Below the Surface (Audio) - The Supply Chain Security Podcast

Summary In this episode, special guest Matt Brown joins us to discuss the integration of AI in firmware analysis, exploring its benefits and challenges. We delve into the transition from traditional methods to AI-driven approaches, emphasizing the importance of prompt specificity for effective vulnerability discovery. The conversation also covers the role of open-source components, the need for guardrails in AI use, and the implications of AI-generated reports in cybersecurity. Additionally, they touch on man-in-the-middle techniques and the future of AI in firmware development, highlighting...

Below the Surface (Audio) - The Supply Chain Security Podcast

Summary In this episode, the hosts discuss various cybersecurity topics, including recent vulnerabilities in Fortinet products, the implications of supply chain breaches, the evolving role of AI in cybersecurity, and updates to the OWASP Top 10 list. They emphasize the importance of firmware security and the need for better visibility and standards in the industry. The conversation highlights the challenges faced by defenders in a rapidly changing threat landscape and the necessity for proactive measures to secure systems. Takeaways Fortinet vulnerabilities are critical and require immediate...

Below the Surface (Audio) - The Supply Chain Security Podcast

Summary   In this episode of Below the Surface, Paul Asadoorian and Chase Snyder delve into various cybersecurity topics, including the use of Raspberry Pi in cyber attacks, the implications of the F5 breach, and the emergence of Polar Edge malware targeting QNAP devices. They also discuss the innovative Two-Face Rust binary technique, the critical nature of authentication bypass vulnerabilities, and the evolving landscape of air-gapped systems. The conversation highlights the increasing risk posed by old vulnerabilities and the need for improved security measures in the face of advancing...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode, the hosts discuss the recent F5 breach, exploring the implications of the attack, the tactics used by threat actors, and the importance of vulnerability disclosure. They delve into the complexities of securing network edge devices, the challenges posed by Linux security, and the need for standardization in security practices. The conversation also touches on the future of firmware security and the necessity for proactive measures in incident response. We also close out the show taking about the recent Framework UEFI shell vulnerability. Chapters   00:00 Introduction to F5...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode of Below the Surface, the hosts discuss various cybersecurity topics, including the Red November campaign targeting network edge devices, the implications of the Cisco SNMP vulnerability, and the recent vulnerabilities associated with Cisco ASA devices. They also delve into the hybrid Petya ransomware and its connection to supply chain security, emphasizing the need for better visibility and security measures in network devices. Chapters: 00:00 Introduction and Overview of Cybersecurity Trends 02:09 Red November Campaign: Targeting Network Edge Devices 11:06 The Shift in Attack...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode of Below the Surface, the hosts discuss various cybersecurity topics, including the evolution of malware with a focus on Hybrid Petya, the implications of UEFI vulnerabilities, and the security risks associated with Windows 10's end of life. They also explore the vulnerabilities of Cisco ASA devices, the rise of supply chain attacks exemplified by NPM worms, and the persistent threat of Row Hammer attacks on DDR5 technology. The conversation highlights the significance of visibility in cybersecurity and the necessity for enhanced security practices to counter evolving threats....

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode of Below the Surface, host Paul Asadoorian speaks with Evan Dornbush, CEO of Desired Effect, about the evolving landscape of exploit marketplaces and vulnerability research. They discuss the challenges researchers face in monetizing their findings, the ethical implications of selling exploits, and the importance of timely intelligence for defenders. The conversation also touches on the role of AI in vulnerability research, the dynamics between buyers and sellers in the marketplace, and the impact of end-of-life devices on cybersecurity. Overall, the episode provides valuable...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode, the hosts discuss various cybersecurity topics, focusing on hardware vulnerabilities, UEFI attack vectors, and the implications of new regulations on device security. They explore the evolution of Mirai variants targeting IoT devices and the challenges of securing firmware. The conversation highlights the need for improved security measures and the complexities of managing vulnerabilities in a rapidly changing technological landscape.   00:00 Introduction and Technical Challenges 02:37 Exploring UEFI Settings and Hardware Vulnerabilities 10:14 The Risks of UEFI Control...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode of Below the Surface, host Paul Asadoorian is joined by Brian Mullen, head of SSDLC at AMI, to discuss the complexities of supply chain and firmware security. They explore the challenges of maintaining security in a complicated supply chain, the importance of proactive and reactive security measures, and the implications of end-of-life software. The conversation also touches on the gaming industry's push for secure boot, recent vulnerabilities discovered in firmware, and the role of BMCs in security. Brian shares insights into AMI's approach to vulnerability management and the...

Below the Surface (Audio) - The Supply Chain Security Podcast

In this episode, the hosts discuss various cybersecurity topics, focusing on Nvidia vulnerabilities, the implications of backdoors in technology, and the importance of secure boot and certificate management. They also delve into SonicWall's security challenges and the ongoing debate of building versus buying security solutions, particularly in the context of AI infrastructure and cloud services. Articles and topics for this week:   - Secure Boot and certificates -  -  -  Researcher’s previous paper on SMM and malware:   He presented at Blackhat...