Name: Assessing Enterprise Firmware Security Risk - 2021
Start: 2021-09-21T19:00:00Z
End: 2021-09-21T19:01:01.000Z
Location: BrightTALK
Rating: 0

Eclypsium is the industry’s leading IT and AI Infrastructure Supply Chain Security company. Eclypsium defends enterprises and government agencies from vulnerabilities and supply chain threats hidden within hardware and firmware that traditional EDR and VM solution's miss.

This expert conversation between Paul Asadoorian and Dr. Chase Cunningham (aka Dr. Zero Trust) discusses a range of timely cybersecurity topics for enterprises concerned about the rapid shifts in the threat landscape, and how to stay protected:
Paul and Chase dig into:
- The evolution of Zero Trust in IT infrastructure and data centers
- Cyber attack tactics, lateral movement, living off the land, and more
- Cyber warfare, drone attacks, and other Black-Mirror-turned-real aspects of the modern cyber battlefield.

Tune in for a great conversation between two long time cybersecurity industry experts.

Evolution of Zero Trust, IT Infrastructure, Lateral Movement, Drone Attacks, Cyber Warfare, and More

An 8x increase in vulnerability exploitations against network edge devices was reported in the 2025 Verizon DBIR report.
Attacks on the network edge have caught up with Credential Exploitation as an initial access attack method.

Join this webcast for a mix of industry trends and practical tips to protect your enterprise from this seismic shift in attacker tactics. In this session we will cover:

Why network device exploitation is on the rise as an initial access vector while credential abuse drops
Which network device types are most attacked, and how to protect them
How to find and patch vulnerable devices faster, and how to protect the ones you can’t patch

Protecting The Network Edge from APTs, Zero Days, and Ransomware

AI is Critical Infrastructure. Its Weakest Link? The Supply Chain

Speakers: John Loucaides, SVP of Strategy and Raj Dodhiawala, Chief Product Officer

The global AI infrastructure arms race is heating up, and the stakes could not be higher. AI is critical infrastructure, and nation-state hackers are digging into the foundations. AI data center operators, neoclouds, and enterprises operating their own AI servers face skyrocketing cybersecurity risk in the foundational hardware, firmware, and supply chain for their AI infrastructure.

Listen to our Executive Webinar and hear:

Why AI is critical infrastructure now and what that means for its cyber threat model
The accelerated worldwide construction of new AI data centers and factories, and how supply chain security affects it
Security risks at the foundational level - chips and hardware that drive training and inference for business critical use cases
What is IT infrastructure supply chain security and how it can help

Protecting AI Data Centers: The Cyber Target Of The Century

Speaker: Paul Asadoorian, Principal Security Researcher

Listen as Paul Asadoorian explores the meteoric growth of affordable hardware hacking devices, from the FlipperZero to ESP32-based platforms, and their implications for cybersecurity. 

- Trace the journey from the FlipperZero to the widespread adoption of ESP32-based alternatives
- Understand the hardware specifications, development environments, and security features of ESP32 devices.
- Explore the risks associated with web-based firmware flashing and the potential for supply chain attacks.
- Examine how both security researchers and threat actors are leveraging these affordable platforms.

This session is a must for security professionals, researchers, IT decision-makers, and anyone concerned about balancing innovation with security in the age of cheap, accessible hardware hacking tools.

Hardware Hacking Tools, Tips, and Tricks for Total Domination

CRITICAL ALERT: First BMC Vulnerability Added to CISA's Known Exploited Vulnerabilities List
CISA just added CVE-2024-54085 to their Known Exploited Vulnerabilities catalog - and this is HUGE. It's the first baseboard management controller (BMC) vulnerability to make this critical list, and it has a perfect 10/10 severity score.
This vulnerability affects AMI MegaRAC firmware found in servers from major vendors including AMD, ARM, Fujitsu, Gigabyte, and Supermicro. According to Ars Technica, this "actively exploited vulnerability could give attackers extraordinary control over server fleets."
What You'll Learn:
- Why BMC vulnerabilities are so dangerous for enterprise security
- How to inventory baseboard management controllers in your environment
- Step-by-step detection of CVE-2024-54085 using Eclypsium
- Why federal agencies have just 3 weeks to patch or mitigate (BOD 22-01)
- The challenge of supply chain patching for firmware vulnerabilities
Key Takeaways:

BMCs operate outside typical security visibility
Attackers are increasingly targeting low-level infrastructure components
Patching may take time due to vendor supply chain dependencies
Immediate mitigation and micro-segmentation are critical

This represents a major shift in the threat landscape - attackers are going deeper into infrastructure to establish persistent access and move laterally through environments undetected.
Related Resources:
AMI MegaRAC Vulnerabilities Deep Dive: https://eclypsium.com/blog/ami-megarac-vulnerabilities-bmc-part-3/
CVE-2024-05485 CISA KEV Analysis: https://eclypsium.com/blog/bmc-vulnerability-cve-2024-05485-cisa-known-exploited-vulnerabilities/
#CyberSecurity #BMC #CISA #KEV #CriticalVulnerability #InfrastructureSecurity #Eclypsium #AMI #MegaRAC #ServerSecurity

Critical Vuln Alert! How To Detect AMI MegaRAC BMC CVE-2024-54085

The BlackLotus UEFI Bootkit is a serious issue that Microsoft has been addressing for years. In February 2025, Microsoft has published Enterprise Deployment Guidance for BlackLotus UEFI Bootkit mitigations. 

Here's a quick discussion of the potential speedbumps or challenges that enterprises may encounter in attempting to roll out BlackLotus mitigations across a heterogeneous environment that includes various combinations of hardware, software, and firmware.

To learn more about BlackLotus, visit https://eclypsium.com/blog/blacklotus-a-threat-coming-to-a-system-near-you/

BlackLotus UEFI Bootkit CVE Mitigations

Enterprises typically spend significant resources managing, patching and updating their software. The same processes and thoroughness are often not in place for the firmware that underpins the fundamental behavior of system hardware. Many times the device firmware is never updated or only updated in light of a threat. While most CISOs and security teams would like to improve their firmware security hygiene, there are a variety of real-world challenges to keeping firmware updated. In this webinar, Eclypsium experts John Loucaides, VP of Research and Development, and Steve Mancini, CISO, discuss the findings of a new report on Enterprise Best Practices for Firmware Updates. 


This Q&A style webinar explores the following topics:

- The current state of firmware and firmware updates.
- How the industry is evolving to meet the need for consistent firmware 
   update management.
- The barriers to establishing firmware update management.
- Recommended steps that security leaders can use to begin building a 
  safe and reliable process for managing firmware updates.

Enterprise Best Practices for Firmware Updates

While most organizations are accustomed to dealing with external threats such as malware, the technology supply chain itself has rapidly emerged as an important source of risk. Proliferating vulnerabilities at the firmware and hardware level have opened the door for nation-state and ransomware attackers to gain control over laptops, servers, and network devices. Vulnerabilities or compromises in the supply chain can affect devices long before they are delivered and unboxed by the eventual owner, as well as during the update process.

In this live webinar, our expert panel will discuss:

- How the complex technology supply chain creates concentrations of risk
- Recent supply chain threats and their implications for enterprise risk management
- What a supply chain disaster scenario might look like
- What organizations can do today to begin verifying device integrity in the supply chain and throughout the lifecycle of their devices
- What’s coming down the road as part of the NIST project for “Validating the Integrity of Computing Devices.”

Panelists: 
John Loucaides - Vice President of Research and Development at Eclypsium
Andrew Regenscheid - Project Lead for Applied Cryptography within the Computer Security Division at the National Institute of Standards and Technology (NIST).

Safeguarding Device Integrity in the Supply Chain and Beyond

Build device security into your overall cybersecurity plan with simple steps that help you progress from basic cyber hygiene to preventing advanced persistent threats using the Cybersecurity Maturity Model Certification (CMMC) framework as a guideline. John Loucaides, VP of R&D at Eclypsium, will share insights on how attackers compromise device integrity and how you can defeat them by designing device security into your cybersecurity practices. Whether you are part of the defense industry, the broader federal government or a commercial entity, you’ll benefit from this approach to securing critical devices. 

This webinar will cover: 

 - Real-World Attacks Against Device Integrity
 - How Attackers Compromise Device Integrity
 - Designing Device Security Into Your Security Practices
 - NIST, FISMA & CMMC Cybersecurity Requirements for Device Security
 - Device Security and the Cybersecurity Maturity Model Certification (CMMC)

Improve Device Security Using The CMMC Framework

Eclypsium researchers have identified multiple vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device. Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls. The issue affects 128 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. 

In this webinar, we will discuss the significant risks this poses to the integrity of these devices, and what steps can be taken to mitigate this threat.

BIOS Disconnect - New Research from Eclypsium

A few years ago, a casual Google search on the term “zero trust” would have returned hundreds of thousands of hits. Search for the same term today, and you’ll get about 4 billion hits -- that’s “billion” with a “B.” It’s possible that no other cybersecurity approach has matured so fast and received such widespread adoption in such a short time.

But can a Zero Trust security strategy be effective without accounting for the needs of firmware security? What does it even mean to apply Zero Trust principles to something as difficult to assess and secure as firmware? And who owns this initiative, the vulnerability management team? The CIO’s team? 

In this webinar, John Loucaides, Eclypsium VP of R&D, and Michael Thelander, Director of Product Marketing, will discuss the four pillars of Zero Trust security: 

 1. Default deny
 2. Contextual authentication
 3. Granular control
 4. Dynamic response

They will tie each of these pillars to the unique security requirements of firmware across the modern enterprise.

John and Michael will discuss how firmware is under fire by commercially motivated and nation-state attackers today and reveal the gap between modern infosec tools and firmware-based exploits. Then they’ll outline an approach to identify, verify, and fortify the firmware underneath every organization’s current technology stack–sustainably and cost-effectively.

The Mark of Zero: The Role of Firmware in Zero Trust Strategies

The technology supply chain supports virtually every aspect of modern-day organizations: from software and services to servers, switches, laptops, and virtual machines. As a result, any compromise or vulnerability in the supply chain is amplified by hundreds of downstream users and dozens of downstream use cases. Worse, this can bring invisible and potent risks into an organization under the guise of a trusted asset. 

While the firmware layer is often overlooked, it’s increasingly under fire from both financially motivated hackers and determined nation-states. It often represents a single point of failure in devices and is the stealthiest way an attacker can compromise a vast number of devices at scale. A firmware attack in the supply chain ensures that the attacker’s code is the first to run and has the highest privileges from the moment a device turns on. 

Commercial and government organizations alike are left wondering how they can trust vendor tools and checks when the vendor itself (or one of its upstream component providers) may be compromised in the supply chain? Join Eclypsium’s Director of Product Marketing, Michael Thelander, and VP of Federal Technology, John Loucaides, as they discuss:

  - Hardware/firmware/software supply chain complexity
  - Firmware’s critical role in the four key phases of hardware and software lifecycles 
  - Current and recent attacks (interdiction/tampering vs. backdoor)
  - Ongoing SBOM efforts
  - Practical firmware mitigation and hardening defenses for your organization

Firmware Fiascos and the Supply Chain’s Weakest Link

As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. In this live briefing, Eclypsium will update you on the latest threats to firmware and hardware that need to be on your radar for 2021. You’ll learn:

- The most common types of firmware attacks used in the wild today. 
- What malware, ransomware, and APT campaigns are targeting devices ranging from traditional laptops and servers to networking gear and VPN appliances.
- How firmware attacks enable adversaries to gain control of enterprise devices, subvert security controls, and persist invisibly, undetected by traditional security solutions. 
- How to detect and defend against firmware threats in the supply chain, in operational use, and as part of incident response.

Top Five Threats to Firmware Security

Recent updates to NIST 800-53 and other compliance standards emphasize that controls must extend down to firmware and hardware. To keep pace with widespread attacks and new standards, organizations must incorporate firmware security into risk management and compliance processes and address blind spots that have given attackers a new foothold. But what does this mean, and what should you be looking for?

In a follow-on to his popular ISACA presentation, Eclypsium’s John Loucaides will delve deeper into the questions auditors should ask, and the tools that are available to implement controls and verify due diligence within an organization. 

Eclypsium’s VP of Federal Technology, John Loucaides will discuss:

 - What is firmware, and why is it important?
 - Why firmware and hardware security is being called out in compliance frameworks
 - What questions to ask when conducting your audit
 - Evidence of compliance that can be produced
 - How Eclypsium is helping businesses collect this evidence

What Auditors Need to Know When Evaluating Firmware Compliance

Digital extortionists have learned how to continue to up the stakes by multiplying their leverage and reducing the time window of negotiation. Join Rick McElroy, Principal Cyber Security Strategist at VMware Carbon Black, and Scott Scheferman, Office of the CTO at Eclypsium as we explore where they are headed, and ask the hard questions about what it will take to get ahead of them. We will discuss:
 
  - What is the future of digital extortion campaigns?
  - What is the nature and magnitude of impacts associated with these?
  - Where and how does firmware and device trust come into play here?
  - How do organizations that have fully migrated to 3rd party cloud infrastructure and SaaS services, proactively mitigate risks in this new future?
  - What can present-day research and attacker campaigns teach us about what is next to come?
  - What is the next ‘North Star’ for us to aspire to? Is it still Zero Trust? 
 
Together, Rick and Scott bring a combined 50 years of industry experience -  the majority of which has been spent on the front lines of military, commercial, education, and federal spaces. They will harness a discussion that aims to “call it like they see it”, discern whether we are on the right path, and ask the hard questions about what it will take for us to get there, collectively, as an industry that might be in dire need of a wake-up call as we head into this great unknown together.
 
One thing is for certain; if we don’t anticipate and prepare for the future, we will surely succumb to its folly.

The Future State of Ransomware is Closer Than We Think

2020 saw a dramatic increase in firmware level threats, including widespread attacks against VPN devices, newly discovered UEFI implants, and a new TrickBot module scanning for firmware vulnerabilities. And, while analysis of the SolarWinds Orion supply chain SUNBURST campaign is ongoing, multiple threat actors, including those currently suspected in this campaign by public sources, have demonstrated the ability to introduce firmware-based persistence that evades majority endpoint protection or detection as well as traditional host-forensic detection. In this environment, how should CISOs assess their firmware security risk in 2021?  

Our panel of experts discusses how to evaluate and improve your firmware security posture.

Speakers:
Steve Mancini, CISO, Eclypsium
Malcolm Harkins, Chief Security & Trust Officer at Cymatic, and formerly CISO at Intel 
Ed Amoroso, Founder & CEO TAG Cyber, and formerly CISO at AT&T

Assessing Enterprise Firmware Security Risk - 2021

Cyber Attacks

Firmware

Risk Assessment

Security Risk

SolarWinds

Supply Chain

Threat Analysis

Threat Assessment

TrickBot

Unified Extensible Firmware Interface

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Get powerful end user computing insights from influential EUC experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on effective approaches to get non-programmers to create working applications.

End User Computing

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Assessing Enterprise Firmware Security Risk - 2021

Presented by

About this talk

Eclypsium Cybersecurity