The podcast discusses the ArcaneDoor attack by nation-state actors on Cisco ASA appliances, a phishing toolkit targeting LastPass users, and a new malware delivery technique exploiting legitimate services. Cisco TALOS named this attack, which ended with insights into how malicious payloads are being delivered through trusted platforms like LastPass. The episode also delves into a CISA alert about malware embedded in legacy Cisco router firmware and analyzes malicious advertisements propagated through Bing's ChatGTP
Furthermore, it touches upon a Lazarus-themed threat and the vulnerability of software supply chains. Lastly, it addresses a supply chain attack on a major hardware cryptocurrency wallet manufacturer and the exploitation of the latest Apache Struts vulnerability by threat actors, with a concluding reflection on a research blog concerning a critical supply chain hack. ```https://www.secplicity.org/2024/04/29/cisco-arcanedoor-attack/