公式動画ピックアップ
AAPL
ADBE
ADSK
AIG
AMGN
AMZN
BABA
BAC
BL
BOX
C
CHGG
CLDR
COKE
COUP
CRM
CROX
DDOG
DELL
DIS
DOCU
DOMO
ESTC
F
FIVN
GILD
GRUB
GS
GSK
H
HD
HON
HPE
HSBC
IBM
INST
INTC
INTU
IRBT
JCOM
JNJ
JPM
LLY
LMT
M
MA
MCD
MDB
MGM
MMM
MSFT
MSI
NCR
NEM
NEWR
NFLX
NKE
NOW
NTNX
NVDA
NYT
OKTA
ORCL
PD
PG
PLAN
PS
RHT
RNG
SAP
SBUX
SHOP
SMAR
SPLK
SQ
TDOC
TEAM
TSLA
TWOU
TWTR
TXN
UA
UAL
UL
UTX
V
VEEV
VZ
WDAY
WFC
WK
WMT
WORK
YELP
ZEN
ZM
ZS
ZUO
公式動画&関連する動画 [Weaponizing Trust: How Attackers Hide Inside Trusted Ecosystems]
Supply chain attacks aren’t just about vulnerable code anymore. In this episode, Mitch Mayne sits down with cybersecurity expert Richard Emerson to unpack how attackers are exploiting trusted software packages, SaaS integrations, and open source dependencies to quietly infiltrate enterprise environments. From compromised NPM packages to cloud adoption, this conversation breaks down why traditional security models are struggling to keep up.
Richard explains how modern threat actors are taking advantage of trusted activity to avoid detection, why downstream disruption creates chaos for security teams, and what organizations can do to reduce risk before an incident spirals out of control. The discussion also covers SBOMs, CI/CD hardening, zero trust for the supply chain, and why a wider definition of inventory visibility is becoming fundamental for security teams. If you’re responsible for securing software pipelines, SaaS ecosystems, or third-party integrations, this is a conversation you’ll want to hear.
00:00 Why supply chain attacks often look completely legitimate
01:07 How supply chain threats have evolved beyond vulnerable code
01:38 The rise of third-party risk and SaaS compromise
02:30 Why open source ecosystems create massive attack surfaces
03:14 How threat actors exploit trusted relationships to avoid detection
04:08 Why attackers focus on build-time compromises
04:34 The attack that infected 47 packages in under a minute
05:42 The growing blast radius of downstream disruption
06:18 Why inventory is still one of security’s biggest problems
07:43 Why malicious downloads often appear completely normal
08:33 Applying zero trust principles to the supply chain
09:10 Why SBOMs and vulnerability tracking matter more than ever
10:07 “Untrusted by default” as a modern security mindset
[These are always the same]
✅Subscribe to our channel to stay up-to-date with the latest in cybersecurity and threat intelligence: @PaloAltoNetworksUnit42
✅Subscribe to the Threat Bulletin https://unit42.paloaltonetworks.com/#:~:text=Subscribe%20for%20email%20updates%20to%20all%20Unit%2042%20threat%20research
Join the conversation on our social media channels:
Website: https://www.paloaltonetworks.com/unit42
Research Center: https://unit42.paloaltonetworks.com/
Facebook: / lifeatpaloaltonetworks
LinkedIn: / unit42
YouTube: / @paloaltonetworksunit42
X: / unit42_intel
Thank you for watching. If you found this clip insightful, please give it a thumbs up and subscribe to our Channel for more valuable content. To stay updated with the latest web application and API security, check out our website at https://www.paloaltonetworks.com/unit42.
PALO ALTO NETWORKS
Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.
http://paloaltonetworks.com
137
3