Posted on
in Presentations
Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.
Learning Objectives:
1: Learn about a new emerging attack vector (software supply chain and updaters).
2: Investigate findings from recent incidents involving software updates.
3: Rethink update distribution and mitigate the problem.
Learning Objectives:
1: Learn about a new emerging attack vector (software supply chain and updaters).
2: Investigate findings from recent incidents involving software updates.
3: Rethink update distribution and mitigate the problem.
DevSecOps & Application Security Hackers & Threats
hackers & threats incident response intrusion prevention/detection supply chain application security
Topic
DevSecOps & Application Security
Hackers & Threats
Subtopic
hackers & threats
incident response
intrusion prevention/detection
supply chain
application security
Share With Your Community