Below the Surface (Audio) - The Supply Chain Security Podcast

Mar 05 2025 46 ep. 54 mins 17
Below the Surface (Audio) - The Supply Chain Security Podcast artwork

A lively discussion of the threats affecting supply chain, specifically focused on firmware and low-level code that is a blind spot for many organizations. This podcast will feature guests from the cybersecurity industry discussing the problems surrounding supply chain-related issues and potential solutions. Get the Supply Chain Security Toolkit from Eclypsium here: https://eclypsium.com/go

  Technology  Business
RSS feed Share
Copy RSS


Subscribe on Podcast Addict


Black Basta - Threat Intelligence Insights - BTS #46

Mar 05 2025 51 mins  
In this episode, Paul Asadoorian, Vlad Babkin, and Chase Snyder delve into the recent leaks from the Black Basta ransomware group, exploring the implications of the leaked chat logs, the operational tactics of the group, and the evolving landscape of ransomware attacks. The conversation highlights the importance of understanding threat intelligence derived from these leaks, the sig

Understanding Firmware Vulnerabilities in Network Appliances - BTS #45

Feb 06 2025 59 mins  
In this episode, Paul, Vlad, and Chase discuss the security challenges of Palo Alto devices and network appliances. They explore the vulnerabilities present in these devices, the importance of best practices in device management, and the need for automatic updates. The conversation highlights the evolving nature of firmware vulnerabilities and the necessity for compensating control

Network Appliances: A Growing Concern - BTS #44

Jan 27 2025 47 mins  
In this episode, Paul Asadorian and Chase Snyder discuss the latest security threats and vulnerabilities affecting network appliances, particularly focusing on Avanti and Fortinet platforms. They explore the increasing risks associated with these devices, the need for improved security standards, and the challenges of risk management and visibility in network security. The conversa

CVE Turns 25 - BTS #43

Dec 09 2024 62 mins  
In this episode, Paul Asidorian, Alec Summers, and Lisa Olson discuss the 25th anniversary of the CVE program, its evolution, and the importance of transparency in vulnerability management. They explore the history of CVE, the process of creating CVE records, and the role of CNAs in ensuring accountability. The conversation also addresses challenges related to end-of-life software

The China Threat - BTS #42

Nov 21 2024 62 mins  
In this episode, Paul Asadoorian, Allan Alford, and Josh Corman discuss the growing threat posed by China, particularly in the context of cyber operations and geopolitical ambitions. They explore the implications of China's strategies, the vulnerabilities in critical infrastructure, and the need for transparency and trust in digital systems. The conversation highlights the urgency

Pacific Rim - BTS #41

Nov 06 2024 59 mins  
In this episode, Paul Asadorian, Larry Pesce, and Evan Dornbusch delve into the recent Sophos reports on threat actors, particularly focusing on the Pacific Rim case. They discuss the implications of the findings, including the tactics used by attackers, the vulnerabilities in network devices, and the challenges of securing appliances. The conversation also highlights the importanc

Backdoors in Backdoors

Oct 23 2024 50 mins  
In this episode, Paul Ascidorian and Matt Johansen discuss the recent targeted attacks by Chinese threat actors, particularly focusing on the Volt Typhoon group. They explore the implications of back doors in cybersecurity, the role of ISPs, and the ongoing tension between privacy and security. The conversation delves into historical contexts, the evolution of threat actor tactics,

The Art of Firmware Scraping - BTS #39

Oct 08 2024 59 mins  
In this episode, Edwin Shuttleworth from Finite State discusses firmware security, insights from the GRRCON Security Conference, and the challenges of firmware analysis. The conversation covers various topics, including firmware scraping techniques, the IoT landscape, types of firmware, the importance of Software Bill of Materials (SBOMs), and emulation in firmware analysis. Edwin

Vulnerability Tracking & Scoring - Patrick Garrity - BTS #38

Sep 27 2024 56 mins  
In this episode of Below the Surface, host Paul Ascadorian and guest Patrick Garrity discuss the complexities of vulnerability tracking and prioritization. They explore various sources of vulnerability data, the significance of known exploited vulnerabilities, and the concept of weaponization in cybersecurity. The conversation delves into the challenges posed by supply chain vulner

Firmware Reverse Engineering - Matt Brown - BTS #37

Sep 11 2024 56 mins  
In this episode, Matt Brown joins the podcast to talk about firmware reverse engineering and supply chains. They discuss Matt's start in information security, his journey into hardware security, and the creation of his YouTube channel. They also explore the vulnerabilities and weaknesses in the supply chain of IoT devices and the challenges of extracting firmware from embedded Linu