Podcasts about advanced threat research

Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company that helps organizations protect their critical hardware, firmware, and software. Prior to Eclypsium, Yuriy was Chief Threat Researcher and led the Microprocessor Security Analysis team at Intel Corporation, as well as the Advanced Threat Research team at Intel Security. He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework. When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk. Since then Eclypsium has been on a mission to protect devices from supply chain risks.In this interview, Yuriy highlights the potential vulnerabilities in the firmware (software running the hardware) in today's digital devices, and the risk posed by threat actors.Using a typical PC as an example, which involves contributions from over 265 suppliers, each with its components and code, he notes the ubiquity of software, and liken the supply chain of such a device to a “Wild West”:“at any point in the supply chain, at any of those links in the supply chain, a compromise may happen”, and “ all of these components and all the code that is developed by those suppliers and vendors has vulnerabilities.”He elaborated that “even if it's OK now … 3 months from now, it can be compromised because of those vulnerabilities.”To give an example, he referenced the recently discovered threat in the wild – “BlackLotus”, an evolution of threats based on open-source frameworks – e.g. Lojax, MosaicRegressor, Moon bounce - discovered in the past 3 to 4 years. He highlighted the characteristics of such threats:• These UEFI compromises allow attackers to compromise equipment remotely, for access or persistent malware installation. • They cannot be removed by reinstalling operating system or reimaging or even replacing the hard drive.• BlackLotus exploitation of the UEFI system vulnerabilities, particularly the Secure Boot - a fundamental security feature adopted by modern operating systems - sets it apart as an advanced threat, marking the first instance of such threats discovered "in the wild."He explained that compromising firmware is attractive for threat actors for many reasons:• Stay hidden: Detection and protection controls operate at the software application level and above, but there is no equivalent for firmware.• Achieve "Persistence" - where traditional mitigation measures cannot remove the malware/threats.• Simplicity – for example, exploiting firmware vulnerabilities to gain access is much simpler than developing a very complicated exploit chain.• Gain high privileges – Remain hidden and persistent while gaining high level of privileges.To mitigate against malicious firmware implants, Yuriy suggested, (a) assess the supply chain risks (e.g. potential vulnerabilities and threats introduced during procurement and deployment), (b) continuous monitoring of system integrity, (c) implement specialized technologies designed for malicious firmware detection. Recorded at Singapore International Cyber Week / Govware 2023 – 18th October 2023, 3pm.#mysecuritytv #govware #sicw

In this episode of Cybercrime Radio, host Hillarie McClure is joined by Steve Povolny, Principal Engineer and Head of Advanced Threat Research at McAfee Enterprise, and Philippe Laulheret, Senior Security Researcher, also at McAfee Enterprise, to discuss the healthcare IoT ecosystem, why it's vulnerable to bad actors, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com

We kick off the 193rd edition of the Kaspersky Transatlantic Cable podcast with a bit of a PSA from Facebook. The social giant is rolling out tools to help people get the Covid-19 vaccine. While Dave and I have some misgivings about the “public” service here from Facebook, we both agree that you should get a vaccine. From there, we sit down and talk with Vladimir Kuskov, Head of Advanced Threat Research and Software Classification at Kaspersky, on what the latest is with the Microsoft Exchange zero days and their exploitation. We then head to the world of deepfakes for a pair of stories. The first takes a look at some machine vs. machine battle. A new software is able to identify whether a video is a deepfake or real McCoy based upon reflections in the eyes. The second story of the deepfakes takes a look at woman in Pennsylvania who created pictures and videos of rivals to her daughter on the cheerleading team. We then cross the pond to discuss a hoovering campaign by the Home Office. Sure it was an “experiment,” but is it really? To close out the show, we look at Nvidia’s battle against cryptomining.

Researchers at McAfee's Advanced Threat Research Team recently published the results of their investigation into a popular VOIP system, where they discovered a well-know, decade-old vulnerability in open source software used on the platform.  Steve Povolny serves as the Head of Advanced Threat Research at McAfee, and he joins us to share their findings. The original research can be found here: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/ The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.

Researchers at McAfee's Advanced Threat Research Team recently published the results of their investigation into a popular VOIP system, where they discovered a well-know, decade-old vulnerability in open source software used on the platform.  Steve Povolny serves as the Head of Advanced Threat Research at McAfee, and he joins us to share their findings. The original research can be found here: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/

The BlackBerry Cylance 2019 Threat Report   The Cylance 2019 Threat Report represents the company’s piece of the overall cybersecurity puzzle It details the trends observed and the insights gained, and the threats Cylance’s consulting team, research team, and customers encountered over the past year Cylance shares this report in the hope that you will put it to good use in our collective ght against the rising tide of cyber attacks worldwide. The BlackBerry Cylance 2019 Threat Report provides unique findings drawn from our consulting engagements, threat research and intelligence efforts, and through feedback provided by Cylance customers. We share this information with the goal of assisting security practitioners, researchers, and individuals in our collective battle against emerging and evolving cyberthreats. Join Matt Stephenson as he chats with Aditya Kapoor, Jim Walter and Tom Bonner about the cybersecurity trends, topics, and innovations that dominated the past year. The BlackBerry Cylance panel of experts offer additional insights into the discoveries drawn from our internal data, customer communications, threat research, and intelligence efforts. About Aditya Kapoor   Aditya Kapoor is Head of Security Research and Innovation at Cylance. He joined Cylance three years ago as and is passionate about creating technologies that drive innovative features within products. He is currently focused on driving deeper program analysis for supercharging ML models, firmware security and analyzing current threat trends to drive innovative engineering solutions. Aditya speaks regularly at various conferences and firmly believes in the common cause of the security industry. Previously Aditya worked at McAfee/Intel for more than ten years as Research Architect where he reverse engineered malware, as well as designed several product technologies. About Jim Walter   Jim Walter is a Senior Security Researcher with Cylance. He focuses on next-level attacks, actors, and campaigns as well as 'underground' markets and associated criminal activity.  Jim is a regular speaker at cybersecurity events and has authored numerous articles, whitepapers and blogs specific to advanced/low-level threats. He joined Cylance following 17 years at McAfee/Intel Security running their Advanced Threat Research and Threat Intelligence teams and content streams. About Tom Bonner   Tom Bonner (@thomas_bonner) is Director of Threat Research at Cylance. He has over 17 years' experience in the cyber security/anti-malware industry as an analyst, software developer and manager. As an experienced cybersecurity professional, that’s all we could get out of him. We feel lucky to have gotten that much. About Matt Stephenson   Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and host of CylanceT  Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. Can’t get enough of Insecurity? You can find us at ThreatVector InSecurity Podcasts, iTunes/Apple Podcasts and GooglePlay as well as Spotify, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!

Our power grids, gas pipelines, and traffic control systems are all accessible online. But does that mean they can be hacked? In this episode of Hackable? Geoff teams up with the Head of Advanced Threat Research at McAfee to answer the question, “why is SCADA the most critical threat that we’ve probably never heard of?” For more info hackablepodcast.com Leave a rating or review in Apple Podcasts so we know what you think.

Attacking Hypervisors Using Firmware and Hardware Yuriy Bulygin Advanced Threat Research, Intel Security Mikhail Gorobets Advanced Threat Research, Intel Security Alexander Matrosov Advanced Threat Research, Intel Security Oleksandr Bazhaniuk Advanced Threat Research, Intel Security Andrew Furtak Security Researcher In this presentation, we explore the attack surface of modern hypervisors from the perspective of vulnerabilities in system firmware such as BIOS and in hardware emulation. We will demonstrate a number of new attacks on hypervisors based on system firmware vulnerabilities with impacts ranging from VMM DoS to hypervisor privilege escalation to SMM privilege escalation from within the virtual machines. We will also show how a firmware rootkit based on these vulnerabilities could expose secrets within virtual machines and explain how firmware issues can be used for analysis of hypervisor-protected content such as VMCS structures, EPT tables, host physical addresses (HPA) map, IOMMU page tables etc. To enable further hypervisor security testing, we will also be releasing new modules in the open source CHIPSEC framework to test issues in hypervisors when virtualizing hardware. Mikhail Gorobets is a security researcher in the Advanced Threat Research team. His area of expertise includes hardware security, virtualization technologies, reverse engineering, and vulnerability analysis. Previously, he led a team of security researchers working on Intel Virtualization Technology (VTx) and Intel Atom core security evaluation. Mikhail holds a MS in computing machines, systems, and networks from the Moscow Institute of Electronics and Mathematics. Alexander Matrosov has more than ten years of experience with malware analysis, reverse engineering, and advanced exploitation techniques. He is currently a senior security researcher in the Advanced Threat Research team at Intel Security Group. Prior to this role, he spent four years focused on advanced malware research at ESET. He is co-author of numerous research papers, including “Stuxnet Under the Microscope,” “The Evolution of TDL: Conquering x64,” and "Mind the Gapz: The most complex bootkit ever analyzed?". Alexander is frequently invited to speak at security conferences such as REcon, Ekoparty, Zeronigths, AVAR, CARO, and Virus Bulletin. Nowadays, he specializes in the comprehensive analysis of advanced threats, modern vectors of exploitation, and hardware security research. Oleksandr Bazhaniuk is a security researcher in the Advanced Threat Research team. His primary interests are low-level hardware security, bios/uefi security, and automation of binary vulnerability analysis. His work has been presented at world-renowned conferences, including Black Hat USA, Hack In The Box, Hackito Ergo Sum, Positive Hack Days, Toorcon, CanSecWest. He is also a co-founder of DCUA, the first DEF CON group in Ukraine. Andrew Furtak is a security researcher focusing on security analysis of firmware and hardware of modern computing platforms. He was previously a security software engineer. Andrew holds a MS in applied mathematics and physics from the Moscow Institute of Physics and Technology. Yuriy Bulygin is chief threat researcher at Intel Security Group where he is leading the Advanced Threat Research team in identifying and analyzing new threats impacting modern platforms and researching mitigations in hardware and software against these threats. He joined Intel’s Security Center of Excellence in 2006, where he was responsible for conducting security analysis and penetration testing of microprocessors, chipsets, graphics, and various other components, firmware, and technologies on Intel PCs, servers, and mobile devices. Yuriy is also a member of the core security architecture team reviewing Intel’s future products. Prior to joining Intel, he was teaching undergrad seminars in information security at Moscow Institute of Physics and Technology. Twitter: @c7zero

"Introduction:The following presentation is twparts, the first covers aspects of Microsoft's GS implementation and usage. The second is a complementary section dealing with ASLR in Windows Vista, its implementation and some surprising results... Part I Synopsis: GS is a Visual Studicompiler option that was introduced in Visual Studi2002 tmitigate the local stack variable overflows that resulted in arbitrary code execution. The following paper details the methods Symantec used tassess which binaries within Windows Vista 32bit leveraged GS as a defensive mechanism. This paper presents the results of this analysis, the techniques that have been developed, and supporting material. The results in this paper are from the 32bit RTM release of Microsoft Windows Vista Part II Synopsis: Address Space Layout Randomization (ASLR) is a mitigation technique designed thinder the ability of an attacker tachieve arbitrary code execution when exploiting software vulnerabilities. As the name implies, ASLR involves placing a computer program and its associated memory at random locations, either between reboots or executions, thinder the attacker's ability treliably locate either their shell code or other required data. This paper is the result of a brief analysis of the implementation of ASLR within Microsoft Windows Vista 32bit RTM, conducted by Symantec's Advanced Threat Research. " "Mr Whitehouse has worked in information security both as a consultant and researcher. This has included being employed by companies in a variety of industries ranging from financial services ttelecommunications. Mr Whitehouse originally created Delphis Consulting's security practice in 1999. Mr Whitehouse joined @stake Inc in 2000 as a Managing Security Architect before becoming European Technical Director in 2004. After Symantec's acquisition of @stake Inc in 2004 Mr Whitehouse continued as Technical Manager for its professional services division in London until 2005. In mid 2005 he took a full time research role with Symantec Research Labs in Government research. Mr Whitehouse subsequently moved tSymantec's Response division joining its Advanced Threats Research team specializing in mobile platforms and related technologies. Mr Whitehouse as previously published research on the security of mobile telecommunication networks, mobile devices and Bluetooth. In addition he has alsdiscovered numerous security vulnerabilities in a wide range of desktop and server applications. His previous research has led him tpresent at CanSecWest, RuxCON, UNCON and Chaos Communication Camp among others"