Shows
Below the Surface (Audio) - The Supply Chain Security PodcastThe Hidden Risks of Open Source ComponentsIn this episode, Paul Asadorian and Josh Bressers delve into the complexities of open source supply chain security, discussing the prevalence of open source components in modern software, the challenges posed by legacy systems, and the critical importance of vulnerability management. They explore the regulatory landscape surrounding software liability and the need for better tools and practices to ensure secure product development. The conversation highlights the necessity of understanding dependencies and the implications of consumer security in a market driven by features rather than security. In this conversation, Josh Bressers and Paul discuss the importance of Software Bill of...2025-05-0652 min
Below the Surface (Audio) - The Supply Chain Security PodcastHardware Hacking Tips & TricksIn this episode, Paul and Chase delve into the world of hardware hacking, focusing on devices like the Flipper Zero and ESP32. They discuss the various applications of these tools, their impact on awareness in the hacking community, and the security implications surrounding their use. The conversation also touches on vulnerabilities in hotel security systems, challenges in remediating legacy systems, and the commoditization of hacking tools. Through practical examples and insights, the hosts explore the evolving landscape of cybersecurity and the role of hardware in it. In this conversation, Paul and Chase delve into the world of hardware hacking...2025-04-0754 min
Below the Surface (Audio) - The Supply Chain Security PodcastBMC&C Part 3In this episode, Paul Asadoorian, Vlad Babkin, and Chase Snyder delve into the latest vulnerability disclosures related to Baseboard Management Controllers (BMCs), specifically focusing on AMI Megarac and Redfish. They discuss the nature of the vulnerabilities, the discovery process, and the potential impacts of a BMC compromise. The conversation highlights the importance of understanding BMCs in the context of supply chain security and the risks associated with exposing these components to the internet. The conversation delves into the vulnerabilities associated with Baseboard Management Controllers (BMCs), particularly focusing on the Redfish API and the potential for exploitation. The speakers discuss...2025-03-1949 min
Below the Surface (Audio) - The Supply Chain Security PodcastBlack Basta - Threat Intelligence Insights - BTS #46In this episode, Paul Asadoorian, Vlad Babkin, and Chase Snyder delve into the recent leaks from the Black Basta ransomware group, exploring the implications of the leaked chat logs, the operational tactics of the group, and the evolving landscape of ransomware attacks. The conversation highlights the importance of understanding threat intelligence derived from these leaks, the significance of targeting exposed devices, and the necessity of robust security measures to mitigate risks. In this conversation, the speakers delve into the evolving tactics of ransomware groups, emphasizing the importance of understanding their operational scale and methodologies. They discuss the significance of...2025-03-0551 min
Below the Surface (Audio) - The Supply Chain Security PodcastUnderstanding Firmware Vulnerabilities in Network AppliancesIn this episode, Paul, Vlad, and Chase discuss the security challenges of Palo Alto devices and network appliances. They explore the vulnerabilities present in these devices, the importance of best practices in device management, and the need for automatic updates. The conversation highlights the evolving nature of firmware vulnerabilities and the necessity for compensating controls to mitigate risks. The hosts emphasize the responsibility of vendors to ensure their products are secure and the need for a shift in user expectations regarding security appliances. In this conversation, the speakers discuss the pressing need for improved security standards in network appliances...2025-02-0659 min
Below the Surface (Audio) - The Supply Chain Security PodcastNetwork Appliances: A Growing ConcernIn this episode, Paul Asadorian and Chase Snyder discuss the latest security threats and vulnerabilities affecting network appliances, particularly focusing on Avanti and Fortinet platforms. They explore the increasing risks associated with these devices, the need for improved security standards, and the challenges of risk management and visibility in network security. The conversation emphasizes the importance of accountability among vendors and the necessity for customers to demand better security practices. In this conversation, Chase Snyder and Paul discuss the challenges and vulnerabilities in network security, particularly focusing on network appliances and the lack of standardization in security measures. They...2025-01-2747 min
Below the Surface (Audio) - The Supply Chain Security PodcastCVE Turns 25In this episode, Paul Asidorian, Alec Summers, and Lisa Olson discuss the 25th anniversary of the CVE program, its evolution, and the importance of transparency in vulnerability management. They explore the history of CVE, the process of creating CVE records, and the role of CNAs in ensuring accountability. The conversation also addresses challenges related to end-of-life software vulnerabilities and the need for maintaining the integrity of CVE records in an ever-evolving cybersecurity landscape. In this conversation, the speakers discuss the complexities of managing and analyzing vulnerabilities in software, mainly focusing on the roles of CVE and CVSS in providing...2024-12-091h 02
Below the Surface (Audio) - The Supply Chain Security PodcastThe China Threat - BTS #42In this episode, Paul Asadoorian, Allan Alford, and Josh Corman discuss the growing threat posed by China, particularly in the context of cyber operations and geopolitical ambitions. They explore the implications of China's strategies, the vulnerabilities in critical infrastructure, and the need for transparency and trust in digital systems. The conversation highlights the urgency of addressing these threats as they relate to Taiwan and the broader global landscape. In this conversation, the speakers discuss the critical issues surrounding digital infrastructure, emphasizing the over-dependence on unreliable systems and the need for greater trust and transparency. They explore the balance between...2024-11-211h 02
Below the Surface (Audio) - The Supply Chain Security PodcastPacific Rim - BTS #41In this episode, Paul Asadorian, Larry Pesce, and Evan Dornbusch delve into the recent Sophos reports on threat actors, particularly focusing on the Pacific Rim case. They discuss the implications of the findings, including the tactics used by attackers, the vulnerabilities in network devices, and the challenges of securing appliances. The conversation also highlights the importance of network detection solutions, the impact of zero-day exploits, and the need for a shift in how appliance security is approached, especially concerning firmware backdoors and UEFI threats. In this conversation, the speakers discuss the implications of UEFI attacks, highlighting Sophos' proactive measures...2024-11-0659 min
DALY Technology PulseThe Challenges of Safety Policy - Sean Georgia, Panasonic, and Wes Dobry, EclypsiumFrom the outside, keeping everyone safe can seem relatively simple. However, there is a lot that goes on behind the scenes to make sure our public safety professionals are all up to standards. The Criminal Justice Information Services (CJIS) policy is crucial towards ensuring safety organizations are protecting their network along with the public.Rick from DALY speaks welcomes back Sean Georgia from Panasonic with special guest Wes Dobry from Eclypsium in this episode of the Technology Pulse. Listen to them discuss the importance of safety policy and how the partnership between Panasonic and Eclypsium protects the...2024-10-2938 min
Below the Surface (Audio) - The Supply Chain Security PodcastBackdoors in BackdoorsIn this episode, Paul Ascidorian and Matt Johansen discuss the recent targeted attacks by Chinese threat actors, particularly focusing on the Volt Typhoon group. They explore the implications of back doors in cybersecurity, the role of ISPs, and the ongoing tension between privacy and security. The conversation delves into historical contexts, the evolution of threat actor tactics, and the shared responsibility model in cybersecurity. They also highlight the challenges of supply chain security and the visibility issues that make network devices vulnerable to attacks. In this conversation, Paul and Matt discuss the evolution of software security, focusing on the...2024-10-2350 min
Below the Surface (Audio) - The Supply Chain Security PodcastThe Art of Firmware Scraping - BTSIn this episode, Edwin Shuttleworth from Finite State discusses firmware security, insights from the GRRCON Security Conference, and the challenges of firmware analysis. The conversation covers various topics, including firmware scraping techniques, the IoT landscape, types of firmware, the importance of Software Bill of Materials (SBOMs), and emulation in firmware analysis. Edwin shares his experiences and offers advice for those looking to get started in firmware reverse engineering. 2024-10-0859 min
Below the Surface (Audio) - The Supply Chain Security PodcastVulnerability Tracking & Scoring - Patrick Garrity - BTS #38In this episode of Below the Surface, host Paul Ascadorian and guest Patrick Garrity discuss the complexities of vulnerability tracking and prioritization. They explore various sources of vulnerability data, the significance of known exploited vulnerabilities, and the concept of weaponization in cybersecurity. The conversation delves into the challenges posed by supply chain vulnerabilities, the importance of Software Bill of Materials (SBOM), and the impact of user behavior on security. The episode concludes with thoughts on the future of vulnerability management and the need for a more comprehensive approach to cybersecurity. 2024-09-2756 min
Below the Surface (Audio) - The Supply Chain Security PodcastFirmware Reverse Engineering - Matt Brown - BTS #37In this episode, Matt Brown joins the podcast to talk about firmware reverse engineering and supply chains. They discuss Matt's start in information security, his journey into hardware security, and the creation of his YouTube channel. They also explore the vulnerabilities and weaknesses in the supply chain of IoT devices and the challenges of extracting firmware from embedded Linux systems. Matt shares his favorite tools for firmware extraction and the complexities of creating an SBOM in the embedded Linux ecosystem. In this conversation, Paul and Allan discuss the challenges and vulnerabilities in IoT devices. They highlight the lack of...2024-09-1156 min
Below the Surface (Audio) - The Supply Chain Security PodcastSupply Chain Policies - Trey Herr, Stewart Scott - BTS #36Stewart and Trey join us to talk about driving cybersecurity policies for the nation, what makes a good policy, what makes a bad policy, supply chain research and policies, and overall how we shape policies that benefit cybersecurity. Segment Resources: https://www.atlanticcouncil.org/in-depth-research-reports/report/broken-trust-lessons-from-sunburst/ https://www.atlanticcouncil.org/in-depth-research-reports/report/open-source-software-as-infrastructure/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-362024-08-1459 min
Below the Surface (Audio) - The Supply Chain Security PodcastThe Known Exploited Vulnerability catalogue, aka the KEV - Tod Beardsley - BTS #35Gain insights into the CISA KEV straight from one of the folks at CISA, Tod Beardsley. Learn how KEV was created, where the data comes from, and how you should use it in your environment. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Resource: https://cisa.gov/kev Show Notes: https://securityweekly.com/bts-352024-07-3155 min
Below the Surface (Audio) - The Supply Chain Security PodcastEPSS - The Exploit Prediction Scoring System - Jay Jacobs, Wade Baker - BTS #34Jay Jacobs Co-Founder and Data Scientist and Wade Baker Co-Founder; Data Storyteller from The Cyentia Institute come on the show to talk about The Exploit Prediction Scoring System (EPSS). This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-342024-07-1759 min
Below the Surface (Audio) - The Supply Chain Security PodcastSecuring OT Environments - Dr. Ed Harris - BTS #33Ed Harris joins us to discuss how to secure OT environments, implement effective air gaps, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-332024-07-0353 min
YusufOnSecurity.com177 - The Importance Of Automation And Orchestration In Cyber Security - Part 2Enjoying the content? Let us know your feedback!This week's episode will continue with part 2 of "The Importance of Automation and Orchestration in Cyber Security." As I said in the episode one, the need for efficient and effective security measures has never been more critical.I suggest you listen to E1, before you dive into this one.Without further ado, lets first get what is trending this week in term of news and updates.Hundreds of personal computer as well as Server Models could be Affected by a serious UEFI...2024-06-2241 min
Below the Surface (Audio) - The Supply Chain Security PodcastMitre ATT&CK - Adam Pennington - BTS #32We discuss the various aspects of Mitre Att&ck, including tools, techniques, supply chain aspects, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-322024-06-1952 min
CISO Series PodcastThe Post-it Note Clearly Says “Don’t Share” Right Under My PasswordAll links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Allan Alford, CISO, Eclypsium. In this episode: Evolving public-private partnerships New technology, but not a new challenge Securing the hidden layers of the supply chain Balancing usability and control Thanks to our podcast sponsor, Eclypsium Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology su...2024-06-1837 min
Below the Surface (Audio) - The Supply Chain Security PodcastManaging Complex Digital Supply Chains - Cassie Crossley - BTS #31Cassie has a long history of successfully managing a variety of security programs. Today, she leads supply chain efforts for a very large product company. We will tackle topics such as software supply chain management, SBOMs, third-party supply chain challenges, asset management, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-312024-06-051h 03
CISO Series PodcastRansomware? Why’d It Have to be Ransomware? (Live at B-Sides San Diego)All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Steve Zalewski, co-host, Defense in Depth. Recorded live at BSidesSF. In this episode: Are companies taking the air out of the open source balloon? What’s broken about cybersecurity hiring? Do we need minimum requirements for cybersecurity knowledge in sales? Thanks to our podcast sponsors, Devo, Eclypsium & NetSPI De...2024-05-2844 min
Below the Surface (Audio) - The Supply Chain Security PodcastSystems Of Trust - Robert Martin - BTS #30Bob Martin comes on the show to discuss systems of trust, supply chain security and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-302024-05-2255 min
Below the Surface (Audio) - The Supply Chain Security PodcastSupply Chains, Firmware, And Patching - Jason Kikta - BTS #29Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current challenges with patch management. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-292024-05-081h 06CISO Series PodcastCan’t Talk, I’m Onboarding My Kids To Their First Soccer Practice (Live in Mountain View, CA)All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our guest, TC Niedzialkowski, CISO, Nextdoor. In this episode: Has the line between work and personal devices blurred? Why are we seeing signs that that line no longer exists for employees? What is the path of cybersecurity to keep company data secured when its continually commingling with personal devices? Thanks to ou...2024-05-0744 min
Below the Surface (Audio) - The Supply Chain Security Podcast5G Hackathons - Casey Ellis - BTS #28Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things". This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-282024-04-2456 min
Below the Surface (Audio) - The Supply Chain Security PodcastGovernance, Compliance, and The Digital Supply Chain - Josh Marpet - BTS #27In this episode, we disccuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadorian and Alan Alford. Specifically, we discuss: The importance of understanding and complying with regulations affecting digital supply chains, such as Executive Order 14028 and the NIST Cybersecurity Framework. The podcast highlighted the impact of EU regulations, like CRA, GDPR, and DORA, on global businesses, underscoring the shared responsibility model in data security. Vendors' duties in open-source security and software vulnerability management were discussed, with a call for automation in software inventory and security, including the use of SBOMs...2024-04-1049 min
Below the Surface (Audio) - The Supply Chain Security PodcastWhat We Don’t Know Will Hurt Us - Cheryl Biswas - BTS #26Cheryl is super passionate about supply chain security and visibility. Tune in to our discussion on how we can collectively get better at reducing the attack surface and working to fix the wide variety of digital supply chain issues we have today. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-262024-03-2753 min
Below the Surface (Video) - The Supply Chain Security PodcastSupply Chain Threats and Regulations - BTS #25Paul and Allan will talk a little bit about Allan's background and current work at Eclypsium. Next, we'll cover some of the recent news and topics we've been discussing on our blog including Firewall and VPN appliance security struggles, Shim Shady, Glubteba and other malware targeting UEFI, and some thoughts on recent regulations affecting supply chains such as the EU CRA. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-252024-03-1345 min
Below the Surface (Audio) - The Supply Chain Security PodcastSupply Chain Threats and Regulations - BTS #25Paul and Allan will talk a little bit about Allan's background and current work at Eclypsium. Next, we'll cover some of the recent news and topics we've been discussing on our blog including Firewall and VPN appliance security struggles, Shim Shady, Glubteba and other malware targeting UEFI, and some thoughts on recent regulations affecting supply chains such as the EU CRA. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-252024-03-1345 min
Below the Surface (Video) - The Supply Chain Security PodcastSupply Chain Threats and Regulations - BTS #25Paul and Allan will talk a little bit about Allan's background and current work at Eclypsium. Next, we'll cover some of the recent news and topics we've been discussing on our blog including Firewall and VPN appliance security struggles, Shim Shady, Glubteba and other malware targeting UEFI, and some thoughts on recent regulations affecting supply chains such as the EU CRA. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-252024-03-1345 min
Below the Surface (Audio) - The Supply Chain Security PodcastManaging Supply Chain Risk - Saša Zdjelar - BTS #24Saša Zdjelar joins us on this episode to dive into how organizations can manage supply chain risk, including the current challenges we face and how best to deal with them. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-242024-02-2147 min
Below the Surface (Audio) - The Supply Chain Security PodcastClosing The Supply Chain Visibility Gap - Dr. Olga Livingston - BTS #23Short of ripping everything apart (hardware and software) and inspecting the components, which is very time-consuming, how do we solve the visibility gap in various supply chains? Dr. Olga Livingston from CISA joins us to discuss! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-232024-02-0758 min
Below the Surface (Audio) - The Supply Chain Security PodcastSBOMs and Supply Chains - Allan Friedman - BTS #22We sit down with the father of the SBOM, Allan Friedman, to discuss examples of where we really need SBOMs, how to operationalize SBOMs, and how to identify and deal with bad things that may be in your SBOM! CISA's resources on SBOM are at cisa.gov/SBOM and anyone can find out more or ask for a meeting at SBOM@cisa.dhs.gov This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-222024-01-241h 00
Below the Surface (Audio) - The Supply Chain Security PodcastSupply Chain Risk Management - David Vaughn - BTS #21We talk about Supply Chain Risk Management in the context of the cloud and US federal government with David Vaughn. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-212024-01-1048 min
Below the Surface (Audio) - The Supply Chain Security PodcastNetwork Device Supply Chains and Lateral Movement - Joe Hall - BTS #20In this episode, we have the privilege of sitting down with renowned security expert Joe Hall to discuss three critical facets of modern cybersecurity: network device security, supply chain threats, and lateral movement. Join us as Joe Hall shares his wealth of knowledge and experience, unraveling the complexities of network device security, the invisible gatekeepers of our digital lives. Discover the vulnerabilities that hackers exploit and the strategies to fortify your network defenses. Show Notes: https://securityweekly.com/bts-202023-12-2854 min
Paul's Security Weekly (Audio)Supply Chain & Firmware Security - Xeno Kovah - PSW #811AI generated description fun: "As the glasses are filled and the mood lightens, our veteran guests, each with a legendary tale or two tucked under their virtual belts, embark on a journey through the complex landscape of supply chain security. These old dogs share war stories, anecdotes, and hard-earned wisdom about the evolving challenges and threats that have shaped their illustrious careers. From the early days of computing to the present era of interconnected systems, our panelists delve into the intricacies of securing the supply chain. Expect insights on the timeless art of social engineering, the ever-expanding attack surface...2023-12-211h 52
Below the Surface (Audio) - The Supply Chain Security PodcastA Year in Review on Offensive Security, Defensive Landscapes, and Global Implications - Tyler Robinson - BTS #19In this episode, we delve into the dynamic world of supply chain security, recapping the significant developments of the past year. Join us as we explore the evolution of offensive security, defensive landscapes, and the key actors shaping the cybersecurity landscape. Our featured guest, Tyler Robinson, Founder and CEO of Dark Element, brings a wealth of expertise to the discussion. With a deep understanding of cybersecurity and a track record of innovation, Tyler provides valuable insights into what these trends mean for companies, supply chains, governments, and geopolitics. This segment is sponsored by Eclypsium. Visit https://securityweekly...2023-12-1353 min
Below the Surface (Video) - The Supply Chain Security PodcastA Year in Review on Offensive Security, Defensive Landscapes, and Global Implications - Tyler Robinson - BTS #19In this episode, we delve into the dynamic world of supply chain security, recapping the significant developments of the past year. Join us as we explore the evolution of offensive security, defensive landscapes, and the key actors shaping the cybersecurity landscape. Our featured guest, Tyler Robinson, Founder and CEO of Dark Element, brings a wealth of expertise to the discussion. With a deep understanding of cybersecurity and a track record of innovation, Tyler provides valuable insights into what these trends mean for companies, supply chains, governments, and geopolitics. This segment is sponsored by Eclypsium. Visit https://securityweekly...2023-12-1353 min
Below the Surface (Audio) - The Supply Chain Security PodcastDefending Against Supply Chain Attacks - Bri Rolston - BTS #18Bri has spent her career investigating and defending against critical infrastructure attacks. Hear her take on the current threat landscape, supply chain security, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-182023-11-291h 06
Below the Surface (Video) - The Supply Chain Security PodcastDefending Against Supply Chain Attacks - Bri Rolston - BTS #18Bri has spent her career investigating and defending against critical infrastructure attacks. Hear her take on the current threat landscape, supply chain security, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-182023-11-291h 06
Below the Surface (Video) - The Supply Chain Security PodcastProtecting The Digital Supply Chain - Yuriy Bulygin - BTS #17Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company. Prior to Eclypsium, Yuriy was Chief Threat Researcher at Intel Corporation. He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk. Since then Eclypsium has been on a mission to protect devices from supply chain risks. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more...2023-11-161h 03
Below the Surface (Audio) - The Supply Chain Security PodcastProtecting The Digital Supply Chain - Yuriy Bulygin - BTS #17Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company. Prior to Eclypsium, Yuriy was Chief Threat Researcher at Intel Corporation. He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk. Since then Eclypsium has been on a mission to protect devices from supply chain risks. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more...2023-11-151h 02
Below the Surface (Audio) - The Supply Chain Security PodcastUEFI & The Digital Supply Chain - Dick Wilkins - BTS #16Learn about the evolution of UEFI, various aspects of supply chain security surrounding UEFI, and the interactions between links in the supply chain that ultimately end up delivering you a computer or server. Segment Resources: https://uefi.org/sites/default/files/resources/What%20is%20UEFI-Aug31-2023-Final.pdf This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-162023-11-0151 min
Below the Surface (Video) - The Supply Chain Security PodcastUEFI and The Digital Supply Chain - Dick Wilkins - BTS #16Learn about the evolution of UEFI, various aspects of supply chain security surrounding UEFI, and the interactions between links in the supply chain that ultimately end up delivering you a computer or server. Segment Resources: https://uefi.org/sites/default/files/resources/What%20is%20UEFI-Aug31-2023-Final.pdf This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-162023-11-0152 min
Below the Surface (Audio) - The Supply Chain Security PodcastReverse Engineering BMCs and Other Firmware - Vladyslav Babkin - BTS #15Vlad is part of the Eclypsium research team and has discovered several flaws in BMC ecosystems. He comes on the show to talk about his journey and cover the details behind BMC vulnerabilities and attacks. Segment Resources: https://forum.defcon.org/node/245714 https://eclypsium.com/research/bmcc-lights-out-forever/ https://eclypsium.com/blog/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/ Show Notes: https://securityweekly.com/bts-152023-10-1855 min
Below the Surface (Video) - The Supply Chain Security PodcastReverse Engineering BMCs and Other Firmware - Vladyslav Babkin - BTS #15Vlad is part of the Eclypsium research team and has discovered several flaws in BMC ecosystems. He comes on the show to talk about his journey and cover the details behind BMC vulnerabilities and attacks. Segment Resources: https://forum.defcon.org/node/245714 https://eclypsium.com/research/bmcc-lights-out-forever/ https://eclypsium.com/blog/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/ Show Notes: https://securityweekly.com/bts-152023-10-1855 min
Below the Surface (Video) - The Supply Chain Security PodcastProtecting The Federal Supply Chain - John Loucaides - BTS #14John Loucaides, SVP Strategy at Eclypsium, joins us on the show to discuss protecting the federal supply chain! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-142023-10-0453 min
Below the Surface (Audio) - The Supply Chain Security PodcastProtecting The Federal Supply Chain - John Loucaides - BTS #14John Loucaides, SVP Strategy at Eclypsium, joins us on the show to discuss protecting the federal supply chain! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-142023-10-0453 min
Below the Surface (Video) - The Supply Chain Security PodcastNetwork Device Supply Chain Security - Nate Warfield - BTS #13We dig into network devices/appliances, why they are still around, who is attacking them, and how. Just why are attackers using network devices in ransomware campaigns and how do we stop them? Tune-in to find out as Nate Warfield, Director of Threat Research and Intelligence at Eclypsium joins us for this episode! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-132023-09-2155 min
Below the Surface (Audio) - The Supply Chain Security PodcastNetwork Device Supply Chain Security - Nate Warfield - BTS #13We dig into network devices/appliances, why they are still around, who is attacking them, and how. Just why are attackers using network devices in ransomware campaigns and how do we stop them? Tune-in to find out as Nate Warfield, Director of Threat Research and Intelligence at Eclypsium joins us for this episode! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-132023-09-2155 min
Below the Surface (Audio) - The Supply Chain Security PodcastDealing with The Digital Supply Chain - Ramy Houssaini - BTS #12Ramy Houssaini joins us to discuss the challenges enterprises face when dealing with supply chain threats, risks and vulnerabilities. We'll explore how to identify cybersecurity gaps in your various supply chains, discuss real-world examples such as Log4j and more! Show Notes: https://securityweekly.com/bts-12 2023-06-1455 min
Noticias de Tecnología DiariasNT316 - Eclypsium descubre falla de seguridad en GigabyteLa empresa de seguridad Eclypsium dice que descubrió un backdoor en el firmware de hasta 271 modelos de tarjetas madre Gygabyte. Esto puede permitir que un malware secuestre el instalador de actualizaciones integrado. Eclypsium dice que el firmware de Gigabyte no autentificó adecuadamente el código, lo que lo hace vulnerable a los ataques de intermediarios. Eclypsium recomienda deshabilitar la opción de “Descargar e Instalar” del centro de aplicaciones en el firmware, bloquear los tres sitios con los que contacta el actualizador, así como implementar una contraseña a nivel BIOS. Gigabyte está trabajando en una actualización para solucionar el problema...2023-06-1200 min
Bitcoin en español798 ¡CUIDADO! si tu PC tiene una de estasSe ha encontrado una vulnerabilidad que permite introducir malware a tu computadora a través del firmware de tu placa base y esto puede poner en riesgo tus criptomonedas o peor aún, tus bitcoin.
Qué placa base tienes: https://www.muycomputer.com/2022/06/08/como-saber-que-placa-base-tengo/
Listado de placas afectadas: https://eclypsium.com/wp-content/uploads/Gigabyte-Affected-Models.pdf
Análisis de la puerta trasera: https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
Noticia: https://www.wired.com/story/gigabyte-motherboard-firmware-backdoor/
Clases nuevas de la semana en: https://cursosbitcoin.com
* S...2023-06-0112 min
Below the Surface (Audio) - The Supply Chain Security PodcastSCRM and Supply Chain Security Up and Down the Stack - Steve Orrin - BTS #11Supply Chain threats and industry / government initiatives like EO 14028 are driving a deeper understanding and a set of requirements for applying supply chain risk management (SCRM) and increased transparency (ex. SBOM) across the software ecosystem up and down the stack. Platform and system firmware present unique challenges for supply chain assurance from the depths of the stack. Segment Resources: ESF: Securing the Software Supply Chain for Customers https://media.defense.gov/2022/Nov/17/2003116444/-1/-1/0/ESF_SECURING_THE_SOFTWARE_SUPPLY_CHAIN_CUSTOMER_SLICKSHEET.PDF https://media.defense.gov/2022/Nov/17/2003116445/-1/-1/0/ESF_S...2023-05-3157 min
Below the Surface (Audio) - The Supply Chain Security PodcastLearning About Firmware Security - Xeno Kovah - BTS #10Firmware security is a deeply technical topic, that's hard to get started in. In this talk, Xeno will discuss some past work in firmware security, and how he has organized resources such as a low level timeline (with over 300 talks), and free MOOC classes, to help teach people about firmware security. Segment Resources: https://ost2.fyi https://darkmentor.com/timeline.html Show Notes: https://securityweekly.com/bts10 2023-05-1759 min
Below the Surface (Audio) - The Supply Chain Security PodcastAccidentally Learning about Security: From Firmware to the Cloud, Brian Richardson - BTS #9Brian Richardson didn't start out wanting to do marketing or computer security... but after starting his career as a BIOS programmer, he tripped and fell into technical marketing (aka "Binary to English translator"). Brian's here to talk about the importance of hardware & firmware security in a SaaS world. Segment Resources: https://www.youtube.com/watch?v=I2FwiEH6dg4 https://www.youtube.com/watch?v=i9PrWw4ljeg https://medium.com/intel-tech/security-built-on-a-foundation-of-trust-1fa1dbb74cbc https://archive.fosdem.org/2020/schedule/event/firmware_culisfu/ Show No...2023-05-031h 00
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #8 - Richard HughesThe LVFS is a project used by over 130 different vendors, from all positions of the supply chain. It decompresses, decompiles, then analyses firmware looking for issues, and then automatically builds a SBoM for each download. Segment Resources: https://fwupd.org/ https://github.com/fwupd Show Notes: https://securityweekly.com/bts8 2023-04-1957 min
Below the Surface (Audio) - The Supply Chain Security PodcastNicholas Starke - BTS #7Discuss current events in firmware security, such as the techniques utilized in BlackLotus. We will compare Baton Drop with Grub2 capabilities. Segment Resources: https://starkeblog.com/ Show Notes: https://securityweekly.com/bts72023-04-0548 min
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #6 - Vincent ZimmerThis session will provide an overview of the history of host firmware, or BIOS, focusing on the arc of the Unified Extensible Firmware Interface. It will include the development of defenses like UEFI Secure Boot and the challenges in scaling assurance across a broad ecosystem. It will close on works-in-progress and opportunities to build upon the school-of-hard-knocks learnings in this space. Show Notes: https://securityweekly.com/bts62023-03-2255 min
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #5 - Community Insights: Supply Chain Threats, Critical Firmware Attacks, and more!In this edition of Below The Surface, we discuss insights Scott collected from various members of our community. Topics include supply chain threats, critical firmware attacks, and more! We also welcome special guest Tyler Robinson! View the full report here: https://eclypsium.com/2022/12/13/december-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts52023-03-0843 min
Below the Surface (Video) - The Supply Chain Security PodcastCommunity Insights: Supply Chain Threats, Critical Firmware Attacks, and more! - BTS #5In this edition of Below The Surface, we discuss insights Scott collected from various members of our community. Topics include supply chain threats, critical firmware attacks, and more! We also welcome special guest Tyler Robinson! View the full report here: https://eclypsium.com/2022/12/13/december-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts52023-03-0843 min
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #4 - Supply Chain Threats, Vulnerable Drivers, OpenSSL Vulnerabilities, and more!Paul and Scott talk about supply chain threats, vulnerable drivers, leaked source code and keys, and cover what we know about the OpenSSL 3.x vulnerability. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts42023-02-2247 min
Below the Surface (Video) - The Supply Chain Security PodcastSupply Chain Threats, Vulnerable Drivers, OpenSSL Vulnerabilities, and more! - BTS #4Paul and Scott talk about supply chain threats, vulnerable drivers, leaked source code and keys, and cover what we know about the OpenSSL 3.x vulnerability. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts42023-02-2247 min
Below the Surface (Video) - The Supply Chain Security PodcastInevitable Attacks, UEFI Vulnerabilities, and more! - BTS #3This month Scott and Paul discuss the inevitability of attacks against certain sectors, UEFI vulnerabilities galore and so much more! Get the full report here: https://eclypsium.com/2022/10/03/september-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts32023-02-0833 min
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #3 - Inevitable Attacks, UEFI Vulnerabilities, and more!This month Scott and Paul discuss the inevitability of attacks against certain sectors, UEFI vulnerabilities galore and so much more! Get the full report here: https://eclypsium.com/2022/10/03/september-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts32023-02-0833 min
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #2 - Root Of Trust (Rot)Paul and Scott break down the Root of Trust (RoT) and other highlights from the August 2022 Below The Surface Threat Report: https://eclypsium.com/2022/08/31/august-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts22023-01-2653 min
Below the Surface (Video) - The Supply Chain Security PodcastRoot of Trust (RoT) - BTS #2Paul and Scott break down the Root of Trust (RoT) and other highlights from the August 2022 Below The Surface Threat Report: https://eclypsium.com/2022/08/31/august-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts22023-01-2653 min
Below the Surface (Video) - The Supply Chain Security PodcastFirmware & Supply Chain Security - BTS #1Paul Asadoorian and Scott Scheferman sit down to discuss this month's firmware and supply chain threat report. We cover some of the history and latest developments regarding Secure Boot security research, the threats we face securing the firmware supply chain, and some insights into threat actors targeting firmware. View the full report here: https://eclypsium.com/2022/07/27/july-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts12023-01-2545 min
Below the Surface (Audio) - The Supply Chain Security PodcastBTS #1 - Firmware & Supply Chain SecurityPaul Asadoorian and Scott Scheferman sit down to discuss this month's firmware and supply chain threat report. We cover some of the history and latest developments regarding Secure Boot security research, the threats we face securing the firmware supply chain, and some insights into threat actors targeting firmware. View the full report here: https://eclypsium.com/2022/07/27/july-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts12023-01-2545 min
Paul's Security Weekly (Audio)PSW #766 - Sinan Eren, Nate WarfieldIs there still a network or has it slipped away from us entirely? What about efforts for localization because people do not trust the cloud, its providers or its reliability (ala Twitter vs. the Fediverse?). Do you still need actual hardware firewalls? What about VPNs? How long will these devices still be around as everyone goes to the cloud and SDWAN technologies? And what about identity? If you can nail identity, doesn't that set you up to be a cloud-first organization? Join us for a discussion with Sinan and the security weekly hosts as we tackle these questions! 2022-12-123h 45
Paul's Security Weekly (Video)Severe BMC Vulnerabilities - Nate Warfield - PSW #766Eclypsium's research team has discovered 3 vulnerabilities in BMCs. Nate Warfield comes on the show to tell the full story! This has garnered much attention in the press: * Original research post: https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/ * https://www.securityweek.com/security-flaws-ami-bmc-can-expose-many-data-centers-clouds-attacks * https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html * https://therecord.media/three-vulnerabilities-found-in-popular-baseboard-software/ * https://www.bleepingcomputer.com/news/security/severe-ami-megarac-flaws-impact-servers-from-amd-arm-hpe-dell-others/ * https://duo.com/decipher/trio-of-megarac-bmc-flaws-could-have-long-range-effects * https://www.csoonline.com/article/3682137/flaws-in-megarac-baseband-management-firmware-impact-many-server-brands.html Visit https://www.securityweekly.com/psw for all the latest episodes! Show N...2022-12-0859 min
The Cyber Ranch PodcastLearned Helplessness in Cybersecurity w/ Steve ManciniThis topic couldn’t be more relevant given recent events in the security community. Allan Alford is joined by Steve Mancini, CISO at Eclypsium, to have a refreshing conversation about the negative messaging, thinking, and tropes in cybersecurity - not just the stuff that the press says about us, or even the stuff we say about each other - but the self-defeating stuff we think and say to ourselves.
Steve addresses the reinforcement of negative catchphrases and how it affects the psyche of the community and explores how burnout is creating a culture of sleepless nights and ma...2022-03-3038 min
808 Podcast#237 Scott Scheferman - EclypsiumScott Scheferman the Chief Strategist of Eclypsium shares how to address Internet-facing device firmware challenges.
Get more info at https://Eclypsium.com/2022-02-1507 min
Defense in DepthMaking Cybersecurity Faster and More ResponsiveAll links and images for this episode can be found on CISO Series Knowing is only one-third the battle. Another third is responding. And the last third is responding quickly. It’s not enough to just have the first two thirds. We need to be faster, but how? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Jason Elrod (@jasonelrod), CISO, MultiCare Health System. Thanks to our podcast sp...2022-01-1330 minDefense in DepthHow Can We Simplify Security?All links and images for this episode can be found on CISO Series Why is cybersecurity becoming so complex? What is one thing we can do, even if it's small, to head us off in the right direction of simplicity? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Leda Muller, CISO at Stanford, Residential and Dining Enterprises. Thanks to our podcast sponsor, Eclypsium E...2021-12-0928 minDefense in DepthHow Do We Turn Tables Against Adversaries?All links and images for this episode can be found on CISO Series If we’re going to turn the tables against our adversaries, everything from our attitude to our action needs to change to a format where attacks and breaches are not normalized, and we know the what and how to respond to it quickly. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Scott Scheferman (@transhackerism), principal strategist, E...2021-11-1126 min
Enterprise Security Weekly (Audio)Not That Mysterious - ESW #242This week, we welcome Tolga Kayas, Assistant Application Security Manager at Invicti Security, to discuss Web Asset Discovery in Application Security! Next up, we welcome back John Loucaides, VP Federal Technology at Eclypsium, to talk about The Device Security Divide! In the Enterprise News: Adrian's first Enterprise News in the Captain's Seat, BitSight raises $250m on a $2.4bn valuation, Palo Alto Networks enters the consumer IoT market, Martin Roesch Joins Netography as CEO, the special "Squirrel of the Week" story, & more! Show Notes: https://securityweekly.com/esw242 Segment Resources: https://www.acunetix.com/b...2021-09-171h 45
Enterprise Security Weekly (Video)The Device Security Divide - John Loucaides - ESW #242Organizations are divided. Some will be able to lean into mitigations against catastrophic and cascading failures. Others will not. In this discussion, we will explore the risk tradeoffs in firmware security. This includes risks inherent in devices, supply chain, physical access, and malicious software. We will also explore various mitigation strategies throughout the lifecycle, which separate those leaning in from those that don't. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! ...2021-09-1633 min
Paul's Security Weekly (Video)The Stakes Are Raised When Protecting the Foundation of Computing - Scott Scheferman - PSW #705With Eclypsium researchers' discovery of BIOSDisconnect and their upcoming talk and demo at DefCon 29 upon us, the stakes have never been higher when it comes to protecting the foundation of computing at the firmware level. A feature meant to make updating and protecting the firmware easier for users (BIOSConnect) ends up exposing the BIOS to being bricked or implanted with malicious code operating at the highest privilege. Yet another example of the significant vulnerabilities that exist at the firmware level that attackers have been eyeing of late. Segment Resources: https://defcon.org/html/defcon-29/dc-29...2021-08-0644 min
Security Weekly Podcast Network (Audio)Glorious Purpose - PSW #702This week, we kick off the show with an interview featuring Scott Scheferman, Principal Strategist at Eclypsium, to talk about The BIOS Disconnect and vulnerabilities affecting the BIOSConnect feature within the Dell Client BIOS! Next up, we welcome Jack Rhysider, Podcaster and Host of the Darknet Diaries Podcast, to discuss the The Journey from a Network Security Engineer to a Podcast Host! In the Security News, the White House Announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR...2021-07-163h 20
Paul's Security Weekly (Audio)Glorious Purpose - PSW #702This week, we kick off the show with an interview featuring Scott Scheferman, Principal Strategist at Eclypsium, to talk about The BIOS Disconnect and vulnerabilities affecting the BIOSConnect feature within the Dell Client BIOS! Next up, we welcome Jack Rhysider, Podcaster and Host of the Darknet Diaries Podcast, to discuss the The Journey from a Network Security Engineer to a Podcast Host! In the Security News, the White House Announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR...2021-07-163h 20
Enterprise Security Weekly (Audio)Following the Dollar - ESW #234This week, in our first segment, we welcome Rajiv Thomas, Sr Systems Engineer at Gas South LLC, to discuss Gas South and ExtraHop- A Journey of Security Partnership! In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ...2021-07-161h 46
Paul's Security Weekly (Video)The BIOS Disconnect - Scott Scheferman - PSW #702Eclypsium researchers identified vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This disconnect impacted 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. With cyber-attacks on the rise, firmware security, while often overlooked, might be the next battleground for attackers who continue to target enterprise VPNs and other network devices. Segment Resources: https://eclypsium.com/2021/06/24/biosdisconnect/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/ps...2021-07-161h 03
You've Already Been HackedLet's talk cybersecurity and Critical InfrastructureEpisode 50- www.sfgate.com: A hacker gained access to a Bay Area drinking water facility- thehackernews.com: North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institute- eclypsium.com: Eclypsium Discovers Multiple Vulnerabilities Affecting 129 Dell Models via Dell Remote OS Recovery and Firmware Update Capabilities- www.cyberscoop.com: A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill- krebsonsecurity.com: How Cyber Safe is Your Drinking Water Supply?Share that link with your friends, or...2021-06-2719 min
Three Buddy ProblemGoogle's Heather Adkins on defenders playing the long gameFounding-member of the Google security team Heather Adkins joins the conversation to stress the importance of defenders playing the "long-game," the need for meaningful culture-change among security leaders, the expansion of zero-trust beyond identities and devices, and some thoughts on the future of electronic voting.
Sponsored by Eclypsium:
Eclypsium ships an enterprise device platform that provides visibility and mitigation for malicious activity all the way down to the firmware and hardware level. Think of it as one platform to discover, inventory, assess risk, patch, and detect compromises and supply chain breaches across your entire fleet of...2021-05-2738 min
Enterprise Security Weekly (Audio)Love Your Energy - ESW #223This week, In the first segment, Ryan Noon from Material Security join us for a discussion on Zero Trust! Next up, John Loucaides joins for an interview on firmware attacks, and what enterprises need to do! In the Enterprise Security News:Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acquires Convercent, Digital Shadows announces new threat intelligence capabilities, Rapid7 Announces Kubernetes Open Beta in InsightVM, LogRhythm Releases Version 7.7, Imperva unveils new data security platform built for cloud, Acronis releases a new version of Acronis Cyber Protect Cloud, Minerva Labs Launches Cloud Version of its Endpoint Threat Prevention Platform, What's Behind...2021-04-091h 36
Security Weekly Podcast Network (Audio)Love Your Energy - ESW #223This week, In the first segment, Ryan Noon from Material Security join us for a discussion on Zero Trust! Next up, John Loucaides joins for an interview on firmware attacks, and what enterprises need to do! In the Enterprise Security News:Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acquires Convercent, Digital Shadows announces new threat intelligence capabilities, Rapid7 Announces Kubernetes Open Beta in InsightVM, LogRhythm Releases Version 7.7, Imperva unveils new data security platform built for cloud, Acronis releases a new version of Acronis Cyber Protect Cloud, Minerva Labs Launches Cloud Version of its Endpoint Threat Prevention Platform, What's Behind...2021-04-091h 36
Enterprise Security Weekly (Video)Hackers Are Targeting Your Firmware. Are You Ready? - John Loucaides - ESW #22383% of businesses have experienced at least one firmware attack in the past two years - and yet most organizations lack visibility into this attack surface. We'll discuss why hackers are increasingly targeting firmware and what enterprises need to do to detect and prevent these attacks. Segment Resources: Assessing Enterprise Firmware Security Risk in 2021 - https://eclypsium.com/2021/01/14/assessing-enterprise-firmware-security-risk-in-2021/ https://github.com/chipsec/chipsec The Top 5 Firmware Attack Vectors - https://eclypsium.com/2018/12/28/the-top-5-firmware-and-hardware-attack-vectors/ Request a demo of the Eclypsium platform - https://eclypsium.com/ This segment is sponsored...2021-04-0839 min
Paul's Security Weekly (Audio)Not Very Moist - PSW #671This week, we welcome back Corey Thuen from Gravwell, to talk about Sysmon Endpoint Monitoring complete with Clipboard Voyeurism! Next up, Scott Scheferman, the Principal Cyber Strategist at Eclypsium, joins us to talk about how Hackers Are Hitting Below The Belt! In the Security News, testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a Wordpress plugin aimed at protecting Wordpress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, and 8 new hot, steamy, moist cybersecurity certifications! Show Notes: https://w...2020-10-233h 21
Paul's Security Weekly (Video)Hackers Hitting Below The Belt - Scott Scheferman - PSW #671In 2020 attackers are increasingly targeting firmware and hardware - going below the operating system to hide from traditional security solutions and gain persistence. Both nation state actors and criminals are exploiting vulnerable, exposed firmware on network and VPN devices, and recently a new UEFI rootkit dubbed #MosaicRegressor was found in the wild. We'll discuss how and why attackers are targeting firmware and hardware, and the steps security professionals can take to gain visibility into this attack surface and protect enterprise devices. This segment is sponsored by Eclypsium. Show Notes: https://wiki.securityweekly.com/psw671 2020-10-2353 min
Business Security Weekly (Audio)Deep Cover - BSW #187This week, we welcome back John Loucaides, VP of Research & Development at Eclypsium, to discuss Cracks in the Foundation: Understanding the New Endpoint Challenge! In the Leadership and Communications section, we're playing 3 questions - Does Your Board Really Understand Your Cyber Risks?, How can the C-suite support CISOs in improving cybersecurity?, Think You're Spending Enough on Security?, and more! Show Notes: https://wiki.securityweekly.com/bsw187 Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Fo...2020-09-151h 02
Business Security Weekly (Video)Cracks in the Foundation: Understanding the New Endpoint Challenge - John Loucaides - BSW #187Cyber adversaries have mastered the art of staying one step ahead of our controls. As endpoint protections grow stronger, attackers have adapted by going further down the stack - targeting firmware, hardware and device-level vulnerabilities. Eclypsium’s John Loucaides discusses recent exploits, and the steps business security leaders should be taking to protect the foundations of the enterprise. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.secu...2020-09-1539 min
Enterprise Security Weekly (Audio)It's A Trap! - ESW #193This week, it's Security Weekly Virtual Hacker Summer Camp! In our first segment, we welcome John Loucaides, VP of Research & Development at Eclypsium, to talk about Putting Zero Trust in Your Devices! In our second segment, we talk Enterprise News, discussing Tanium offering new cybersecurity service through a partnership with Google Cloud, CyberArk launches open-source Shadow Admin identification tool for Azure and AWS, Threat Stack Cloud Security Platform extends security observability to AWS Fargate tasks, Polyrize announces its SaaS-based security platform, and more! In our final segment, we welcome our dear friend and Security and Compliance Weekly's host Jeff...2020-08-072h 39
Enterprise Security Weekly (Video)SWVHSC: Put Zero Trust in Your Devices - John Loucaides - ESW #193The recent shift to a remote work environment has created new challenges for many businesses and government institutions with profound impacts on organizational security models. Users are no longer protected by the many layers of security found on-premise in the corporate network. Organizations must adapt security policies to support a massive influx of inbound connections. Security teams must consider how to adapt core security concepts like Zero Trust to include remote work environments that include corporate laptops, BYOD devices, and home networking gear. Join our conversation as we discuss how much trust you can put in your devices as...2020-08-0643 min
Research SaturdayHidden dangers inside Windows and LINUX computers.Eclypsium has issued a study that suggests the prevalence of “unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacturers.” Here to discuss their findings is Rick Altherr, a Principle Engineer at Eclypsium.The research can be found here:Perilous Peripherals: The Hidden Dangers Inside Windows and LINUX Computers. Learn more about your ad choices. Visit megaphone.fm/adchoices2020-03-2823 min
CyberWire DailyHidden dangers inside Windows and LINUX computers. [Research Saturday]Eclypsium has issued a study that suggests the prevalence of “unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacturers.” Here to discuss their findings is Rick Altherr, a Principle Engineer at Eclypsium.
The research can be found here:
Perilous Peripherals: The Hidden Dangers Inside Windows and LINUX Computers.2020-03-2820 min
Enterprise Security Weekly (Video)Black Hat Interviews: DenimGroup, SCYTHE, & Eclypsium - ESW #153We interview Dan Cornell, the Founder & CTO the at DenimGroup.Next, Bryson Bort, the Founder & CEO at SCYTHE. Last, Yuriy Bulygin, the Founder & CEO at Eclypsium. Full Show Notes: https://wiki.securityweekly.com/ES_Episode153 Visit https://www.securityweekly.com/esw for all the latest episodes!2019-09-1450 min