Russian APT weaponized nearby Wi-Fi networks in DC, new macOS zero-days, DOJ v Chrome

November 22nd, 2024  |  1 hr 28 mins

apt research, cisa, nation-state, zero-day

Three Buddy Problem Episode 22: We discuss Volexity’s presentation on Russian APT operators hacking Wi-Fi networks in “nearest neighbor attacks,” the Chinese surveillance state and its impact on global security, the NSA's strange call for better data sharing on Salt Typhoon intrusions, and the failures of regulatory bodies to address cybersecurity risks.

We also cover two new Apple zero-days being exploited in the wild, the US Government’s demand that Google sell the Chrome browser, and the value of data in the context of AI.

Cast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).

Mysterious rebooting iPhones, EDR vendors spying on hackers, Bitcoin 'meatspace' attacks

November 9th, 2024  |  1 hr 37 mins

apple, apt research, cisa, nation-state, palo alto, sophos, zero-day

Three Buddy Problem Episode 20: We revisit the ‘hack-back’ debate, the threshold for spying on adversaries, Palo Alto watching EDR bypass research to track threat actors, hot nuggets in Project Zero’s Clem Lecinge’s Hexacon talk, Apple’s new iOS update rebooting iPhones in law enforcement custody, the mysterious GoblinRAT backdoor, and physical ‘meatspace’ Bitcoin attacks and more details on North Korean cryptocurrency theft.

Cast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).

Ep11: Cyberwarfare takes an ominous turn

September 6th, 2024  |  1 hr 15 mins

china, cisa, doppelganger, gru, influence operations, north korea, russia, skills shortage, skripal, south korea, unit 29155, yara, zero-day

Three Buddy Problem - Episode 11: Russia's notorious GRU Unit 29155 (previously tied to assassinations, poisonings and coup attempts) now blamed for destructive cyberattacks for sabotage; FBI and DOJ take down 'Doppelganger' network spreading Russian propaganda; CISA's budget, staff, advisories and YARA rules; Influence Operations 2.0; prolific Chinese hackers and global bug-disclosure implications; North Korean hacking capabilities and 0day expertise.

Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)

Ep4: The AT&T mega-breach, iPhone mercenary spyware, Microsoft zero-days

July 12th, 2024  |  1 hr 11 mins

apple, at&t, cisa, csrb, microsoft, snowflake

The 'Three Buddy Problem' Podcast Episode 4: Listen as the hosts delve into the massive AT&T call logs breach, the Snowflake incidents and the notion of shared-fate/shared responsibilities; news on fresh Apple notifications about mercenary spyware on iPhones and the effectiveness of notifications for different types of controversial targets. Plus, thoughts on Microsoft's zero-day disclosures and useless Patch Tuesday bulletins, AI-powered disinformation campaigns, and the US government's malware sharing initiative fading away.

Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)

Ep3: Dave Aitel joins debate on nation-state hacking responsibilities

July 5th, 2024  |  1 hr 4 mins

cisa, csrb, google, microsoft, project zero

The 'Three Buddy Problem' Podcast Episode 3: Former NSA computer scientist Dave Aitel (Immunity Inc., Cordyceps Systems) joins Juan Andres Guerrero-Saade for a frank discussion on the OpenSSH unauthenticated remote code execution vulnerability and the challenges around patching and exploitation, the CISA 'secure-by-design' pledge and its impact on software vendor practices, Microsoft lobbying and the CSRB report, and changing face of government's attempts at cybersecurity regulations.

We discuss the disruption caused by political changes and the potential implications for cybersecurity policies, impact from the Supreme Court Chevron ruling, security regulations and the challenges of writing laws for future technology, the role of CISA and its accomplishments, the debate around offensive cyber operations and the responsibility of companies like Google in addressing vulnerabilities.

The need for clear separation between counterterrorism and espionage operations is highlighted, as well as the importance of understanding both defensive and offensive perspectives.

• Costin Raiu is on vacation.