Wed. March 22, 2023 at 10am SGT | 10pm ET
Threat Briefing
CISA’s list of KEV’s (Known Exploited Vulnerabilities) reveals an alarming trend: vulnerabilities in the supply chain of critical enterprise devices are exploited in both state-sponsored and cybercriminal operations. And of the actively exploited vulnerabilities, 1 in 4 is a firmware vulnerability.
Due to mission-criticality, patching challenges, and the complex nature of the IT supply chain, the exposure of vulnerable devices is measured in years rather than just months as it is for traditional application and OS vulnerabilities.
Join Scott Scheferman, Office of the CTO - Principal Strategist as he discusses this critical yet under-defended attack surface.
Discussion Topics:
- Real-world examples of firmware attach campaigns targeting supply chain vulnerabilities
- Why supply chain firmware vulnerabilities provide a high ROI for adversaries
- Highlights of recent research into the Conti threat group's efforts against supply chain vulnerabilities
