Three Buddy Problem

Juan Andres Guerrero-Saade, a cyber warfare expert from SentinelLabs, dives into the ominous role of Russia's GRU Unit 29155 in cyberattacks, linking them to broader military strategies. The conversation highlights the evolution of military ops, from failed assassinations to sophisticated cyber tactics. They discuss the implications of low-level cyber indictments and the challenges of organizational effectiveness within CISA. Guerrero-Saade also sheds light on North Korean hackers' rise in sophistication and the complexities of misinformation in today's digital landscape.

Joining the discussion is Pavel Durov, founder of Telegram and recently arrested in France. They dive into the alarming Volt Typhoon zero-day vulnerability and its impact on critical infrastructure. The talk then shifts to Russia's APT29 reusing exploits from notorious spyware vendors, highlighting the blurred lines between ransomware and state-sponsored threats. Durov's situation raises critical questions about digital security and disinformation, emphasizing the dual nature of platforms like Telegram amid rising cybersecurity concerns.

Explore the intricate world of cybersecurity where nation-state actors blur the lines with ransomware, turning it into a tool for espionage. Dive into the hacking culture in Taiwan and the visibility challenges surrounding Advanced Persistent Threats (APTs). Discover the ethical dilemmas and complexities nations face in identifying cyber threats, alongside the controversial tactics of Xiaomi during hacking competitions. It's a thrilling journey through the evolving landscape of cyber threats and the geopolitical tensions shaping it all.

The discussion dives into Microsoft's troubling zero-day vulnerabilities, including a wormable TCP/IP flaw known to China for months. The hosts reflect on the challenges of Patch Tuesday and the issues surrounding naming conventions for cyber threats. They touch on the increasing cyber aggression from Iran targeting US elections, and dissect conflicting claims from major cybersecurity firms. The conversation also highlights the geopolitical implications of cyber activities and stresses the importance of clarity in vulnerability reporting.

The discussion dives deep into CrowdStrike's Windows BSOD saga and the intricacies of kernel access. A critical look at the PKFail research reveals serious vulnerabilities in secure boot technology. Listeners are intrigued by cyber sabotage linked to European train services and the historical cyber attacks related to the Olympics, particularly with Russian involvement. The conversation emphasizes the need for transparency in cybersecurity and the growing importance of software vendor liability amid increasing geopolitical tensions.

The podcast dives into the chaos caused by a CrowdStrike update that blue-screened millions of Windows systems, spotlighting the urgent need for better testing. It questions Microsoft's handling of EDR agents and the responsibilities tied to kernel access. A discussion on Mandiant's report reveals insights into North Korean cyber threat tactics. The hosts critique cybersecurity reporting and explore the implications of the NSO Group lawsuits on tech giants. Overall, it's a gripping look at the intersection of cybersecurity failures and corporate accountability.

Discussion on CrowdStrike's faulty update causing global network shutdowns and potential ties to Microsoft 365 outage. AT&T mega breach and ransom paid, FBI accessing password-protected phone, rising prices of zero-click exploits, and APT 41's expanding targets. Plus, teaser on upcoming keynote speakers at LabsCon 2024.

Three Buddy Problem - Episode 4: The boys delve into the massive AT&T call logs breach, the Snowflake incidents and the notion of shared-fate/shared responsibilities; news on fresh Apple notifications about mercenary spyware on iPhones and the effectiveness of notifications for different types of controversial targets. Plus, thoughts on Microsoft's zero-day disclosures and useless Patch Tuesday bulletins, AI-powered disinformation campaigns, and the US government's malware sharing initiative fading away. Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek).Links:Transcript (unedited, AI-generated)AT&T SEC Filing on mega-breachCNN: Nearly all AT&T call and text records exposed in a massive breachApple warns iPhone users in 98 countries of spywareIndia targets Apple over its phone hacking notificationsHyper-V zero-day exploited in the wildLABScon Program Committee

The 'Three Buddy Problem' Podcast Episode 3: Former NSA computer scientist Dave Aitel (Immunity Inc., Cordyceps Systems) joins Juan Andres Guerrero-Saade for a frank discussion on the OpenSSH unauthenticated remote code execution vulnerability and the challenges around patching and exploitation, the CISA 'secure-by-design' pledge and its impact on software vendor practices, Microsoft lobbying and the CSRB report, and changing face of government's attempts at cybersecurity regulations. We discuss the disruption caused by political changes and the potential implications for cybersecurity policies, impact from the Supreme Court Chevron ruling, security regulations and the challenges of writing laws for future technology, the role of CISA and its accomplishments, the debate around offensive cyber operations and the responsibility of companies like Google in addressing vulnerabilities. The need for clear separation between counterterrorism and espionage operations is highlighted, as well as the importance of understanding both defensive and offensive perspectives. Costin Raiu is on vacation. Links:Transcript (unedited, AI-generated)Qualys: Remote Unauthenticated Code Execution in OpenSSHCSRB report on Microsoft hackCISA secure-by-design pledgeCCC Talk: Operation Triangulation Lawfare: Responsible Cyber OffenseGoogle: Stop Burning Counterterrorism OperationsFollow Dave Aitel on TwitterJ. A. Guerrero-Saade on TwitterCostin Raiu on TwitterFollow Ryan Naraine (@ryanaraine) on TwitterLABScon - Security Research in Real Time

The 'Three Buddy Problem' Podcast Episode 2: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade go all-in on the discussion around Google Project Zero disrupting counter-terrorism malware operations. A deep dive on disruption vs exposure, the effects of US government sanctions on private mercenary hacking companies, hypocricy and the tricky relationship between malware researchers are the intelligence community, and the lack of 'success stories' from so-called benevolent malware. We also discuss the implications of the TeamViewer breach by a skilled Russian APT, new Microsoft notifications to Midnight Blizzard victims and share thoughts on the Polyfill.io supply chain compromise.Links:Episode transcript (Unedited, AI-generated)Google: Stop Burning Counterterrorism OperationsRussian hackers sanctioned by European CouncilTeamViewer statement on APT29 breachPolyfill supply chain attackRequest a LABScon inviteFollow Costin Raiu on TwitterFollow JAG-S on TwitterFollow Ryan Naraine on Twitter