About this episode
Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco’s 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide.
Plus, Cisco’s controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China’s long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal SectorsMandiant Brickstorm ScannerCisco advisory: Continued Attacks Against Cisco FirewallsNCSC report on Cisco ASA bootkit in the wildU.S. government scrambles to stop new hacking campaign blamed on ChinaUS Secret Service Statement on SIM Farm DiscoveryNYTimes: Cache of Devices Capable of Crashing Cell Network Is Found Near U.N.
