How Cheap KVMs Could Be Your Network's Weak Link - BTS #70

Secure Boot Certificates Expiring: What You Need to Know - BTS #75

In this episode of Below the Surface, the team discusses recent cybersecurity trends, including the Verizon DBIR 2026 report, secure boot certificate expirations, and the evolving threat landscape with AI and hardware vulnerabilities. They explore how organizations can adapt their defense strategies to stay ahead of attackers and share insights on supply chain security and malware analysis. * https://eclypsium.com/blog/microsoft-secure-boot-certificates-expire-2026/ [https://eclypsium.com/blog/microsoft-secure-boot-certificates-expire-2026/] * https://eclypsium.com/blog/verizon-dbir-2026/ [https://eclypsium.com/blog/verizon-dbir-2026/] * https://github.com/iss4cf0ng/OpenPetya [https://github.com/iss4cf0ng/OpenPetya] * https://gbhackers.com/exploit-f5-big-ip-ssh-access/ [https://gbhackers.com/exploit-f5-big-ip-ssh-access/] * https://www.microsoft.com/en-us/security/blog/2026/05/22/from-edge-appliance-to-enterprise-compromise-multi-stage-linux-intrusion-via-f5-and-confluence/ [https://www.microsoft.com/en-us/security/blog/2026/05/22/from-edge-appliance-to-enterprise-compromise-multi-stage-linux-intrusion-via-f5-and-confluence/] * https://cybersecuritynews.com/china-linked-hackers-target-southeast-asian-edge-routers/ [https://cybersecuritynews.com/china-linked-hackers-target-southeast-asian-edge-routers/] * https://qiita.com/Y4er/items/0b6071745e4b7b240b3e [https://qiita.com/Y4er/items/0b6071745e4b7b240b3e] * https://www.greynoise.io/blog/sonicwall-scanning-spike-echoes-pattern-preceded-cve-2026-0400 [https://www.greynoise.io/blog/sonicwall-scanning-spike-echoes-pattern-preceded-cve-2026-0400] * YellowKey update: https://www.reddit.com/r/sysadmin/comments/1tkq3x9/yellowkey_bitlocker_exploit_repo_taken_down/ [https://www.reddit.com/r/sysadmin/comments/1tkq3x9/yellowkey_bitlocker_exploit_repo_taken_down/] Chapters 00:00 Introduction and Technical Issues 02:56 Verizon DBIR Insights 05:50 Trends in Vulnerability Management 09:04 The Role of AI in Cybersecurity 12:11 Challenges in Vulnerability Management 14:46 Secure Boot Certificates and Their Implications 29:52 Managing Updates and Security Risks 32:57 The Open Petya Project: A Historical Perspective 36:11 Understanding the Yellow Key Attack 39:34 The Dilemma of Independent Researchers 41:34 The Future of Bug Bounty Programs 43:59 The Evolving Landscape of Vulnerabilities 49:51 Visibility Challenges in Network Security 56:16 The Need for Better Information Sharing

YellowKey, CVE Enrichment, Chipmaker Breach - BTS #74

In this episode, we explore recent vulnerabilities, the YellowKey BitLocker bypass, supply chain security, CVE data analysis, and the implications of hardware breaches like the one at Foxconn. We also delve into AI's role in vulnerability research and the evolving landscape of cybersecurity threats. Topics * https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth [https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth] * https://github.com/Nightmare-Eclipse/YellowKey [https://github.com/Nightmare-Eclipse/YellowKey] * https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack [https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack] * https://x.com/AlvieriD/status/2053835732658143416 [https://x.com/AlvieriD/status/2053835732658143416] Chapters 00:00 Introduction to Vulnerability Research and AI 03:42 NIST and CVE Growth Challenges 06:46 Building Tools for CVE Analysis 10:58 The Complexity of CVSS Scoring 15:08 CISA's Role in Vulnerability Enrichment 18:06 Challenges in CWE and CPE Data 19:55 The Future of Vulnerability Research 27:18 BitLocker Bypass: A Case Study 33:05 Exploring the Complexity of Windows Features 34:49 Speculation on Microsoft and Conspiracy Theories 35:57 The Impact of BIOS Passwords on Security 39:12 The Foxconn Breach: A Major Data Compromise 47:34 Supply Chain Attacks on Package Managers 51:13 Deceptive Techniques in Cybersecurity

Uncovering Firmware Risks: From Y2K to Modern Malware - BTS #73

In this episode of Below the Surface, hosts Paul Asadoorian, Chase Snyder, and guest Brian Richardson explore the evolution of firmware security, the risks of supply chain vulnerabilities, and the latest threats targeting network edge devices like Cisco ASA and FTD. They discuss historical malware like the Chernobyl virus, modern malware campaigns such as Firestarter, and the challenges of securing complex network infrastructure in a rapidly evolving threat landscape. Links: https://www.linkedin.com/news/story/white-house-pushes-back-on-anthropics-mythos-expansion-8741242/ https://www.tomshardware.com/tech-industry/cyber-security/the-chernobyl-virus-turned-27-today-and-it-could-brick-your-pc-in-ways-modern-malware-cant https://blog.talosintelligence.com/uat-4356-firestarter/ Chapters 00:00 Introduction to Below the Surface 02:20 Brian's Transition to Eclipseum 03:50 The Y2K Experience and Early Virus Detection 06:31 The CIH Virus and Its Impact 10:12 BIOS Security and Vulnerabilities 14:10 The Importance of Firmware Lockdown 18:09 Modern Threats and UEFI Attacks 22:13 Targeted Malware and Ransomware Risks 25:21 Creative Concepts in Cybersecurity 26:20 Emerging Threats: Firestarter Malware 30:54 The Security of Network Devices 35:17 Challenges in Managing Security Appliances 39:52 Persistence of Malware and Its Implications 43:02 The Evolving Landscape of Cyber Threats 49:44 AI and Cybersecurity: The Anthropic Dilemma

AI-Powered Firmware Hacking: The Future of Vulnerability Discovery - BTS #72

In this episode, the hosts explore the latest in cybersecurity, including AI-driven vulnerability discovery, firmware analysis tools, secure boot complexities, and recent CVE trends. They discuss practical techniques for hacking devices, the challenges of firmware emulation, and the implications of new security policies on consumer and enterprise hardware. Chapters 00:00 Introduction to Hacking and Security Updates 03:24 Exploring Samsung TV Hacking 06:34 AI in Vulnerability Research 11:17 The Role of AI in Exploiting Vulnerabilities 15:18 CVE Disclosure and Ethical Considerations 20:43 AI Tools and Instrumentation in Development 24:41 Emerging Tools for Firmware Analysis 28:14 Navigating Linux Security Challenges 29:12 The Surge of CVEs: Understanding the Growth 31:29 The Role of AI in Vulnerability Discovery 34:50 CVE Enrichment: The Need for Contextual Data 36:57 Microsoft's Secure Boot: A Double-Edged Sword 46:43 Vulnerabilities in Bootloaders: A Case Study 51:25 The Complexity of Secure Boot Management 53:24 Regulatory Challenges in Router Security

What Makes a Device a Router? - BTS #71

summary In this episode, the hosts discuss the new FCC regulations regarding consumer routers, exploring the implications for cybersecurity, the definitions of what constitutes a router, and the challenges of manufacturing compliant devices. They delve into the debate surrounding the effectiveness of these regulations in mitigating cyber risks, the role of hardware versus software vulnerabilities, and the potential impact on consumers and existing devices in homes. In this conversation, the hosts discuss the implications of the FCC's decision to decertify routers and firmware, the challenges posed by the conditional approval process, and the potential impact on router security and availability. They explore conspiracy theories surrounding the regulations, compare US and EU cybersecurity standards, and address the complexities of hardware backdoors and default credentials. The conversation highlights the need for better security practices and the importance of addressing vulnerabilities in enterprise devices. Chapters 00:00 Introduction to FCC Regulations on Routers 02:35 The Impact of FCC Regulations on Consumer Devices 05:03 Defining What Constitutes a Router 09:51 The Security Implications of Router Regulations 12:41 The Role of Hardware vs. Software in Cybersecurity 17:11 Challenges in Manufacturing and Compliance 21:40 Consumer Impact and Existing Devices 25:59 The Future of Networking Devices and Regulations 29:48 Decertification of Routers and Firmware Challenges 31:58 Conditional Approval Process and Its Implications 34:40 Proposed Solutions for Router Security Standards 36:53 Conspiracy Theories Surrounding Router Regulations 39:26 The Impact of Regulations on Router Availability and Pricing 42:05 Comparing US and EU Cybersecurity Regulations 46:11 The Complexity of Hardware Backdoors and Security 49:11 Addressing Default Credentials and Vulnerabilities 52:02 Conditional Approval Guidance and Its Flaws 54:56 Recent Vulnerabilities in Enterprise Devices