The Unexpected Attack Vector: Software Updaters


Posted on in Presentations

Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.

Learning Objectives:
1: Learn about a new emerging attack vector (software supply chain and updaters).
2: Investigate findings from recent incidents involving software updates.
3: Rethink update distribution and mitigate the problem.


Participants
Elia Florio

Participant

Research Lead, Microsoft

Application Security & DevOps Hackers & Threats

hackers & threats incident response intrusion prevention/detection supply chain application security


Topic

Subtopic


Share With Your Community