mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog

Serverstatistik:

1,5 Tsd.
aktive Profile

#firmwaresecurity

0 Beiträge0 Beteiligte0 Beiträge heute
BSides Boulder<p>Two days until <a href="https://infosec.exchange/tags/BSidesBoulder25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSidesBoulder25</span></a> and only 15 tickets remain! Today we highlight, two <a href="https://infosec.exchange/tags/BSidesBoulder25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSidesBoulder25</span></a> talks: Andrew Brandt's "Smashing Smishing by Quashing Quishing" and Eric Harashevsky's "Firmware Readout Bypass in STM92 (Don't put this in an alarm control panel). </p><p>Andrew's talk will examine QR-based phishing attacks, how attackers are exploiting QR codes and SMS to steal credentials and MFA tokens, and how a cross-industry collaboration between mobile vendors, telcos, and the infosec community could finally slam the door on mobile phishing. Think SafeBrowsing, but for QR scans! And we promise that our BSidesBoulder event QR codes will not redirect you to an Andrew-controlled C2 server. </p><p>Eric's talk will explore his adventure tinkering with an old STM92's firmware - the talk will explore his findings, reverse engineering the legacy microcontroller, bypassing firmware protections, and what that means for devices still hanging on your wall! Expect a live demo that is sure to excite your future hardware hacking journey. </p><p><a href="https://infosec.exchange/tags/BSides" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSides</span></a> <a href="https://infosec.exchange/tags/BSidesBoulder" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSidesBoulder</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Quishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Quishing</span></a> <a href="https://infosec.exchange/tags/Smishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Smishing</span></a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/PhishingDefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhishingDefense</span></a> <a href="https://infosec.exchange/tags/HardwareHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardwareHacking</span></a> <a href="https://infosec.exchange/tags/FirmwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirmwareSecurity</span></a></p><p>Check out our full schedule at <a href="https://bsidesboulder.org/schedule/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bsidesboulder.org/schedule/</span><span class="invisible"></span></a></p><p>Tickets are available for purchase for our 13 June event here: <a href="https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">eventbrite.com/e/bsides-boulde</span><span class="invisible">r-2025-registration-1290129274389</span></a></p>
Pen Test Partners<p>Released by Intel in 1998, IPMI is a hardware management interface operating independently of the OS. Our latest blog post by Kieran looks at INTEL IPMI vulnerabilities and how to mitigate them. </p><p>Vulnerabilities include authentication bypasses, credential leaks, and buffer overflows, particularly in Supermicro systems.</p><p>➡️<a href="https://www.pentestpartners.com/security-blog/backdoor-in-the-backplane-doing-ipmi-security-better/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pentestpartners.com/security-b</span><span class="invisible">log/backdoor-in-the-backplane-doing-ipmi-security-better/</span></a></p><p><a href="https://infosec.exchange/tags/IPMI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPMI</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BMCsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BMCsecurity</span></a> <a href="https://infosec.exchange/tags/Supermicro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Supermicro</span></a> <a href="https://infosec.exchange/tags/VulnerabilityManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityManagement</span></a> <a href="https://infosec.exchange/tags/FirmwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirmwareSecurity</span></a></p>
Thierry Laurion<p><span class="h-card" translate="no"><a href="https://mastodon.online/@novacustom" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>novacustom</span></a></span></p><p>Grateful to&nbsp;NovaCustom&nbsp;for their generous financial contribution and collaboration to integrate&nbsp;Heads&nbsp;firmware into their hardware offerings.</p><p>This partnership highlights the growing adoption of Heads as a trusted solution for secure boot verification and tamper detection.</p><p>Looking to adapt&nbsp;Heads&nbsp;to your specific needs? Explore our&nbsp;consultation services:&nbsp;<a href="https://osresearch.net/Consultation-Services/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">osresearch.net/Consultation-Se</span><span class="invisible">rvices/</span></a></p><p>Want hardware preflashed with Heads? Check out our trusted&nbsp;vendors:&nbsp;<a href="https://osresearch.net/Vendors/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">osresearch.net/Vendors/</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://infosec.exchange/tags/FirmwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirmwareSecurity</span></a> <a href="https://infosec.exchange/tags/Heads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Heads</span></a> <a href="https://infosec.exchange/tags/linuxboot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxboot</span></a> <a href="https://infosec.exchange/tags/firmware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firmware</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/qubesos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>qubesos</span></a> <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/coreboot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>coreboot</span></a></p>
Ivan Lozano<p>Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems</p><p><a href="https://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security.googleblog.com/2024/1</span><span class="invisible">0/pixel-proactive-security-cellular-modems.html</span></a></p><p><a href="https://infosec.exchange/tags/firmwaresecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firmwaresecurity</span></a> <a href="https://infosec.exchange/tags/baseband" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>baseband</span></a> <a href="https://infosec.exchange/tags/pixel9" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pixel9</span></a> <a href="https://infosec.exchange/tags/mobilesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mobilesecurity</span></a> <a href="https://infosec.exchange/tags/exploitmitigation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploitmitigation</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Tyson, Chicken Rancher 🐓<p>Tomorrow, I start as Director of Product Marketing at Eclypsium, Inc. I am excited to work alongside an extremely smart and thoughtful team.</p><p>Increasingly, attackers are targeting firmware to evade OS-level protections and maintain persistence. It's an "out of sight, out of mind" attack vector, but extremely critical. Watch this space because it could get real messy, real fast. Think of what an APT can do with with root access to enterprise network appliances, or what malware syndicates could do with an easy-to-use boot kit.</p><p>What controls do you currently have in place to assess and mitigate the risk of firmware attacks, especially those delivered through your supply chain? Eclypsium makes this easy for IT and security teams. Delivered as SaaS, the platform helps you to establish trust in your software, firmware, and hardware supply chain. Eclypsium has the largest library of firmware profiles and can verify the observed firmware matches the firmware profile that should be on the device, as well as report on firmware configurations.</p><p>This blog post from <span class="h-card"><a href="https://infosec.exchange/@paulasadoorian" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>paulasadoorian</span></a></span> chronicles recent real-world firmware attacks and explains why attackers focus on firmware: <a href="https://eclypsium.com/blog/endpoint-firmware-attack-timeline-introduction/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">eclypsium.com/blog/endpoint-fi</span><span class="invisible">rmware-attack-timeline-introduction/</span></a></p><p><a href="https://infosec.exchange/tags/supplychainsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>supplychainsecurity</span></a> <a href="https://infosec.exchange/tags/firmwaresecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firmwaresecurity</span></a> <a href="https://infosec.exchange/tags/blacklotus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blacklotus</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a></p>