Security Conversations publik
[search 0]
Lebih
Unduh Aplikasinya!
show episodes
 
Security Conversations is a series of podcasts covering threat intelligence and the business of cybersecurity, from the lens of veteran journalist and storyteller Ryan Naraine. The Three Buddy Problem show features conversations and debates on nation-state APTs, cyberespionage, spy tradecraft, cryptocurrency theft, advancements in offensive research and targeted malware espionage activity. Connect with Ryan on Twitter (Open DMs).
  continue reading
 
Welcome to “In the News - Conversations Around Security”, the podcast where we examine the news through a security lens. Tune in for an engaging and informative conversation about the future of security. And don’t forget to subscribe to our channel, like us, and leave comments below. We would love to hear your thoughts and feedback. Thanks for listening
  continue reading
 
Loading …
show series
 
Three Buddy Problem - Episode 26: We discuss the discovery of a Palo Alto network firewall attack and a stealthy network edge device backdoor (LITTLELAMB.WOOLTEA), the Cyberhaven hack and the shady world of browser extensions, and a look back at the top research projects that caught our attention in 2025. Cast: Juan Andres Guerrero-Saade, Costin Ra…
  continue reading
 
Three Buddy Problem - Episode 26: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite. Plus, thoughts on the US government’s controver…
  continue reading
 
Three Buddy Problem - Episode 25: An update on Romania’s cancelled election, the implications of TikTok on democratic processes, and the broader issues around surveillance capitalism and micro-targeting. Plus, news on Turla piggybacking on cybercriminal malware to hit Ukraine, the return of Careto and the absence of IOCs, Claroty report on an Iran-…
  continue reading
 
Three Buddy Problem - Episode 24: In this episode, we did into Lumen/Microsoft’s revelations on Russia's Turla APT stealing from a Pakistani APT, and issues around fourth-party espionage and problems with threat actor attribution. We also discuss Citizen Lab’s findings on Monokle-like spyware implanted by Russian authorities, the slow pace of Salt …
  continue reading
 
Three Buddy Problem - Episode 23: Volexity founder Steven Adair joins the show to explore the significance of memory analysis and the technical challenges associated with memory dumping and forensics. We dig into Volexity’s “nearest neighbor” Wi-Fi hack discovery, gaps in EDR detection and telemetry, and some real-talk on the Volt Typhoon intrusion…
  continue reading
 
Episode sponsors: Binarly (https://binarly.io) Binary Risk Hunt (https://risk.binarly.io) In this reboot of the Security Conversations interview series, Foundation Capital partner Sid Trivedi weighs in on major changes to the RSA Innovation Sandbox, the mandatory $5M uncapped SAFE investment for all 10 finalists, and red-flag concerns around discou…
  continue reading
 
Three Buddy Problem - Episode 22: We discuss Volexity’s presentation on Russian APT operators hacking Wi-Fi networks in “nearest neighbor attacks,” the Chinese surveillance state and its impact on global security, the NSA's strange call for better data sharing on Salt Typhoon intrusions, and the failures of regulatory bodies to address cybersecurit…
  continue reading
 
Three Buddy Problem - Episode 21: We dig into an incredible government report on Iranian hacking group Emennet Pasargad and tradecraft during the Israel/Hamas war, why Predatory Sparrow could have been aimed at deterrence in cyber, and the FBI/CISA public confirmation of the mysterious Salt Typhoon hacks. Plus, discussion on hina’s cyber capabiliti…
  continue reading
 
Three Buddy Problem - Episode 20: We revisit the ‘hack-back’ debate, the threshold for spying on adversaries, Palo Alto watching EDR bypass research to track threat actors, hot nuggets in Project Zero’s Clem Lecinge’s Hexacon talk, Apple’s new iOS update rebooting iPhones in law enforcement custody, the mysterious GoblinRAT backdoor, and physical ‘…
  continue reading
 
Three Buddy Problem - Episode 19: We explore Ivan Kwiatkowski’s essay on the limits of threat intelligence, Sophos using kernel implants to surveil Chinese hackers, the concept of ‘hack-back’ and legal implications, geopolitical layers of cyber espionage, CIA malware in Venezuela, Vatican/Mossad mentioned in high-profile Italy hacks, and Canada bra…
  continue reading
 
🌟 New Episode Alert! 🌟 Join us for Episode 3 of Season 2 of In the News: Conversations Around Security! This episode, we're diving into the "new normal" as we explore the rising challenges of declining social conditions and public safety. With increasing protest activity, calls for change, and rising crime, how can we continue to keep the public sa…
  continue reading
 
Three Buddy Problem - Episode 18: This week’s show covers the White House's new Traffic Light Protocol (TLP) guidance, Reuters expose of Appin as a hack-for-hire mercenary company, Fortinet zero-day exploitation and missing CSRB investigations, major cryptocurrency heists, Apple opening Private Cloud Compute to public inspection, Russians removed f…
  continue reading
 
Three Buddy Problem - Episode 17: News of a wiper malware attack in Israel implicating ESET, threats from wartime hacktivists, China's strange response to Volt Typhoon attribution and Section 702 messaging, an IE zero-day discovery and web browser rot in South Korea, the ongoing isolation of Kaspersky due to sanctions, and the geopolitical influenc…
  continue reading
 
Welcome to Season 2, Episode 2 of “In the News - Conversations Around Security.” In this episode, “From Protests to Chaos: The Impact of Government Inaction” we delve into a critical and timely issue: how government inaction and lack of leadership have emboldened protestors. What began as pro-Palestinian protests have now escalated into calls for C…
  continue reading
 
Three Buddy Problem - Episode 16: We break down the new GCHQ advisory on the history and tactics of Russia’s APT29, the challenges of tracking and defending against these sophisticated espionage programs, the mysterious Salt Typhoon intrusions, the absence of technical indicators (IOCs), the risks of supply chain attacks. We also touch on the surge…
  continue reading
 
Three Buddy Problem - Episode 15: Juanito checks in from Virus Bulletin with news on the return of Careto/Mask, a ‘milk-carton’ APT linked to Spain. We also cover the latest controversy surrounding IDA Pro's subscription model, a major new YARA update, and ongoing issues with VirusTotal's value and pricing. The conversation shifts to North Korean c…
  continue reading
 
Welcome to In the News: Conversations Around Security! In our exciting new season, we’re diving into the dynamic world of global protests and their far-reaching impacts on local businesses and communities. As movements ignite change around the globe, we’ll explore how these powerful events reshape our neighborhoods, challenge local establishments, …
  continue reading
 
Three Buddy Problem - Episode 14: The buddies are back together for a discussion on Juan’s LABScon keynote and mental health realities, Microsoft rewriting the Windows Recall security architecture, a new CVSS 9.9 Linux CUPS flaw, Kaspersky's controversial transition to Ultra AV, and the intelligence operations surrounding exploding pagers in Lebano…
  continue reading
 
Three Buddy Problem - Episode 13: This is a special edition of the show, featuring Juan Andres Guerrero-Saade's full keynote day remarks at LABScon2024. In this talk, Juanito addresses the current state of the threat intelligence industry, expressing a need for a difficult conversation about its direction and purpose. He discusses feelings of disen…
  continue reading
 
Three Buddy Problem - Episode 12: Gabriel Bernadett-Shapiro joins the show for an extended conversation on artificial intelligence and cybersecurity. We discuss the hype around OpenAI's new o1 model, AI chain-of-thought reasoning and security use-cases, pervasive chatbots and privacy concerns, and the ongoing debate between open source and closed s…
  continue reading
 
Three Buddy Problem - Episode 11: Russia's notorious GRU Unit 29155 (previously tied to assassinations, poisonings and coup attempts) now blamed for destructive cyberattacks for sabotage; FBI and DOJ take down 'Doppelganger' network spreading Russian propaganda; CISA's budget, staff, advisories and YARA rules; Influence Operations 2.0; prolific Chi…
  continue reading
 
Three Buddy Problem - Episode 10: Top stories this week -- Volt Typhoon zero-day exploitation of Versa Director servers, Chinese APT building botnets with EOL routers, the gap in security solutions for network devices and appliances, Russia's APT29 (Midnight Blizzard) caught reusing exploits from NSO Group and Intellexa, Microsoft’s upcoming Window…
  continue reading
 
Three Buddy Problem - Episode 9: On this episode, we look at the hacking scene in Taiwan, the sad state of visibility into big malware campaigns, the absence of APTs linked to the prolific MIVD Dutch intelligence agency, the blurring lines between big ransomware heists and nation-state actors caught using ransomware as a tool for sabotage and misat…
  continue reading
 
Three Buddy Problem - Episode 8: This week’s show digs into Microsoft’s in-the-wild zero-day woes, Patch Tuesday and the absence of IOCs, a wormable Windows TCP/IP flaw that the Chinese government knew about for months, Iran’s aggressive hacking US election targets, CrowdStrike v Qihoo360 and major problems with APT naming conventions. Hosts: Costi…
  continue reading
 
Three Buddy Problem - Episode 7: In this episode, we try to close the book on the CrowdStrike Windows BSOD story, Microsoft VP David Weston’s technical documentation and issues around kernel access and OS resilience. We also discuss Binarly’s PKFail research, secure boot bypasses, Dan Geer and tech monoculture, software vendor liability issues and …
  continue reading
 
Three Buddy Problem - Episode 6: As the dust settles on the CrowdStrike incident that blue-screened 8.5 million Windows computers worldwide, we dig into CrowdStrike’s preliminary incident report, the lack of transparency in the update process and the need for more robust testing and validation. We also discuss Microsoft's responsibility to avoid in…
  continue reading
 
Three Buddy Problem - Episode 5: Hot off the press, we dive into the news of the CrowdStrike software update that caused blue screens on computers worldwide, the resulting chaos and potential connections to the Microsoft 365 outage, the fragility of modern computing and the risks of new software paradigms. We also discuss the AT&T mega-breach and t…
  continue reading
 
Three Buddy Problem - Episode 4: The boys delve into the massive AT&T call logs breach, the Snowflake incidents and the notion of shared-fate/shared responsibilities; news on fresh Apple notifications about mercenary spyware on iPhones and the effectiveness of notifications for different types of controversial targets. Plus, thoughts on Microsoft's…
  continue reading
 
The 'Three Buddy Problem' Podcast Episode 3: Former NSA computer scientist Dave Aitel (Immunity Inc., Cordyceps Systems) joins Juan Andres Guerrero-Saade for a frank discussion on the OpenSSH unauthenticated remote code execution vulnerability and the challenges around patching and exploitation, the CISA 'secure-by-design' pledge and its impact on …
  continue reading
 
Welcome to another episode of In the News, your source for in-depth analysis of the most pressing geopolitical events. Today, we tackle a crucial and sensitive topic: the alarming rise of antisemitism in Canada and its nexus to national security. As tensions in Gaza escalate, we’re seeing ripple effects here at home, with foreign interference poten…
  continue reading
 
The 'Three Buddy Problem' Podcast Episode 2: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade go all-in on the discussion around Google Project Zero disrupting counter-terrorism malware operations. A deep dive on disruption vs exposure, the effects of US government sanctions on private mercenary hacking companies, hypocricy and the tricky r…
  continue reading
 
Welcome to Episode 1 of a brand new cybersecurity podcast discussing the biggest news stories of the week. Ryan Naraine hosts a fast-moving conversation with Juan Andres Guerrero-Saade (LABScon) and Costin Raiu (Art of Noh) on the Microsoft Recall debacle, the dark patterns emerging as big-tech embraces AI, Brad Smith's testimony and the lingering …
  continue reading
 
Welcome to “In the News: Conversations Around Security,” where we dive deep into pressing issues affecting public safety. In today’s episode, we explore the growing trend of protest encampments and the security risks they pose. From urban spaces to grassroots movements, we’ll discuss how these camps impact both residents and the broader community. …
  continue reading
 
In this riveting episode of "In the News - Conversations Around Security," we dive deep into Ontario's security landscape with esteemed guest Paul Carson from the Security Guard Association of Ontario. Tune in as we dissect the pressing issue of the absence of standards and regulations within the security sector, a concern that's fostering heighten…
  continue reading
 
In this episode we dive into a complex and timely issue: foreign influence on Canada. There's growing concern about the influence of foreign powers over Canada, particularly in recent elections. The leveraging of hybrid warfare which combines traditional military means with cyberattacks, disinformation campaigns, and social media manipulation, are …
  continue reading
 
In this episode, we delve into the intricate interplay between global events and their profound impact on local public safety. Join us as we dissect the complex web of connections between international affairs and everyday security concerns. Our discussion uncovers how events on the world stage reverberate within our communities, influencing polici…
  continue reading
 
Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) XZ.fail backdoor detector (https://xz.fail) Cris Neckar is a veteran security researcher now working as a partner at Two Bear Capital. In this episode, he reminisces on the early days of hacking at Neohapsis, his time on the Google Chrome security team, shenanigans at…
  continue reading
 
Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) XZ.fail backdoor detector (https://xz.fail) Malware paleontologist Costin Raiu returns for an emergency episode on the XZ Utils software supply chain backdoor. We dig into the timeline of the attack, the characteristics of the backdoor, affected Linux distributions, a…
  continue reading
 
In the News hosts Luciano Cedrone and Brian Claman bring back retired Toronto Police Superintendent Bill Neadles to talk about the challenges of prioritizing public safety in the face of large, disruptive and often confrontational protests that have been popping up across the country since the Oct 7th attacks on Israel and the on-going war in Gaza.…
  continue reading
 
In the News hosts Luciano Cedrone and Brian Claman bring back retired Toronto Police Superintendent Bill Neadles to talk about the challenges of prioritizing public safety in the face of large, disruptive and often confrontational protests that have been popping up across the country since the Oct 7th attacks on Israel and the on-going war in Gaza.…
  continue reading
 
On Oct 7, 2023, Hamas unleashed the biggest surprise attack in Israel's history. In this episode we bring you important insights and analysis about the conflict from one of Canada's foremost resources on intelligence; Phil Gurski. Our hosts, Luciano Cedrone and Brian Claman talk with Phil about the implications of Hamas’ surprise attack on Israel, …
  continue reading
 
Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Katie Moussouris founded Luta Security in 2016 and bootstrapped it into a profitable business with a culture of equity and healthy boundaries. She is a pioneer in the world of bug bounties and vulnerability disclosure and serves in multiple…
  continue reading
 
Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Costin Raiu has spent a lifetime in anti-malware research, working on some of the biggest nation-state APT cases in history, including Stuxnet, Duqu, Equation Group, Red October, Turla and Lazarus. In this exit interview, Costin digs into w…
  continue reading
 
On Oct 7, 2023, Hamas unleashed the biggest surprise attack in Israel's history. In this episode we bring you important insights and analysis about the conflict from one of Canada's foremost resources on intelligence; Phil Gurski. Our hosts, Luciano Cedrone and Brian Claman talk with Phil about the implications of Hamas’ surprise attack on Israel, …
  continue reading
 
Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Danny Adamitis is a principal information security engineer at Black Lotus Labs, the threat research division within Lumen Technologies. On this episode of the show, we discuss his team's recent discovery of an impossible-to-kill botnet pac…
  continue reading
 
Welcome to “In the News - Conversations Around Security”, the podcast where we examine the news through a security lens. In this last of a 3 part series we talk to retired Deputy Chief Chris Fernandes about the evolving needs of security in a world of declining resources and increased need. What do these realities mean for the industry? What are th…
  continue reading
 
Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Allison Miller is founder and CEO of Cartomancy Labs and former CISO and VP of Trust at Reddit. She has spent the past 20 years scaling teams and technology at Bank of America, Google, Electronic Arts, PayPal/eBay, and Visa International. I…
  continue reading
 
Welcome to “In the News - Conversations Around Security”, the podcast where we examine the news through a security lens. In episode 2, we continue the discussion around the evolving needs of security and the growing changes that are driving the conversation to transitioning from observe and report models towards engagement capable guarding. What co…
  continue reading
 
Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Rob Ragan, principal architect and security strategist at Bishop Fox, joins the show to share insights on scaling pen testing, the emergence of bug bounty programs, the value of attack surface management, and the role of AI in cybersecurity. We dig into the importance of pro…
  continue reading
 
Welcome to “In the News - Conversations Around Security”, the podcast where we examine the news through a security lens. In this episode, we explore the transition from observe and report security to engagement capable guarding. What does this mean, and why is it important? And what are the benefits and challenges of this shift for the security sec…
  continue reading
 
Loading …

Panduan Referensi Cepat