In this episode of the ConversingLabs podcast, host Paul Roberts chats with Daniel Adamitis, a Principal Information Security Engineer at Lumen Technologies’ Black Lotus Labs. They discuss his team’s discovery of an impossible-to-kill botnet packed with end-of-life SOHO routers, which is being used by a Chinese nation-state backed APT group as a covert data transfer network. The group, known as Volt Typhoon, is also well known for targeting U.S. critical infrastructure.  ..read more

In this episode, host Paul Roberts chats with Kevin Fu, an Electrical & Computer Engineering Professor at Northeastern University, about the new federal standards for the cybersecurity of medical devices, which includes the submission of software bills of materials (SBOMs) to the FDA. The two will discuss the new mandates for medical device manufacturers, as well as key takeaways for how these organizations can improve their software supply chain security programs.  ..read more

In this episode, host Paul Roberts chats with Ali Khan, Field CISO at ReversingLabs, about the recent takedown of the LockBit ransomware group, which is considered to be one of the most prolific cybercrime groups globally ..read more

In this episode, host Paul Roberts chats with Karlo Zanki, a Reverse Engineer at ReversingLabs, about the state of software supply chain security in 2024. The two will review key findings on the software supply chain threat landscape in 2023, as well as what security and development teams can expect from malicious actors in 2024. Zanki will also highlight several of the major software supply chain security incidents discovered by RL threat researchers in the past year ..read more

In this episode, host Paul Roberts chats with Mikaël Barbero, Head of Security at the Eclipse Foundation, about the state of open source software security. Eclipse has been around for more than two decades and has for a long time prioritized the mitigation of threats to open source projects. In their conversation, Mikaël chats with Paul about where Eclipse stands today, what current threats are being posed to open source repositories, as well as how nation-states and international organizations are working to combat these threats.   ..read more

In this episode, host Paul Roberts chats with Devin Byrd, Director of Threat Intelligence at Kandji on the sidelines of the 2023 Black Hat USA conference. In their conversation, Byrd discusses how Kandji has grown into a major security provider for macOS users, and how the attack vector for macOS and iOS users has increased in recent years. He explains that only dealing with adware and junkware on these devices was a thing of the past, but now, macOS devices are being targeted with malicious back doors and even software supply chain attacks.  ..read more

In this episode, host Paul Roberts chats with Kelly Shortridge, a Senior Principal at Fastly, on the sidelines of the 2023 Black Hat USA Conference. In their conversation, they discuss her new book, Security Chaos Engineering: Sustaining Resilience in Software and Systems, as well as her Black Hat talk, “Fast, Ever-Evolving Defenders: The Resilience Revolution.”   ..read more

In this episode of ConversingLabs, host Paul Roberts chats with Thomas Pace, the CEO & co-founder of the firmware security firm NetRise. Thomas and Paul talk about the shifting ground of threats and attacks as the Internet of Things grows and works its way into homes, businesses and industries - including critical infrastructure. They also talk about the growing specter of software supply chain threats and attacks.  ..read more

In this episode, host Paul Roberts chats with Daniel Woods, a Cybersecurity Lecturer at The University of Edinburgh on the sidelines of the 2023 Black Hat USA conference about his briefing: “Lemons and Liability: Cyber Warranties as an Experiment in Software Regulation.”  ..read more

In this episode, host Paul Roberts chats with Robert Martin of MITRE and Cassie Crossley of Schneider Electric about their session at this year’s RSA Conference. They explained how MITRE’s System of Trust can serve as a standard for software supply chain risk. The two also chatted with Paul about the greater issues facing software supply chains today, such as standardization and transparency.  ..read more