Three Buddy Problem - Episodes Tagged with “Cisa”

Inside the PlugX malware removal operation, CISA takes victory lap and another Fortinet 0day

Security Conversations — Fri, 17 Jan 2025 12:30:00 -0700

Three Buddy Problem - Episode 30: We discuss French threat-intel Sekoia creating a portal to handle “sovereign disinfections” of the PlugX malware, CISA leadership taking a victory lap using the ‘Secure by Design’ pledge as a trophy, the new Biden cybersecurity Executive Order, another Fortinet zero-day, the TikTok ban and Ukrainian hackers targeting Russian companies.

Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Links:

Russian APT weaponized nearby Wi-Fi networks in DC, new macOS zero-days, DOJ v Chrome

Security Conversations — Fri, 22 Nov 2024 12:00:00 -0700

Three Buddy Problem - Episode 22: We discuss Volexity’s presentation on Russian APT operators hacking Wi-Fi networks in “nearest neighbor attacks,” the Chinese surveillance state and its impact on global security, the NSA's strange call for better data sharing on Salt Typhoon intrusions, and the failures of regulatory bodies to address cybersecurity risks.

We also cover two new Apple zero-days being exploited in the wild, the US Government’s demand that Google sell the Chrome browser, and the value of data in the context of AI.

Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Links:

Mysterious rebooting iPhones, EDR vendors spying on hackers, Bitcoin 'meatspace' attacks

Security Conversations — Sat, 09 Nov 2024 11:00:00 -0700

Three Buddy Problem - Episode 20: We revisit the ‘hack-back’ debate, the threshold for spying on adversaries, Palo Alto watching EDR bypass research to track threat actors, hot nuggets in Project Zero’s Clem Lecinge’s Hexacon talk, Apple’s new iOS update rebooting iPhones in law enforcement custody, the mysterious GoblinRAT backdoor, and physical ‘meatspace’ Bitcoin attacks and more details on North Korean cryptocurrency theft.

Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Links:

Ep11: Cyberwarfare takes an ominous turn

Security Conversations — Fri, 06 Sep 2024 01:00:00 -0700

Three Buddy Problem - Episode 11: Russia's notorious GRU Unit 29155 (previously tied to assassinations, poisonings and coup attempts) now blamed for destructive cyberattacks for sabotage; FBI and DOJ take down 'Doppelganger' network spreading Russian propaganda; CISA's budget, staff, advisories and YARA rules; Influence Operations 2.0; prolific Chinese hackers and global bug-disclosure implications; North Korean hacking capabilities and 0day expertise.

Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)

Links:

Transcript (unedited)
CISA advisory on GRU Unit 29155 — Russian Military Cyber Actors Target US and Global Critical Infrastructure
Russian Military Unit Tied to Assassinations Caught Doing Cyber Sabotage
Doppelganger takedown
U.S. says Russian bots, RT operatives interfere in elections
Outsized Impact of a Few Chinese Hackers
Korean zero-day discovery
North Korea caught exploiting Chromium zero-day
#LABScon24 Agenda

Ep4: The AT&T mega-breach, iPhone mercenary spyware, Microsoft zero-days

Security Conversations — Fri, 12 Jul 2024 15:00:00 -0700

Three Buddy Problem - Episode 4: The boys delve into the massive AT&T call logs breach, the Snowflake incidents and the notion of shared-fate/shared responsibilities; news on fresh Apple notifications about mercenary spyware on iPhones and the effectiveness of notifications for different types of controversial targets. Plus, thoughts on Microsoft's zero-day disclosures and useless Patch Tuesday bulletins, AI-powered disinformation campaigns, and the US government's malware sharing initiative fading away.

Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek).

Links:

Ep3: Dave Aitel joins debate on nation-state hacking responsibilities

Security Conversations — Fri, 05 Jul 2024 10:00:00 -0700

The 'Three Buddy Problem' Podcast Episode 3: Former NSA computer scientist Dave Aitel (Immunity Inc., Cordyceps Systems) joins Juan Andres Guerrero-Saade for a frank discussion on the OpenSSH unauthenticated remote code execution vulnerability and the challenges around patching and exploitation, the CISA 'secure-by-design' pledge and its impact on software vendor practices, Microsoft lobbying and the CSRB report, and changing face of government's attempts at cybersecurity regulations.

We discuss the disruption caused by political changes and the potential implications for cybersecurity policies, impact from the Supreme Court Chevron ruling, security regulations and the challenges of writing laws for future technology, the role of CISA and its accomplishments, the debate around offensive cyber operations and the responsibility of companies like Google in addressing vulnerabilities.

The need for clear separation between counterterrorism and espionage operations is highlighted, as well as the importance of understanding both defensive and offensive perspectives.

Costin Raiu is on vacation.

Links: