Shows
Below the Surface (Audio) - The Supply Chain Security PodcastBeyond the Label: The Truth About Hardware TrustIn this episode of Below the Surface, host Paul Asadoorian is joined by co-hosts Larry Pesci, Joshua Marpet, and Vlad Babkin to delve into the complexities of hardware supply chain security. The discussion is sparked by a presentation from Andrew 'Bunny' Wong at Black Hat Asia, which raised critical questions about how we can trust the silicon in our devices. The conversation explores the challenges of validating hardware components, the potential for backdoors in devices, and the implications of counterfeit components in the supply chain. The hosts share anecdotes and insights about their experiences with hardware security, emphasizing the...
2026-01-1556 min
Below the Surface (Audio) - The Supply Chain Security PodcastExploring AI in Firmware AnalysisSummary In this episode, special guest Matt Brown joins us to discuss the integration of AI in firmware analysis, exploring its benefits and challenges. We delve into the transition from traditional methods to AI-driven approaches, emphasizing the importance of prompt specificity for effective vulnerability discovery. The conversation also covers the role of open-source components, the need for guardrails in AI use, and the implications of AI-generated reports in cybersecurity. Additionally, they touch on man-in-the-middle techniques and the future of AI in firmware development, highlighting the creative monetization of vulnerabilities in IoT devices. Takeaways
2025-12-151h 00
Below the Surface (Audio) - The Supply Chain Security PodcastPatching, Evil AI, Supply Chain BreachesSummary In this episode, the hosts discuss various cybersecurity topics, including recent vulnerabilities in Fortinet products, the implications of supply chain breaches, the evolving role of AI in cybersecurity, and updates to the OWASP Top 10 list. They emphasize the importance of firmware security and the need for better visibility and standards in the industry. The conversation highlights the challenges faced by defenders in a rapidly changing threat landscape and the necessity for proactive measures to secure systems. Takeaways Fortinet vulnerabilities are critical and require immediate attention. Silent patches can lead to...
2025-11-241h 08
Below the Surface (Audio) - The Supply Chain Security PodcastF5 Breach, Linux Malware, and Hacking BanksSummary In this episode of Below the Surface, Paul Asadoorian and Chase Snyder delve into various cybersecurity topics, including the use of Raspberry Pi in cyber attacks, the implications of the F5 breach, and the emergence of Polar Edge malware targeting QNAP devices. They also discuss the innovative Two-Face Rust binary technique, the critical nature of authentication bypass vulnerabilities, and the evolving landscape of air-gapped systems. The conversation highlights the increasing risk posed by old vulnerabilities and the need for improved security measures in the face of advancing cyber threats. Articles:...
2025-10-301h 00
Below the Surface (Audio) - The Supply Chain Security PodcastUnpacking the F5 Breach, Framework UEFI ShellsIn this episode, the hosts discuss the recent F5 breach, exploring the implications of the attack, the tactics used by threat actors, and the importance of vulnerability disclosure. They delve into the complexities of securing network edge devices, the challenges posed by Linux security, and the need for standardization in security practices. The conversation also touches on the future of firmware security and the necessity for proactive measures in incident response. We also close out the show taking about the recent Framework UEFI shell vulnerability. Chapters 00:00 Introduction to F5 Breach and UEFI Secure B...
2025-10-2153 min
Below the Surface (Audio) - The Supply Chain Security PodcastRed November, Cisco Vulnerabilities, and Supply Chain SecurityIn this episode of Below the Surface, the hosts discuss various cybersecurity topics, including the Red November campaign targeting network edge devices, the implications of the Cisco SNMP vulnerability, and the recent vulnerabilities associated with Cisco ASA devices. They also delve into the hybrid Petya ransomware and its connection to supply chain security, emphasizing the need for better visibility and security measures in network devices. Chapters: 00:00 Introduction and Overview of Cybersecurity Trends 02:09 Red November Campaign: Targeting Network Edge Devices 11:06 The Shift in Attack Vectors: From Windows to Network Edge 14:59...
2025-10-081h 02
Below the Surface (Audio) - The Supply Chain Security PodcastHybridPetya and UEFI ThreatsIn this episode of Below the Surface, the hosts discuss various cybersecurity topics, including the evolution of malware with a focus on Hybrid Petya, the implications of UEFI vulnerabilities, and the security risks associated with Windows 10's end of life. They also explore the vulnerabilities of Cisco ASA devices, the rise of supply chain attacks exemplified by NPM worms, and the persistent threat of Row Hammer attacks on DDR5 technology. The conversation highlights the significance of visibility in cybersecurity and the necessity for enhanced security practices to counter evolving threats. Chapters 00:00 Introduction and P...
2025-09-221h 04
Below the Surface (Audio) - The Supply Chain Security PodcastExploit MarketplacesIn this episode of Below the Surface, host Paul Asadoorian speaks with Evan Dornbush, CEO of Desired Effect, about the evolving landscape of exploit marketplaces and vulnerability research. They discuss the challenges researchers face in monetizing their findings, the ethical implications of selling exploits, and the importance of timely intelligence for defenders. The conversation also touches on the role of AI in vulnerability research, the dynamics between buyers and sellers in the marketplace, and the impact of end-of-life devices on cybersecurity. Overall, the episode provides valuable insights into the complexities of the exploit marketplace and the need for a...
2025-09-1059 min
Below the Surface (Audio) - The Supply Chain Security PodcastUEFI Vulnerabilities and Hardware RisksIn this episode, the hosts discuss various cybersecurity topics, focusing on hardware vulnerabilities, UEFI attack vectors, and the implications of new regulations on device security. They explore the evolution of Mirai variants targeting IoT devices and the challenges of securing firmware. The conversation highlights the need for improved security measures and the complexities of managing vulnerabilities in a rapidly changing technological landscape. 00:00 Introduction and Technical Challenges 02:37 Exploring UEFI Settings and Hardware Vulnerabilities 10:14 The Risks of UEFI Control and Physical Damage 16:33 Static Tundra: Cyber Espionage and Exploits 22:23 Targeting V...
2025-09-041h 01
Below the Surface (Audio) - The Supply Chain Security PodcastInterview with Brian Mullen from AMIIn this episode of Below the Surface, host Paul Asadoorian is joined by Brian Mullen, head of SSDLC at AMI, to discuss the complexities of supply chain and firmware security. They explore the challenges of maintaining security in a complicated supply chain, the importance of proactive and reactive security measures, and the implications of end-of-life software. The conversation also touches on the gaming industry's push for secure boot, recent vulnerabilities discovered in firmware, and the role of BMCs in security. Brian shares insights into AMI's approach to vulnerability management and the future of firmware security, including the significance of...
2025-08-1553 min
Below the Surface (Audio) - The Supply Chain Security PodcastVulnerabilities & Backdoors In IT InfrastructureIn this episode, the hosts discuss various cybersecurity topics, focusing on Nvidia vulnerabilities, the implications of backdoors in technology, and the importance of secure boot and certificate management. They also delve into SonicWall's security challenges and the ongoing debate of building versus buying security solutions, particularly in the context of AI infrastructure and cloud services. Articles and topics for this week: https://blog.trailofbits.com/2025/08/04/uncovering-memory-corruption-in-nvidia-triton-as-a-new-hire/ https://mjg59.dreamwidth.org/72892.html - Secure Boot and certificates https://www.tomshardware.com/pc-components/gpus/nvidia-defiant-over-backdoors-and-kill-switches-in-gpus-as-u-s-mulls-tracking-requirements-calls-them-permanent-flaws-that-are-a-gift-to-hackers - https://www.bleepingcomputer.co...
2025-08-081h 06
Below the Surface (Audio) - The Supply Chain Security PodcastNetgear, Gigabyte, and Rowhammer VulnerabilitiesIn this episode of Below the Surface, the hosts discuss critical cybersecurity topics including vulnerabilities in Netgear and Gigabyte devices, the importance of asset inventory, and the implications of Row Hammer attacks on memory integrity. They emphasize the need for organizations to implement compensating controls and monitor for potential threats, especially in the context of supply chain security and IoT devices. Chapters 00:00 Introduction to Cybersecurity Challenges 02:20 Exploring Netgear's Role in Enterprise Security 09:08 The Impact of Shadow IT on Network Security 15:04 Firmware Integrity and Security Measures...
2025-07-2446 min
Below the Surface (Audio) - The Supply Chain Security PodcastCVE-2024-54085: The First of Its KindIn this episode, the hosts delve into the critical vulnerabilities associated with Baseboard Management Controllers (BMCs), with a particular focus on CVE-2024-54085. They discuss the ease of exploitation, the potential threat actors involved, and the implications for data center security. The conversation highlights the challenges in detecting and mitigating these vulnerabilities, the importance of firmware updates, and the need for community tools to aid in vulnerability detection and mitigation. The episode concludes with a call to action for organizations to patch their systems and implement robust security measures. Chapters 00:00 Introduction to BMC V...
2025-07-0856 min
Below the Surface (Audio) - The Supply Chain Security PodcastExploring the Evolution of Zero TrustIn this episode, the hosts discuss the evolving landscape of AI infrastructure security, focusing on the complexities of building and maintaining AI data centers. They explore the critical role of Baseboard Management Controllers (BMCs) as an attack surface, the importance of supply chain security, and best practices for hardware procurement. The conversation underscores the importance of validating hardware and firmware integrity for organizations while also addressing the significant security risks associated with AI workloads. As AI data centers continue to grow, understanding these challenges and implementing robust security measures will be essential for future success. Chapters
2025-07-0751 min
Below the Surface (Audio) - The Supply Chain Security PodcastSecuring the Future of AI InfrastructureIn this episode, the hosts discuss the evolving landscape of AI infrastructure security, focusing on the complexities of building and maintaining AI data centers. They explore the critical role of Baseboard Management Controllers (BMCs) as an attack surface, the importance of supply chain security, and best practices for hardware procurement. The conversation underscores the importance of validating hardware and firmware integrity for organizations while also addressing the significant security risks associated with AI workloads. As AI data centers continue to grow, understanding these challenges and implementing robust security measures will be essential for future success.
2025-07-011h 00
Below the Surface (Audio) - The Supply Chain Security PodcastWhen Windows 10 ExpiresIn this episode, the hosts discuss the impending end of life for Windows 10 and the necessary preparations for upgrading to Windows 11. They explore the specific hardware requirements for Windows 11, including the importance of Secure Boot and TPM 2.0, and the challenges enterprises face in managing large-scale migrations. The conversation underscores the importance of meticulous planning to prevent costly failures and the influence of legacy systems on the upgrade process. In this conversation, the speakers discuss the implications of transitioning to Windows 11, focusing on the challenges posed by legacy systems, supply chain issues, and the importance of modern hardware for security...
2025-05-3054 min
Below the Surface (Audio) - The Supply Chain Security PodcastSBOMs, HBOMs, and Supply Chain VisibilitySummary In this episode, Paul Asadoorian and Joshua Marpet delve into the complexities of compliance, inventory management, and the emerging concepts of SBOMs, HBOMs, and FBOMs (no, not that FBOM). They discuss the importance of understanding the components and origins of hardware and software, the challenges of managing technology lifecycles, and the need for clear standards and regulations in the tech industry. The conversation emphasizes the critical role of asset inventories in maintaining security and compliance in an ever-evolving technological landscape. In this conversation, Joshua Marpet and Paul Asadoorian delve into the complexities of hardware security, the...
2025-05-1545 min
Below the Surface (Audio) - The Supply Chain Security PodcastThe Hidden Risks of Open Source ComponentsIn this episode, Paul Asadorian and Josh Bressers delve into the complexities of open source supply chain security, discussing the prevalence of open source components in modern software, the challenges posed by legacy systems, and the critical importance of vulnerability management. They explore the regulatory landscape surrounding software liability and the need for better tools and practices to ensure secure product development. The conversation highlights the necessity of understanding dependencies and the implications of consumer security in a market driven by features rather than security. In this conversation, Josh Bressers and Paul discuss the importance of Software Bill of...
2025-05-0652 min
Below the Surface (Audio) - The Supply Chain Security PodcastHardware Hacking Tips & TricksIn this episode, Paul and Chase delve into the world of hardware hacking, focusing on devices like the Flipper Zero and ESP32. They discuss the various applications of these tools, their impact on awareness in the hacking community, and the security implications surrounding their use. The conversation also touches on vulnerabilities in hotel security systems, challenges in remediating legacy systems, and the commoditization of hacking tools. Through practical examples and insights, the hosts explore the evolving landscape of cybersecurity and the role of hardware in it. In this conversation, Paul and Chase delve into the world of hardware hacking...
2025-04-0754 min
Below the Surface (Audio) - The Supply Chain Security PodcastBMC&C Part 3In this episode, Paul Asadoorian, Vlad Babkin, and Chase Snyder delve into the latest vulnerability disclosures related to Baseboard Management Controllers (BMCs), specifically focusing on AMI Megarac and Redfish. They discuss the nature of the vulnerabilities, the discovery process, and the potential impacts of a BMC compromise. The conversation highlights the importance of understanding BMCs in the context of supply chain security and the risks associated with exposing these components to the internet. The conversation delves into the vulnerabilities associated with Baseboard Management Controllers (BMCs), particularly focusing on the Redfish API and the potential for exploitation. The speakers discuss...
2025-03-1949 min
Below the Surface (Audio) - The Supply Chain Security PodcastBlack Basta - Threat Intelligence Insights - BTS #46In this episode, Paul Asadoorian, Vlad Babkin, and Chase Snyder delve into the recent leaks from the Black Basta ransomware group, exploring the implications of the leaked chat logs, the operational tactics of the group, and the evolving landscape of ransomware attacks. The conversation highlights the importance of understanding threat intelligence derived from these leaks, the significance of targeting exposed devices, and the necessity of robust security measures to mitigate risks. In this conversation, the speakers delve into the evolving tactics of ransomware groups, emphasizing the importance of understanding their operational scale and methodologies. They discuss the significance of...
2025-03-0551 min
Below the Surface (Audio) - The Supply Chain Security PodcastUnderstanding Firmware Vulnerabilities in Network AppliancesIn this episode, Paul, Vlad, and Chase discuss the security challenges of Palo Alto devices and network appliances. They explore the vulnerabilities present in these devices, the importance of best practices in device management, and the need for automatic updates. The conversation highlights the evolving nature of firmware vulnerabilities and the necessity for compensating controls to mitigate risks. The hosts emphasize the responsibility of vendors to ensure their products are secure and the need for a shift in user expectations regarding security appliances. In this conversation, the speakers discuss the pressing need for improved security standards in network appliances...
2025-02-0659 min
Below the Surface (Audio) - The Supply Chain Security PodcastNetwork Appliances: A Growing ConcernIn this episode, Paul Asadorian and Chase Snyder discuss the latest security threats and vulnerabilities affecting network appliances, particularly focusing on Avanti and Fortinet platforms. They explore the increasing risks associated with these devices, the need for improved security standards, and the challenges of risk management and visibility in network security. The conversation emphasizes the importance of accountability among vendors and the necessity for customers to demand better security practices. In this conversation, Chase Snyder and Paul discuss the challenges and vulnerabilities in network security, particularly focusing on network appliances and the lack of standardization in security measures. They...
2025-01-2747 min
Below the Surface (Audio) - The Supply Chain Security PodcastCVE Turns 25In this episode, Paul Asidorian, Alec Summers, and Lisa Olson discuss the 25th anniversary of the CVE program, its evolution, and the importance of transparency in vulnerability management. They explore the history of CVE, the process of creating CVE records, and the role of CNAs in ensuring accountability. The conversation also addresses challenges related to end-of-life software vulnerabilities and the need for maintaining the integrity of CVE records in an ever-evolving cybersecurity landscape. In this conversation, the speakers discuss the complexities of managing and analyzing vulnerabilities in software, mainly focusing on the roles of CVE and CVSS in providing...
2024-12-091h 02
Below the Surface (Audio) - The Supply Chain Security PodcastThe China Threat - BTS #42In this episode, Paul Asadoorian, Allan Alford, and Josh Corman discuss the growing threat posed by China, particularly in the context of cyber operations and geopolitical ambitions. They explore the implications of China's strategies, the vulnerabilities in critical infrastructure, and the need for transparency and trust in digital systems. The conversation highlights the urgency of addressing these threats as they relate to Taiwan and the broader global landscape. In this conversation, the speakers discuss the critical issues surrounding digital infrastructure, emphasizing the over-dependence on unreliable systems and the need for greater trust and transparency. They explore the balance between...
2024-11-211h 02
Below the Surface (Audio) - The Supply Chain Security PodcastPacific Rim - BTS #41In this episode, Paul Asadorian, Larry Pesce, and Evan Dornbusch delve into the recent Sophos reports on threat actors, particularly focusing on the Pacific Rim case. They discuss the implications of the findings, including the tactics used by attackers, the vulnerabilities in network devices, and the challenges of securing appliances. The conversation also highlights the importance of network detection solutions, the impact of zero-day exploits, and the need for a shift in how appliance security is approached, especially concerning firmware backdoors and UEFI threats. In this conversation, the speakers discuss the implications of UEFI attacks, highlighting Sophos' proactive measures...
2024-11-0659 min
DALY Technology PulseThe Challenges of Safety Policy - Sean Georgia, Panasonic, and Wes Dobry, EclypsiumFrom the outside, keeping everyone safe can seem relatively simple. However, there is a lot that goes on behind the scenes to make sure our public safety professionals are all up to standards. The Criminal Justice Information Services (CJIS) policy is crucial towards ensuring safety organizations are protecting their network along with the public.Rick from DALY speaks welcomes back Sean Georgia from Panasonic with special guest Wes Dobry from Eclypsium in this episode of the Technology Pulse. Listen to them discuss the importance of safety policy and how the partnership between Panasonic and Eclypsium protects the...
2024-10-2938 min
Below the Surface (Audio) - The Supply Chain Security PodcastBackdoors in BackdoorsIn this episode, Paul Ascidorian and Matt Johansen discuss the recent targeted attacks by Chinese threat actors, particularly focusing on the Volt Typhoon group. They explore the implications of back doors in cybersecurity, the role of ISPs, and the ongoing tension between privacy and security. The conversation delves into historical contexts, the evolution of threat actor tactics, and the shared responsibility model in cybersecurity. They also highlight the challenges of supply chain security and the visibility issues that make network devices vulnerable to attacks. In this conversation, Paul and Matt discuss the evolution of software security, focusing on the...
2024-10-2350 min
Below the Surface (Audio) - The Supply Chain Security PodcastThe Art of Firmware Scraping - BTSIn this episode, Edwin Shuttleworth from Finite State discusses firmware security, insights from the GRRCON Security Conference, and the challenges of firmware analysis. The conversation covers various topics, including firmware scraping techniques, the IoT landscape, types of firmware, the importance of Software Bill of Materials (SBOMs), and emulation in firmware analysis. Edwin shares his experiences and offers advice for those looking to get started in firmware reverse engineering.
2024-10-0859 min
Below the Surface (Audio) - The Supply Chain Security PodcastVulnerability Tracking & Scoring - Patrick Garrity - BTS #38In this episode of Below the Surface, host Paul Ascadorian and guest Patrick Garrity discuss the complexities of vulnerability tracking and prioritization. They explore various sources of vulnerability data, the significance of known exploited vulnerabilities, and the concept of weaponization in cybersecurity. The conversation delves into the challenges posed by supply chain vulnerabilities, the importance of Software Bill of Materials (SBOM), and the impact of user behavior on security. The episode concludes with thoughts on the future of vulnerability management and the need for a more comprehensive approach to cybersecurity.
2024-09-2756 min
Below the Surface (Audio) - The Supply Chain Security PodcastFirmware Reverse Engineering - Matt Brown - BTS #37In this episode, Matt Brown joins the podcast to talk about firmware reverse engineering and supply chains. They discuss Matt's start in information security, his journey into hardware security, and the creation of his YouTube channel. They also explore the vulnerabilities and weaknesses in the supply chain of IoT devices and the challenges of extracting firmware from embedded Linux systems. Matt shares his favorite tools for firmware extraction and the complexities of creating an SBOM in the embedded Linux ecosystem. In this conversation, Paul and Allan discuss the challenges and vulnerabilities in IoT devices. They highlight the lack of...
2024-09-1156 min
Below the Surface (Audio) - The Supply Chain Security PodcastSupply Chain Policies - Trey Herr, Stewart Scott - BTS #36Stewart and Trey join us to talk about driving cybersecurity policies for the nation, what makes a good policy, what makes a bad policy, supply chain research and policies, and overall how we shape policies that benefit cybersecurity. Segment Resources: https://www.atlanticcouncil.org/in-depth-research-reports/report/broken-trust-lessons-from-sunburst/ https://www.atlanticcouncil.org/in-depth-research-reports/report/open-source-software-as-infrastructure/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-36
2024-08-1459 min
Below the Surface (Audio) - The Supply Chain Security PodcastThe Known Exploited Vulnerability catalogue, aka the KEV - Tod Beardsley - BTS #35Gain insights into the CISA KEV straight from one of the folks at CISA, Tod Beardsley. Learn how KEV was created, where the data comes from, and how you should use it in your environment. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Resource: https://cisa.gov/kev Show Notes: https://securityweekly.com/bts-35
2024-07-3155 min
Below the Surface (Audio) - The Supply Chain Security PodcastEPSS - The Exploit Prediction Scoring System - Jay Jacobs, Wade Baker - BTS #34Jay Jacobs Co-Founder and Data Scientist and Wade Baker Co-Founder; Data Storyteller from The Cyentia Institute come on the show to talk about The Exploit Prediction Scoring System (EPSS). This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-34
2024-07-1759 min
Below the Surface (Audio) - The Supply Chain Security PodcastSecuring OT Environments - Dr. Ed Harris - BTS #33Ed Harris joins us to discuss how to secure OT environments, implement effective air gaps, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-33
2024-07-0353 min
YusufOnSecurity.com177 - The Importance Of Automation And Orchestration In Cyber Security - Part 2Enjoying the content? Let us know your feedback!This week's episode will continue with part 2 of "The Importance of Automation and Orchestration in Cyber Security." As I said in the episode one, the need for efficient and effective security measures has never been more critical.I suggest you listen to E1, before you dive into this one.Without further ado, lets first get what is trending this week in term of news and updates.Hundreds of personal computer as well as Server Models could be Affected by a serious UEFI...
2024-06-2241 min
Below the Surface (Audio) - The Supply Chain Security PodcastMitre ATT&CK - Adam Pennington - BTS #32We discuss the various aspects of Mitre Att&ck, including tools, techniques, supply chain aspects, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-32
2024-06-1952 min
CISO Series PodcastThe Post-it Note Clearly Says "Don't Share" Right Under My PasswordAll links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Allan Alford, CISO, Eclypsium. In this episode: Evolving public-private partnerships New technology, but not a new challenge Securing the hidden layers of the supply chain Balancing usability and control Thanks to our podcast sponsor, Eclypsium Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply...
2024-06-1837 min
Below the Surface (Audio) - The Supply Chain Security PodcastManaging Complex Digital Supply Chains - Cassie Crossley - BTS #31Cassie has a long history of successfully managing a variety of security programs. Today, she leads supply chain efforts for a very large product company. We will tackle topics such as software supply chain management, SBOMs, third-party supply chain challenges, asset management, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-31
2024-06-051h 03
CISO Series PodcastRansomware? Why'd It Have to be Ransomware? (Live at B-Sides San Diego)All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Steve Zalewski, co-host, Defense in Depth. Recorded live at BSidesSF. In this episode: Are companies taking the air out of the open source balloon? What's broken about cybersecurity hiring? Do we need minimum requirements for cybersecurity knowledge in sales? Thanks to our podcast sponsors, Devo, Eclypsium & NetSPI Devo...
2024-05-2844 min
Below the Surface (Audio) - The Supply Chain Security PodcastSystems Of Trust - Robert Martin - BTS #30Bob Martin comes on the show to discuss systems of trust, supply chain security and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-30
2024-05-2255 min
Below the Surface (Audio) - The Supply Chain Security PodcastSupply Chains, Firmware, And Patching - Jason Kikta - BTS #29Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current challenges with patch management. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-29
2024-05-081h 06CISO Series PodcastCan't Talk, I'm Onboarding My Kids To Their First Soccer Practice (Live in Mountain View, CA)All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our guest, TC Niedzialkowski, CISO, Nextdoor. In this episode: Has the line between work and personal devices blurred? Why are we seeing signs that that line no longer exists for employees? What is the path of cybersecurity to keep company data secured when its continually commingling with personal devices? Thanks to our...
2024-05-0744 min
Below the Surface (Audio) - The Supply Chain Security Podcast5G Hackathons - Casey Ellis - BTS #28Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things". This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-28
2024-04-2456 min
Below the Surface (Audio) - The Supply Chain Security PodcastGovernance, Compliance, and The Digital Supply Chain - Josh Marpet - BTS #27In this episode, we disccuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadorian and Alan Alford. Specifically, we discuss: The importance of understanding and complying with regulations affecting digital supply chains, such as Executive Order 14028 and the NIST Cybersecurity Framework. The podcast highlighted the impact of EU regulations, like CRA, GDPR, and DORA, on global businesses, underscoring the shared responsibility model in data security. Vendors' duties in open-source security and software vulnerability management were discussed, with a call for automation in software inventory and security, including the use of SBOMs...
2024-04-1049 min
Below the Surface (Audio) - The Supply Chain Security PodcastWhat We Don't Know Will Hurt Us - Cheryl Biswas - BTS #26Cheryl is super passionate about supply chain security and visibility. Tune in to our discussion on how we can collectively get better at reducing the attack surface and working to fix the wide variety of digital supply chain issues we have today. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-26
2024-03-2753 min
Below the Surface (Video) - The Supply Chain Security PodcastSupply Chain Threats and Regulations - BTS #25Paul and Allan will talk a little bit about Allan's background and current work at Eclypsium. Next, we'll cover some of the recent news and topics we've been discussing on our blog including Firewall and VPN appliance security struggles, Shim Shady, Glubteba and other malware targeting UEFI, and some thoughts on recent regulations affecting supply chains such as the EU CRA. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-25
2024-03-1345 min
Below the Surface (Audio) - The Supply Chain Security PodcastSupply Chain Threats and Regulations - BTS #25Paul and Allan will talk a little bit about Allan's background and current work at Eclypsium. Next, we'll cover some of the recent news and topics we've been discussing on our blog including Firewall and VPN appliance security struggles, Shim Shady, Glubteba and other malware targeting UEFI, and some thoughts on recent regulations affecting supply chains such as the EU CRA. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-25
2024-03-1345 min
Below the Surface (Video) - The Supply Chain Security PodcastSupply Chain Threats and Regulations - BTS #25Paul and Allan will talk a little bit about Allan's background and current work at Eclypsium. Next, we'll cover some of the recent news and topics we've been discussing on our blog including Firewall and VPN appliance security struggles, Shim Shady, Glubteba and other malware targeting UEFI, and some thoughts on recent regulations affecting supply chains such as the EU CRA. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-25
2024-03-1345 min
Below the Surface (Audio) - The Supply Chain Security PodcastManaging Supply Chain Risk - Saša Zdjelar - BTS #24Saša Zdjelar joins us on this episode to dive into how organizations can manage supply chain risk, including the current challenges we face and how best to deal with them. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-24
2024-02-2147 min
Below the Surface (Audio) - The Supply Chain Security PodcastClosing The Supply Chain Visibility Gap - Dr. Olga Livingston - BTS #23Short of ripping everything apart (hardware and software) and inspecting the components, which is very time-consuming, how do we solve the visibility gap in various supply chains? Dr. Olga Livingston from CISA joins us to discuss! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-23
2024-02-0758 min
Below the Surface (Audio) - The Supply Chain Security PodcastSBOMs and Supply Chains - Allan Friedman - BTS #22We sit down with the father of the SBOM, Allan Friedman, to discuss examples of where we really need SBOMs, how to operationalize SBOMs, and how to identify and deal with bad things that may be in your SBOM! CISA's resources on SBOM are at cisa.gov/SBOM and anyone can find out more or ask for a meeting at SBOM@cisa.dhs.gov This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-22
2024-01-241h 00
Below the Surface (Audio) - The Supply Chain Security PodcastSupply Chain Risk Management - David Vaughn - BTS #21We talk about Supply Chain Risk Management in the context of the cloud and US federal government with David Vaughn. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-21
2024-01-1048 min
Below the Surface (Audio) - The Supply Chain Security PodcastNetwork Device Supply Chains and Lateral Movement - Joe Hall - BTS #20In this episode, we have the privilege of sitting down with renowned security expert Joe Hall to discuss three critical facets of modern cybersecurity: network device security, supply chain threats, and lateral movement. Join us as Joe Hall shares his wealth of knowledge and experience, unraveling the complexities of network device security, the invisible gatekeepers of our digital lives. Discover the vulnerabilities that hackers exploit and the strategies to fortify your network defenses. Show Notes: https://securityweekly.com/bts-20
2023-12-2854 min
Below the Surface (Audio) - The Supply Chain Security PodcastA Year in Review on Offensive Security, Defensive Landscapes, and Global Implications - Tyler Robinson - BTS #19In this episode, we delve into the dynamic world of supply chain security, recapping the significant developments of the past year. Join us as we explore the evolution of offensive security, defensive landscapes, and the key actors shaping the cybersecurity landscape. Our featured guest, Tyler Robinson, Founder and CEO of Dark Element, brings a wealth of expertise to the discussion. With a deep understanding of cybersecurity and a track record of innovation, Tyler provides valuable insights into what these trends mean for companies, supply chains, governments, and geopolitics. This segment is sponsored by Eclypsium. Visit https://securityweekly...
2023-12-1353 min
Below the Surface (Audio) - The Supply Chain Security PodcastDefending Against Supply Chain Attacks - Bri Rolston - BTS #18Bri has spent her career investigating and defending against critical infrastructure attacks. Hear her take on the current threat landscape, supply chain security, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-18
2023-11-291h 06
Below the Surface (Video) - The Supply Chain Security PodcastProtecting The Digital Supply Chain - Yuriy Bulygin - BTS #17Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company. Prior to Eclypsium, Yuriy was Chief Threat Researcher at Intel Corporation. He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk. Since then Eclypsium has been on a mission to protect devices from supply chain risks. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more...
2023-11-161h 03
Below the Surface (Audio) - The Supply Chain Security PodcastProtecting The Digital Supply Chain - Yuriy Bulygin - BTS #17Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company. Prior to Eclypsium, Yuriy was Chief Threat Researcher at Intel Corporation. He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk. Since then Eclypsium has been on a mission to protect devices from supply chain risks. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more...
2023-11-151h 02
Below the Surface (Audio) - The Supply Chain Security PodcastUEFI & The Digital Supply Chain - Dick Wilkins - BTS #16Learn about the evolution of UEFI, various aspects of supply chain security surrounding UEFI, and the interactions between links in the supply chain that ultimately end up delivering you a computer or server. Segment Resources: https://uefi.org/sites/default/files/resources/What%20is%20UEFI-Aug31-2023-Final.pdf This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-16
2023-11-0151 min
Below the Surface (Video) - The Supply Chain Security PodcastReverse Engineering BMCs and Other Firmware - Vladyslav Babkin - BTS #15Vlad is part of the Eclypsium research team and has discovered several flaws in BMC ecosystems. He comes on the show to talk about his journey and cover the details behind BMC vulnerabilities and attacks. Segment Resources: https://forum.defcon.org/node/245714 https://eclypsium.com/research/bmcc-lights-out-forever/ https://eclypsium.com/blog/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/ Show Notes: https://securityweekly.com/bts-15
2023-10-1855 min
Below the Surface (Audio) - The Supply Chain Security PodcastReverse Engineering BMCs and Other Firmware - Vladyslav Babkin - BTS #15Vlad is part of the Eclypsium research team and has discovered several flaws in BMC ecosystems. He comes on the show to talk about his journey and cover the details behind BMC vulnerabilities and attacks. Segment Resources: https://forum.defcon.org/node/245714 https://eclypsium.com/research/bmcc-lights-out-forever/ https://eclypsium.com/blog/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/ Show Notes: https://securityweekly.com/bts-15
2023-10-1855 min
Below the Surface (Video) - The Supply Chain Security PodcastProtecting The Federal Supply Chain - John Loucaides - BTS #14John Loucaides, SVP Strategy at Eclypsium, joins us on the show to discuss protecting the federal supply chain! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-14
2023-10-0453 min
Below the Surface (Audio) - The Supply Chain Security PodcastProtecting The Federal Supply Chain - John Loucaides - BTS #14John Loucaides, SVP Strategy at Eclypsium, joins us on the show to discuss protecting the federal supply chain! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-14
2023-10-0453 min
Below the Surface (Video) - The Supply Chain Security PodcastNetwork Device Supply Chain Security - Nate Warfield - BTS #13We dig into network devices/appliances, why they are still around, who is attacking them, and how. Just why are attackers using network devices in ransomware campaigns and how do we stop them? Tune-in to find out as Nate Warfield, Director of Threat Research and Intelligence at Eclypsium joins us for this episode! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-13
2023-09-2155 min
Below the Surface (Audio) - The Supply Chain Security PodcastNetwork Device Supply Chain Security - Nate Warfield - BTS #13We dig into network devices/appliances, why they are still around, who is attacking them, and how. Just why are attackers using network devices in ransomware campaigns and how do we stop them? Tune-in to find out as Nate Warfield, Director of Threat Research and Intelligence at Eclypsium joins us for this episode! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-13
2023-09-2155 min
Below the Surface (Audio) - The Supply Chain Security PodcastDealing with The Digital Supply Chain - Ramy Houssaini - BTS #12Ramy Houssaini joins us to discuss the challenges enterprises face when dealing with supply chain threats, risks and vulnerabilities. We'll explore how to identify cybersecurity gaps in your various supply chains, discuss real-world examples such as Log4j and more! Show Notes: https://securityweekly.com/bts-12
2023-06-1455 min
Noticias de Tecnología DiariasNT316 - Eclypsium descubre falla de seguridad en GigabyteLa empresa de seguridad Eclypsium dice que descubrió un backdoor en el firmware de hasta 271 modelos de tarjetas madre Gygabyte. Esto puede permitir que un malware secuestre el instalador de actualizaciones integrado. Eclypsium dice que el firmware de Gigabyte no autentificó adecuadamente el código, lo que lo hace vulnerable a los ataques de intermediarios. Eclypsium recomienda deshabilitar la opción de “Descargar e Instalar” del centro de aplicaciones en el firmware, bloquear los tres sitios con los que contacta el actualizador, así como implementar una contraseña a nivel BIOS. Gigabyte está trabajando en una actualización para solucionar el problema...
2023-06-1200 min
Below the Surface (Audio) - The Supply Chain Security PodcastSCRM and Supply Chain Security Up and Down the Stack - Steve Orrin - BTS #11Supply Chain threats and industry / government initiatives like EO 14028 are driving a deeper understanding and a set of requirements for applying supply chain risk management (SCRM) and increased transparency (ex. SBOM) across the software ecosystem up and down the stack. Platform and system firmware present unique challenges for supply chain assurance from the depths of the stack. Segment Resources: ESF: Securing the Software Supply Chain for Customers https://media.defense.gov/2022/Nov/17/2003116444/-1/-1/0/ESF_SECURING_THE_SOFTWARE_SUPPLY_CHAIN_CUSTOMER_SLICKSHEET.PDF https://media.defense.gov/2022/Nov/17/2003116445/-1/-1/0/ESF_S...
2023-05-3157 min
Below the Surface (Audio) - The Supply Chain Security PodcastLearning About Firmware Security - Xeno Kovah - BTS #10Firmware security is a deeply technical topic, that's hard to get started in. In this talk, Xeno will discuss some past work in firmware security, and how he has organized resources such as a low level timeline (with over 300 talks), and free MOOC classes, to help teach people about firmware security. Segment Resources: https://ost2.fyi https://darkmentor.com/timeline.html Show Notes: https://securityweekly.com/bts10
2023-05-1759 min
Below the Surface (Audio) - The Supply Chain Security PodcastAccidentally Learning about Security: From Firmware to the Cloud, Brian Richardson - BTS #9Brian Richardson didn't start out wanting to do marketing or computer security... but after starting his career as a BIOS programmer, he tripped and fell into technical marketing (aka "Binary to English translator"). Brian's here to talk about the importance of hardware & firmware security in a SaaS world. Segment Resources: https://www.youtube.com/watch?v=I2FwiEH6dg4 https://www.youtube.com/watch?v=i9PrWw4ljeg https://medium.com/intel-tech/security-built-on-a-foundation-of-trust-1fa1dbb74cbc https://archive.fosdem.org/2020/schedule/event/firmware_culisfu/ Show No...
2023-05-031h 00
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #8 - Richard HughesThe LVFS is a project used by over 130 different vendors, from all positions of the supply chain. It decompresses, decompiles, then analyses firmware looking for issues, and then automatically builds a SBoM for each download. Segment Resources: https://fwupd.org/ https://github.com/fwupd Show Notes: https://securityweekly.com/bts8
2023-04-1957 min
Below the Surface (Audio) - The Supply Chain Security PodcastNicholas Starke - BTS #7Discuss current events in firmware security, such as the techniques utilized in BlackLotus. We will compare Baton Drop with Grub2 capabilities. Segment Resources: https://starkeblog.com/ Show Notes: https://securityweekly.com/bts7
2023-04-0548 min
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #6 - Vincent ZimmerThis session will provide an overview of the history of host firmware, or BIOS, focusing on the arc of the Unified Extensible Firmware Interface. It will include the development of defenses like UEFI Secure Boot and the challenges in scaling assurance across a broad ecosystem. It will close on works-in-progress and opportunities to build upon the school-of-hard-knocks learnings in this space. Show Notes: https://securityweekly.com/bts6
2023-03-2255 min
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #5 - Community Insights: Supply Chain Threats, Critical Firmware Attacks, and more!In this edition of Below The Surface, we discuss insights Scott collected from various members of our community. Topics include supply chain threats, critical firmware attacks, and more! We also welcome special guest Tyler Robinson! View the full report here: https://eclypsium.com/2022/12/13/december-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts5
2023-03-0843 min
Below the Surface (Video) - The Supply Chain Security PodcastCommunity Insights: Supply Chain Threats, Critical Firmware Attacks, and more! - BTS #5In this edition of Below The Surface, we discuss insights Scott collected from various members of our community. Topics include supply chain threats, critical firmware attacks, and more! We also welcome special guest Tyler Robinson! View the full report here: https://eclypsium.com/2022/12/13/december-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts5
2023-03-0843 min
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #4 - Supply Chain Threats, Vulnerable Drivers, OpenSSL Vulnerabilities, and more!Paul and Scott talk about supply chain threats, vulnerable drivers, leaked source code and keys, and cover what we know about the OpenSSL 3.x vulnerability. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts4
2023-02-2247 min
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #3 - Inevitable Attacks, UEFI Vulnerabilities, and more!This month Scott and Paul discuss the inevitability of attacks against certain sectors, UEFI vulnerabilities galore and so much more! Get the full report here: https://eclypsium.com/2022/10/03/september-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts3
2023-02-0833 min
Below the Surface (Video) - The Supply Chain Security PodcastInevitable Attacks, UEFI Vulnerabilities, and more! - BTS #3This month Scott and Paul discuss the inevitability of attacks against certain sectors, UEFI vulnerabilities galore and so much more! Get the full report here: https://eclypsium.com/2022/10/03/september-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts3
2023-02-0833 min
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #2 - Root Of Trust (Rot)Paul and Scott break down the Root of Trust (RoT) and other highlights from the August 2022 Below The Surface Threat Report: https://eclypsium.com/2022/08/31/august-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts2
2023-01-2653 min
Below the Surface (Video) - The Supply Chain Security PodcastRoot of Trust (RoT) - BTS #2Paul and Scott break down the Root of Trust (RoT) and other highlights from the August 2022 Below The Surface Threat Report: https://eclypsium.com/2022/08/31/august-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts2
2023-01-2653 min
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #1 - Firmware & Supply Chain SecurityPaul Asadoorian and Scott Scheferman sit down to discuss this month's firmware and supply chain threat report. We cover some of the history and latest developments regarding Secure Boot security research, the threats we face securing the firmware supply chain, and some insights into threat actors targeting firmware. View the full report here: https://eclypsium.com/2022/07/27/july-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts1
2023-01-2545 min
Below the Surface (Video) - The Supply Chain Security PodcastFirmware & Supply Chain Security - BTS #1Paul Asadoorian and Scott Scheferman sit down to discuss this month's firmware and supply chain threat report. We cover some of the history and latest developments regarding Secure Boot security research, the threats we face securing the firmware supply chain, and some insights into threat actors targeting firmware. View the full report here: https://eclypsium.com/2022/07/27/july-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts1
2023-01-2545 min
808 Podcast#237 Scott Scheferman - EclypsiumScott Scheferman the Chief Strategist of Eclypsium shares how to address Internet-facing device firmware challenges.
Get more info at https://Eclypsium.com/
2022-02-1507 min
Defense in DepthMaking Cybersecurity Faster and More ResponsiveAll links and images for this episode can be found on CISO Series Knowing is only one-third the battle. Another third is responding. And the last third is responding quickly. It's not enough to just have the first two thirds. We need to be faster, but how? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Jason Elrod (@jasonelrod), CISO, MultiCare Health System. Thanks to our podcast sponsor, E...
2022-01-1330 minDefense in DepthHow Can We Simplify Security?All links and images for this episode can be found on CISO Series Why is cybersecurity becoming so complex? What is one thing we can do, even if it's small, to head us off in the right direction of simplicity? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Leda Muller, CISO at Stanford, Residential and Dining Enterprises. Thanks to our podcast sponsor, Eclypsium Ecl...
2021-12-0928 minDefense in DepthHow Do We Turn Tables Against Adversaries?All links and images for this episode can be found on CISO Series If we're going to turn the tables against our adversaries, everything from our attitude to our action needs to change to a format where attacks and breaches are not normalized, and we know the what and how to respond to it quickly. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Scott Scheferman (@transhackerism), principal strategist, Eclypsium. Than...
2021-11-1126 min
Paul's Security Weekly (Video)The Stakes Are Raised When Protecting the Foundation of Computing - Scott Scheferman - PSW #705With Eclypsium researchers' discovery of BIOSDisconnect and their upcoming talk and demo at DefCon 29 upon us, the stakes have never been higher when it comes to protecting the foundation of computing at the firmware level. A feature meant to make updating and protecting the firmware easier for users (BIOSConnect) ends up exposing the BIOS to being bricked or implanted with malicious code operating at the highest privilege. Yet another example of the significant vulnerabilities that exist at the firmware level that attackers have been eyeing of late. Segment Resources: https://defcon.org/html/defcon-29/dc-29...
2021-08-0644 min
Paul's Security Weekly (Audio)Glorious Purpose - PSW #702This week, we kick off the show with an interview featuring Scott Scheferman, Principal Strategist at Eclypsium, to talk about The BIOS Disconnect and vulnerabilities affecting the BIOSConnect feature within the Dell Client BIOS! Next up, we welcome Jack Rhysider, Podcaster and Host of the Darknet Diaries Podcast, to discuss the The Journey from a Network Security Engineer to a Podcast Host! In the Security News, the White House Announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR...
2021-07-163h 20
Enterprise Security Weekly (Audio)Following the Dollar - ESW #234This week, in our first segment, we welcome Rajiv Thomas, Sr Systems Engineer at Gas South LLC, to discuss Gas South and ExtraHop- A Journey of Security Partnership! In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ...
2021-07-161h 46
Paul's Security Weekly (Video)The BIOS Disconnect - Scott Scheferman - PSW #702Eclypsium researchers identified vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This disconnect impacted 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. With cyber-attacks on the rise, firmware security, while often overlooked, might be the next battleground for attackers who continue to target enterprise VPNs and other network devices. Segment Resources: https://eclypsium.com/2021/06/24/biosdisconnect/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/ps...
2021-07-161h 03
You've Already Been HackedLet's talk cybersecurity and Critical InfrastructureEpisode 50
- www.sfgate.com: A hacker gained access to a Bay Area drinking water facility
- thehackernews.com: North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institute
- eclypsium.com: Eclypsium Discovers Multiple Vulnerabilities Affecting 129 Dell Models via Dell Remote OS Recovery and Firmware Update Capabilities
- www.cyberscoop.com: A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill
- krebsonsecurity.com: How Cyber Safe is Your Drinking Water Supply?
Share that link with your friends, or...
2021-06-2718 min
Three Buddy ProblemGoogle's Heather Adkins on defenders playing the long gameFounding-member of the Google security team Heather Adkins joins the conversation to stress the importance of defenders playing the "long-game," the need for meaningful culture-change among security leaders, the expansion of zero-trust beyond identities and devices, and some thoughts on the future of electronic voting.
Sponsored by Eclypsium:
Eclypsium ships an enterprise device platform that provides visibility and mitigation for malicious activity all the way down to the firmware and hardware level. Think of it as one platform to discover, inventory, assess risk, patch, and detect compromises and supply chain breaches across your entire fleet of...
2021-05-2738 min
Enterprise Security Weekly (Audio)Love Your Energy - ESW #223This week, In the first segment, Ryan Noon from Material Security join us for a discussion on Zero Trust! Next up, John Loucaides joins for an interview on firmware attacks, and what enterprises need to do! In the Enterprise Security News:Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acquires Convercent, Digital Shadows announces new threat intelligence capabilities, Rapid7 Announces Kubernetes Open Beta in InsightVM, LogRhythm Releases Version 7.7, Imperva unveils new data security platform built for cloud, Acronis releases a new version of Acronis Cyber Protect Cloud, Minerva Labs Launches Cloud Version of its Endpoint Threat Prevention Platform, What's Behind...
2021-04-091h 36
Enterprise Security Weekly (Video)Hackers Are Targeting Your Firmware. Are You Ready? - John Loucaides - ESW #22383% of businesses have experienced at least one firmware attack in the past two years - and yet most organizations lack visibility into this attack surface. We'll discuss why hackers are increasingly targeting firmware and what enterprises need to do to detect and prevent these attacks. Segment Resources: Assessing Enterprise Firmware Security Risk in 2021 - https://eclypsium.com/2021/01/14/assessing-enterprise-firmware-security-risk-in-2021/ https://github.com/chipsec/chipsec The Top 5 Firmware Attack Vectors - https://eclypsium.com/2018/12/28/the-top-5-firmware-and-hardware-attack-vectors/ Request a demo of the Eclypsium platform - https://eclypsium.com/ This segment is sponsored...
2021-04-0839 min
Paul's Security Weekly (Audio)Not Very Moist - PSW #671This week, we welcome back Corey Thuen from Gravwell, to talk about Sysmon Endpoint Monitoring complete with Clipboard Voyeurism! Next up, Scott Scheferman, the Principal Cyber Strategist at Eclypsium, joins us to talk about how Hackers Are Hitting Below The Belt! In the Security News, testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a Wordpress plugin aimed at protecting Wordpress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, and 8 new hot, steamy, moist cybersecurity certifications! Show Notes: https://w...
2020-10-233h 21
Business Security Weekly (Video)Cracks in the Foundation: Understanding the New Endpoint Challenge - John Loucaides - BSW #187Cyber adversaries have mastered the art of staying one step ahead of our controls. As endpoint protections grow stronger, attackers have adapted by going further down the stack - targeting firmware, hardware and device-level vulnerabilities. Eclypsium's John Loucaides discusses recent exploits, and the steps business security leaders should be taking to protect the foundations of the enterprise. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.co...
2020-09-1539 min
Enterprise Security Weekly (Audio)It's A Trap! - ESW #193This week, it's Security Weekly Virtual Hacker Summer Camp! In our first segment, we welcome John Loucaides, VP of Research & Development at Eclypsium, to talk about Putting Zero Trust in Your Devices! In our second segment, we talk Enterprise News, discussing Tanium offering new cybersecurity service through a partnership with Google Cloud, CyberArk launches open-source Shadow Admin identification tool for Azure and AWS, Threat Stack Cloud Security Platform extends security observability to AWS Fargate tasks, Polyrize announces its SaaS-based security platform, and more! In our final segment, we welcome our dear friend and Security and Compliance Weekly's host Jeff...
2020-08-072h 39
Enterprise Security Weekly (Video)SWVHSC: Put Zero Trust in Your Devices - John Loucaides - ESW #193The recent shift to a remote work environment has created new challenges for many businesses and government institutions with profound impacts on organizational security models. Users are no longer protected by the many layers of security found on-premise in the corporate network. Organizations must adapt security policies to support a massive influx of inbound connections. Security teams must consider how to adapt core security concepts like Zero Trust to include remote work environments that include corporate laptops, BYOD devices, and home networking gear. Join our conversation as we discuss how much trust you can put in your devices as...
2020-08-0643 min
Research SaturdayHidden dangers inside Windows and LINUX computers.Eclypsium has issued a study that suggests the prevalence of “unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacturers.” Here to discuss their findings is Rick Altherr, a Principle Engineer at Eclypsium.The research can be found here:Perilous Peripherals: The Hidden Dangers Inside Windows and LINUX Computers. Learn more about your ad choices. Visit megaphone.fm/adchoices
2020-03-2823 min
Enterprise Security Weekly (Video)Black Hat Interviews: DenimGroup, SCYTHE, & Eclypsium - ESW #153We interview Dan Cornell, the Founder & CTO the at DenimGroup.Next, Bryson Bort, the Founder & CEO at SCYTHE. Last, Yuriy Bulygin, the Founder & CEO at Eclypsium. Full Show Notes: https://wiki.securityweekly.com/ES_Episode153 Visit https://www.securityweekly.com/esw for all the latest episodes!
2019-09-1450 min