Three Buddy Problem - Episode 48: We unpack a Dutch intelligence agencies report on ‘Laundry Bear’ and Microsoft’s parallel ‘Void Blizzard’ write-up, finding major gaps and bemoaning the absence of IOCs. Plus, discussion on why threat-intel naming is so messy, how initial-access brokers are powering even nation-state break-ins, and whether customers (or vendors) are to blame for the confusion.
Plus, thoughts on an academic paper on the vanishing art of Western companies exposing Western (friendly) APT operations, debate whether stealth or self-censorship is to blame, and the long-tail effects on cyber paleontology.
We also dig into Sean Heelan’s proof that OpenAI’s new reasoning model can spot a Linux kernel 0-day and the implications for humans in the bug-hunting chain.
Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
--------
2:11:19
Russia hacks Ukraine war supply lines, Signal blocks Windows screenshots, BadSuccessor vuln disclosure debate
Three Buddy Problem - Episode 47: We unpack a multi-agency report on Russia’s APT28/Fancy Bear hacking and spying on Ukraine war supply lines, CISA’s sloppy YARA rules riddled with false positives, the ethics of full-disclosure after Akamai dropped Windows Server “BadSuccessor” exploit details, and Sekoia’s discovery of thousands of hijacked edge devices repurposed as honeypots.
The back half veers into Microsoft’s resurrected Windows Recall, Signal’s new screenshot-blocking countermeasure, Japan’s fresh legal mandate for pre-emptive cyber strikes, and why appliance vendors like Ivanti keep landing in the headlines.
Along the way you get hot takes on techno-feudalism, Johnny Ive’s rumored AI gadget, and a lively debate over whether publishing exploit code ever helps defenders.
Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
--------
2:30:37
A Coinbase breach with bribes, rogue contractors and a $20M ransom demand
Three Buddy Problem - Episode 46: We dig into a Coinbase breach headlined by bribes, rogue contractors and a $20 million ransom demand. Plus, (another!) batch of Ivanti and Microsoft zero-days being exploited in the wild, a new 'Intrusion Logging' feature coming to Android, Apple's iOS 18.5 patches, and the EU announcing its own vulnerability database and software vendor secure-coding pledge.
Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
--------
2:23:34
JAGS keynote: The intricacies of wartime cyber threat intelligence
Three Buddy Problem - Episode 45: (The buddies are trapped in timezone hell with cross-continent travel this week).
In the meantime, absorb this keynote presented by Juan Andres Guerrero-Saade (JAG-S) at CounterThreats 2023. It's a frank discussion on the role of cyber threat intelligence (CTI) during wartime and its importance in bridging information gaps between adversaries. Includes talk on the ethical challenges in CTI, questioning the impact of intelligence-sharing and how cyber operations affect real-world conflicts. He pointed to Ukraine and Israel as examples where CTI plays a critical, yet complicated, role. His message: cybersecurity pros need to be aware of the real-world consequences of their work and the ethical responsibility that comes with it.
Acknowledgment: Credit for the audio goes to CyberThreat 2023, SANS Institute, NCSC, and SentinelOne.
Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
Three Buddy Problem - Episode 44: We unpack news that US government officials are using an obscure app to archive Signal messages, OpenAI’s new “Aardvark” code-evaluation and reasoning model and leapfrog implications, NSC cyber lead Alexei Bulazel on normalizing US offensive operations, and JP Morgan Chase CISO’s warning to software vendors.
Plus, fresh SentinelOne threat-intel notes, France’s attribution of GRU activity and a head-scratching $330 million Bitcoin heist.
Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks.
Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers.
Connect with Ryan on Twitter (Open DMs).
UK