Eclypsium, Inc.

What type of attacks will we see in 2025? From #bootkits to #networkattacks to #firmwaresecurity vulnerabilities, Chase Snyder and Paul Asadoorian review #cybersecurity happenings in 2024, and what to watch for as the year unfolds. Watch the on-demand #webinar here: https://hubs.ly/Q034Vhgv0

In episode 40 of our #BelowtheSurface #podcast, Matt Johansen, Head of Software Security at Reddit & founder of Vulnerable U, joined Eclypsium's Paul Asadoorian to discuss targeted attacks by Chinese threat actors, including the #VoltTyphoon group. Listen in to the full episode for a deep-dive into the implications of back doors in #cybersecurity, the role of #ISPs, the ongoing tension between #privacy and security, and more. ?? https://hubs.ly/Q038F54k0

The #BadRAM TEE #vulnerability serves as a stark reminder that even well-established security boundaries can be vulnerable to creative, low-cost attacks. As cloud computing and TEEs become increasingly prevalent, ensuring the integrity of memory subsystems will be crucial for maintaining trust in these technologies. Read more about it in our blog post: https://hubs.ly/Q032GSs70 #memorysecurity

What if you were playing a game but couldn't see the enemies? ?? With Supply Chain Invaders, that's just the kind of attack you face. Supply chain invaders aren’t coming; they’re already here. The invasion starts before your devices are even assembled, taking advantage of a huge, unprotected attack surface. Ready player one? ??????? https://hubs.ly/Q038bCvk0

The rapid growth in the popularity of hardware platforms like the #ESP32 has democratized security research, but has also introduced critical risks. Security researchers and threat actors may be using the same tools, which could lead to the targeting of firmware-based devices of all types. From state-sponsored APTs like Volt Typhoon and Velvet Ant exploiting zero-day vulnerabilities in Cisco NX-OS and F5 load balancers, to commodity hardware like the $11 CYD being repurposed for BLE tracking, the attack surface is expanding faster than many organizations can defend. Our blog post gives an overview of the various #hacking devices and the impact they're having. https://hubs.ly/Q035Qdf-0 #hackingdevice #securityresearch #firmwaresecurity #zeroday #Eclypsium

Stringent new rules from Criminal Justice Information Services (#CJIS) define how law enforcement agencies must protect criminal justice information, requiring agencies to manage risk, vulnerabilities, and threats down to the #firmware within their assets—well below the level covered by traditional security tools. By partnering with Eclypsium, multiple FL law enforcement agencies were able to easily meet these new regulatory requirements and greatly enhance their #cybersecurity, without burdening IT and security staff. Learn how: https://hubs.ly/Q037nLy90 #lawenforcement #firmwaresecurity #casestudy #customersuccess

In episode 43 of our #BelowtheSurface #podcast, Paul Asadoorian, Alec Summers, and Lisa Olson discussed the 25th anniversary of the #CVE program, the evolving landscape of supply chain vulnerabilities, and the importance of transparency in vulnerability management. ???? Get the full episode here: https://hubs.ly/Q037MP-y0

#Firmware presents real threats to enterprises, with cyberattackers leveraging firmware vulnerabilities to break in and achieve persistence inside target environments—leading to repeat data breaches. In our upcoming #webinar, Eclypsium Principal Security Researcher Paul Asadoorian discusses how these vulnerabilities make their way through the IT infrastructure supply chain, and how to protect your enterprise from this growing category of threat. Register now: https://hubs.ly/Q037m-bD0 #firmwarevulnerability #firmwaresecurity #supplychainrisk #supplychainsecurity

New toys in the lab. What we do at Eclypsium, Inc. is not just important. It’s also fun. I’m sure it can be fun to look for S3 buckets, but nothing beats exploiting (and building defenses for) a physical cloud server one month, a DNA testing device the next, and a firewall appliance after that. Join our team to defend the real physical world. cc Alex Bazhaniuk John Loucaides

Google researchers recently published proof-of-concept code demonstrating the ability to create malicious #microcode patches on #AMD processors from Zen 1 through Zen 4. This #vulnerability would allow an attacker to arbitrarily alter the execution of virtually any instruction on a vulnerable processor — undermining the many protections the industry has developed to ensure the integrity of modern computers and underscoring why supply chain vulnerabilities are particularly challenging to address. Read more in our latest blog post: https://hubs.ly/Q037bNgS0 #supplychainrisk #supplychainsecurity