BSides Boulder<p>Two days until <a href="https://infosec.exchange/tags/BSidesBoulder25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSidesBoulder25</span></a> and only 15 tickets remain! Today we highlight, two <a href="https://infosec.exchange/tags/BSidesBoulder25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSidesBoulder25</span></a> talks: Andrew Brandt's "Smashing Smishing by Quashing Quishing" and Eric Harashevsky's "Firmware Readout Bypass in STM92 (Don't put this in an alarm control panel). </p><p>Andrew's talk will examine QR-based phishing attacks, how attackers are exploiting QR codes and SMS to steal credentials and MFA tokens, and how a cross-industry collaboration between mobile vendors, telcos, and the infosec community could finally slam the door on mobile phishing. Think SafeBrowsing, but for QR scans! And we promise that our BSidesBoulder event QR codes will not redirect you to an Andrew-controlled C2 server. </p><p>Eric's talk will explore his adventure tinkering with an old STM92's firmware - the talk will explore his findings, reverse engineering the legacy microcontroller, bypassing firmware protections, and what that means for devices still hanging on your wall! Expect a live demo that is sure to excite your future hardware hacking journey. </p><p><a href="https://infosec.exchange/tags/BSides" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSides</span></a> <a href="https://infosec.exchange/tags/BSidesBoulder" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSidesBoulder</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Quishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Quishing</span></a> <a href="https://infosec.exchange/tags/Smishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Smishing</span></a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/PhishingDefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhishingDefense</span></a> <a href="https://infosec.exchange/tags/HardwareHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardwareHacking</span></a> <a href="https://infosec.exchange/tags/FirmwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirmwareSecurity</span></a></p><p>Check out our full schedule at <a href="https://bsidesboulder.org/schedule/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bsidesboulder.org/schedule/</span><span class="invisible"></span></a></p><p>Tickets are available for purchase for our 13 June event here: <a href="https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">eventbrite.com/e/bsides-boulde</span><span class="invisible">r-2025-registration-1290129274389</span></a></p>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
271active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.2
#firmwaresecurity
0 posts · 0 participants · 0 posts today
Tyson, Chicken Rancher 🐓<p>Tomorrow, I start as Director of Product Marketing at Eclypsium, Inc. I am excited to work alongside an extremely smart and thoughtful team.</p><p>Increasingly, attackers are targeting firmware to evade OS-level protections and maintain persistence. It's an "out of sight, out of mind" attack vector, but extremely critical. Watch this space because it could get real messy, real fast. Think of what an APT can do with with root access to enterprise network appliances, or what malware syndicates could do with an easy-to-use boot kit.</p><p>What controls do you currently have in place to assess and mitigate the risk of firmware attacks, especially those delivered through your supply chain? Eclypsium makes this easy for IT and security teams. Delivered as SaaS, the platform helps you to establish trust in your software, firmware, and hardware supply chain. Eclypsium has the largest library of firmware profiles and can verify the observed firmware matches the firmware profile that should be on the device, as well as report on firmware configurations.</p><p>This blog post from <span class="h-card"><a href="https://infosec.exchange/@paulasadoorian" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>paulasadoorian</span></a></span> chronicles recent real-world firmware attacks and explains why attackers focus on firmware: <a href="https://eclypsium.com/blog/endpoint-firmware-attack-timeline-introduction/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">eclypsium.com/blog/endpoint-fi</span><span class="invisible">rmware-attack-timeline-introduction/</span></a></p><p><a href="https://infosec.exchange/tags/supplychainsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>supplychainsecurity</span></a> <a href="https://infosec.exchange/tags/firmwaresecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firmwaresecurity</span></a> <a href="https://infosec.exchange/tags/blacklotus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blacklotus</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload