Below the OS: UEFI Scanning in Defender

All of us have seen – or at least, are familiar with – the antics of Tom and Jerry or Road Runner and Wile E. Coyote. In each one the coyote or the cat set up these elaborate plans to sabotage their foe, but time and time again, the nimble mouse and the speedy bird are able to outsmart their attackers.In our third episode discussing Ensuring Firmware Security, hosts Nic Fillingham and Natalia Godyla speak with Shweta Jha and Gowtham Reddy about developing the tools that allow for them to stay one step ahead of cybercriminals in the cat & mouse game that is cyber security.    In this Episode You Will Learn: The new capabilities within Microsoft Defender to scan the Unified Extensible Firmware Interface (UEFI)How the LoJax attack compromised UEFI firmwareHow UEFI scanning emerged as a capability  Some Questions that We Ask: Has UEFI scanning always been possible? What types of signals is UEFI scanning searching for? What are the ways bad actors may adjust to avoid UEFI scanning? Resources:  Shweta Jha’s LinkedInGowtham Reddy’s LinkedInDefender Blog PostMicrosoft Security BlogNic’s LinkedInNatalia’s LinkedInRelated:Listen to: Afternoon Cyber Tea with Ann JohnsonListen to: Security Unlocked: CISO Series with Bret Arsenault Discover and follow other Microsoft podcasts at microsoft.com/podcastsSecurity Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.  Hosted on Acast. See acast.com/privacy for more information.