Palo Alto network edge device backdoor, Cyberhaven browser extension hack, 2024 research highlights

December 27th, 2024  |  1 hr 53 mins

apt research, chatgpt, csrb, deepfake, nation-state, zero-day

Three Buddy Problem Episode 27: We discuss the discovery of a Palo Alto network firewall attack and a stealthy network edge device backdoor (LITTLELAMB.WOOLTEA), the Cyberhaven hack and the shady world of browser extensions, and a look back at the top research projects that caught our attention in 2025.

Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade

Ep4: The AT&T mega-breach, iPhone mercenary spyware, Microsoft zero-days

July 12th, 2024  |  1 hr 11 mins

apple, at&t, cisa, csrb, microsoft, snowflake

The 'Three Buddy Problem' Podcast Episode 4: Listen as the hosts delve into the massive AT&T call logs breach, the Snowflake incidents and the notion of shared-fate/shared responsibilities; news on fresh Apple notifications about mercenary spyware on iPhones and the effectiveness of notifications for different types of controversial targets. Plus, thoughts on Microsoft's zero-day disclosures and useless Patch Tuesday bulletins, AI-powered disinformation campaigns, and the US government's malware sharing initiative fading away.

Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)

Ep3: Dave Aitel joins debate on nation-state hacking responsibilities

July 5th, 2024  |  1 hr 4 mins

cisa, csrb, google, microsoft, project zero

The 'Three Buddy Problem' Podcast Episode 3: Former NSA computer scientist Dave Aitel (Immunity Inc., Cordyceps Systems) joins Juan Andres Guerrero-Saade for a frank discussion on the OpenSSH unauthenticated remote code execution vulnerability and the challenges around patching and exploitation, the CISA 'secure-by-design' pledge and its impact on software vendor practices, Microsoft lobbying and the CSRB report, and changing face of government's attempts at cybersecurity regulations.

We discuss the disruption caused by political changes and the potential implications for cybersecurity policies, impact from the Supreme Court Chevron ruling, security regulations and the challenges of writing laws for future technology, the role of CISA and its accomplishments, the debate around offensive cyber operations and the responsibility of companies like Google in addressing vulnerabilities.

The need for clear separation between counterterrorism and espionage operations is highlighted, as well as the importance of understanding both defensive and offensive perspectives.

• Costin Raiu is on vacation.

Ep1: The Microsoft Recall debacle, Brad Smith and the CSRB, Apple Private Cloud Compute

June 22nd, 2024  |  46 mins 55 secs

ai, apple, csrb, microsoft

Welcome to Episode 1 of a brand new cybersecurity podcast discussing the biggest news stories of the week. Ryan Naraine hosts a fast-moving conversation with Juan Andres Guerrero-Saade (LABScon) and Costin Raiu (Art of Noh) on the Microsoft Recall debacle, the dark patterns emerging as big-tech embraces AI, Brad Smith's testimony and the lingering effects of the CSRB report, Apple's new Private Cloud Compute (PCC) infrastructure and Cupertino's long game. Oh, we also discuss the KL ban.