Paul Asadoorian @[email protected]

Today I am launching a new website: securitypodcaster.com - Here you can find my latest blog posts, links to all of my social media platforms, videos/slides of my presentations, links to all of my podcasts, lists of other podcasts I listen to and more!

Below The Surface Podcast #70 x.com/i/broadcasts/1…

Did not pass the age verification requirement

But does it Secure Boot?

Full blog: eclypsium.com/blog/your-kvm-…

We found 9 vulnerabilities across 4 low-cost IP-KVM vendors. These $30 devices give attackers the equivalent of physical access to everything they connect to. Below the OS, EDR, and pretty much every security control you've deployed.

We worked with US CERT, and even still, some vendors patched, some did not. This was a team effort, thank you, Rey (found most of the vulnerabilities) and Mickey (mostly provided sarcasm ;)

AMI, always advertising themselves ;)

We can defeat Skynet, join the fight!

Senior developers with experience use AI and create great things, but will we reach a point where we have no more senior developers, and everyone is using AI to code?

This computer is happy and has love to give, unlike printers...

As I read and listen to responses to the new CA law, a theme emerged: the Linux community thinks this is ridiculous and is unlikely to comply (and compliance would be next to impossible to enforce...)

Welcome to our live show! x.com/i/broadcasts/1…

Welcome to our live show! x.com/i/broadcasts/1…

This week’s reporting on the alleged Everest ransomware breach of ASRock Rack should be a wake-up call for anyone relying on modern server, storage, and cloud hardware. When an enterprise vendor’s internal repositories of firmware, BIOS, BMC code, diagnostic tools, and drivers are exposed, supply chain integrity is in jeopardy.  Adversaries gain insight into board layouts, update mechanisms, and secure boot flows, which accelerates vulnerability discovery and makes it easier to craft implants that look “authentic”. Implants come in many shapes and forms,s including repackaged drivers, UEFI images, and recovery media. In the worst case, compromise at this level undermines the hardware root of trust itself: if attackers can subvert firmware signing, update channels, or UEFI components, they can persist below the operating system, survive reimaging, and silently bypass many controls. Incidents like this underscore that supply-chain attacks targeting firmware and UEFI are now strategic targets, not edge cases. Defenders need to assume that detailed knowledge of platform internals is in adversary hands and respond by monitoring below the OS as a first-class requirement.  Measuring firmware integrity at boot, continuously attesting critical components (UEFI, BMC, NICs, RAID controllers), and watching out-of-band management paths for anomalous behavior is important. The trust model for infrastructure is shifting, and security programs that do not include firmware and UEFI telemetry are already behind the curve. Article: cyberdaily.au/security/13120…

Welcome to our live show! x.com/i/broadcasts/1…

Welcome to our live show! x.com/i/broadcasts/1…

Welcome to our live show! x.com/i/broadcasts/1…

Welcome to our live show! x.com/i/broadcasts/1…

Welcome to our live show! x.com/i/broadcasts/1…

My kids love soccer, and they are in a fantastic program here in Coventry, RI. Parents, coaches, and players represent a community of outstanding people. If you buy some popcorn, we'd greatly appreciate your support! Thank You! Link: popup.doublegood.com/s/3z4u4wv1