- 113
- 10 251
Ryan Naraine
United States
เข้าร่วมเมื่อ 21 พ.ค. 2010
Ryan Naraine is the host of the Security Conversations, a podcast series covering the business of cybersecurity, from the voice of veteran journalist and storyteller Ryan Naraine. Interviews with hackers, tinkerers, builders and breakers about the state of cybersecurity, with an emphasis on celebrating the work of defenders.
US Treasury hacked via BeyondTrust, MISP and the threat actor naming mess
Three Buddy Problem - Episode 28: In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by a lack of standardization, methodological inconsistencies and skewed, marketing-driven incentives.
Plus, the US Treasury/BeyondTrust hack, the surge in 0day discoveries, a new variant of the Xdr33 CIA Hive malware, and exclusive new information on the Cyberhaven Chrome extension security incident.
Cast: Juan Andres Guerrero-Saade ( juanandres_gs) , Costin Raiu ( craiu) and Ryan Naraine ( ryanaraine) .
Links:
• Transcript (unedited, AI-generated) (docs.google.com/document/d/1Fozuh0j1k3EiKJr8mSxP__6O6dQ3iLgAxeEq8f9GKxI/edit?tab=t.0#heading=h.1u39inyn4ent)
• BeyondTrust statement on hack investigation (www.beyondtrust.com/remote-support-saas-service-security-investigation)
• U.S. Treasury says it was hacked by China-backed actors (archive.ph/0ELY2)
• Another Palo Alto 0day exploited in the wild (security.paloaltonetworks.com/CVE-2024-3393)
• US telcos say they've evicted Salt Typhoon Chinese hackers (www.reuters.com/technology/cybersecurity/chinese-salt-typhoon-cyberespionage-targets-att-networks-secure-carrier-says-2024-12-29/)
• Google: What is BeyondCorp? (cloud.google.com/beyondcorp)
• Introducing the MISP Threat Actor Naming Standard (www.misp-standard.org/blog/Naming-Threat-Actor/)
• MISP: Recommendations on Naming Threat Actors (www.misp-standard.org/rfc/threat-actor-naming.html)
• New variant of the CIA HIVE attack kit (x.com/nextronresearch/status/1874690494930014703)
• Xdr33 Variant Of CIA's HIVE Attack Kit Emerges (blog.netlab.360.com/headsup_xdr33_variant_of_ciahive_emeerges/)
• Savvy Seahorse connection to Cyberhaven incident (blogs.infoblox.com/threat-intelligence/beware-the-shallow-waters-savvy-seahorse-lures-victims-to-fake-investment-platforms-through-facebook-ads/)
• US sanctions China's Integrity Technology over Flax Typhoon hacks (www.reuters.com/technology/cybersecurity/us-issues-cybersecurity-sanctions-against-chinas-integrity-technology-2025-01-03/)
• Operation Aurora (en.wikipedia.org/wiki/Operation_Aurora)
• APT1 Exposing One of China’s Cyber Espionage Units (www.mandiant.com/sites/default/files/2021-09/mandiant-apt1-report.pdf)
Plus, the US Treasury/BeyondTrust hack, the surge in 0day discoveries, a new variant of the Xdr33 CIA Hive malware, and exclusive new information on the Cyberhaven Chrome extension security incident.
Cast: Juan Andres Guerrero-Saade ( juanandres_gs) , Costin Raiu ( craiu) and Ryan Naraine ( ryanaraine) .
Links:
• Transcript (unedited, AI-generated) (docs.google.com/document/d/1Fozuh0j1k3EiKJr8mSxP__6O6dQ3iLgAxeEq8f9GKxI/edit?tab=t.0#heading=h.1u39inyn4ent)
• BeyondTrust statement on hack investigation (www.beyondtrust.com/remote-support-saas-service-security-investigation)
• U.S. Treasury says it was hacked by China-backed actors (archive.ph/0ELY2)
• Another Palo Alto 0day exploited in the wild (security.paloaltonetworks.com/CVE-2024-3393)
• US telcos say they've evicted Salt Typhoon Chinese hackers (www.reuters.com/technology/cybersecurity/chinese-salt-typhoon-cyberespionage-targets-att-networks-secure-carrier-says-2024-12-29/)
• Google: What is BeyondCorp? (cloud.google.com/beyondcorp)
• Introducing the MISP Threat Actor Naming Standard (www.misp-standard.org/blog/Naming-Threat-Actor/)
• MISP: Recommendations on Naming Threat Actors (www.misp-standard.org/rfc/threat-actor-naming.html)
• New variant of the CIA HIVE attack kit (x.com/nextronresearch/status/1874690494930014703)
• Xdr33 Variant Of CIA's HIVE Attack Kit Emerges (blog.netlab.360.com/headsup_xdr33_variant_of_ciahive_emeerges/)
• Savvy Seahorse connection to Cyberhaven incident (blogs.infoblox.com/threat-intelligence/beware-the-shallow-waters-savvy-seahorse-lures-victims-to-fake-investment-platforms-through-facebook-ads/)
• US sanctions China's Integrity Technology over Flax Typhoon hacks (www.reuters.com/technology/cybersecurity/us-issues-cybersecurity-sanctions-against-chinas-integrity-technology-2025-01-03/)
• Operation Aurora (en.wikipedia.org/wiki/Operation_Aurora)
• APT1 Exposing One of China’s Cyber Espionage Units (www.mandiant.com/sites/default/files/2021-09/mandiant-apt1-report.pdf)
มุมมอง: 1
วีดีโอ
Palo Alto network edge device backdoor, Cyberhaven browser extension hack, 2024 research highlights
มุมมอง 34316 ชั่วโมงที่ผ่านมา
Three Buddy Problem - Episode 26: We discuss the discovery of a Palo Alto network firewall attack and a stealthy network edge device backdoor (LITTLELAMB.WOOLTEA), the Cyberhaven hack and the shady world of browser extensions, and a look back at the top research projects that caught our attention in 2025. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.
Palo Alto network edge device backdoor, Cyberhaven browser extension hack, 2024 research highlights
มุมมอง 8616 ชั่วโมงที่ผ่านมา
Three Buddy Problem - Episode 27: We discuss the discovery of a Palo Alto network firewall attack and a stealthy network ed ge device backdoor (LITTLELAMB.WOOLTEA), the Cyberhaven hack and the shady world of browser extensions, and a look back at the top research projects that caught our attention in 2025. Cast: Juan Andres Guerrero-Saade ( juanandres_gs) , Costin Raiu ( c...
US government’s VPN advice, dropping bombs on ransomware gangs
มุมมอง 118วันที่ผ่านมา
Three Buddy Problem - Episode 26: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite. Plus, thoughts on the US government’s controversial guidance on VPNs, Chinese reports on US in...
US government's VPN advice, dropping bombs on ransomware gangs
มุมมอง 38วันที่ผ่านมา
Three Buddy Problem - Episode 26: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite. Plus, thoughts on the US government’s controversial guidance on VPNs, Chinese reports on US in...
Surveillance economics, Turla and Careto, and the AI screenshots nobody asked for
มุมมอง 22214 วันที่ผ่านมา
Three Buddy Problem - Episode 25: An update on Romania’s cancelled election, the implications of TikTok on democratic processes, and the broader issues around surveillance capitalism and micro-targeting. Plus, news on Turla piggybacking on cybercriminal malware to hit Ukraine, the return of Careto and the absence of IOCs, Claroty report on an Iran-linked cyberweapon targeting critical infrastru...
Surveillance economics, Turla and Careto, and the AI screenshots nobody asked for
มุมมอง 5321 วันที่ผ่านมา
Three Buddy Problem - Episode 25: An update on Romania’s cancelled election, the implications of TikTok on democratic processes, and the broader issues around surveillance capitalism and micro-targeting. Plus, news on Turla piggybacking on cybercriminal malware to hit Ukraine, the return of Careto and the absence of IOCs, Claroty report on an Iran-linked cyberweapon targeting critical infrastru...
Inside the Turla Playbook: Hijacking APTs and fourth-party espionage
มุมมอง 14021 วันที่ผ่านมา
Three Buddy Problem - Episode 24: In this episode, we dig into Lumen/Microsoft’s revelations on Russia's Turla APT stealing from a Pakistani APT, and issues around fourth-party espionage and problems with threat actor attribution. We also discuss Citizen Lab’s findings on Monokle-like spyware implanted by Russian authorities, the slow pace of Salt Typhoon disinfection, the Solana web3.js supply...
Inside the Turla Playbook: Hijacking APTs and fourth-party espionage
มุมมอง 6821 วันที่ผ่านมา
Three Buddy Problem - Episode 24: In this episode, we did into Lumen/Microsoft’s revelations on Russia's Turla APT stealing from a Pakistani APT, and issues around fourth-party espionage and problems with threat actor attribution. We also discuss Citizen Lab’s findings on Monokle-like spyware implanted by Russian authorities, the slow pace of Salt Typhoon disinfection, the Solana web3.js supply...
Volexity’s Steven Adair on Russian Wi-Fi hacks, appliance 0day attacks, network inspectability
มุมมอง 182หลายเดือนก่อน
Three Buddy Problem - Episode 23: Volexity founder Steven Adair joins the show to explore the significance of memory analysis and the technical challenges associated with memory dumping and forensics. We dig into Volexity’s “nearest neighbor” Wi-Fi hack discovery, gaps in EDR detection and telemetry, and some real-talk on the Volt Typhoon intrusions. We also cover news on a Firefox zero-day exp...
Three Buddy Problem (Episode 9)
มุมมอง 69หลายเดือนก่อน
On this episode, we look at the hacking scene in Taiwan, the sad state of visibility into big malware campaigns, the absence of APTs linked to the prolific MIVD Dutch intelligence agency, the blurring lines between big ransomware heists and nation-state actors caught using ransomware as a tool for sabotage and misattribution. Plus, Chinese mobile OS vendor Xiaoimi caught disabling parts of its ...
Three Buddy Problem: Volt Typhoon zero-day, Russia reusing spyware exploits, Pavel Durov arrest
มุมมอง 93หลายเดือนก่อน
Three Buddy Problem Episode 10 Top stories this week - Volt Typhoon zero-day exploitation of Versa Director servers, Chinese APT building botnets with EOL routers, the gap in security solutions for network devices and appliances, Russia's APT29 (Midnight Blizzard) caught reusing exploits from NSO Group and Intellexa, Microsoft’s upcoming Windows endpoint security summit in response to the Crowd...
Exploding beepers, critical CUPS flaws, Windows Recall rebuilt for security
มุมมอง 40หลายเดือนก่อน
Three Buddy Problem - Episode 14: The buddies are back together for a discussion on Juan’s LABScon keynote and mental health realities, Microsoft rewriting the Windows Recall security architecture, a new CVSS 9.9 Linux CUPS flaw, Kaspersky's controversial transition to Ultra AV, and the intelligence operations surrounding exploding pagers in Lebanon. (This episode is dedicated to the memory of ...
Careto returns, IDA Pro pricing controversy, crypto’s North Korea problem
มุมมอง 94หลายเดือนก่อน
Careto returns, IDA Pro pricing controversy, crypto’s North Korea problem
ESET Israel wiper malware, China's Volt Typhoon response, Kaspersky sanctions and isolation
มุมมอง 91หลายเดือนก่อน
ESET Israel wiper malware, China's Volt Typhoon response, Kaspersky sanctions and isolation
Fortinet 0days, Appin hack-for-hire exposé, crypto heists, Russians booted from Linux kernel
มุมมอง 139หลายเดือนก่อน
Fortinet 0days, Appin hack-for-hire exposé, crypto heists, Russians booted from Linux kernel
The Sophos kernel implant, ‘hack-back’ implications, CIA malware in Venezuela
มุมมอง 111หลายเดือนก่อน
The Sophos kernel implant, ‘hack-back’ implications, CIA malware in Venezuela
Mysterious rebooting iPhones, EDR vendors spying on hackers, Bitcoin ‘meatspace’ attacks
มุมมอง 214หลายเดือนก่อน
Mysterious rebooting iPhones, EDR vendors spying on hackers, Bitcoin ‘meatspace’ attacks
What happens to CISA now? Is deterrence in cyber possible?
มุมมอง 123หลายเดือนก่อน
What happens to CISA now? Is deterrence in cyber possible?
Russian APT weaponized nearby Wi-Fi networks in DC, new macOS zero-days, DOJ v Chrome
มุมมอง 194หลายเดือนก่อน
Russian APT weaponized nearby Wi-Fi networks in DC, new macOS zero-days, DOJ v Chrome
Sid Trivedi on the RSA Innovation Sandbox $5 million investment gambit
มุมมอง 46หลายเดือนก่อน
Sid Trivedi on the RSA Innovation Sandbox $5 million investment gambit
Volexity’s Steven Adair on Russian Wi-Fi hacks, memory forensics, appliance 0days
มุมมอง 51หลายเดือนก่อน
Volexity’s Steven Adair on Russian Wi-Fi hacks, memory forensics, appliance 0days
Sid Trivedi on the RSA Innovation Sandbox $5 million investment gambit
มุมมอง 39หลายเดือนก่อน
Sid Trivedi on the RSA Innovation Sandbox $5 million investment gambit
Russian APT weaponized nearby Wi-Fi networks in DC, new macOS zero-days, DOJ v Chrome
มุมมอง 114หลายเดือนก่อน
Russian APT weaponized nearby Wi-Fi networks in DC, new macOS zero-days, DOJ v Chrome
What happens to CISA now? Is deterrence in cyber possible?
มุมมอง 106หลายเดือนก่อน
What happens to CISA now? Is deterrence in cyber possible?
Mysterious rebooting iPhones, EDR vendors spying on hackers, Bitcoin 'meatspace' attacks
มุมมอง 88หลายเดือนก่อน
Mysterious rebooting iPhones, EDR vendors spying on hackers, Bitcoin 'meatspace' attacks
The Sophos kernel implant, 'hack-back' implications, CIA malware in Venezuela
มุมมอง 1642 หลายเดือนก่อน
The Sophos kernel implant, 'hack-back' implications, CIA malware in Venezuela
Fortinet 0days, Appin hack-for-hire exposé, crypto heists, Russians booted from Linux kernel
มุมมอง 1092 หลายเดือนก่อน
Fortinet 0days, Appin hack-for-hire exposé, crypto heists, Russians booted from Linux kernel
ESET Israel wiper malware, China's Volt Typhoon response, Kaspersky sanctions and isolation
มุมมอง 192 หลายเดือนก่อน
ESET Israel wiper malware, China's Volt Typhoon response, Kaspersky sanctions and isolation
What’s the matter you guys got a face for radio, come on now…
Came back to see Juan's blanket 😂
No more video?
just now coming across your work, love the podcast content. you should have a talk with grugq
thank you for listening. we're all fans of thegrugq
Glad you finally got the video up!
gg
In 10 years when historians come back to this podcast series and listen to this episode they will realize that the "hack-back" topic took a major pivot because it went from being a binary, "should they, shouldn't they" topic to a broader discussion about what is possible and what the impacts will be. Hacking back is being done, will increasingly be done, and we need to keep discussing what we want the norms to be.
Great questions!
Your the jerk that locks my account saying Google detects that I been hacked...when I am just trying to avoid being tracked by Google.
So you're CIA?
Really enjoyed this, thank you.
I bow down to her greatness
Stop interrupting people when they barely start talking man
I am a fan of Maddie
Shane is one of the best.