Three Buddy Problem

Join Juan Andres Guerrero-Saade, a senior threat intelligence researcher renowned for his insights on wartime cyber threats, as he explores the future of cybersecurity. He discusses the shift from chaos to a more sustainable, interconnected approach. Guerrero-Saade highlights the importance of systems thinking and introduces dyadic cybernetics, emphasizing the synergy between human and artificial evaluators. He challenges industry norms, urging practitioners to reclaim their worth and focus on tangible outcomes over mere compliance. It's a thought-provoking call to action in the evolving landscape of security.

Explore the intriguing realm of automated red-teaming and Apple's ambitious $2 million exploit bounties aimed at thwarting spyware brokers. Discover the rise of wireless proximity attacks and the curious case of tactical suitcases for Wi-Fi exploits. The discussion delves into Paragon spyware's targeting of European executives and the controversial NSO Group buyout rumors. Additionally, critiques of Oracle's patch delays and the ethics surrounding journalists on ransomware leak sites spark thoughtful debate.

Chris Eng, an experienced application security leader and former Chief Research Officer at Veracode, shares captivating insights from his extensive cybersecurity career, including his beginnings at the NSA and the founding of Veracode. He discusses the evolution of security culture, the challenges of software supply chains, and why companies must focus on programmatic support instead of just tools. Eng emphasizes the importance of meaningful security metrics for leaders and the impact of AI on development, while offering guidance on vetting AI solutions from startups.

Drones are stirring up chaos across European airports, revealing deeper concerns about hybrid warfare. Oracle faces a severe ransomware crisis linked to unpatched vulnerabilities, raising questions about its security role amidst the TikTok deal. OpenAI unveils Sora 2, promising to reshape social media and creative expression with AI-generated content. Meanwhile, Palo Alto's Phantom Taurus report highlights a concerning new threat landscape, with discussions around Cisco's recent cybersecurity missteps. The U.S. government shutdown adds another layer of complexity for agencies like CISA.

Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco’s 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide. Plus, Cisco’s controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China’s long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal SectorsMandiant Brickstorm ScannerCisco advisory: Continued Attacks Against Cisco FirewallsNCSC report on Cisco ASA bootkit in the wildU.S. government scrambles to stop new hacking campaign blamed on ChinaUS Secret Service Statement on SIM Farm DiscoveryNYTimes: Cache of Devices Capable of Crashing Cell Network Is Found Near U.N.Airport chaos: Ransomware hits airport check-in systemsNCSC statement: Incident impacting Collins AerospaceGamaredon X Turla collab

Three Buddy Problem - Episode 64: SpyCloud Labs researchers Aurora Johnson and Trevor Hilligoss discuss the world of “internet toilets," the toxic online communities in China where harassment, stalking, and sextortion thrive. We explore how these groups operate, from doxing ex-lovers and enemies to running coordinated campaigns of cyberbullying that often spill into real-world harm. (Recorded at LABScon 2025). Cast: Aurora Johnson, Trevor Hilligoss, Ryan Naraine and Juan Andres Guerrero-Saade.Links:Plunging China's internet toilets (LABScon)SpyCloud Labs

Visi Stark, co-founder of the Vertex Project and intelligence expert behind the groundbreaking APT1 report, shares insights from his impactful career in cyber threat intelligence. He discusses the intricate process of selecting data for the report and the philosophy behind its naming. Stark reflects on how APT1 transformed the threat landscape and the challenges of revealing identities. He also critiques the current state of public threat intelligence, exposing the market's influence on reporting standards.

Three Buddy Problem - Episode 62: Lindsay Freeman, Director of the Technology, Law & Policy program at the Human Rights Center, UC Berkeley School of Law, joins the show to discuss her team's meticulous work to document the Wagner Group's chain of command, military operations in parts of Africa, and the broadcasting of war crimes on social media platforms like Telegram. (Recorded at LABScon 2025) Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Lindsay Freeman.Links:LABScon Speaker 2025: Lindsay FreemanWar Crimes for Fun and Profit (Lawfare)Mali: Army, Wagner Group Atrocities Against CiviliansThe Wagner Group’s Atrocities in Africa: Lies and Truth Massacres, Executions, and Falsified Graves: The Wagner Group’s Mounting Humanitarian Cost in Mali

The podcast dives into recent software supply chain breaches, raising alarms about security vulnerabilities at major companies. They explore Apple's new Memory Integrity Enforcement technology and its potential against spyware attacks. The discussion also critiques China's role in global tech security, touching on ethical dilemmas faced by American firms. Lastly, there's an engaging debate on a controversial Huntress disclosure, underscoring the complexities of transparency in cybersecurity.

The podcast dives into the implications of the Salt Typhoon advisory, analyzing its delayed release and useful insights for defenders. Discussion revolves around Google’s new cyber disruption unit and the ethical dilemmas it presents. The role of AI in enhancing threat detection is examined, along with the troubling vulnerabilities in WhatsApp that threaten user security. Additional topics include a new Chinese APT report, Amazon's disruption of APT29, and the importance of precise terminology in understanding evolving cyber threats.