Typhoons and Blizzards: Cyberespionage and national security on front burner

Three Buddy Problem - Episode 16: We break down the new GCHQ advisory on the history and tactics of Russia’s APT29, the challenges of tracking and defending against these sophisticated espionage programs, the mysterious Salt Typhoon intrusions, the absence of technical indicators (IOCs), the risks of supply chain attacks. We also touch on the surge in zero-day discoveries, the nonstop flow of exploited Ivanti security bugs, and why the CSRB should investigate these network edge device and appliance vendors. Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).Links:NCSC exposé on SVR/APT29 history and tacticsAPT29 / Midnight BlizzardVIDEO: A Surprise Encounter With A Telco APTThe Athens Affair - IEEE Spectrum — How some extremely smart hackers pulled off the most audacious cell-network break-in everWikipedia: The Athens AffairWSJ report on Salt Typhoon hacksIn-the-wild zero-day counterMicrosoft Confirms Exploited Zero-Day in Windows Management Console

Om Podcasten

The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs).