003ePDF: Continuous Automated Firmware Security Analysis\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Mobile security research pioneer Collin Mulliner talks about the early days of hacking PalmOS devices, the current state of smartphone platforms, his work on securing self driving cars, and why he built and open-sourced a firmware analyzer tool.","date_published":"2020-04-03T18:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1762300e-32da-4a5b-b925-44680cc367e6.mp3","mime_type":"audio/mpeg","size_in_bytes":34191733,"duration_in_seconds":2008}]},{"id":"87141539-e2ba-45d7-a262-cec68a4f6baf","title":"Michael Piacente, Principal, Hitch Partners","url":"https://securityconversations.fireside.fm/michael-piacente-hitch-partners","content_text":"Hitch Partners principal Michael Piacente dishes on the cybersecurity job market during an economic crisis, the intricacies of recruiting top-flight security talent, the high rate of turnover among CISOs, and why companies should spend more time on writing better job descriptions.Links:WSJ: CISOs stay on the job less than three years, compared with nearly seven years for CEOs\nExploring the CISO's personal brand\n","content_html":"\u003cp\u003eHitch Partners principal Michael Piacente dishes on the cybersecurity job market during an economic crisis, the intricacies of recruiting top-flight security talent, the high rate of turnover among CISOs, and why companies should spend more time on writing better job descriptions.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"WSJ: CISOs stay on the job less than three years, compared with nearly seven years for CEOs\" rel=\"nofollow\" href=\"https://www.wsj.com/articles/cisos-short-tenures-can-hamper-cyber-defenses-11582021801?mod=djemCybersecruityPro\u0026amp;tpl=cy\"\u003eWSJ: CISOs stay on the job less than three years, compared with nearly seven years for CEOs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Exploring the CISO\u0026#39;s personal brand\" rel=\"nofollow\" href=\"https://www.linkedin.com/pulse/exploring-cisos-personal-brand-michael-piacente/\"\u003eExploring the CISO's personal brand\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Hitch Partners principal Michael Piacente dishes on the cybersecurity job market during an economic crisis, the intricacies of recruiting top-flight security talent, the high rate of turnover among CISOs, and why companies should spend more time on writing better job descriptions.","date_published":"2020-03-30T07:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/87141539-e2ba-45d7-a262-cec68a4f6baf.mp3","mime_type":"audio/mpeg","size_in_bytes":27603336,"duration_in_seconds":1990}]},{"id":"68383542-84b9-4780-909a-a741b9c26cc8","title":"Dave Aitel, Founder and CEO, Immunity","url":"https://securityconversations.fireside.fm/dave-aitel-immunity","content_text":"Security industry pioneer Dave Aitel dishes on entrepreneurship, fostering a \"one team, one parking lot\" culture, how lessons from his time at the NSA still guides his decisions, and his approach to blunt, honest marketing. We also discuss a shared passion for Brazilian Jiu-Jitsu and his work supporting Project Grapple in Miami. Links:Project Grapple, The Jiu-Jitsu Non Profit Changing Lives\nAitel Foundation\nInfiltrate Conference\nDaily Dave (mailing list)\n","content_html":"\u003cp\u003eSecurity industry pioneer Dave Aitel dishes on entrepreneurship, fostering a \"one team, one parking lot\" culture, how lessons from his time at the NSA still guides his decisions, and his approach to blunt, honest marketing. We also discuss a shared passion for Brazilian Jiu-Jitsu and his work supporting Project Grapple in Miami. \u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Project Grapple, The Jiu-Jitsu Non Profit Changing Lives\" rel=\"nofollow\" href=\"https://www.flograppling.com/video/6044979-project-grapple-the-jiu-jitsu-non-profit-changing-lives\"\u003eProject Grapple, The Jiu-Jitsu Non Profit Changing Lives\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Aitel Foundation\" rel=\"nofollow\" href=\"https://www.aitelfoundation.org/\"\u003eAitel Foundation\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Infiltrate Conference\" rel=\"nofollow\" href=\"https://infiltratecon.com/\"\u003eInfiltrate Conference\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Daily Dave (mailing list)\" rel=\"nofollow\" href=\"https://seclists.org/dailydave/\"\u003eDaily Dave (mailing list)\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Security industry pioneer Dave Aitel dishes on entrepreneurship, fostering a \"one team, one parking lot\" culture, how lessons from his time at the NSA still guides his decisions, and his approach to blunt, honest marketing. We also discuss a shared passion for Brazilian Jiu-Jitsu and his work supporting Project Grapple in Miami.","date_published":"2020-03-23T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/68383542-84b9-4780-909a-a741b9c26cc8.mp3","mime_type":"audio/mpeg","size_in_bytes":36849446,"duration_in_seconds":2263}]},{"id":"cda34e0b-2ced-4519-9bee-dda805d6150c","title":"Sounil Yu, Cyber Defense Matrix","url":"https://securityconversations.fireside.fm/sounil-yu-cyber-defense-matrix","content_text":"Former Chief Security Scientist at Bank of America, Sounil Yu, explains why he created the Cyber Defense Matrix framework and how organizations are using it to drive visibility and security decisions in multiple places. We discuss securing \"cattle vs pets,\" the next era of security innovation, and the increasing security poverty line that hurts small- and medium-sized businesses. Links:Cyber Defense Matrix\n — The Cyber Defense Matrix helps us understand what we need organized through a logical construct so that when we go into the security vendor marketplace, we can quickly discern what products solve what problems and be informed on what is the core function of a given product. In addition, the Cyber Defense Matrix provides a mechanism to ensure that we have capabilities across the entire spectrum of options to help secure our environments.\nCyber Defense Matrix Reloaded\n — This is an update to the Cyber Defense Matrix briefing given at the 2019 RSA Conference. Cybersecurity practitioners can use this to organize vendors, find gaps in security portfolios, understand how to organize security measurements, prioritize investments, minimize business impact, visualize attack surfaces, align other existing frameworks, and gain a fuller understanding of the entire space of cybersecurity.\n","content_html":"\u003cp\u003eFormer Chief Security Scientist at Bank of America, Sounil Yu, explains why he created the Cyber Defense Matrix framework and how organizations are using it to drive visibility and security decisions in multiple places. We discuss securing \"cattle vs pets,\" the next era of security innovation, and the increasing security poverty line that hurts small- and medium-sized businesses. \u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Cyber Defense Matrix\" rel=\"nofollow\" href=\"https://owasp.org/www-project-cyber-defense-matrix/\"\u003eCyber Defense Matrix\n\u003c/a\u003e \u0026mdash; The Cyber Defense Matrix helps us understand what we need organized through a logical construct so that when we go into the security vendor marketplace, we can quickly discern what products solve what problems and be informed on what is the core function of a given product. In addition, the Cyber Defense Matrix provides a mechanism to ensure that we have capabilities across the entire spectrum of options to help secure our environments.\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cyber Defense Matrix Reloaded\" rel=\"nofollow\" href=\"https://www.slideshare.net/sounilyu/cyber-defense-matrix-reloaded\"\u003eCyber Defense Matrix Reloaded\n\u003c/a\u003e \u0026mdash; This is an update to the Cyber Defense Matrix briefing given at the 2019 RSA Conference. Cybersecurity practitioners can use this to organize vendors, find gaps in security portfolios, understand how to organize security measurements, prioritize investments, minimize business impact, visualize attack surfaces, align other existing frameworks, and gain a fuller understanding of the entire space of cybersecurity.\n\u003c/li\u003e\u003c/ul\u003e","summary":"Former Chief Security Scientist at Bank of America, Sounil Yu, explains why he created the Cyber Defense Matrix framework and how organizations are using it to drive visibility and security decisions in multiple places. We discuss securing \"cattle vs pets,\" the next era of security innovation, and the increasing security poverty line that hurts small- and medium-sized businesses.","date_published":"2020-03-17T08:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/cda34e0b-2ced-4519-9bee-dda805d6150c.mp3","mime_type":"audio/mpeg","size_in_bytes":31017607,"duration_in_seconds":2148}]},{"id":"dd036e55-5dd8-4043-ba3d-29caf4beebea","title":"Andy Ellis, Chief Security Officer, Akamai Technologies","url":"https://securityconversations.fireside.fm/andy-ellis-akamai","content_text":"In an industry where 10-15% of staff are women, Akamai's security team is 40% women and growing. Chief security officer Andy Ellis joins the podcast to share lessons on practical things -- some subtle, some major -- that pushed real diversity on Akamai's security team.Links:One company’s successful approach to gender balance\nVideo: 20 Years In: Security’s Grand Challenges, Then and Now\nAndy Ellis: Humans are Awesome at Risk Management\n","content_html":"\u003cp\u003eIn an industry where 10-15% of staff are women, Akamai's security team is 40% women and growing. Chief security officer Andy Ellis joins the podcast to share lessons on practical things -- some subtle, some major -- that pushed real diversity on Akamai's security team.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"One company’s successful approach to gender balance\" rel=\"nofollow\" href=\"https://hrexecutive.com/one-companys-successful-approach-to-gender-balance/\"\u003eOne company’s successful approach to gender balance\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Video: 20 Years In: Security’s Grand Challenges, Then and Now\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=XgmTm5e38Y0\"\u003eVideo: 20 Years In: Security’s Grand Challenges, Then and Now\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Andy Ellis: Humans are Awesome at Risk Management\" rel=\"nofollow\" href=\"https://www.rsaconference.com/industry-topics/presentation/humans-are-awesome-at-risk-management\"\u003eAndy Ellis: Humans are Awesome at Risk Management\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"In an industry where 10-15% of staff are women, Akamai's security team is 40% women and growing. Chief security officer Andy Ellis joins the podcast to share lessons on practical things -- some subtle, some major -- that pushed real diversity on Akamai's security team.","date_published":"2020-03-11T16:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/dd036e55-5dd8-4043-ba3d-29caf4beebea.mp3","mime_type":"audio/mpeg","size_in_bytes":23543325,"duration_in_seconds":1928}]},{"id":"c49758d1-bc1a-43d5-8eee-5f91c6d7021f","title":"Costin Raiu, Global Director, GReAT, Kaspersky Lab","url":"https://securityconversations.fireside.fm/costin-raiu-great","content_text":"Veteran malware hunter Costin Raiu talks about writing his own an anti-virus program as a teenager in Romania, his work tracking advanced threat actors globally, and why he assumes his computer is compromised by at least three APT groups.Links:\"Equation Group\" ran the most advanced hacking operation ever uncovered\nThe adventures of lab ED011\n — One Romanian campus computer lab both pentested the world and eventually helped protect it\nCostin Raiu on Twitter\nThe \"Red October\" Campaign\n","content_html":"\u003cp\u003eVeteran malware hunter Costin Raiu talks about writing his own an anti-virus program as a teenager in Romania, his work tracking advanced threat actors globally, and why he assumes his computer is compromised by at least three APT groups.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"\u0026quot;Equation Group\u0026quot; ran the most advanced hacking operation ever uncovered\" rel=\"nofollow\" href=\"https://arstechnica.com/information-technology/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/\"\u003e\"Equation Group\" ran the most advanced hacking operation ever uncovered\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The adventures of lab ED011\" rel=\"nofollow\" href=\"https://arstechnica.com/features/2018/08/the-secret-history-of-ed011-the-obscure-computer-lab-that-hacked-the-world/\"\u003eThe adventures of lab ED011\n\u003c/a\u003e \u0026mdash; One Romanian campus computer lab both pentested the world and eventually helped protect it\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Costin Raiu on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/craiu\"\u003eCostin Raiu on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"The \u0026quot;Red October\u0026quot; Campaign\" rel=\"nofollow\" href=\"https://securelist.com/the-red-october-campaign/57647/\"\u003eThe \"Red October\" Campaign\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Veteran malware hunter Costin Raiu talks about writing his own an anti-virus program as a teenager in Romania, his work tracking advanced threat actors globally, and why he assumes his computer is compromised by at least three APT groups.","date_published":"2018-09-03T04:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/c49758d1-bc1a-43d5-8eee-5f91c6d7021f.mp3","mime_type":"audio/mpeg","size_in_bytes":47022834,"duration_in_seconds":3081}]},{"id":"1f0f4e71-9a49-4d80-8a17-c020c7e2698c","title":"Josh Lefkowitz, Founder and CEO, Flashpoint","url":"https://securityconversations.fireside.fm/josh-lefkowitz-flashpoint","content_text":"Flashpoint chief executive Josh Lefkowitz talks about how his previous work as a counter-terrorism analyst underscored the value of contextual threat-intelligence, his company's approach to gathering and analyzing data, and his mission to be an extension of a client's security team.Links:Flashpoint - Library\n'7 Minutes' with Flashpoint CEO Josh Lefkowitz\nVideo: Josh Lefkowitz on AlphaBay's demise\n","content_html":"\u003cp\u003eFlashpoint chief executive Josh Lefkowitz talks about how his previous work as a counter-terrorism analyst underscored the value of contextual threat-intelligence, his company's approach to gathering and analyzing data, and his mission to be an extension of a client's security team.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Flashpoint - Library\" rel=\"nofollow\" href=\"https://www.flashpoint-intel.com/library/\"\u003eFlashpoint - Library\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"\u0026#39;7 Minutes\u0026#39; with Flashpoint CEO Josh Lefkowitz\" rel=\"nofollow\" href=\"https://www.channelpartnersonline.com/article/7-minutes-with-flashpoint-ceo-josh-lefkowitz/\"\u003e'7 Minutes' with Flashpoint CEO Josh Lefkowitz\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Video: Josh Lefkowitz on AlphaBay\u0026#39;s demise\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=fd6GedN3yng\"\u003eVideo: Josh Lefkowitz on AlphaBay's demise\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Flashpoint chief executive Josh Lefkowitz talks about how his previous work as a counter-terrorism analyst underscored the value of contextual threat-intelligence, his company's approach to gathering and analyzing data, and his mission to be an extension of a client's security team.","date_published":"2018-08-28T04:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1f0f4e71-9a49-4d80-8a17-c020c7e2698c.mp3","mime_type":"audio/mpeg","size_in_bytes":30504303,"duration_in_seconds":1930}]},{"id":"37e1bbf9-9add-4a52-9c5e-dc0940f670b6","title":"Christine Gadsby, Director of Product Security Operations, BlackBerry","url":"https://securityconversations.fireside.fm/christine-gadsby-blackberry","content_text":"BlackBerry security response executive Christine Gadsby joins the podcast to talk about tough decisions around shipping secure software, the challenges of securing supply chain dependencies, BlackBerry's new ransomware recovery feature, and her upcoming Black Hat 2018 presentation.Links:Black Hat 2018: Stop that Release There's a Vulnerability!\nChristine Gadsby on Twitter\nBlackBerry Enterprise Software - Security \u0026amp; Management for the Enterprise of Things\nChristine Gadsby on LinkedIn\n","content_html":"\u003cp\u003eBlackBerry security response executive Christine Gadsby joins the podcast to talk about tough decisions around shipping secure software, the challenges of securing supply chain dependencies, BlackBerry's new ransomware recovery feature, and her upcoming Black Hat 2018 presentation.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Black Hat 2018: Stop that Release There\u0026#39;s a Vulnerability!\" rel=\"nofollow\" href=\"https://www.blackhat.com/us-18/briefings.html#stop-that-release-theres-a-vulnerability\"\u003eBlack Hat 2018: Stop that Release There's a Vulnerability!\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Christine Gadsby on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/ChristineGadsby\"\u003eChristine Gadsby on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"BlackBerry Enterprise Software - Security \u0026amp; Management for the Enterprise of Things\" rel=\"nofollow\" href=\"https://us.blackberry.com/enterprise\"\u003eBlackBerry Enterprise Software - Security \u0026amp; Management for the Enterprise of Things\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Christine Gadsby on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/bbchristine/\"\u003eChristine Gadsby on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"BlackBerry security response executive Christine Gadsby joins the podcast to talk about tough decisions around shipping secure software, the challenges of securing supply chain dependencies, BlackBerry's new ransomware recovery feature, and her upcoming Black Hat 2018 presentation.","date_published":"2018-08-06T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/37e1bbf9-9add-4a52-9c5e-dc0940f670b6.mp3","mime_type":"audio/mpeg","size_in_bytes":26141237,"duration_in_seconds":1652}]},{"id":"d2f343f6-c9ae-4e29-a5be-bf8f746446b6","title":"Chad Loder, co-founder and CEO, Habitu8","url":"https://securityconversations.fireside.fm/chad-loder-habitu8","content_text":"Cybersecurity industry veteran Chad Loder talks about his time as co-founder of Rapid7, the decision to acquire Metasploit, lessons learned from moving to the CISO chair and why the industry still struggles with security awareness training.Links:About Habitu8\nChad Loder on Twitter\nRapid7 Acquires Metasploit\n","content_html":"\u003cp\u003eCybersecurity industry veteran Chad Loder talks about his time as co-founder of Rapid7, the decision to acquire Metasploit, lessons learned from moving to the CISO chair and why the industry still struggles with security awareness training.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"About Habitu8\" rel=\"nofollow\" href=\"https://www.habitu8.io/about-us/\"\u003eAbout Habitu8\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Chad Loder on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/chadloder\"\u003eChad Loder on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Rapid7 Acquires Metasploit\" rel=\"nofollow\" href=\"https://www.businesswire.com/news/home/20091021005675/en/Rapid7-Acquires-Metasploit\"\u003eRapid7 Acquires Metasploit\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Cybersecurity industry veteran Chad Loder talks about his time as co-founder of Rapid7, the decision to acquire Metasploit, lessons learned from moving to the CISO chair and why the industry still struggles with security awareness training.","date_published":"2018-07-31T09:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/d2f343f6-c9ae-4e29-a5be-bf8f746446b6.mp3","mime_type":"audio/mpeg","size_in_bytes":45359306,"duration_in_seconds":3208}]},{"id":"a936371f-8a20-4865-9932-a916fd16a2da","title":"Chris Castaldo, Senior Director of Cybersecurity, 2U ","url":"https://securityconversations.fireside.fm/chris-castaldo-2u","content_text":"Chris Castaldo, senior director of cybersecurity at 2U, Inc., joins Ryan on the podcast to talk about building a threat model for digitizing the education sector, his top priorities as a defender, new solutions that impress him, and why it's important to get independent third-party security assessments.Links:Uptycs\nosquery | Easily ask questions about your Linux, Windows, and macOS infrastructure\n","content_html":"\u003cp\u003eChris Castaldo, senior director of cybersecurity at 2U, Inc., joins Ryan on the podcast to talk about building a threat model for digitizing the education sector, his top priorities as a defender, new solutions that impress him, and why it's important to get independent third-party security assessments.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Uptycs\" rel=\"nofollow\" href=\"https://www.uptycs.com/technology\"\u003eUptycs\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"osquery | Easily ask questions about your Linux, Windows, and macOS infrastructure\" rel=\"nofollow\" href=\"https://osquery.io/\"\u003eosquery | Easily ask questions about your Linux, Windows, and macOS infrastructure\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Chris Castaldo, senior director of cybersecurity at 2U, Inc., joins Ryan on the podcast to talk about building a threat model for digitizing the education sector, his top priorities as a defender, new solutions that impress him, and why it's important to get independent third-party security assessments.","date_published":"2018-07-26T09:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a936371f-8a20-4865-9932-a916fd16a2da.mp3","mime_type":"audio/mpeg","size_in_bytes":37191493,"duration_in_seconds":2384}]},{"id":"2eee789f-5d35-4620-bef5-79a98b867ffb","title":"Wim Remes, CEO and Principal Researcher, Wire Security","url":"https://securityconversations.fireside.fm/wim-remes-wire-security","content_text":"Founder and CEO of Wire Security, Wim Remes, joins the podcast to discuss the intricacies of penetration testing, red-teaming, bug bounty programs, and calls for defenders to embrace continuous pen-testing.Links:Wim Remes on GitHub\nWim Remes on Twitter\n","content_html":"\u003cp\u003eFounder and CEO of Wire Security, Wim Remes, joins the podcast to discuss the intricacies of penetration testing, red-teaming, bug bounty programs, and calls for defenders to embrace continuous pen-testing.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Wim Remes on GitHub\" rel=\"nofollow\" href=\"https://github.com/wimremes/\"\u003eWim Remes on GitHub\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Wim Remes on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/wimremes\"\u003eWim Remes on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Founder and CEO of Wire Security Wim Remes discusses the intricacies of penetration testing, red-teaming, bug bounties, and calls for defenders to embrace continuous pen-testing.","date_published":"2018-07-23T12:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/2eee789f-5d35-4620-bef5-79a98b867ffb.mp3","mime_type":"audio/mpeg","size_in_bytes":29368681,"duration_in_seconds":2442}]},{"id":"d7db6dd9-a8d4-42ec-a94d-b51821f8e4e3","title":"Dan Hubbard, Chief Security Architect, Lacework","url":"https://securityconversations.fireside.fm/dan-hubbard-lacework","content_text":"Lacework Chief Security Architect Dan Hubbard joins the podcast to discuss his new research on container security, the challenges of securing cloud deployments, and why technological advancements have widened attack surfaces.Links:Containers at risk (PDF direct download)\nDan Hubbard on Twitter\n","content_html":"\u003cp\u003eLacework Chief Security Architect Dan Hubbard joins the podcast to discuss his new research on container security, the challenges of securing cloud deployments, and why technological advancements have widened attack surfaces.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Containers at risk (PDF direct download)\" rel=\"nofollow\" href=\"https://info.lacework.com/hubfs/Containers%20At-Risk_%20A%20Review%20of%2021,000%20Cloud%20Environments.pdf\"\u003eContainers at risk (PDF direct download)\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dan Hubbard on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/dhubbard858\"\u003eDan Hubbard on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Lacework Chief Security Architect Dan Hubbard joins the podcast to discuss his new research on container security, the challenges of securing cloud deployments, and why technological advancements have widened attack surfaces.","date_published":"2018-07-16T14:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/d7db6dd9-a8d4-42ec-a94d-b51821f8e4e3.mp3","mime_type":"audio/mpeg","size_in_bytes":33852535,"duration_in_seconds":2292}]},{"id":"904ca3fd-d3eb-481f-8a0e-819e0bfd87c4","title":"David Weston, Principal Security Engineering Manager, Microsoft","url":"https://securityconversations.fireside.fm/david-weston-microsoft","content_text":"David Weston manages the Windows Device and Offensive Security Research teams at Microsoft. He joins the podcast to talk about how proactive red-team exercises push major mitigations to Microsoft's products and the current state of security in the Windows ecosystem.Links:Dave Weston on Twitter\nDavid Weston: Hardening with Hardware\n — In this talk, we will review the metamorphosis and fundamental re-architecture of Windows to take advantage of emerging hardware security capabilities. \nWindows 10 in S mode\n","content_html":"\u003cp\u003eDavid Weston manages the Windows Device and Offensive Security Research teams at Microsoft. He joins the podcast to talk about how proactive red-team exercises push major mitigations to Microsoft's products and the current state of security in the Windows ecosystem.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Dave Weston on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/dwizzzlemsft\"\u003eDave Weston on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"David Weston: Hardening with Hardware\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=8V0wcqS22vc\"\u003eDavid Weston: Hardening with Hardware\n\u003c/a\u003e \u0026mdash; In this talk, we will review the metamorphosis and fundamental re-architecture of Windows to take advantage of emerging hardware security capabilities. \n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Windows 10 in S mode\" rel=\"nofollow\" href=\"https://www.microsoft.com/en-us/windows/s-mode\"\u003eWindows 10 in S mode\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"David Weston manages the Windows Device and Offensive Security Research teams at Microsoft. He joins the podcast to talk about how proactive red-team exercises push major mitigations to Microsoft's products and the current state of security in the Windows ecosystem.","date_published":"2018-06-24T18:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/904ca3fd-d3eb-481f-8a0e-819e0bfd87c4.mp3","mime_type":"audio/mpeg","size_in_bytes":37022785,"duration_in_seconds":2783}]},{"id":"https://securityconversations.com/?post_type=podcast\u0026p=530","title":"Rich Seiersen, SVP and CISO, Lending Club","url":"https://securityconversations.fireside.fm/rich-seiersen-lending-club","content_text":"SVP and Chief Information Security Officer (CISO) at Lending Club, Rich Seiersen, digs into the nuts and bolts of defending a financial services firm, his approach to finding quality cybersecurity talent, and the importance of confronting security with data. (Recorded during fireside chat at SecurityWeek’s CISO Forum).\n\n \n\n\n\nhttps://securityconversations.com/wp-content/uploads/2018/06/rich_seierson.mp3Links:Book: How to Measure Anything in Cybersecurity Risk\n — How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current \"risk management\" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security.\n","content_html":"\u003cp\u003e\u003cspan\u003eSVP and Chief Information Security Officer (CISO) at Lending Club,\u0026nbsp;Rich Seiersen, digs into the nuts and bolts of defending a financial services firm, his approach to finding quality cybersecurity talent, and the importance of confronting security with data.\u0026nbsp;(Recorded during fireside chat at SecurityWeek’s \u003ca href=\"https://cisoforum.com\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCISO Forum\u003c/a\u003e).\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003caudio class=\"wp-audio-shortcode\" controls=\"controls\"\u003e\u003csource type=\"audio/mpeg\" src=\"https://securityconversations.com/wp-content/uploads/2018/06/rich_seierson.mp3?_=1\"\u003e\u003ca href=\"https://securityconversations.com/wp-content/uploads/2018/06/rich_seierson.mp3\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://securityconversations.com/wp-content/uploads/2018/06/rich_seierson.mp3\u003c/a\u003e\u003c/audio\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Book: How to Measure Anything in Cybersecurity Risk\" rel=\"nofollow\" href=\"https://www.amazon.com/How-Measure-Anything-Cybersecurity-Risk/dp/1536669741\"\u003eBook: How to Measure Anything in Cybersecurity Risk\n\u003c/a\u003e \u0026mdash; How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current \"risk management\" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security.\n\u003c/li\u003e\u003c/ul\u003e","summary":"SVP and Chief Information Security Officer (CISO) at Lending Club, Rich Seiersen, digs into the nuts and bolts of defending a financial services firm, his approach to finding quality cybersecurity talent, and the importance of confronting security with data. (Recorded during fireside chat at SecurityWeek's \u003ca href=\"https://cisoforum.com\"\u003eCISO Forum\u003c/a\u003e)","date_published":"2018-06-18T09:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/cacc11a2-aec9-4926-8d62-1cd34a5befdf.mp3","mime_type":"audio/mpeg","size_in_bytes":27931750,"duration_in_seconds":2248}]},{"id":"https://securityconversations.com/?post_type=podcast\u0026p=521","title":"Andrew Morris, Founder and CEO, GreyNoise Intelligence","url":"https://securityconversations.fireside.fm/andrew-morris-greynoise-intelligence","content_text":"Founder and CEO of GreyNoise Intelligence Andrew Morris (andrew___morris) talks about his “anti threat-intelligence” company, the ways SOCs are using it to filter through scanning noise and the trials and tribulations of bootstrapping a start-up.\n\n \n\nhttps://securityconversations.com/wp-content/uploads/2018/05/andrew_morris.mp3Links:What is GreyNoise?\n","content_html":"\u003cp\u003eFounder and CEO of GreyNoise Intelligence Andrew Morris (\u003ca href=\"https://twitter.com/andrew___morris\" target=\"_blank\" rel=\"nofollow noopener\"\u003eandrew___morris\u003c/a\u003e) talks about his “anti threat-intelligence” company, the ways SOCs are using it to filter through scanning noise and the trials and tribulations of bootstrapping a start-up.\u003c/p\u003e\n\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003caudio class=\"wp-audio-shortcode\" controls=\"controls\"\u003e\u003csource type=\"audio/mpeg\" src=\"https://securityconversations.com/wp-content/uploads/2018/05/andrew_morris.mp3?_=2\"\u003e\u003ca href=\"https://securityconversations.com/wp-content/uploads/2018/05/andrew_morris.mp3\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://securityconversations.com/wp-content/uploads/2018/05/andrew_morris.mp3\u003c/a\u003e\u003c/audio\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"What is GreyNoise?\" rel=\"nofollow\" href=\"https://greynoise.io/blog/2018/2/1/what-is-greynoise\"\u003eWhat is GreyNoise?\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Founder and CEO of GreyNoise Intelligence Andrew Morris talks about his anti threat-intelligence company, the ways SOCs are using it to filter through scanning noise and the trials and tribulations of bootstrapping a start-up.","date_published":"2018-05-31T15:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a441617f-9c5d-49d0-8fd8-d21fc211523a.mp3","mime_type":"audio/mpeg","size_in_bytes":21465394,"duration_in_seconds":2239}]},{"id":"https://securityconversations.com/?post_type=podcast\u0026p=513","title":"Yoav Leitersdorf, Managing Partner , YL Ventures","url":"https://securityconversations.fireside.fm/yoav-leitersdorf-yl-ventures","content_text":"Managing Partner at YL Ventures, Yoav Leitersdorf (ylventures), explains the surge in cybersecurity investments in Israel, the priorities for his $75 million fund and which sectors are ripe for the picking.\n\n \n\nhttps://securityconversations.com/wp-content/uploads/2018/05/ep30-yoav_leitersdorf.mp3Links:Ask A VC: Yoav Leitersdorf On The Cyber Security Opportunity \n — In this week’s episode of Ask A VC, we hosted YL Ventures’ Yoav Leitersdorf in the studio to talk about cyber security, innovations in Israel and more.\n","content_html":"\u003cp\u003eManaging Partner at YL Ventures, Yoav Leitersdorf (\u003ca href=\"https://twitter.com/ylventures\" target=\"_blank\" rel=\"nofollow noopener\"\u003eylventures\u003c/a\u003e), explains the surge in cybersecurity investments in Israel, the priorities for his $75 million fund and which sectors are ripe for the picking.\u003c/p\u003e\n\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003caudio class=\"wp-audio-shortcode\" controls=\"controls\"\u003e\u003csource type=\"audio/mpeg\" src=\"https://securityconversations.com/wp-content/uploads/2018/05/ep30-yoav_leitersdorf.mp3?_=3\"\u003e\u003ca href=\"https://securityconversations.com/wp-content/uploads/2018/05/ep30-yoav_leitersdorf.mp3\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://securityconversations.com/wp-content/uploads/2018/05/ep30-yoav_leitersdorf.mp3\u003c/a\u003e\u003c/audio\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Ask A VC: Yoav Leitersdorf On The Cyber Security Opportunity \" rel=\"nofollow\" href=\"https://techcrunch.com/2014/03/07/ask-a-vc-yl-ventures-yoav-leitersdorf-on-the-cyber-security-opportunity/\"\u003eAsk A VC: Yoav Leitersdorf On The Cyber Security Opportunity \n\u003c/a\u003e \u0026mdash; In this week’s episode of Ask A VC, we hosted YL Ventures’ Yoav Leitersdorf in the studio to talk about cyber security, innovations in Israel and more.\n\u003c/li\u003e\u003c/ul\u003e","summary":"Managing Partner at YL Ventures, Yoav Leitersdorf, explains the surge in cybersecurity investments in Israel, the priorities for his $75 million fund, and which sectors are ripe for the picking.","date_published":"2018-05-21T16:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/b23f807e-3c66-4fd6-93eb-f9d10a93dda2.mp3","mime_type":"audio/mpeg","size_in_bytes":19693277,"duration_in_seconds":1567}]},{"id":"https://securityconversations.com/?post_type=podcast\u0026p=499","title":"Juan Andrés Guerrero-Saade, Principal Security Researcher, Recorded Future","url":"https://securityconversations.fireside.fm/juan-andres-guerrero-saade-recorded-future","content_text":"Principal Security Researcher at Recorded Future’s Insikt Group, Juan Andrés Guerrero-Saade (juanandres_gs), explains the nuances of good threat intelligence, sheds light on nation-state hacker activity and warns that adversaries don’t have to be “sophisticated” to launch successful attacks.\n\n \n\nhttps://securityconversations.com/wp-content/uploads/2018/05/juan_andres_guerrero_saade.mp3","content_html":"\u003cp\u003ePrincipal Security Researcher at Recorded Future’s Insikt Group,\u0026nbsp;Juan Andrés Guerrero-Saade (\u003ca href=\"https://twitter.com/juanandres_gs\" target=\"_blank\" rel=\"nofollow noopener\"\u003ejuanandres_gs\u003c/a\u003e), explains the nuances of good threat intelligence, sheds light on nation-state hacker activity and warns that adversaries don’t have to be “sophisticated” to launch successful attacks.\u003c/p\u003e\n\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003caudio class=\"wp-audio-shortcode\" controls=\"controls\"\u003e\u003csource type=\"audio/mpeg\" src=\"https://securityconversations.com/wp-content/uploads/2018/05/juan_andres_guerrero_saade.mp3?_=4\"\u003e\u003ca href=\"https://securityconversations.com/wp-content/uploads/2018/05/juan_andres_guerrero_saade.mp3\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://securityconversations.com/wp-content/uploads/2018/05/juan_andres_guerrero_saade.mp3\u003c/a\u003e\u003c/audio\u003e","summary":"Principal Security Researcher at Recorded Futures Insikt Group, Juan Andrés Guerrero-Saade, explains the nuances of good threat intelligence, sheds light on nation-state hacker activity and warns that adversaries don't have to be sophisticated to launch successful attacks.","date_published":"2018-05-14T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/f69cb1a6-f5e9-4664-bc82-fc229d5b1de4.mp3","mime_type":"audio/mpeg","size_in_bytes":53015905,"duration_in_seconds":3684}]},{"id":"https://securityconversations.com/?post_type=podcast\u0026p=488","title":"Robert M. Lee, Chief Executive Officer, Dragos Inc.","url":"https://securityconversations.fireside.fm/robert-m-lee-dragos","content_text":"The founder and CEO of Dragos, Inc. Robert M. Lee (RobertMLee) cuts through the hype around threats to critical infrastructure and offers a matter-of-fact take on active defense, “hacking-back,” and nation-state espionage operations.\n\n \n\nhttps://securityconversations.com/wp-content/uploads/2018/05/ep28-robert-m-lee.mp3","content_html":"\u003cp\u003eThe founder and CEO of Dragos, Inc. Robert M. Lee (\u003ca href=\"https://twitter.com/RobertMLee\" target=\"_blank\" rel=\"nofollow noopener\"\u003eRobertMLee\u003c/a\u003e) cuts through the hype around threats to critical infrastructure and offers a matter-of-fact take on active defense, “hacking-back,” and nation-state espionage operations.\u003c/p\u003e\n\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003caudio class=\"wp-audio-shortcode\" controls=\"controls\"\u003e\u003csource type=\"audio/mpeg\" src=\"https://securityconversations.com/wp-content/uploads/2018/05/ep28-robert-m-lee.mp3?_=5\"\u003e\u003ca href=\"https://securityconversations.com/wp-content/uploads/2018/05/ep28-robert-m-lee.mp3\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://securityconversations.com/wp-content/uploads/2018/05/ep28-robert-m-lee.mp3\u003c/a\u003e\u003c/audio\u003e","summary":"The founder and CEO of Dragos, Inc. Robert M. Lee cuts through the hype around threats to critical infrastructure and offers a matter-of-fact take on active defense, “hacking-back,” and nation-state espionage operations.","date_published":"2018-05-10T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/12cf4cec-e81b-4f38-b8ff-956979ab0e93.mp3","mime_type":"audio/mpeg","size_in_bytes":65117301,"duration_in_seconds":3284}]},{"id":"https://securityconversations.com/?post_type=podcast\u0026p=479","title":"Brandon Dixon, Vice President, RiskIQ","url":"https://securityconversations.fireside.fm/brandon-dixon-riskiq","content_text":"VP of Product at RiskIQ Brandon Dixon (@9bplus) delves into nation-state cyber operations, explains why it’s dangerous to underestimate North Korea’s capabilities, and his passion for roasting the perfect coffee bean.\n\nhttps://securityconversations.com/wp-content/uploads/2018/05/ep27-brandon-dixon.mp3Links:Split Key Coffee\nSplit Key Coffee on Medium\nTainted Leaks: Disinformation and Phishing With a Russian Nexus - The Citizen Lab\n — This report describes an extensive Russia-linked phishing and disinformation campaign. It provides evidence of how documents stolen from a prominent journalist and critic of Russia was tampered with and then “leaked” to achieve specific propaganda aims.\n","content_html":"\u003cp\u003eVP of Product at RiskIQ Brandon Dixon (\u003ca href=\"https://twitter.com/9bplus\" target=\"_blank\" rel=\"nofollow noopener\"\u003e@9bplus\u003c/a\u003e) delves into nation-state cyber operations, explains why it’s dangerous to underestimate North Korea’s capabilities, and his passion for roasting the perfect coffee bean.\u003c/p\u003e\n\n\u003caudio class=\"wp-audio-shortcode\" controls=\"controls\"\u003e\u003csource type=\"audio/mpeg\" src=\"https://securityconversations.com/wp-content/uploads/2018/05/ep27-brandon-dixon.mp3?_=6\"\u003e\u003ca href=\"https://securityconversations.com/wp-content/uploads/2018/05/ep27-brandon-dixon.mp3\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://securityconversations.com/wp-content/uploads/2018/05/ep27-brandon-dixon.mp3\u003c/a\u003e\u003c/audio\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Split Key Coffee\" rel=\"nofollow\" href=\"https://twitter.com/SplitKeyCoffee\"\u003eSplit Key Coffee\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Split Key Coffee on Medium\" rel=\"nofollow\" href=\"https://medium.com/split-key-coffee\"\u003eSplit Key Coffee on Medium\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Tainted Leaks: Disinformation and Phishing With a Russian Nexus - The Citizen Lab\" rel=\"nofollow\" href=\"https://citizenlab.ca/2017/05/tainted-leaks-disinformation-phish/\"\u003eTainted Leaks: Disinformation and Phishing With a Russian Nexus - The Citizen Lab\n\u003c/a\u003e \u0026mdash; This report describes an extensive Russia-linked phishing and disinformation campaign. It provides evidence of how documents\u0026nbsp;stolen from a prominent journalist and critic of Russia was tampered with and then “leaked” to achieve specific propaganda aims.\n\u003c/li\u003e\u003c/ul\u003e","summary":"VP of Product at RiskIQ Brandon Dixon delves into nation-state cyber operations, explains why it’s dangerous to underestimate North Korea’s capabilities, and his passion for roasting the perfect coffee bean.","date_published":"2018-05-09T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/55e3820f-eacf-49b8-a98a-9baf2dfd641d.mp3","mime_type":"audio/mpeg","size_in_bytes":55969497,"duration_in_seconds":3790}]},{"id":"https://securityconversations.com/?post_type=podcast\u0026p=470","title":"Ryan Huber, Security Architect, Slack","url":"https://securityconversations.fireside.fm/ryan-huber-slack","content_text":"Slack security architect Ryan Huber talks about the gargantuan task of defending an organization with 8 million daily active users, burnout, and fatigue in security teams and a range of issues around bug bounties and penetration testing.Links:Video of Rob Joyce's 2016 Enigma talk\nRyan Huber on Twitter\n","content_html":"\u003cp\u003eSlack security architect Ryan Huber talks about the gargantuan task of defending an organization with 8 million daily active users, burnout, and fatigue in security teams and a range of issues around bug bounties and penetration testing.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Video of Rob Joyce\u0026#39;s 2016 Enigma talk\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=bDJb8WOJYdA\"\u003eVideo of Rob Joyce's 2016 Enigma talk\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Ryan Huber on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/ryanhuber\"\u003eRyan Huber on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Slack security architect Ryan Huber talks about the gargantuan task of defending an organization with 8 million daily active users, burnout, and fatigue in security teams and a range of issues around bug bounties and penetration testing.","date_published":"2018-05-08T16:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/356ed2cf-065c-4092-b71b-5ee407b73e26.mp3","mime_type":"audio/mpeg","size_in_bytes":75433009,"duration_in_seconds":3888}]},{"id":"https://securityconversations.com/?post_type=podcast\u0026p=441","title":"Ivan Arce, CTO at Quarkslab","url":"https://securityconversations.fireside.fm/ivan-arce-quarkslab","content_text":"Chief Technology Officer at Quarkslab Ivan Arce (@4dgifts) tells stories about the birth of penetration testing platforms, the concentration of hacking talent in Argentina, and his focus on security problems in the Android ecosystem.\n\nhttps://securityconversations.com/wp-content/uploads/2018/05/ivan_arce_01.mp3","content_html":"\u003cp\u003eChief Technology Officer at Quarkslab Ivan Arce (\u003ca href=\"https://twitter.com/4dgifts\" target=\"_blank\" rel=\"nofollow noopener\"\u003e@4dgifts\u003c/a\u003e) tells stories about the birth of penetration testing platforms, the concentration of hacking talent in Argentina, and his focus on security problems in the Android ecosystem.\u003c/p\u003e\n\n\u003caudio class=\"wp-audio-shortcode\" controls=\"controls\"\u003e\u003csource type=\"audio/mpeg\" src=\"https://securityconversations.com/wp-content/uploads/2018/05/ivan_arce_01.mp3?_=7\"\u003e\u003ca href=\"https://securityconversations.com/wp-content/uploads/2018/05/ivan_arce_01.mp3\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://securityconversations.com/wp-content/uploads/2018/05/ivan_arce_01.mp3\u003c/a\u003e\u003c/audio\u003e","summary":"Chief Technology Officer at Quarkslab Ivan Arce tells stories about the birth of penetration testing platforms, the concentration of hacking talent in Argentina, and his focus on security problems in the Android ecosystem.","date_published":"2018-05-04T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/111cab3d-0ff5-4290-8488-07e6149421ce.mp3","mime_type":"audio/mpeg","size_in_bytes":69299416,"duration_in_seconds":3615}]},{"id":"https://securityconversations.com/?post_type=podcast\u0026p=431","title":"Sinan Eren, Founder and CEO, Fyde","url":"https://securityconversations.fireside.fm/sinan-eren-fyde","content_text":"Founder and CEO of Fyde (@FydeApp) Sinan Eren discusses the “iOS-ification” of platforms and the security ramifications, the dangers of running AV software, the iOS vs. Android security argument, and his new venture to address mobile phishing attacks.\n\nhttps://securityconversations.com/wp-content/uploads/2018/05/Ep-24-sinan_eren.mp3Links:Security vendors need to stop doing more harm than good\n","content_html":"\u003cp\u003eFounder and CEO of Fyde (@\u003ca href=\"https://twitter.com/FydeApp\" target=\"_blank\" rel=\"nofollow noopener\"\u003eFydeApp\u003c/a\u003e) Sinan Eren discusses the “iOS-ification” of platforms and the security ramifications, the dangers of running AV software, the iOS vs. Android security argument, and his new venture to address mobile phishing attacks.\u003c/p\u003e\n\n\u003caudio class=\"wp-audio-shortcode\" controls=\"controls\"\u003e\u003csource type=\"audio/mpeg\" src=\"https://securityconversations.com/wp-content/uploads/2018/05/Ep-24-sinan_eren.mp3?_=8\"\u003e\u003ca href=\"https://securityconversations.com/wp-content/uploads/2018/05/Ep-24-sinan_eren.mp3\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://securityconversations.com/wp-content/uploads/2018/05/Ep-24-sinan_eren.mp3\u003c/a\u003e\u003c/audio\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Security vendors need to stop doing more harm than good\" rel=\"nofollow\" href=\"https://www.zdnet.com/article/security-vendors-heal-thyself-do-good-not-harm/\"\u003eSecurity vendors need to stop doing more harm than good\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Founder and CEO of Fyde (@FydeApp) Sinan Eren discusses the “iOS-ification” of platforms and the security ramifications, the dangers of running AV software, the iOS vs. Android security argument, and his new venture to address mobile phishing attacks.\r\n","date_published":"2018-05-02T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1bdc9378-05fb-4cbb-885e-a635b58b2298.mp3","mime_type":"audio/mpeg","size_in_bytes":49914123,"duration_in_seconds":2658}]},{"id":"https://securityconversations.com/?post_type=podcast\u0026p=421","title":"Stephen Ridley, Founder and CTO, Senrio","url":"https://securityconversations.fireside.fm/stephen-ridley-senrio","content_text":"Founder and CTO at Senrio Stephen Ridley (@s7ephen) talks about the abysmal state of IoT security, his recent exploitation of an IP camera, and router to exfiltrate corporate data and his experience as a minority in the security industry.\n\nhttps://securityconversations.com/wp-content/uploads/2018/04/Ep23-stephen-ridley.mp3Links:Introducing - Senrio Discovery\n","content_html":"\u003cp\u003eFounder and CTO at Senrio Stephen Ridley (\u003ca href=\"https://twitter.com/s7ephen\" target=\"_blank\" rel=\"nofollow noopener\"\u003e@s7ephen\u003c/a\u003e) talks about the abysmal state of IoT security, his recent exploitation of an IP camera, and router to exfiltrate corporate data and his experience as a minority in the security industry.\u003c/p\u003e\n\n\u003caudio class=\"wp-audio-shortcode\" controls=\"controls\"\u003e\u003csource type=\"audio/mpeg\" src=\"https://securityconversations.com/wp-content/uploads/2018/04/Ep23-stephen-ridley.mp3?_=9\"\u003e\u003ca href=\"https://securityconversations.com/wp-content/uploads/2018/04/Ep23-stephen-ridley.mp3\" target=\"_blank\" rel=\"nofollow noopener\"\u003ehttps://securityconversations.com/wp-content/uploads/2018/04/Ep23-stephen-ridley.mp3\u003c/a\u003e\u003c/audio\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Introducing - Senrio Discovery\" rel=\"nofollow\" href=\"https://blog.senr.io/blog/introducing-senrio-discovery\"\u003eIntroducing - Senrio Discovery\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Founder and CTO at Senrio Stephen Ridley talks about the abysmal state of IoT security, his recent exploitation of an IP camera, and router to exfiltrate corporate data and his experience as a minority in the security industry.","date_published":"2018-04-30T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a0478299-5d72-4bd9-8bd0-bc3c553645ba.mp3","mime_type":"audio/mpeg","size_in_bytes":52952645,"duration_in_seconds":2998}]},{"id":"1acf96d7-a561-4f6f-a936-75f92e67ca7b","title":"Mischel Kwon, Founder and CEO, MKA Cyber","url":"https://securityconversations.fireside.fm/mischel-kwon-mka-cyber","content_text":"Founder and CEO at MKACyber Mischel Kwon joins the podcast to address the state of the SOC (Security Operations Center) and how businesses should deal with issues around excessive alerts, incident response times, and outdated metrics.Links:MKACyber\nMischel Kwon on LinkedIn\n","content_html":"\u003cp\u003eFounder and CEO at MKACyber Mischel Kwon joins the podcast to address the state of the SOC (Security Operations Center) and how businesses should deal with issues around excessive alerts, incident response times, and outdated metrics.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"MKACyber\" rel=\"nofollow\" href=\"https://mkacyber.io/\"\u003eMKACyber\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Mischel Kwon on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/mischelkwon/\"\u003eMischel Kwon on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Founder and CEO at MKACyber Mischel Kwon joins the podcast to address the state of the SOC (Security Operations Center) and how businesses should deal with issues around excessive alerts, incident response times, and outdated metrics.","date_published":"2018-04-26T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1acf96d7-a561-4f6f-a936-75f92e67ca7b.mp3","mime_type":"audio/mpeg","size_in_bytes":43253945,"duration_in_seconds":2342}]},{"id":"5714f72d-d6d1-4ec0-9ba7-0b5ffbd297de","title":"Rick Holland, CISO and VP of Strategy, Digital Shadows","url":"https://securityconversations.fireside.fm/rick-holland-digital-shadows","content_text":"CISO and VP of Strategy at Digital Shadows Rick Holland discusses his path in the information security industry, advancements in the threat intel space, and his passion for good bar-b-que.Links:Rick Holland on LinkedIn\nDigital Shadows\n","content_html":"\u003cp\u003eCISO and VP of Strategy at Digital Shadows Rick Holland discusses his path in the information security industry, advancements in the threat intel space, and his passion for good bar-b-que.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Rick Holland on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/rick-holland-4737a93/\"\u003eRick Holland on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Digital Shadows\" rel=\"nofollow\" href=\"https://www.digitalshadows.com/\"\u003eDigital Shadows\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"CISO and VP of Strategy at Digital Shadows Rick Holland discusses his path in the information security industry, advancements in the threat intel space, and his passion for good bar-b-que.","date_published":"2018-04-24T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/5714f72d-d6d1-4ec0-9ba7-0b5ffbd297de.mp3","mime_type":"audio/mpeg","size_in_bytes":55915215,"duration_in_seconds":2134}]},{"id":"1a12e545-c1df-485c-b38f-dacd2356366d","title":"Thomas Ptacek, Founder, Latacora","url":"https://securityconversations.fireside.fm/tom-ptacek-latacora","content_text":"Latacora Security founder Thomas Ptacek joins the podcast to weigh in on the cybersecurity skills shortage, his approach to recruiting and hiring, and what needs to be done to address diversity in the industry.Links:Latacora -- Security Teams For Startups\n — Latacora does just one kind of engagement: we join your engineering team virtually and run security, for about a year. Then we help you hire someone full-time to replace us.\nThomas H. Ptacek on Twitter\n","content_html":"\u003cp\u003eLatacora Security founder Thomas Ptacek joins the podcast to weigh in on the cybersecurity skills shortage, his approach to recruiting and hiring, and what needs to be done to address diversity in the industry.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Latacora -- Security Teams For Startups\" rel=\"nofollow\" href=\"https://latacora.com/\"\u003eLatacora -- Security Teams For Startups\n\u003c/a\u003e \u0026mdash; Latacora does just one kind of engagement: we join your engineering team virtually and run security, for about a year. Then we help you hire someone full-time to replace us.\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Thomas H. Ptacek on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/tqbf\"\u003eThomas H. Ptacek on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Latacora Security founder Thomas Ptacek joins the podcast to weigh in on the cybersecurity skills shortage, his approach to recruiting and hiring, and what needs to be done to address diversity in the industry.","date_published":"2018-04-23T15:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1a12e545-c1df-485c-b38f-dacd2356366d.mp3","mime_type":"audio/mpeg","size_in_bytes":42360848,"duration_in_seconds":2918}]},{"id":"517fd50b-7794-4b77-a0f5-4c898524b014","title":"Zane Lackey, Chief Security Officer, Signal Sciences","url":"https://securityconversations.fireside.fm/zane-lackey-signal-sciences","content_text":"Co-founder and Chief Security Officer at Signal Sciences Zane Lackey riffs on DevOps, the almost impossible task of defending organizations from intruders, bug bounties versus penetration testing, and the pros and cons of launching a company with venture capital investment.Links:Zane Lackey on LinkedIn\nSignal Sciences -The Next-Gen Web Protection Platform\n","content_html":"\u003cp\u003eCo-founder and Chief Security Officer at Signal Sciences Zane Lackey riffs on DevOps, the almost impossible task of defending organizations from intruders, bug bounties versus penetration testing, and the pros and cons of launching a company with venture capital investment.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Zane Lackey on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/zane-lackey-66a3404/\"\u003eZane Lackey on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Signal Sciences -The Next-Gen Web Protection Platform\" rel=\"nofollow\" href=\"https://www.signalsciences.com/\"\u003eSignal Sciences -The Next-Gen Web Protection Platform\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Co-founder and Chief Security Officer at Signal Sciences Zane Lackey riffs on DevOps, the almost impossible task of defending organizations from intruders, bug bounties versus penetration testing, and the pros and cons of launching a company with venture capital investment.","date_published":"2018-04-16T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/517fd50b-7794-4b77-a0f5-4c898524b014.mp3","mime_type":"audio/mpeg","size_in_bytes":42101169,"duration_in_seconds":2500}]},{"id":"21e54dc1-246e-4efb-a0dd-9cd1ab69a610","title":"Haroon Meer, CEO, Thinkst Applied Research","url":"https://securityconversations.fireside.fm/haroon-meer-thinkst-applied-research","content_text":"Thinkst founder Haroon Meer talks about building a security company from scratch without VC funding, using Canaries to pinpoint signs of intruder activity, advancements in security research, and the state of the bug bounty market.Links:Thinkst Canary - how it works\nVideo : Enterprise security - A new hope\nHaroon Meer on Twitter\n","content_html":"\u003cp\u003eThinkst founder Haroon Meer talks about building a security company from scratch without VC funding, using Canaries to pinpoint signs of intruder activity, advancements in security research, and the state of the bug bounty market.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Thinkst Canary - how it works\" rel=\"nofollow\" href=\"https://canary.tools/#how-it-works\"\u003eThinkst Canary - how it works\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Video : Enterprise security - A new hope\" rel=\"nofollow\" href=\"https://www.youtube.com/watch?v=gbbq7FSPxdA\"\u003eVideo : Enterprise security - A new hope\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Haroon Meer on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/haroonmeer\"\u003eHaroon Meer on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Thinkst founder Haroon Meer talks about building a security company from scratch without VC funding, using Canaries to pinpoint signs of intruder activity, advancements in security research, and the state of the bug bounty market.","date_published":"2018-04-12T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/21e54dc1-246e-4efb-a0dd-9cd1ab69a610.mp3","mime_type":"audio/mpeg","size_in_bytes":49733509,"duration_in_seconds":3626}]},{"id":"76f82d6c-8983-4786-abaf-d0426dc65a4c","title":"David (int eighty), Dual Core","url":"https://securityconversations.fireside.fm/int-eighty-dual-core","content_text":"Red teamer and security researcher by day, nerdcore rapper by night, ‘int eighty’ joins the podcast to talk about his work breaking into computer systems, common security mistakes that people make, and his double life as a musician in Dual Core.Links:Dual Core / International hip hop duo\n","content_html":"\u003cp\u003eRed teamer and security researcher by day, nerdcore rapper by night, ‘int eighty’ joins the podcast to talk about his work breaking into computer systems, common security mistakes that people make, and his double life as a musician in Dual Core.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Dual Core / International hip hop duo\" rel=\"nofollow\" href=\"http://dualcoremusic.com/nerdcore/\"\u003eDual Core / International hip hop duo\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Red teamer and security researcher by day, nerdcore rapper by night, ‘int eighty’ joins the podcast to talk about his work breaking into computer systems, common security mistakes that people make, and his double life as a musician in Dual Core.","date_published":"2018-04-11T15:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/76f82d6c-8983-4786-abaf-d0426dc65a4c.mp3","mime_type":"audio/mpeg","size_in_bytes":34938743,"duration_in_seconds":2374}]},{"id":"470c2cbd-ffb9-4df1-aa97-1e70410dcc81","title":"Dennis Fisher, Editor-in-Chief, Decipher","url":"https://securityconversations.fireside.fm/dennis-fisher-decipher","content_text":"Veteran cybersecurity writer Dennis Fisher joins the podcast to talk about his new journalism venture at decipher.sc, his preference for long-form writing, and the trends worth following in the security space.Links:Dennis Fisher | Decipher\n — He is one of the co-founders of Threatpost and previously wrote for TechTarget and eWeek, when magazines were still a thing that existed. Dennis enjoys finding the stories behind the headlines and digging into the motivations and thinking of both defenders and attackers. His work has appeared in The Boston Globe, The Improper Bostonian, Harvard Business School’s Working Knowledge, and most of his kids’ English papers.\nDennis Fisher on Twitter\n","content_html":"\u003cp\u003eVeteran cybersecurity writer Dennis Fisher joins the podcast to talk about his new journalism venture at decipher.sc, his preference for long-form writing, and the trends worth following in the security space.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Dennis Fisher | Decipher\" rel=\"nofollow\" href=\"https://duo.com/decipher/article_author/dfisher\"\u003eDennis Fisher | Decipher\n\u003c/a\u003e \u0026mdash; He is one of the co-founders of Threatpost and previously wrote for TechTarget and eWeek, when magazines were still a thing that existed. Dennis enjoys finding the stories behind the headlines and digging into the motivations and thinking of both defenders and attackers. His work has appeared in The Boston Globe, The Improper Bostonian, Harvard Business School’s Working Knowledge, and most of his kids’ English papers.\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dennis Fisher on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/DennisF\"\u003eDennis Fisher on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Veteran cybersecurity writer Dennis Fisher joins the podcast to talk about his new journalism venture at decipher.sc, his preference for long-form writing, and the trends worth following in the security space.","date_published":"2018-04-05T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/470c2cbd-ffb9-4df1-aa97-1e70410dcc81.mp3","mime_type":"audio/mpeg","size_in_bytes":36569236,"duration_in_seconds":2580}]},{"id":"4cddd571-1e73-4625-acb1-321bb47e706f","title":"Tim Maurer, Scholar, Carnegie Endowment for International Peace","url":"https://securityconversations.fireside.fm/tim-maurer-carnegie-endowment-for-international-peace","content_text":"Tim Maurer, a scholar at the Carnegie Endowment for International Peace, talks about nation state-backed hacking activity and the dangers of breaking trust in the global financial system.Links:Tim Maurer - Carnegie Endowment for International Peace\n — Tim Maurer is the co-director of the Cyber Policy Initiative and a fellow at the Carnegie Endowment for International Peace. Since 2010, his work has been focusing on cybersecurity, human rights in the digital age, and Internet governance, currently with a specific focus on cybersecurity and financial stability.\nTim Maurer on Twitter\nCyber Mercenaries: The State, Hackers, and Power\n — Cyber Mercenaries explores the secretive relationships between states and hackers. As cyberspace has emerged as the new frontier for geopolitics, states have become entrepreneurial in their sponsorship, deployment, and exploitation of hackers as proxies to project power. Such modern-day mercenaries and privateers can impose significant harm undermining global security, stability, and human rights. \n","content_html":"\u003cp\u003eTim Maurer, a scholar at the Carnegie Endowment for International Peace, talks about nation state-backed hacking activity and the dangers of breaking trust in the global financial system.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Tim Maurer - Carnegie Endowment for International Peace\" rel=\"nofollow\" href=\"http://carnegieendowment.org/experts/1086\"\u003eTim Maurer - Carnegie Endowment for International Peace\n\u003c/a\u003e \u0026mdash; Tim Maurer is the co-director of the Cyber Policy Initiative and a fellow at the Carnegie Endowment for International Peace. Since 2010, his work has been focusing on cybersecurity, human rights in the digital age, and Internet governance, currently with a specific focus on cybersecurity and financial stability.\n\u003c/li\u003e\u003cli\u003e\u003ca title=\"Tim Maurer on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/maurertim\"\u003eTim Maurer on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cyber Mercenaries: The State, Hackers, and Power\" rel=\"nofollow\" href=\"https://www.amazon.com/Cyber-Mercenaries-State-Hackers-Power/dp/110756686X/ref=redir_mobile_desktop?_encoding=UTF8\u0026amp;qid=\u0026amp;ref_=tmm_pap_title_0\u0026amp;sr=\"\u003eCyber Mercenaries: The State, Hackers, and Power\n\u003c/a\u003e \u0026mdash; Cyber Mercenaries explores the secretive relationships between states and hackers. As cyberspace has emerged as the new frontier for geopolitics, states have become entrepreneurial in their sponsorship, deployment, and exploitation of hackers as proxies to project power. Such modern-day mercenaries and privateers can impose significant harm undermining global security, stability, and human rights. \n\u003c/li\u003e\u003c/ul\u003e","summary":"Tim Maurer, a scholar at the Carnegie Endowment for International Peace, talks about nation state-backed hacking activity and the dangers of breaking trust in the global financial system.","date_published":"2018-03-05T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/4cddd571-1e73-4625-acb1-321bb47e706f.mp3","mime_type":"audio/mpeg","size_in_bytes":29020105,"duration_in_seconds":1951}]},{"id":"2f444967-e9fd-4c80-87eb-5ff56aee1ae4","title":"Will Lin, Principal and Founding Investor, ForgePoint Capital","url":"https://securityconversations.fireside.fm/will-lin-forgepoint-capital","content_text":"Principal and founding investor at ForgePoint Capital Cybersecurity William Lin talks about venture capital activity in the security space, sectors that are ripe for investment, missed bets on successful companies, and the cybersecurity talent shortage.Links:William Lin on LinkedIn\nForgepoint portfolio companies\n","content_html":"\u003cp\u003ePrincipal and founding investor at ForgePoint Capital Cybersecurity William Lin talks about venture capital activity in the security space, sectors that are ripe for investment, missed bets on successful companies, and the cybersecurity talent shortage.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"William Lin on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/linwilliam/\"\u003eWilliam Lin on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Forgepoint portfolio companies\" rel=\"nofollow\" href=\"https://forgepointcap.com/companies/\"\u003eForgepoint portfolio companies\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Principal and founding investor at ForgePoint Capital Cybersecurity William Lin talks about venture capital activity in the security space, sectors that are ripe for investment, missed bets on successful companies, and the cybersecurity talent shortage.","date_published":"2018-03-02T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/2f444967-e9fd-4c80-87eb-5ff56aee1ae4.mp3","mime_type":"audio/mpeg","size_in_bytes":43759308,"duration_in_seconds":3311}]},{"id":"2561c251-a654-4949-aefe-33ad83373f80","title":"Pete Chronis, CISO, Turner Broadcasting","url":"https://securityconversations.fireside.fm/pete-chronis-turner-broadcasting","content_text":"Chief Information Security Officer at Turner Broadcasting Pete Chronis discusses his new book on solving the cybersecurity conundrum, the day-to-day grind of securing a global media organization, and the role of the CISO in the modern world.Links:The Cyber Conundrum: How Do We Fix Cybersecurity?\n","content_html":"\u003cp\u003eChief Information Security Officer at Turner Broadcasting Pete Chronis discusses his new book on solving the cybersecurity conundrum, the day-to-day grind of securing a global media organization, and the role of the CISO in the modern world.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"The Cyber Conundrum: How Do We Fix Cybersecurity?\" rel=\"nofollow\" href=\"https://www.amazon.com/Cyber-Conundrum-How-Fix-Cybersecurity-ebook/dp/B079WZ592P\"\u003eThe Cyber Conundrum: How Do We Fix Cybersecurity?\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Chief Information Security Officer at Turner Broadcasting Pete Chronis discusses his new book on solving the cybersecurity conundrum, the day-to-day grind of securing a global media organization, and the role of the CISO in the modern world.","date_published":"2018-02-26T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/2561c251-a654-4949-aefe-33ad83373f80.mp3","mime_type":"audio/mpeg","size_in_bytes":37506970,"duration_in_seconds":2753}]},{"id":"ab9e9c84-15c6-4f9e-b703-71dc40c23baf","title":"Brad Arkin, Chief Security Officer, Adobe","url":"https://securityconversations.fireside.fm/brad-arkin-adobe","content_text":"Adobe’s Chief Security Officer Brad Arkin talks about setting and managing risk management priorities, protecting company infrastructure, the challenges of securing software, and the looming death of Adobe Flash Player.Links:Brad Arkin on Twitter\nSecurity at Adobe\n","content_html":"\u003cp\u003eAdobe’s Chief Security Officer Brad Arkin talks about setting and managing risk management priorities, protecting company infrastructure, the challenges of securing software, and the looming death of Adobe Flash Player.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Brad Arkin on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/bradarkin\"\u003eBrad Arkin on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Security at Adobe\" rel=\"nofollow\" href=\"https://www.adobe.com/security.html\"\u003eSecurity at Adobe\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Adobe’s Chief Security Officer Brad Arkin talks about setting and managing risk management priorities, protecting company infrastructure, the challenges of securing software, and the looming death of Adobe Flash Player.","date_published":"2018-02-23T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/ab9e9c84-15c6-4f9e-b703-71dc40c23baf.mp3","mime_type":"audio/mpeg","size_in_bytes":44087043,"duration_in_seconds":2826}]},{"id":"a134ba7a-9727-47e7-8a46-3ba0c5d705ee","title":"Aanchal Gupta, Director of Security, Facebook","url":"https://securityconversations.fireside.fm/aanchal-gupta-facebook","content_text":"Director of Security at Facebook Aanchal Gupta joins the podcast to share her story and provide guidance for young women struggling to overcome societal obstacles.Links:Aanchal Gupta on LinkedIn\nFacebook Security\nCybersecurity Needs Diversity\n","content_html":"\u003cp\u003eDirector of Security at Facebook Aanchal Gupta joins the podcast to share her story and provide guidance for young women struggling to overcome societal obstacles.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Aanchal Gupta on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/aanchalgupta/\"\u003eAanchal Gupta on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Facebook Security\" rel=\"nofollow\" href=\"https://www.facebook.com/security/\"\u003eFacebook Security\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Cybersecurity Needs Diversity\" rel=\"nofollow\" href=\"https://staysafeonline.org/blog/diversity-needed-cybersecurity-unique-experience-helps-protect-people/\"\u003eCybersecurity Needs Diversity\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Director of Security at Facebook Aanchal Gupta joins the podcast to share her story and provide guidance for young women struggling to overcome societal obstacles.","date_published":"2018-02-14T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a134ba7a-9727-47e7-8a46-3ba0c5d705ee.mp3","mime_type":"audio/mpeg","size_in_bytes":30922718,"duration_in_seconds":2138}]},{"id":"dcd14ec8-d9f0-4245-9324-6291ad4d10a7","title":"Tom Conklin, Director of Security and Compliance, Vera Security","url":"https://securityconversations.fireside.fm/tom-conklin-vera-security","content_text":"Senior Director of Security and Compliance at Vera Security Tom Conklin talks about the pros and cons of using bug bounty programs, the challenges of managing risk in smaller companies, and why user awareness training is an ongoing headache for security administrators.Links:Vera Security\nTom Conklin on LinkedIn\n","content_html":"\u003cp\u003eSenior Director of Security and Compliance at Vera Security Tom Conklin talks about the pros and cons of using bug bounty programs, the challenges of managing risk in smaller companies, and why user awareness training is an ongoing headache for security administrators.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Vera Security\" rel=\"nofollow\" href=\"https://www.vera.com/\"\u003eVera Security\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Tom Conklin on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/tom-conklin-b4037713/\"\u003eTom Conklin on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Senior Director of Security and Compliance at Vera Security Tom Conklin talks about the pros and cons of using bug bounty programs, the challenges of managing risk in smaller companies, and why user awareness training is an ongoing headache for security administrators.","date_published":"2018-02-08T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/dcd14ec8-d9f0-4245-9324-6291ad4d10a7.mp3","mime_type":"audio/mpeg","size_in_bytes":30629828,"duration_in_seconds":2008}]},{"id":"11a6011e-7ad8-418f-a302-37a700a11d45","title":"John Terrill, CISO, Fox News, Fox Business and Fox Television","url":"https://securityconversations.fireside.fm/john-terrill-fox-news","content_text":"Chief Information Security Officer at Fox News, Fox Business, and Fox Television John Terrill joins the podcast to talk about life in the CISO trenches and makes a bold prediction that could significantly change the cybersecurity narrative.Links:John Terrill on Twitter\n","content_html":"\u003cp\u003eChief Information Security Officer at Fox News, Fox Business, and Fox Television John Terrill joins the podcast to talk about life in the CISO trenches and makes a bold prediction that could significantly change the cybersecurity narrative.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"John Terrill on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/youbetyourballs\"\u003eJohn Terrill on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Chief Information Security Officer at Fox News, Fox Business, and Fox Television John Terrill joins the podcast to talk about life in the CISO trenches and makes a bold prediction that could significantly change the cybersecurity narrative.","date_published":"2018-02-06T14:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/11a6011e-7ad8-418f-a302-37a700a11d45.mp3","mime_type":"audio/mpeg","size_in_bytes":41862607,"duration_in_seconds":2835}]},{"id":"6fc1d3cb-e930-484f-84e6-8c521ddb9e97","title":"Christopher Ahlberg, CEO, Recorded Future","url":"https://securityconversations.fireside.fm/christopher-ahlberg-recorded-future","content_text":"Co-founder and CEO of Recorded Future Christopher Ahlberg discusses the emergence of threat intelligence as a valuable security tool, the morals and ethics surrounding disclosure of nation-state attacks and the importance of tracking adversaries beyond the wall.Links:Recorded Future\nChristopher Ahlberg on LinkedIn\n","content_html":"\u003cp\u003eCo-founder and CEO of Recorded Future Christopher Ahlberg discusses the emergence of threat intelligence as a valuable security tool, the morals and ethics surrounding disclosure of nation-state attacks and the importance of tracking adversaries beyond the wall.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Recorded Future\" rel=\"nofollow\" href=\"https://www.recordedfuture.com/\"\u003eRecorded Future\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Christopher Ahlberg on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/christopherahlberg/\"\u003eChristopher Ahlberg on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Co-founder and CEO of Recorded Future Christopher Ahlberg discusses the emergence of threat intelligence as a valuable security tool, the morals and ethics surrounding disclosure of nation-state attacks and the importance of tracking adversaries beyond the wall.","date_published":"2018-01-30T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6fc1d3cb-e930-484f-84e6-8c521ddb9e97.mp3","mime_type":"audio/mpeg","size_in_bytes":33265132,"duration_in_seconds":1743}]},{"id":"fa20320a-7a94-45b5-b054-bbe06d3b723b","title":"Masha Sedova, co-founder, Elevate Security","url":"https://securityconversations.fireside.fm/masha-sedova-elevate-security","content_text":"As businesses struggle with security awareness training for employees, Elevate Security co-founder Masha Sedova argues that the focus should be on “behavior change” and recommends the use of positive motivation and available tools to get employees to make better security decisions.Links:Masha Sedova on LinkedIn\nHacker's Mind by Elevate Security\nMasha Sedova on Twitter\n","content_html":"\u003cp\u003eAs businesses struggle with security awareness training for employees, Elevate Security co-founder Masha Sedova argues that the focus should be on “behavior change” and recommends the use of positive motivation and available tools to get employees to make better security decisions.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Masha Sedova on LinkedIn\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/msedova/\"\u003eMasha Sedova on LinkedIn\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Hacker\u0026#39;s Mind by Elevate Security\" rel=\"nofollow\" href=\"https://elevatesecurity.com/hackers-mind/\"\u003eHacker's Mind by Elevate Security\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Masha Sedova on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/modMasha\"\u003eMasha Sedova on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"As businesses struggle with security awareness training for employees, Elevate Security co-founder Masha Sedova argues that the focus should be on “behavior change” and recommends the use of positive motivation and available tools to get employees to make better security decisions.","date_published":"2018-01-26T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/fa20320a-7a94-45b5-b054-bbe06d3b723b.mp3","mime_type":"audio/mpeg","size_in_bytes":33579206,"duration_in_seconds":1803}]},{"id":"476c43ff-be49-4057-b965-928abc39b9af","title":"Paul Roberts, Editor-in-Chief, Security Ledger","url":"https://securityconversations.fireside.fm/paul-roberts-security-ledger","content_text":"Veteran security journalist Paul Roberts talks about the creation of Security Ledger, his work covering cybersecurity, the democratization of media, and hiccups with IoT legislation.Links:The Security Ledger\nPaul Roberts on Twitter\n","content_html":"\u003cp\u003eVeteran security journalist Paul Roberts talks about the creation of Security Ledger, his work covering cybersecurity, the democratization of media, and hiccups with IoT legislation.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"The Security Ledger\" rel=\"nofollow\" href=\"https://securityledger.com/\"\u003eThe Security Ledger\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Paul Roberts on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/paulfroberts\"\u003ePaul Roberts on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Veteran security journalist Paul Roberts talks about the creation of Security Ledger, his work covering cybersecurity, the democratization of media, and hiccups with IoT legislation.","date_published":"2018-01-19T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/476c43ff-be49-4057-b965-928abc39b9af.mp3","mime_type":"audio/mpeg","size_in_bytes":47164187,"duration_in_seconds":2459}]},{"id":"25fade91-a24d-4173-9831-ddf30dc0d051","title":"Dino Dai Zovi, co-founder and CTO, Capsule8","url":"https://securityconversations.fireside.fm/dino-dai-zovi-capsule8","content_text":"Dino Dai Zovi, co-founder and CTO of Capsule8, joins the podcast to talk about the fallout from the Meltdown and Spectre vulnerabilities, the transition from security research to managing a VC-funded start-up and reminisce about his time as a famous Pwn2Own MacBook hacker.Links:Part One: Detecting Meltdown using Capsule8\nPart Two: Detecting Meltdown and Spectre by Detecting Cache Side Channels \n10 questions for MacBook hacker Dino Dai Zovi\nDino Dai Zovi on Twitter\n","content_html":"\u003cp\u003eDino Dai Zovi, co-founder and CTO of Capsule8, joins the podcast to talk about the fallout from the Meltdown and Spectre vulnerabilities, the transition from security research to managing a VC-funded start-up and reminisce about his time as a famous Pwn2Own MacBook hacker.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Part One: Detecting Meltdown using Capsule8\" rel=\"nofollow\" href=\"https://capsule8.com/blog/detecting-meltdown-using-capsule8/\"\u003ePart One: Detecting Meltdown using Capsule8\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Part Two: Detecting Meltdown and Spectre by Detecting Cache Side Channels \" rel=\"nofollow\" href=\"https://capsule8.com/blog/detecting-meltdown-spectre-detecting-cache-side-channels/\"\u003ePart Two: Detecting Meltdown and Spectre by Detecting Cache Side Channels \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"10 questions for MacBook hacker Dino Dai Zovi\" rel=\"nofollow\" href=\"https://www.zdnet.com/article/10-questions-for-macbook-hacker-dino-dai-zovi/\"\u003e10 questions for MacBook hacker Dino Dai Zovi\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dino Dai Zovi on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/dinodaizovi\"\u003eDino Dai Zovi on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Dino Dai Zovi, co-founder and CTO of Capsule8, joins the podcast to talk about the fallout from the Meltdown and Spectre vulnerabilities, the transition from security research to managing a VC-funded start-up and reminisce about his time as a famous Pwn2Own MacBook hacker.","date_published":"2018-01-11T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/25fade91-a24d-4173-9831-ddf30dc0d051.mp3","mime_type":"audio/mpeg","size_in_bytes":38280103,"duration_in_seconds":2397}]},{"id":"0a1d0429-f768-4175-8f48-9416cb420157","title":"Sharon Anolik, President and Founder, Privacy Panacea","url":"https://securityconversations.fireside.fm/sharon-anolik-privacy-panacea","content_text":"Sharon Anolik, President and Founder of Privacy Panacea, talks about her work advising corporate clients on privacy and data protection issues, the looming chaos surrounding the European Union’s GDPR (General Data Protection Regulation) and the role she plays on ‘Silicon Valley.’Links:Privacy Panacea\nSharon Anolik on Twitter\n","content_html":"\u003cp\u003eSharon Anolik, President and Founder of Privacy Panacea, talks about her work advising corporate clients on privacy and data protection issues, the looming chaos surrounding the European Union’s GDPR (General Data Protection Regulation) and the role she plays on ‘Silicon Valley.’\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Privacy Panacea\" rel=\"nofollow\" href=\"https://www.privacypanacea.com/\"\u003ePrivacy Panacea\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Sharon Anolik on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/PrivacyPanacea\"\u003eSharon Anolik on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Sharon Anolik, President and Founder of Privacy Panacea, talks about her work advising corporate clients on privacy and data protection issues, the looming chaos surrounding the European Union’s GDPR (General Data Protection Regulation) and the role she plays on ‘Silicon Valley.’","date_published":"2018-01-04T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/0a1d0429-f768-4175-8f48-9416cb420157.mp3","mime_type":"audio/mpeg","size_in_bytes":48156317,"duration_in_seconds":2631}]},{"id":"bf98d79b-204e-4a5f-9418-75c5b554a26e","title":"Kim Zetter, Journalist and Author","url":"https://securityconversations.fireside.fm/kim-zetter","content_text":"Award-winning security journalist and author Kim Zetter talks about her work tracking cyber-espionage campaigns, why she uses an old school cassette player to record sensitive interviews and the dramatic changes sweeping the security industry.Links:Kim Zetter on Twitter\nCountdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon: Kim Zetter: 9780770436193: Amazon.com: Books\nWas Georgia’s Election System Hacked in 2016? \nTop Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States \n","content_html":"\u003cp\u003eAward-winning security journalist and author Kim Zetter talks about her work tracking cyber-espionage campaigns, why she uses an old school cassette player to record sensitive interviews and the dramatic changes sweeping the security industry.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Kim Zetter on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/KimZetter\"\u003eKim Zetter on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Countdown to Zero Day: Stuxnet and the Launch of the World\u0026#39;s First Digital Weapon: Kim Zetter: 9780770436193: Amazon.com: Books\" rel=\"nofollow\" href=\"https://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/0770436196\"\u003eCountdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon: Kim Zetter: 9780770436193: Amazon.com: Books\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Was Georgia’s Election System Hacked in 2016? \" rel=\"nofollow\" href=\"https://www.politico.com/magazine/story/2018/07/18/mueller-indictments-georgia-voting-infrastructure-219018\"\u003eWas Georgia’s Election System Hacked in 2016? \n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States \" rel=\"nofollow\" href=\"https://motherboard.vice.com/en_us/article/mb4ezy/top-voting-machine-vendor-admits-it-installed-remote-access-software-on-systems-sold-to-states\"\u003eTop Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States \n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Award-winning security journalist and author Kim Zetter talks about her work tracking cyber-espionage campaigns, why she uses an old school cassette player to record sensitive interviews and the dramatic changes sweeping the security industry.","date_published":"2017-12-29T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/bf98d79b-204e-4a5f-9418-75c5b554a26e.mp3","mime_type":"audio/mpeg","size_in_bytes":56197391,"duration_in_seconds":3126}]},{"id":"66709e24-8186-4569-921c-d9b48756d089","title":"Kelly Jackson Higgins, Executive Editor, Dark Reading","url":"https://securityconversations.fireside.fm/kelly-jackson-higgins-dark-reading","content_text":"Dark Reading executive editor Kelly Jackson Higgins joins the podcast to tell security journalism war stories, talk about her new WiFi-enabled refrigerator and some trends worth following closely.Links:Kelly Jackson Higgins on Twitter\nDark Reading\n","content_html":"\u003cp\u003eDark Reading executive editor Kelly Jackson Higgins joins the podcast to tell security journalism war stories, talk about her new WiFi-enabled refrigerator and some trends worth following closely.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Kelly Jackson Higgins on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/kjhiggins\"\u003eKelly Jackson Higgins on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Dark Reading\" rel=\"nofollow\" href=\"https://www.darkreading.com/\"\u003eDark Reading\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Dark Reading executive editor Kelly Jackson Higgins joins the podcast to tell security journalism war stories, talk about her new WiFi-enabled refrigerator and some trends worth following closely.","date_published":"2017-12-20T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/66709e24-8186-4569-921c-d9b48756d089.mp3","mime_type":"audio/mpeg","size_in_bytes":35129760,"duration_in_seconds":2395}]},{"id":"1bdec75a-1efc-454a-ad6b-8f56c2b526b7","title":"Katie Moussouris, co-founder and CEO, Luta Security","url":"https://securityconversations.fireside.fm/katie-moussouris-luta-security","content_text":"Computer security researcher and CEO of Luta Security, Katie Moussouris. talks about her life in the penetration testing trenches, advocating responsible security research, building bug bounty programs and the challenges of succeeding as a woman in the industry.Links:Luta Security\nHow I Got Here: Katie Moussouris\nIt’s dangerous to conflate bug bounties and vulnerability disclosure | CSO Online\nKatie Moussouris (@k8em0) on Twitter\n","content_html":"\u003cp\u003eComputer security researcher and CEO of Luta Security, Katie Moussouris. talks about her life in the penetration testing trenches, advocating responsible security research, building bug bounty programs and the challenges of succeeding as a woman in the industry.\u003c/p\u003e\u003cp\u003eLinks:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca title=\"Luta Security\" rel=\"nofollow\" href=\"http://lutasecurity.com/\"\u003eLuta Security\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"How I Got Here: Katie Moussouris\" rel=\"nofollow\" href=\"https://threatpost.com/how-i-got-here-katie-moussouris/102784/\"\u003eHow I Got Here: Katie Moussouris\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"It’s dangerous to conflate bug bounties and vulnerability disclosure | CSO Online\" rel=\"nofollow\" href=\"https://www.csoonline.com/article/3271088/security/katie-moussouris-its-dangerous-to-conflate-bug-bounties-and-vulnerability-disclosure.html\"\u003eIt’s dangerous to conflate bug bounties and vulnerability disclosure | CSO Online\n\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca title=\"Katie Moussouris (@k8em0) on Twitter\" rel=\"nofollow\" href=\"https://twitter.com/k8em0\"\u003eKatie Moussouris (@k8em0) on Twitter\n\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","summary":"Computer security researcher and CEO of Luta Security, Katie Moussouris. talks about her life in the penetration testing trenches, advocating responsible security research, building bug bounty programs and the challenges of succeeding as a woman in the industry.","date_published":"2017-12-06T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1bdec75a-1efc-454a-ad6b-8f56c2b526b7.mp3","mime_type":"audio/mpeg","size_in_bytes":54354347,"duration_in_seconds":3174}]}]}