The hidden threat to the software supply chain you may not be thinking about
Audio is streamed directly from the publisher (buzzsprout.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Cisco Talos Incident Response recently discovered an uptick in malicious actors compromising vendor and third-party accounts to sneak into targeted networks. Many enterprises have vendor and contractor accounts that need to access their network for a variety of things — IT support, cybersecurity, etc. — but these accounts are often monitored less than those belonging to full-time employees. Craig Jackson, who recently co-authored a blog post on this threat, joins Talos Takes this week to talk about vendor and contractor account (VCA) takeover and how they fit into the broader threat of supply chain attacks.