Critical Vulnerabilities in Remote Access Tools

Three Buddy Problem - Episode 26: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite.

Plus, thoughts on the US government’s controversial guidance on VPNs, Chinese reports on US intel agency hacking, TP-Link sanctions chatter, Mossad's dramatic exploding beeper operation and the ethical, legal, and security implications of escalating cyber-deterrence. Also, a mysterious BeyondTrust 0-day!

Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Links:

• Transcript (unedited, AI-generated)
• Surveillance and the suppression of civil society in Serbia
• CISA: VPN and mobile device security guidance
• Costin Raiu: Staying safe from Pegasus, Chrysaor and other APT mobile malware (2024 update)
• Bitsight: The Aftermath of the Kaspersky Ban
• US Probes China-Founded Router Maker TP-Link
• Rob Joyce: Move away from TP-Link
• China report on US intelligence corporate hacking
• Foreign hackers need to face real consequences
• Israel's Mossad spent years orchestrating Hezbollah pager plot
• BeyondTrust 0day
• Sophos Firewall CVSS 9.8 bulletin