Security Weekly
Paul's Security WeeklySubscribe
Vulnerability Management, Malware

Supply Chain Security – Ivan Arce – PSW #781

We will talk about Supply chain security, the TPM 2.0 vulnerabilities recently discovered by a Quarkslab researcher, bugs in reference implementations, vulnerability disclosure and perhaps various other topics.

Segment Resources:

Vulnerabilities in the TPM2.0 reference implementation https://blog.quarkslab.com/vulnerabilities-in-the-tpm-20-reference-implementation-code.html

Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors https://blog.quarkslab.com/vulnerabilities-in-high-assurance-boot-of-nxp-imx-microprocessors.html

Heap memory corruption in ASN.1 parsing code generated by Objective Systems Inc. ASN1C compiler for C/C++

https://github.com/programa-stic/security-advisories/blob/master/ObjSys/CVE-2016-5080/README.md

Full episode and show notes

Announcements

  • Security Weekly listeners save $100 on their RSA Conference 2023 Full Conference Pass! RSA Conference will take place April 24-27 in San Francisco and on demand. To register using our discount code, please visit https://securityweekly.com/rsac2023 and use the code 53UCYBER! We hope to see you there!

Guest

Ivan Arce
Chief Research Officer at Quarkslab

Ivan is Chief Research Officer at Quarkslab, a french infosec company specialized in services and products that require in-depth technical expertise, where he leads a cross-functional team that coordinates all the security research of the company.
He is an industry veteran with over 30 years in the infosec (now known as cybersecurity) community. He co-founded Core Security Inc., an argentinean cybersecurity company, in the mid 1990s, and was a very early guest of PSW.
He lives in Buenos Aires, Argentina

Hosts

Principal Security Evangelist at Eclypsium
Principal Researcher at The Defenders Initiative
Founder at Guardedrisk
Brainstem Hacker and InfoSec Enthusiast at Redacted

Related