Salt Typhoon IOCs, Google floats ‘cyber disruption unit’, WhatsApp 0-click

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/6d/de/c8/6ddec851-2ca1-fac2-048b-e738cbee5874/mza_5244608465002210952.jpg/600x600bb.jpg

Three Buddy Problem

Security Conversations

189 episodes

5 days ago

The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs).

All content for Three Buddy Problem is the property of Security Conversations and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

News,

Tech News

https://assets.fireside.fm/file/fireside-images-2024/podcasts/images/5/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/episodes/1/1ec2ef88-a1b1-4df7-b737-24542f8462c8/cover.jpg?v=1

Salt Typhoon IOCs, Google floats ‘cyber disruption unit’, WhatsApp 0-click

Three Buddy Problem

2 hours 24 minutes 48 seconds

2 months ago

Salt Typhoon IOCs, Google floats ‘cyber disruption unit’, WhatsApp 0-click

Three Buddy Problem - Episode 60: We dissect a fresh multi-agency Salt Typhoon advisory (with IOCs and YARA rules!), why it landed late, why the wall of logos matters (and doesn’t), and what’s actually usable for defenders: new YARA, tool hashes, naming ambiguity across reports, the mention of Chinese vendors, and a Dutch note that smaller ISPs were hit.

Plus, Costin details his hunting stack and philosophy (historic IOC/malware hoarding, fast pivots, and AI as analyst “wingman”) and a new Chinese APT report that may intersect with LightBasin and the murky PSOA world.

We also debate Google’s proposed “cyber disruption unit” versus Microsoft’s DCU (legal vs. “ethical” takedowns, PR, and business models); react to Anthropic’s report on real attacker use of Claude; note Amazon’s APT29 watering-hole disruption; and close on a fresh WhatsApp-to-ImageIO zero-click chain and practical phone OPSEC.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links: