Displaying items 61-70 of 93 in total of Three Buddy Problem with the tag "zero-day".
-
North Korea's biggest ever crypto heist: $1.4B stolen from Bybit
February 23rd, 2025 | 2 hrs 7 mins
apt research, nation-state, zero-day
Three Buddy Problem - Episode 35: Juanito is live from DistrictCon with notes on discussion of an elusive iOS zero-day by a company called QuaDream and Apple’s controversial removal of iCloud backup end-to-end encryption in the UK. We also cover a staggering $1.4 billion hack by the Lazarus Group against Bybit, new angles in NSA-linked cyber-espionage against China’s top universities, Chinese hacking gangs moonlighting as ransomware criminals, and Russian APTs abusing Signal’s “linked devices” feature. Plus, Costin explains Microsoft’s quantum computing breakthrough.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
-
An 'extremely sophisticated' iPhone hack; Google flags major AMD microcode bug
February 15th, 2025 | 1 hr 25 mins
apt research, nation-state, zero-day
Three Buddy Problem - Episode 34: We dig into the latest exploited Apple iPhone zero-day (USB Restricted Mode bypass), an AMD microcode flaw so serious it’s not being fully disclosed, a barrage of Patch Tuesday updates, the helpless nature of trying to defend corporate networks, Russian threat actor movements, and fresh intel from Rapid7, Volexity, and Microsoft.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
-
Unpacking the UK government's secret iCloud backdoor demand
February 8th, 2025 | 2 hrs 22 mins
apt research, nation-state, zero-day
Three Buddy Problem - Episode 33: In this episode, we unpack the UK government's secret push for backdoor access to encrypted iCloud data, Apple’s approach to iCloud encryption, and the broader implications for privacy and security on a global scale. Plus, how security agencies handle zero-day vulnerabilities, surveillance spyware and mercenary hacking, and TikTok-powered election disinformation and interference.
From wormable exploits like Eternal Bue to the realities of AI-based spying, the episode offers a detailed look into how government oversight, private sector collaboration, and shifting market forces have reshaped the way we think about cybersecurity.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
-
Inside the DeepSeek AI existential crisis, Chinese 'backdoor' in medical devices
January 31st, 2025 | 2 hrs 19 mins
apt research, nation-state, zero-day
Three Buddy Problem - Episode 32: In this episode, we rummage through the DeepSeek hype and break down what makes it different from OpenAI’s models, why it’s stirring up existential controversies, and what it means for the broader tech landscape. We get into the privacy concerns, the geo-political implications, how AI models handle data, the ongoing debate over IP theft and innovation, and the challenges that come with a Chinese company shipping an open-source alternative.
Beyond AI, we dig into some of the latest headlines; from a Chinese ‘backdoor’ in medical devices, problems with CISA’s backdoor bulletin, the risks of insecure IoT, phishing attacks on influencers, and ongoing battles over censorship in the VPN space. We also touch on WhatsApp catching spyware vendor Paragon Solutions and potential shifts in U.S. government policy on commercial mercenary hacking and surveillance companies.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
-
Death of the CSRB, zero-days storms at the edge, Juniper router backdoors
January 24th, 2025 | 1 hr 48 mins
apt research, ivanti, nation-state, sonicwall, zero-day
Three Buddy Problem Episode 31: Dennis Fisher steps in for Ryan Naraine to moderate discussion on a very busy week in cybersecurity. The cast dig into the wave of big research reports, the disbanding of the Cyber Safety Review Board (CSRB), the ongoing flood of exploits targeting security appliances from Ivanti and SonicWall, and the recent Lumen research on Juniper router backdoors.
Plus, the challenges of coordinating disclosures, the tough realities of intelligence work, and the complex landscape of nation-state attacks -- especially around Chinese threat actors and Western defenses.
Cast: Dennis Fisher (guest host), Costin Raiu and Juan Andres Guerrero-Saade.
- Ryan Naraine is on work travel.
-
Inside the PlugX malware removal operation, CISA takes victory lap and another Fortinet 0day
January 17th, 2025 | 1 hr 59 mins
apt research, cisa, nation-state, zero-day
Three Buddy Problem Episode 30: We discuss French threat-intel Sekoia creating a portal to handle “sovereign disinfections” of the PlugX malware, CISA leadership taking a victory lap using the ‘Secure by Design’ pledge as a trophy, the new Biden cybersecurity Executive Order, another Fortinet zero-day, the TikTok ban and Ukrainian hackers targeting Russian companies.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade
-
Hijacking .gov backdoors, Ivanti 0days and a Samsung 0-click vuln
January 10th, 2025 | 1 hr 48 mins
apt research, nation-state, zero-day
Three Buddy Problem Episode 29: Another day, another Ivanti zero-day being exploited in the wild. Plus, China's strange response to Volt Typhoon attribution, Japan blames China for hacks, a Samsung 0-click vulnerability found by Project Zero, Kim Zetter's reporting on drone sightings and a nuclear scare. Plus, hijacking abandoned .gov backdoors and Ukrainian hacktivists wiping a major Russian ISP.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade
-
US Treasury hacked via BeyondTrust, MISP and the threat actor naming mess
January 3rd, 2025 | 1 hr 49 mins
apt research, nation-state, zero-day
Three Buddy Problem Episode 28: In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by a lack of standardization, methodological inconsistencies and skewed, marketing-driven incentives.
Plus, the US Treasury/BeyondTrust hack, the surge in 0day discoveries, a new variant of the Xdr33 CIA Hive malware, and exclusive new information on the Cyberhaven Chrome extension security incident.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade
-
Palo Alto network edge device backdoor, Cyberhaven browser extension hack, 2024 research highlights
December 27th, 2024 | 1 hr 53 mins
apt research, chatgpt, csrb, deepfake, nation-state, zero-day
Three Buddy Problem Episode 27: We discuss the discovery of a Palo Alto network firewall attack and a stealthy network edge device backdoor (LITTLELAMB.WOOLTEA), the Cyberhaven hack and the shady world of browser extensions, and a look back at the top research projects that caught our attention in 2025.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade
-
US government's VPN advice, dropping bombs on ransomware gangs
December 23rd, 2024 | 1 hr 58 mins
apt research, hack-back, nation-state, zero-day
Three Buddy Problem Episode 26: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite.
Plus, thoughts on the US government’s controversial guidance on VPNs, Chinese reports on US intel agency hacking, TP-Link sanctions chatter, Mossad's dramatic exploding beeper operation and the ethical, legal, and security implications of escalating cyber-deterrence. Also, a mysterious BeyondTrust 0-day!
Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.