Below the Surface (Audio) - The Supply Chain Security Podcast HybridPetya and UEFI Threats - BTS #60
13 snips
Sep 22, 2025 Dive into the intriguing world of cybersecurity, where Hybrid Petya's evolution poses new threats. UEFI vulnerabilities and the challenges of secure boot are dissected, alongside risks tied to Windows 10's end of life. The podcast shines a light on Cisco ASA device exposures and the alarming rise of supply chain attacks, such as NPM worms. Row Hammer attacks targeting DDR5 technology add to the complexity, emphasizing the need for enhanced visibility and robust security practices. Explore how shifting consumer trust is impacting software choices!
AI Snips
Chapters
Books
Transcript
Episode notes
UEFI Update Caused Hour-Long Lockup
- Vlad described a recent UEFI firmware update that left his laptop locked on a black screen for an hour.
- He recovered it through intensive troubleshooting, showing update risks even for skilled users.
Use A Local Root Of Trust
- For large fleets, create your own local root of trust and sign drivers you control.
- Use a managed signing process and passworded keys to reduce reliance on vendor cert timelines.
ASA Fleet Scans Signal Impending Attacks
- Attackers are actively scanning for end-of-life Cisco ASA devices and may have toolkits to exploit them.
- Large numbers of exposed ASAs create an attractive foothold to pivot into internal networks.
