Patching, Evil AI, Supply Chain Breaches - BTS #64

Update: 2025-11-24

Description

Summary

In this episode, the hosts discuss various cybersecurity topics, including recent vulnerabilities in Fortinet products, the implications of supply chain breaches, the evolving role of AI in cybersecurity, and updates to the OWASP Top 10 list. They emphasize the importance of firmware security and the need for better visibility and standards in the industry. The conversation highlights the challenges faced by defenders in a rapidly changing threat landscape and the necessity for proactive measures to secure systems.

Takeaways

Fortinet vulnerabilities are critical and require immediate attention.
Silent patches can lead to significant security risks.
AI is being used by both attackers and defenders in cybersecurity.
The OWASP Top 10 has been updated to include software supply chain failures.
Firmware security is often overlooked but is essential for device safety.
Supply chain breaches can have far-reaching implications for organizations.
Visibility into firmware and device security is lacking in the industry.
Standards for software security are necessary to protect against vulnerabilities.
Defenders need better tools to combat evolving threats.
The cybersecurity landscape is becoming increasingly complex and interconnected.

Chapters

00:00 Introduction and Technical Setup
03:08 Fortinet Vulnerabilities and Exploits
06:05 Public Exploits and Path Traversal Vulnerabilities
09:00 Chaining Vulnerabilities and Risk Assessment
11:50 Authentication and Vulnerability Scoring
15:04 Operational Complexity in Patch Management
17:55 Silent Patches and Their Implications
20:58 Challenges with Network Device Security
24:55 Cyber Insurance and Vulnerability Trends
27:58 The Impact of Silent Patches
30:46 End of Life Devices and Legacy Systems
34:58 Supply Chain Security and Source Code Theft
39:44 AI in Cybersecurity: Opportunities and Threats
47:17 Navigating AI's Guardrails and Malicious Use Cases
49:24 The Dilemma of AI and Harmful Intentions
52:44 The Need for Researcher Access to AI Tools
58:36 OWASP Top 10 Updates and Supply Chain Security
01:05:12 The Challenges of Firmware and Device Security

Comments

In Channel

Patching, Evil AI, Supply Chain Breaches - BTS #64

2025-11-2401:08:03

F5 Breach, Linux Malware, and Hacking Banks - BTS #63

2025-10-3001:00:06

Unpacking the F5 Breach, Framework UEFI Shells - BTS #62

2025-10-2153:20

Red November, Cisco Vulnerabilities, and Supply Chain Security - BTS #61

2025-10-0801:02:17

HybridPetya and UEFI Threats - BTS #60

2025-09-2201:04:06

Exploit Marketplaces - BTS #59

2025-09-1059:09

UEFI Vulnerabilities and Hardware Risks - BTS #58

2025-09-0401:01:20

Interview with Brian Mullen from AMI - BTS #57

2025-08-1553:29

BTS #56 - Vulnerabilities & Backdoors In IT Infrastructure

2025-08-0801:06:11

Netgear, Gigabyte, and Rowhammer Vulnerabilities - BTS #55

2025-07-2446:52

CVE-2024-54085: The First of Its Kind - BTS #54

2025-07-0856:17

Exploring the Evolution of Zero Trust - BTS #53

2025-07-0751:14

Securing the Future of AI Infrastructure - BTS #52

2025-07-0101:00:44

When Windows 10 Expires - BTS #51

2025-05-3054:20

SBOMs, HBOMs, and Supply Chain Visibility - BTS #50

2025-05-1545:01

The Hidden Risks of Open Source Components - BTS #49

2025-05-0652:52

Hardware Hacking Tips & Tricks - BTS #48

2025-04-0754:24

BMC&C Part 3 - BTS #47

2025-03-1949:24

Black Basta - Threat Intelligence Insights - BTS #46

2025-03-0551:33

Understanding Firmware Vulnerabilities in Network Appliances - BTS #45

2025-02-0659:35

00:00

1.0x

Patching, Evil AI, Supply Chain Breaches - BTS #64

#box-pro-ellipsis-176534324198075{-webkit-line-clamp:2;}Patching, Evil AI, Supply Chain Breaches - BTS #64

Patching, Evil AI, Supply Chain Breaches - BTS #64

Paul Asadooorian

Patching, Evil AI, Supply Chain Breaches - BTS #64