Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile processors. The issue involves an unsafe variable in the Trusted Platform Module (TPM) configuration that could lead […]

The post UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware appeared first on Security Boulevard.

Eclypsium becomes a member of CISA’s public-private partnership for cyber defense strategy Portland, OR – June 13, 2024 – Eclypsium, the digital supply chain security company protecting critical hardware, firmware, and software, today announced it has become a member of the Joint Cyber Defense Collaborative (JCDC). Founded by the Cybersecurity and Infrastructure Security Agency (CISA) […]

The post Eclypsium Joins the Joint Cyber Defense Collaborative appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Eclypsium Joins the Joint Cyber Defense Collaborative appeared first on Security Boulevard.

The post Eclypsium CEO Yuriy Bulygin: Beware Compromised Firmware and Baseboard Management Controllers appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Eclypsium CEO Yuriy Bulygin: Beware Compromised Firmware and Baseboard Management Controllers appeared first on Security Boulevard.

As endpoint security tools improve, attackers target lower level firmware components to evade detection. This demo shows how malware targeting UEFI firmware, such as Black Lotus, can evade Windows device security features and EDR Vendor 1, and give attackers stealthy and persistent access to systems.

The post UEFI Firmware Exploit Evades EDR appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post UEFI Firmware Exploit Evades EDR appeared first on Security Boulevard.

This firmware attack scenario demonstrates the type of attacks seen in the wild and showcases how an attacker can target, implant, or even destroy an internal medical device from the Internet.

The post Attacking an Internal Windows Medical Device from the Internet appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Attacking an Internal Windows Medical Device from the Internet appeared first on Security Boulevard.

An introduction to Eclypsium's supply chain security, zero trust and device integrity solutions.

The post Eclypsium Overview appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Eclypsium Overview appeared first on Security Boulevard.

Join Eclypsium Product Manager, Paz Andrade, for a 45-minute overview of new product updates and a preview of the features and solutions on the Eclypsium Supply Chain Security Platform roadmap. This will be the first in an ongoing series of webinars where Corey and other members of the Eclypsium team will provide insights into where […]

The post Product Roadmap Webinar appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Product Roadmap Webinar appeared first on Security Boulevard.

Portland, OR – June 6, 2024 – Eclypsium®, the supply chain security company protecting critical hardware, firmware, and software, today announced its collaboration with Panasonic Connect North America in the release of Smart Compliance powered by Eclypsium. Smart Compliance is the latest offering from Panasonic Connect as a part of the TOUGHBOOK solution suite. The […]

The post Eclypsium and Panasonic Connect North America Partner to Protect Against Digital Infrastructure Threats Below the Surface With Smart Compliance appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Eclypsium and Panasonic Connect North America Partner to Protect Against Digital Infrastructure Threats Below the Surface With Smart Compliance appeared first on Security Boulevard.

Cassie has a long history of successfully managing a variety of security programs. Today, she leads supply chain efforts for a very large product company. We will tackle topics such as software supply chain management, SBOMs, third-party supply chain challenges, asset management, and more! Show Notes

The post BTS #31 - Managing Complex Digital Supply Chains - Cassie Crossley appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post BTS #31 – Managing Complex Digital Supply Chains – Cassie Crossley appeared first on Security Boulevard.

In response to increasing cyberattacks against U.S. public water systems, the U.S. Environmental Protection Agency (EPA) has announced that it will be stepping up enforcement of the cybersecurity requirements spelled out in the Safe Drinking Water Act (SDWA) and the America’s Water Infrastructure Act (AWIA). These laws require community water services to perform regular Risk […]

The post EPA Steps Up Cybersecurity Audits for Water Systems appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post EPA Steps Up Cybersecurity Audits for Water Systems appeared first on Security Boulevard.