Three Buddy Problem

Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco’s 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide. Plus, Cisco’s controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China’s long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal SectorsMandiant Brickstorm ScannerCisco advisory: Continued Attacks Against Cisco FirewallsNCSC report on Cisco ASA bootkit in the wildU.S. government scrambles to stop new hacking campaign blamed on ChinaUS Secret Service Statement on SIM Farm DiscoveryNYTimes: Cache of Devices Capable of Crashing Cell Network Is Found Near U.N.Airport chaos: Ransomware hits airport check-in systemsNCSC statement: Incident impacting Collins AerospaceGamaredon X Turla collab

Three Buddy Problem - Episode 64: SpyCloud Labs researchers Aurora Johnson and Trevor Hilligoss discuss the world of “internet toilets," the toxic online communities in China where harassment, stalking, and sextortion thrive. We explore how these groups operate, from doxing ex-lovers and enemies to running coordinated campaigns of cyberbullying that often spill into real-world harm. (Recorded at LABScon 2025). Cast: Aurora Johnson, Trevor Hilligoss, Ryan Naraine and Juan Andres Guerrero-Saade.Links:Plunging China's internet toilets (LABScon)SpyCloud Labs

Three Buddy Problem - Episode 63: Co-founder of the Vertex Project Visi Stark joins the buddies to reminisce about his work writing Mandiant's famous APT1 report, the China-nexus threat landscape, the value of cyber threat intelligence, APT-naming schemes, and more... (Recorded at LABScon 2025) Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Visi Stark.Links:How the Infamous APT-1 Report Exposing China’s PLA Hackers Came to BeMandiant APT1 ReportA guide to U.S. allegations of China cyberspyingThe Vertex ProjectLABScon 2025Visi Stark on LinkedInLABScon 2025: Plunging the Internet Toilets in ChinaAurora Johnson on TwitterTrevor Hilligoss

Three Buddy Problem - Episode 62: Lindsay Freeman, Director of the Technology, Law & Policy program at the Human Rights Center, UC Berkeley School of Law, joins the show to discuss her team's meticulous work to document the Wagner Group's chain of command, military operations in parts of Africa, and the broadcasting of war crimes on social media platforms like Telegram. (Recorded at LABScon 2025) Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Lindsay Freeman.Links:LABScon Speaker 2025: Lindsay FreemanWar Crimes for Fun and Profit (Lawfare)Mali: Army, Wagner Group Atrocities Against CiviliansThe Wagner Group’s Atrocities in Africa: Lies and Truth Massacres, Executions, and Falsified Graves: The Wagner Group’s Mounting Humanitarian Cost in Mali

The podcast dives into recent software supply chain breaches, raising alarms about security vulnerabilities at major companies. They explore Apple's new Memory Integrity Enforcement technology and its potential against spyware attacks. The discussion also critiques China's role in global tech security, touching on ethical dilemmas faced by American firms. Lastly, there's an engaging debate on a controversial Huntress disclosure, underscoring the complexities of transparency in cybersecurity.

The podcast dives into the implications of the Salt Typhoon advisory, analyzing its delayed release and useful insights for defenders. Discussion revolves around Google’s new cyber disruption unit and the ethical dilemmas it presents. The role of AI in enhancing threat detection is examined, along with the troubling vulnerabilities in WhatsApp that threaten user security. Additional topics include a new Chinese APT report, Amazon's disruption of APT29, and the importance of precise terminology in understanding evolving cyber threats.

The latest discussion dives into Apple's emergency iOS patch and the implications of zero-click threats. The speakers highlight the murky waters of cybersecurity, exploring how nation-states exploit vulnerabilities and the blurred lines between crime and advanced persistent threats. A hot topic is the debate over Microsoft's restrictive access for Chinese vendors and the controversial idea of 'letters of marque' for cyber offense. The episode wraps up with insights into ransomware threats and the challenges of legacy devices, stressing the need for innovative security solutions.

The hosts dive into the challenges of scaling tech products within large corporations like Microsoft while navigating corporate politics. They explore the AI startup boom and its risks, likening it to the dot-com bubble. The conversation shifts to the geopolitical landscape of GPU technology and export controls, particularly regarding China. They scrutinize recent cybersecurity vulnerabilities and their implications for national security, highlighting urgent privacy issues. The hosts also tease an upcoming live event, blending anticipation with humor.

Brandon Dixon, a veteran in the threat intelligence community and former Microsoft employee, dives into the intersection of AI and cybersecurity. He discusses Google's Big Sleep project and the potential of AI in code analysis and automation. The conversation critiques modern software development inefficiencies and the impact of corporate acquisitions on cybersecurity tools. Dixon emphasizes the need for collaboration between tech giants and the community while exploring the future of SOC automation and geopolitical issues affecting AI technologies.

Dakota Cary, a China-focused consultant at SentinelOne and a fellow at the Atlantic Council, dives deep into the dark waters of China's cyber ecosystem. He sheds light on APT contractors and their links to espionage-as-a-service. The discussion reveals the intricate ties between hackers and the state security apparatus, complicating attribution efforts. Cary reflects on the need for a cultural shift in U.S. intelligence to tackle these evolving threats while also examining the geopolitical fallout of recent cyber intrusions targeting places like Singapore.