Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode, Paul Asadoorian, Vlad Babkin, and Chase Snyder delve into the recent leaks from the Black Basta ransomware group, exploring the implications of the leaked chat logs, the operational tactics of the group, and the evolving landscape of ransomware attacks. The conversation highlights the importance of understanding threat intelligence derived from these leaks, the significance of targeting exposed devices, and the necessity of robust security measures to mitigate risks. In this conversation, the speakers delve into the evolving tactics of ransomware groups, emphasizing the...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode, Paul, Vlad, and Chase discuss the security challenges of Palo Alto devices and network appliances. They explore the vulnerabilities present in these devices, the importance of best practices in device management, and the need for automatic updates. The conversation highlights the evolving nature of firmware vulnerabilities and the necessity for compensating controls to mitigate risks. The hosts emphasize the responsibility of vendors to ensure their products are secure and the need for a shift in user expectations regarding security appliances. In this conversation, the...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode, Paul Asadorian and Chase Snyder discuss the latest security threats and vulnerabilities affecting network appliances, particularly focusing on Avanti and Fortinet platforms. They explore the increasing risks associated with these devices, the need for improved security standards, and the challenges of risk management and visibility in network security. The conversation emphasizes the importance of accountability among vendors and the necessity for customers to demand better security practices. In this conversation, Chase Snyder and Paul discuss the challenges and...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode, Paul Asidorian, Alec Summers, and Lisa Olson discuss the 25th anniversary of the CVE program, its evolution, and the importance of transparency in vulnerability management. They explore the history of CVE, the process of creating CVE records, and the role of CNAs in ensuring accountability. The conversation also addresses challenges related to end-of-life software vulnerabilities and the need for maintaining the integrity of CVE records in an ever-evolving cybersecurity landscape. In this conversation, the speakers discuss the complexities of managing and analyzing...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode, Paul Asadoorian, Allan Alford, and Josh Corman discuss the growing threat posed by China, particularly in the context of cyber operations and geopolitical ambitions. They explore the implications of China's strategies, the vulnerabilities in critical infrastructure, and the need for transparency and trust in digital systems. The conversation highlights the urgency of addressing these threats as they relate to Taiwan and the broader global landscape. In this conversation, the speakers discuss the critical issues surrounding digital infrastructure, emphasizing the...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode, Paul Asadorian, Larry Pesce, and Evan Dornbusch delve into the recent Sophos reports on threat actors, particularly focusing on the Pacific Rim case. They discuss the implications of the findings, including the tactics used by attackers, the vulnerabilities in network devices, and the challenges of securing appliances. The conversation also highlights the importance of network detection solutions, the impact of zero-day exploits, and the need for a shift in how appliance security is approached, especially concerning firmware backdoors and UEFI threats. In this conversation,...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode, Paul Ascidorian and Matt Johansen discuss the recent targeted attacks by Chinese threat actors, particularly focusing on the Volt Typhoon group. They explore the implications of back doors in cybersecurity, the role of ISPs, and the ongoing tension between privacy and security. The conversation delves into historical contexts, the evolution of threat actor tactics, and the shared responsibility model in cybersecurity. They also highlight the challenges of supply chain security and the visibility issues that make network devices vulnerable to attacks. In this conversation, Paul...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode, Edwin Shuttleworth from Finite State discusses firmware security, insights from the GRRCON Security Conference, and the challenges of firmware analysis. The conversation covers various topics, including firmware scraping techniques, the IoT landscape, types of firmware, the importance of Software Bill of Materials (SBOMs), and emulation in firmware analysis. Edwin shares his experiences and offers advice for those looking to get started in firmware reverse engineering.  

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode of Below the Surface, host Paul Ascadorian and guest Patrick Garrity discuss the complexities of vulnerability tracking and prioritization. They explore various sources of vulnerability data, the significance of known exploited vulnerabilities, and the concept of weaponization in cybersecurity. The conversation delves into the challenges posed by supply chain vulnerabilities, the importance of Software Bill of Materials (SBOM), and the impact of user behavior on security. The episode concludes with thoughts on the future of vulnerability management and the need for a more...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode, Matt Brown joins the podcast to talk about firmware reverse engineering and supply chains. They discuss Matt's start in information security, his journey into hardware security, and the creation of his YouTube channel. They also explore the vulnerabilities and weaknesses in the supply chain of IoT devices and the challenges of extracting firmware from embedded Linux systems. Matt shares his favorite tools for firmware extraction and the complexities of creating an SBOM in the embedded Linux ecosystem. In this conversation, Paul and Allan discuss the challenges and...