AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
CyberWire Daily
The supply chain in disarray. [Research Saturday]
Mar 30, 2024
Elad, Senior Security Researcher at Cycode, shares research on a supply chain vulnerability in Bazel affecting projects like Kubernetes and Google. The podcast discusses AI in cyber attacks, workflow vulnerabilities, composite actions, GitHub attack scenarios, and sponsor emphasis for risk mitigation.
19:56
Episode guests
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Vulnerability in Bazel potentially impacts major projects like Kubernetes, Uber, and Google.
- Collaborative vulnerability disclosure process leads to prompt mitigation strategies by Google.
Deep dives
Supply Chain Vulnerability in Basel Uncovered by SciCode
SciCode researchers identified vulnerabilities in workflows, particularly command injection vulnerabilities, which allow malicious inputs to interrupt and inject workflows. These vulnerabilities can be challenging to detect using standard security tools, as they reside in composite actions. Composite actions, akin to functions within workflows, proved to be susceptible to command injections, posing a significant risk.
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode