The Sophos kernel implant, 'hack-back' implications, CIA malware in Venezuela

November 3rd, 2024  |  1 hr 54 mins

apt research, china, edr, nation-state, sophos, zero-day

Three Buddy Problem Episode 19: We explore Ivan Kwiatkowski’s essay on the limits of threat intelligence, Sophos using kernel implants to surveil Chinese hackers, the concept of ‘hack-back’ and legal implications, geopolitical layers of cyber espionage, CIA malware in Venezuela, Vatican/Mossad mentioned in high-profile Italy hacks, and Canada bracing for .gov attacks from India.

Cast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).

Ep6: After CrowdStrike chaos, should Microsoft kick EDR agents out of Windows kernel?

July 26th, 2024  |  1 hr 16 mins

apt research, crowdstrike, edr, microsoft, nation-state, windows, zero-day

The 'Three Buddy Problem' Podcast Episode 6: As the dust settles on the CrowdStrike incident that blue-screened 8.5 million Windows computers worldwide, we dig into CrowdStrike’s preliminary incident report, the lack of transparency in the update process and the need for more robust testing and validation. We also discuss Microsoft's responsibility to avoid infinite BSOD loops, risks of deploying EDR agents on critical systems, and how an EU settlement is being blamed for EDR vendors having access to the Windows kernel.

Other topics on the show include Mandiant's attribution capabilities, North Korea’s gov-backed hacking teams launching ransomware on hospitals, KnowBe4 hiring a fake North Korean IT worker, and new developments in the NSO Group surveillance-ware lawsuit.

Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)

Ep5: CrowdStrike's faulty update shuts down global networks

July 19th, 2024  |  59 mins 51 secs

apt research, crowdstrike, edr, nation-state, zero-day

The 'Three Buddy Problem' Podcast Episode 5: Hot off the press, we dive into the news of the CrowdStrike software update that caused blue screens on computers worldwide, the resulting chaos and potential connections to the Microsoft 365 outage, the fragility of modern computing and the risks of new software paradigms.

We also discuss the AT&T mega-breach and the ransom paid to delete the stolen data; the challenges of ransomware and the uncertainty surrounding the deletion of stolen data; the FBI gaining access to a password-protected phone, the prices for zero-click exploits; and the resurgence of APT 41 with expanding targets.

Plus, some news on upcoming keynote speakers at LabsCon 2024.

Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)