Cybersecurity Vulnerabilities and Vendor Accountability

Three Buddy Problem - Episode 18: This week’s show covers the White House's new Traffic Light Protocol (TLP) guidance, Reuters expose of Appin as a hack-for-hire mercenary company, Fortinet zero-day exploitation and missing CSRB investigations, major cryptocurrency heists, Apple opening Private Cloud Compute to public inspection, Russians removed from Linux kernel maintenance and China’s Antiy beefing with Sentinel One over APT reporting.

Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Links:

• Transcript (AI-generated)
• White House TLP guidance
• Applin -- How an Indian startup hacked the world
• Burning Zero Days: FortiJump FortiManager Flaw
• Mandiant on FortiManager Zero-Day Exploitation
• Fortinet bulletin on new 0day exploitation
• Radiant Capital $50M cryptocurrency theft
• DPRK's Lazarus steals cryptocurrency with decoy MOBA game
• Apple opens Private Cloud Compute to security inspection
• Russians booted from Linux kernel driver maintenance
• Antiy paper responding to SentinelOne