Name: Protecting Your Organization From MosaicRegressor and Other UEFI Implants
Start: 2020-10-30T16:00:00Z
End: 2020-10-30T16:01:09.000Z
Location: BrightTALK
Rating: 5

Eclypsium is the industry’s leading IT and AI Infrastructure Supply Chain Security company. Eclypsium defends enterprises and government agencies from vulnerabilities and supply chain threats hidden within hardware and firmware that traditional EDR and VM solution's miss.

F5's source code leak underscored a critical reality: thousands of organizations run vulnerable edge devices that attackers are actively exploiting. Combined with Cisco ASA compromises, the RedNovember campaign, and recent CISA emergency directives, network infrastructure has become the most active battleground in cybersecurity.


These attacks succeed because most organizations can't see what's happening on their routers, VPNs, and firewalls. Attackers exploit this blindness to maintain hidden access for months, enabling data theft and ransomware deployment.


This webinar delivers immediate, actionable defense strategies:

- Which devices and firmware versions are being targeted right now
- The specific monitoring gaps attackers exploit to stay hidden
- Detection rules and log sources you can implement today
- A prioritized checklist to find and stop active compromises

Edge of Catastrophe: How Network Device Attacks Became The Biggest Cyber Battleground

Rising concerns about supply chain cyberattacks have spurred a flurry of new government requirements for Software Bill of Materials usage. From the U.S. Department of Defense to the EU Cyber Resilience Act, authorities are promoting the increased use of software bills of materials, firmware bills of materials, and hardware bills of materials.

Key Topics Discussed:

Inside the latest nation-state attack vectors targeting firmware, microelectronics, and embedded systems
How new DoD and CISA guidelines address blind spots in current cybersecurity programs
Practical implementation strategies for Hardware BOMs (HBOMs) and Firmware BOMs (FBOMs) in an overall C-SCRM program

Dropping FBOMs: Securing Your Supply Chain with SBOMs and Firmware BOMs

Learn how one global neocloud (AI data center) company is securing their hardware against the unique cyber risks facing AI data centers and their customers. This webinar will discuss:

- The unique cybersecurity risks facing bare metal providers and customers
- Emerging trends in supply chain, performance issues, and integrity validation, and unknown risk in AI data centers at scale
- How to assure the successful reclamation and reprovisioning of GPU servers between customers to prevent data leakage, model poisoning, and malicious behavior.
Join us to learn how one Eclypsium customer is staying more secure while mitigating these challenges, with time for Q&A about ongoing security issues facing any organization running AI hardware or using neocloud services.

Case Study: AI Hardware Security In Practice: How An AI Cloud Provider Secures Bare Metal GPUs

Firmware vulnerabilities are tough to catch, but you can! Join Brian Mullen, Senior Manager, Global Software Group, AMI, along with Paul Asadoorian and Vlad Babkin from Eclypsium to discuss hidden vulnerabilities in firmware, from baseboard management controllers to servers and AI infrastructure. 
The conversation will explore the challenges of maintaining security in a complicated supply chain, the importance of proactive and reactive security measures, and the implications of end-of-life software. The conversation also touches on the gaming industry’s push for secure boot, recent vulnerabilities discovered in firmware, and the role of BMCs in security. Brian shares insights into AMI’s approach to vulnerability management and the future of firmware security, including the significance of Software Bill of Materials (SBOMs).

Firmware Security Below The Surface: Supply Chain Risk, SBOMs, and Mitigation Strategies

Speaker: Wes Dobry, VP of Solution Engineering

Modern enterprises don't just risk their own security—they inherit the vulnerabilities of every supplier and technology partner in their ecosystem.

In this webinar you will learn:

Hardware and Firmware Supply Chain Risk: Discover advanced techniques for validating component authenticity, detecting tampering, and implementing hardware-level security controls that provide visibility into supply chain integrity from chip to cloud, following NIST C-SCRM SP 800-161r1 guidance for provenance verification.
Monitoring Asset Integrity Over Time: Learn how leading organizations deploy continuous verification systems that track the security posture of critical assets throughout their lifecycle, from procurement through decommissioning, implementing NIST's recommended approaches for supply chain transparency and continuous monitoring.
Closing the Back Door Against Advanced Threats: Explore practical strategies for identifying and remediating hidden access points in your supply chain, including compromised updates, embedded backdoors, and third-party code dependencies, based on NIST C-SCRM threat mitigation frameworks and emerging best practices.

C-SCRM Downstream Security: Using NIST CSF for Cyber Supply Chain Risk Management

Join an expert roundtable for a discussion of the latest threats facing AI data centers and enterprise network infrastructure, from NVIDIA GPU memory safety attacks to Gigabyte UEFI and Netgear routers. We'll discuss the shifting AI attack surface, how these vulns work, and how to mitigate them at scale.

AI Vulnerability Roundup: NVIDIA GPUHammer, Gigabyte UEFI, and Netgear Routers

Are hidden vulnerabilities in your AI data center putting critical workloads at risk?
As AI becomes increasingly integral to business operations, the underlying infrastructure supporting GenAI workloads is a high-value target for cyber attackers. Ensuring the security of AI compute infrastructure, particularly in high-performance AI data centers and bare-metal AI workflows, requires a deep understanding of the complex and evolving attack surface.

This webinar will explore:

- Growing threats against AI data centers and AI infrastructure
- Risks in hardware, firmware, and trusted execution environments (TEEs)
- Best practices for defending AI data centers from stealthy, sophisticated attacks

AI Compute Infrastructure Under Siege: Navigating Firmware and Hardware Security

This expert conversation between Paul Asadoorian and Dr. Chase Cunningham (aka Dr. Zero Trust) discusses a range of timely cybersecurity topics for enterprises concerned about the rapid shifts in the threat landscape, and how to stay protected:
Paul and Chase dig into:
- The evolution of Zero Trust in IT infrastructure and data centers
- Cyber attack tactics, lateral movement, living off the land, and more
- Cyber warfare, drone attacks, and other Black-Mirror-turned-real aspects of the modern cyber battlefield.

Tune in for a great conversation between two long time cybersecurity industry experts.

Evolution of Zero Trust, IT Infrastructure, Lateral Movement, Drone Attacks, Cyber Warfare, and More

An 8x increase in vulnerability exploitations against network edge devices was reported in the 2025 Verizon DBIR report.
Attacks on the network edge have caught up with Credential Exploitation as an initial access attack method.

Join this webcast for a mix of industry trends and practical tips to protect your enterprise from this seismic shift in attacker tactics. In this session we will cover:

Why network device exploitation is on the rise as an initial access vector while credential abuse drops
Which network device types are most attacked, and how to protect them
How to find and patch vulnerable devices faster, and how to protect the ones you can’t patch

Protecting The Network Edge from APTs, Zero Days, and Ransomware

AI is Critical Infrastructure. Its Weakest Link? The Supply Chain

Speakers: John Loucaides, SVP of Strategy and Raj Dodhiawala, Chief Product Officer

The global AI infrastructure arms race is heating up, and the stakes could not be higher. AI is critical infrastructure, and nation-state hackers are digging into the foundations. AI data center operators, neoclouds, and enterprises operating their own AI servers face skyrocketing cybersecurity risk in the foundational hardware, firmware, and supply chain for their AI infrastructure.

Listen to our Executive Webinar and hear:

Why AI is critical infrastructure now and what that means for its cyber threat model
The accelerated worldwide construction of new AI data centers and factories, and how supply chain security affects it
Security risks at the foundational level - chips and hardware that drive training and inference for business critical use cases
What is IT infrastructure supply chain security and how it can help

Protecting AI Data Centers: The Cyber Target Of The Century

Speaker: Paul Asadoorian, Principal Security Researcher

Listen as Paul Asadoorian explores the meteoric growth of affordable hardware hacking devices, from the FlipperZero to ESP32-based platforms, and their implications for cybersecurity. 

- Trace the journey from the FlipperZero to the widespread adoption of ESP32-based alternatives
- Understand the hardware specifications, development environments, and security features of ESP32 devices.
- Explore the risks associated with web-based firmware flashing and the potential for supply chain attacks.
- Examine how both security researchers and threat actors are leveraging these affordable platforms.

This session is a must for security professionals, researchers, IT decision-makers, and anyone concerned about balancing innovation with security in the age of cheap, accessible hardware hacking tools.

Hardware Hacking Tools, Tips, and Tricks for Total Domination

CRITICAL ALERT: First BMC Vulnerability Added to CISA's Known Exploited Vulnerabilities List
CISA just added CVE-2024-54085 to their Known Exploited Vulnerabilities catalog - and this is HUGE. It's the first baseboard management controller (BMC) vulnerability to make this critical list, and it has a perfect 10/10 severity score.
This vulnerability affects AMI MegaRAC firmware found in servers from major vendors including AMD, ARM, Fujitsu, Gigabyte, and Supermicro. According to Ars Technica, this "actively exploited vulnerability could give attackers extraordinary control over server fleets."
What You'll Learn:
- Why BMC vulnerabilities are so dangerous for enterprise security
- How to inventory baseboard management controllers in your environment
- Step-by-step detection of CVE-2024-54085 using Eclypsium
- Why federal agencies have just 3 weeks to patch or mitigate (BOD 22-01)
- The challenge of supply chain patching for firmware vulnerabilities
Key Takeaways:

BMCs operate outside typical security visibility
Attackers are increasingly targeting low-level infrastructure components
Patching may take time due to vendor supply chain dependencies
Immediate mitigation and micro-segmentation are critical

This represents a major shift in the threat landscape - attackers are going deeper into infrastructure to establish persistent access and move laterally through environments undetected.
Related Resources:
AMI MegaRAC Vulnerabilities Deep Dive: https://eclypsium.com/blog/ami-megarac-vulnerabilities-bmc-part-3/
CVE-2024-05485 CISA KEV Analysis: https://eclypsium.com/blog/bmc-vulnerability-cve-2024-05485-cisa-known-exploited-vulnerabilities/
#CyberSecurity #BMC #CISA #KEV #CriticalVulnerability #InfrastructureSecurity #Eclypsium #AMI #MegaRAC #ServerSecurity

Critical Vuln Alert! How To Detect AMI MegaRAC BMC CVE-2024-54085

The BlackLotus UEFI Bootkit is a serious issue that Microsoft has been addressing for years. In February 2025, Microsoft has published Enterprise Deployment Guidance for BlackLotus UEFI Bootkit mitigations. 

Here's a quick discussion of the potential speedbumps or challenges that enterprises may encounter in attempting to roll out BlackLotus mitigations across a heterogeneous environment that includes various combinations of hardware, software, and firmware.

To learn more about BlackLotus, visit https://eclypsium.com/blog/blacklotus-a-threat-coming-to-a-system-near-you/

BlackLotus UEFI Bootkit CVE Mitigations

Enterprises typically spend significant resources managing, patching and updating their software. The same processes and thoroughness are often not in place for the firmware that underpins the fundamental behavior of system hardware. Many times the device firmware is never updated or only updated in light of a threat. While most CISOs and security teams would like to improve their firmware security hygiene, there are a variety of real-world challenges to keeping firmware updated. In this webinar, Eclypsium experts John Loucaides, VP of Research and Development, and Steve Mancini, CISO, discuss the findings of a new report on Enterprise Best Practices for Firmware Updates. 


This Q&A style webinar explores the following topics:

- The current state of firmware and firmware updates.
- How the industry is evolving to meet the need for consistent firmware 
   update management.
- The barriers to establishing firmware update management.
- Recommended steps that security leaders can use to begin building a 
  safe and reliable process for managing firmware updates.

Enterprise Best Practices for Firmware Updates

While most organizations are accustomed to dealing with external threats such as malware, the technology supply chain itself has rapidly emerged as an important source of risk. Proliferating vulnerabilities at the firmware and hardware level have opened the door for nation-state and ransomware attackers to gain control over laptops, servers, and network devices. Vulnerabilities or compromises in the supply chain can affect devices long before they are delivered and unboxed by the eventual owner, as well as during the update process.

In this live webinar, our expert panel will discuss:

- How the complex technology supply chain creates concentrations of risk
- Recent supply chain threats and their implications for enterprise risk management
- What a supply chain disaster scenario might look like
- What organizations can do today to begin verifying device integrity in the supply chain and throughout the lifecycle of their devices
- What’s coming down the road as part of the NIST project for “Validating the Integrity of Computing Devices.”

Panelists: 
John Loucaides - Vice President of Research and Development at Eclypsium
Andrew Regenscheid - Project Lead for Applied Cryptography within the Computer Security Division at the National Institute of Standards and Technology (NIST).

Safeguarding Device Integrity in the Supply Chain and Beyond

Build device security into your overall cybersecurity plan with simple steps that help you progress from basic cyber hygiene to preventing advanced persistent threats using the Cybersecurity Maturity Model Certification (CMMC) framework as a guideline. John Loucaides, VP of R&D at Eclypsium, will share insights on how attackers compromise device integrity and how you can defeat them by designing device security into your cybersecurity practices. Whether you are part of the defense industry, the broader federal government or a commercial entity, you’ll benefit from this approach to securing critical devices. 

This webinar will cover: 

 - Real-World Attacks Against Device Integrity
 - How Attackers Compromise Device Integrity
 - Designing Device Security Into Your Security Practices
 - NIST, FISMA & CMMC Cybersecurity Requirements for Device Security
 - Device Security and the Cybersecurity Maturity Model Certification (CMMC)

Improve Device Security Using The CMMC Framework

Eclypsium researchers have identified multiple vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device. Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls. The issue affects 128 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. 

In this webinar, we will discuss the significant risks this poses to the integrity of these devices, and what steps can be taken to mitigate this threat.

BIOS Disconnect - New Research from Eclypsium

A few years ago, a casual Google search on the term “zero trust” would have returned hundreds of thousands of hits. Search for the same term today, and you’ll get about 4 billion hits -- that’s “billion” with a “B.” It’s possible that no other cybersecurity approach has matured so fast and received such widespread adoption in such a short time.

But can a Zero Trust security strategy be effective without accounting for the needs of firmware security? What does it even mean to apply Zero Trust principles to something as difficult to assess and secure as firmware? And who owns this initiative, the vulnerability management team? The CIO’s team? 

In this webinar, John Loucaides, Eclypsium VP of R&D, and Michael Thelander, Director of Product Marketing, will discuss the four pillars of Zero Trust security: 

 1. Default deny
 2. Contextual authentication
 3. Granular control
 4. Dynamic response

They will tie each of these pillars to the unique security requirements of firmware across the modern enterprise.

John and Michael will discuss how firmware is under fire by commercially motivated and nation-state attackers today and reveal the gap between modern infosec tools and firmware-based exploits. Then they’ll outline an approach to identify, verify, and fortify the firmware underneath every organization’s current technology stack–sustainably and cost-effectively.

The Mark of Zero: The Role of Firmware in Zero Trust Strategies

The recent discovery of MosaicRegressor spyware is the latest in an ongoing trend of UEFI implants observed in the wild. These threats are particularly powerful because their malicious code runs before and supersedes the operating system, while also allowing the threat to persist within firmware even after a system is reimaged. The implant code itself is universal and easy to build and the UEFI file system format is largely unmodified by individual OEMs. This creates a relatively low barrier to entry for attackers making it likely we will see this type of capability show up in other campaigns.


In this webinar, you’ll learn:
- How MosaicRegressor and other UEFI attacks work 
- Why these attacks are so dangerous and difficult to detect
- Why this discovery is significant, and what it portends for future threats
- How Eclypsium is able to detect these threats even before they are public
- What strategies you can use to protect and defend your devices from UEFI attacks.

Protecting Your Organization From MosaicRegressor and Other UEFI Implants

UEFI

Firmware

Implants

Attack Vectors

MosaicRegressor

Threat Detection

Threat Hunting

Threat Analysis

Security Awareness

Breach Prevention

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Get powerful end user computing insights from influential EUC experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on effective approaches to get non-programmers to create working applications.

End User Computing

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Protecting Your Organization From MosaicRegressor and Other UEFI Implants

Presented by

About this talk

Eclypsium Cybersecurity