Aug 30 2024 78 mins 32
Three Buddy Problem - Episode 10: Top stories this week -- Volt Typhoon zero-day exploitation of Versa Director servers, Chinese APT building botnets with EOL routers, the gap in security solutions for network devices and appliances, Russia's APT29 (Midnight Blizzard) caught reusing exploits from NSO Group and Intellexa, Microsoft’s upcoming Windows endpoint security summit in response to the CrowdStrike incident, and the arrest of Telegram’s Pavel Durov in France. Plus, the NSA is launching a podcast.
Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)
Links:
- Transcript (unedited)
- China's Volt Typhoon Exploiting Zero-Day in Servers Used by ISPs, MSPs
- Versa Director Zero-Day Exploitation - Black Lotus Labs
- CVE-2024-39717 – Versa Director Dangerous File Type Upload Vulnerability
- Google TAG: APT29 using same exploits as Intellexa, NSO Group
- Russia's APT29 Reusing Exploits From Spyware Merchants
- Official Pavel Durov charges (PDF)
- WSJ: Pavel Durov's iPhone was hacked by France, UAE
- Microsoft Calls EDR Summit
- NSA to Launch ‘No Such Podcast’
- LABScon 2024 Speakers
- APT29 / Midnight Blizzard
