Displaying Episode 1 - 10 of 11 in total of Three Buddy Problem with the tag “ransomware”.
-
Rethinking APT Attribution: Dakota Cary on Chinese Contractors and Espionage-as-a-Service
August 1st, 2025 | 1 hr 51 mins
apt research, cyberespionage, nation-state, ransomware, zero-day
Three Buddy Problem - Episode 56: China-focused researcher Dakota Cary joins the buddies to dig into China’s sprawling cyber ecosystem, from the HAFNIUM indictments and MSS tasking pipelines to the murky world of APT contractors and the ransomware hustle. We break down China’s “entrepreneurial” model of intelligence collection, why public visibility into these threat actors is so hard to get right, and how companies like Microsoft get caught in the geopolitical crossfire.
Plus: a deep dive on suspected MAPP leaks and Sharepoint zero-days, Singapore targeted by extremely sophisticated China-nexus hacking group, soft censorship in corporate threat-intel, and whether the U.S. should rethink how it fills its intelligence gaps.
Cast: Dakota Cary, Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
-
How did China get Microsoft's zero-day exploits?
July 10th, 2025 | 1 hr 49 mins
apt research, cyberespionage, drone, nation-state, ransomware, zero-day
Three Buddy Problem - Episode 53: We dig into news of the first-ever arrest of a Chinese intelligence-linked hacker in Italy, unpack the mystery behind HAFNIUM and how they somehow got their hands on the same Microsoft Exchange zero-days that researcher Orange Tsai discovered - was it coincidence, inside access, or something more sinister?
Plus, China's massive cyber capabilities pipeline, ‘theCom’ teenagers arrested in the UK after ransomware binge, and spyware attacks against Russian organizations.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
-
The dark hole of 'friendlies' and Western APTs
May 30th, 2025 | 2 hrs 11 mins
apt research, cyberespionage, nation-state, ransomware, zero-day
Three Buddy Problem - Episode 48: We unpack a Dutch intelligence agencies report on ‘Laundry Bear’ and Microsoft’s parallel ‘Void Blizzard’ write-up, finding major gaps and bemoaning the absence of IOCs. Plus, discussion on why threat-intel naming is so messy, how initial-access brokers are powering even nation-state break-ins, and whether customers (or vendors) are to blame for the confusion.
Plus, thoughts on an academic paper on the vanishing art of Western companies exposing Western (friendly) APT operations, debate whether stealth or self-censorship is to blame, and the long-tail effects on cyber paleontology.
We also dig into Sean Heelan’s proof that OpenAI’s new reasoning model can spot a Linux kernel 0-day and the implications for humans in the bug-hunting chain.
Cast: Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.
-
Ep10: Volt Typhoon zero-day, Russia's APT29 reusing spyware exploits, Pavel Durov's arrest
August 30th, 2024 | 1 hr 18 mins
apt research, nation-state, ransomware, volt typhoon, zero-day
Three Buddy Problem - Episode 10 -- Top stories this week: Volt Typhoon zero-day exploitation of Versa Director servers, Chinese APT building botnets with EOL routers, the gap in security solutions for network devices and appliances, Russia's APT29 (Midnight Blizzard) caught reusing exploits from NSO Group and Intellexa, Microsoft’s upcoming Windows endpoint security summit in response to the CrowdStrike incident, and the arrest of Telegram’s Pavel Durov in France. Plus, the NSA is launching a podcast.
Hosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)
-
Ep9: The blurring lines between nation-state APTs and the ransomware epidemic
August 23rd, 2024 | 1 hr 6 mins
apt research, attribution, china, nation-state, ransomware, taiwan, xiaomi, zero-day
The 'Three Buddy Problem' Podcast Episode 9: On this episode, we look at the hacking scene in Taiwan, the sad state of visibility into big malware campaigns, the absence of APTs linked to the prolific MIVD Dutch intelligence agency, the blurring lines between big ransomware heists and nation-state actors caught using ransomware as a tool for sabotage and misattribution.
Plus, Chinese mobile OS vendor Xiaoimi caught disabling parts of its infrastructure -- including its global app store -- to thwart Pwn2Own contestants; and news of an addition to the LABScon 2024 keynote stage.
Hosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)
-
Allison Miller talks about CISO life, protecting identities at scale
December 21st, 2023 | 38 mins 12 secs
ciso, iam, identity, ransomware
Episode sponsors:
- Binarly, the supply chain security experts (https://binarly.io)
- FwHunt (https://fwhunt.run)
Allison Miller is founder and CEO of Cartomancy Labs and former CISO and VP of Trust at Reddit. She has spent the past 20 years scaling teams and technology at Bank of America, Google, Electronic Arts, PayPal/eBay, and Visa International.
In this conversation, we discuss the convergence of security with fraud prevention and anti-abuse, the challenges and complexities in IAM implementations, the post-pandemic labor market, the evolving role of CISOs and new realities around CISO exposure to personal liability, thoughts on the 'build vs buy' debate and the nuance and dilemma of paying ransomware demands.
-
Cisco Talos researcher Nick Biasini on chasing APTs, mercenary hackers
November 7th, 2023 | 31 mins 27 secs
cisco talos, nation-state apts, psoas, ransomware
Episode sponsors:
- Binarly (https://binarly.io)
- FwHunt (https://fwhunt.run)
Nick Biasini has been working in information security for nearly two decades. In his current role as head of outreach for Cisco Talos Intelligence Group, he leads a team of threat researchers tasked with tracking nation-state APTs, mercenary hacker groups and ransomware cybercriminals. In this episode, Biasini talks about the cryptic world of threat actor attribution, the rise of PSOAs (private sector offensive actors) and why network edge devices are a happy hunting ground for attackers.
-
Allison Nixon on disturbing elements in cybercriminal ecosystem
November 1st, 2023 | 48 mins 39 secs
lapsu$, ransomware, scattered spider, the-com
Episode sponsors:
- Binarly (https://binarly.io)
- FwHunt (https://fwhunt.run)
Allison Nixon is Chief Researcher at Unit 221B and a trailblazer in the world of cybercrime research. In this episode, we deep-drive into the shadowy dynamics of underground criminal communities, high-profile ransomware attacks, teenage hacking groups breaking into big companies, and the challenges of attribution and law enforcement. Allison sheds light on why companies continue to be vulnerable targets and what they're often missing in their cybersecurity strategies.
-
Ron Brash on the water plant hacks and the state of ICS security
March 11th, 2021 | 50 mins 6 secs
critical infrastructure, ics, nation-state hacks, ransomware, scada
Ron Brash joins Ryan on the show talk about the recent water supply hack, the state of security in ICS/SCADA installations, the checklist of affordable things for critical infrastructure defender, and the things we should worry -- and not worry -- about. Ron is Director of Cyber Security Insights at Verve Industrial Protection, a critical infrastructure-focused organisation that sells services and products that work across IT and OT environments for effective cyber security, controls and management.
-
Selena Larson, Intelligence Analyst, Dragos
September 16th, 2020 | 52 mins 17 secs
blue team, ics, journalism, ransomware, red team, scada
Journalist-turned-intel analyst Selena Larson joins the podcast to discuss the nuances of cybersecurity journalism, making the shift to analyzing intelligence and writing for a private audience, the ransomware epidemic, and the state of critical infrastructure security.