BTS #56 - Vulnerabilities & Backdoors In IT Infrastructure

In this episode, the hosts discuss various cybersecurity topics, focusing on Nvidia vulnerabilities, the implications of backdoors in technology, and the importance of secure boot and certificate management. They also delve into SonicWall's security challenges and the ongoing debate of building versus buying security solutions, particularly in the context of AI infrastructure and cloud services.

Articles and topics for this week:

1. https://blog.trailofbits.com/2025/08/04/uncovering-memory-corruption-in-nvidia-triton-as-a-new-hire/

2. https://mjg59.dreamwidth.org/72892.html - Secure Boot and certificates

3. https://www.tomshardware.com/pc-components/gpus/nvidia-defiant-over-backdoors-and-kill-switches-in-gpus-as-u-s-mulls-tracking-requirements-calls-them-permanent-flaws-that-are-a-gift-to-hackers - 

4. https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-disable-sslvpn-amid-rising-attacks/ - 

5. https://www.darkreading.com/endpoint-security/shade-bios-technique-beats-security - 

   1. Researcher’s previous paper on SMM and malware: https://arxiv.org/abs/2405.04355 

   2. He presented at Blackhat last year on Option ROMS: https://www.blackhat.com/us-24/briefings/schedule/index.html#youve-already-been-hacked-what-if-there-is-a-backdoor-in-your-uefi-orom-39579 - YouTube video: https://www.youtube.com/watch?v=_S6EymfaBqQ