Eclypsium, Inc.

As the cybersecurity landscape continues to evolve, it’s crucial to stay informed and proactive in defending against emerging threats. Our Summer 2024 Below the Surface Threat Report aims to provide you with valuable insights and strategies to enhance your organization’s security posture. The new report highlights some of the recent trends in the threat landscape: 🔒 Attacks against VPN and firewall appliances 🔒 Evolving IoT threats 🔒 Neat hardware hacking 🔒 New attacks against Windows drivers 🔒 Securing the digital supply chain 🚨Get our quarterly threat reports sent directly to your inbox!🚨 Subscribe to Below the Surface now: https://hubs.ly/Q02H70Rm0 #BelowtheSurface #SupplyChainSecurity #cybersecurity

A couple of weeks ago, the regreSSHion vulnerability was announced in OpenSSH, an open-source library used in 14+ million internet-exposed systems. While many of the affected systems are Linux servers, appliances that use embedded OSes based on Linux can also be affected. Cisco and Netscaler have advised customers of certain network devices that are vulnerable to regreSSHion. While not easy to exploit, this vulnerability illustrates the complexity of the IT infrastructure supply chain. Eclypsium scans detect devices that use the vulnerable versions of the OpenSSH software library. Affected #Cisco products: https://hubs.ly/Q02G-bMb0 Affected #Netscaler products: https://hubs.ly/Q02G-dS00

CISA and the FBI have asked network device manufacturers to strengthen their product security, especially when it comes to eliminating OS command injection vulnerabilities. They point out three vulnerabilities in Cisco, Palo Alto Networks, and Ivanti ConnectSecure appliances discovered in the last year that have been actively exploited.

"Consumers and businesses alike expect that cars and other products they purchase from reputable providers will not carry risk of harm. The same should be true of technology products … Cyber-intrusions are a symptom rather than a cause of the continued vulnerability of U.S. technology.” - Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency IT doesn’t have a vulnerability management problem, it has a supply chain security problem. Security, IT, and procurement teams must work together to not only ask their vendors for SBOMs and attestations, but also evaluate IT products based on their safety; and it shouldn't take an act of congress to get there. In our latest blog post, we cover why the IT industry needs third-party testing now. https://hubs.ly/Q02GTJNK0 #supplychainsecurity

I believe that open-source firmware does improve privacy, but not security. Open-source firmware still contains vulnerabilities and suffers from the same supply chain issues that commercial firmware suffers, there are many dependencies in all supply chains! Yes, open-source firmware allows us all to look at the code and ensure there are no privacy violations. It also allows us to look for vulnerabilities. But who is looking, and how often are they reporting the vulnerabilities? XZ proved to us all that we could fall victim to supply chain attacks in open-source software. Also, hardware support for open-source implementations in UEFI (or similar early-stage boot code) is minimal.

Don’t lose track of our shared mission in cybersecurity, said Allan Alford, CISO, Eclypsium, Inc.. This was discussed on CISO Series Podcast “The Post-it Note Clearly Says “Don’t Share” Right Under My Password.” Listen to the full episode: https://lnkd.in/gZUjigCW #CISOseries #CISO #security #infosec #informationsecurity #cybersecurity

The CIS Controls list hardware asset management as the most important security control. But how many organizations keep track of the components—the baseboard management controllers, UEFI firmware, SSDs, CPUs, TPMs, and network cards—that make up the servers in their datacenter? Join Eclypsium Director of Product Marketing, Tyson Supasatit, and Sr. Sales Engineer, Adam Woydziak, for a live webinar on 7/18 where you'll learn how you can keep an up-to-date inventory of all the hardware and firmware components of your PCs and servers, and how you can implement inventory, vulnerability management, and threat detection for the soft underbelly of your datacenter. https://hubs.ly/Q02GjBhW0 #threatdetection #firmwaresecurity #datacentersecurity #webinar

We're excited to announce Eclypsium's new partnership with Everfox! Innovators in Cross Domain Solutions (CDS), Everfox is the leading Commercial-Off-The-Shelf developer serving government agencies with Raise The Bar compliant solutions recognized by the National Cross Domain Strategy and Management Office (NCDSMO). Backed by the protection of the powerful Eclypsium Supply Chain Security Platform, the integrity and posture of critical CDS devices can be verified simply and automatically during System Production and through operation — ensuring the utmost protection of sensitive and critical information for government entities and other organizations relying on CDS technology. Read more about our partnership here. https://hubs.ly/Q02GbMTQ0 #CDS #NCDSMO #RTB #publicsector #government #supplychainsecurity

Earlier this year, the White House published a technical paper asking organizations to develop roadmaps for implementing memory safety in their software applications, with the goal of eliminating a class of defects that make up to 70% of all vulnerabilities. Hardware-based features will help the industry achieve memory safety more quickly (and the Eclypsium platform can be used to see whether this functionality is available and properly configured). In our blog post, we discuss options — including CHERI, memory tagging, and control flow integrity — for a faster path to #memorysafety. https://bit.ly/4cRCP3J

The popular YouTube account Low Level Learning has a great overview of the UEFIcanhazbufferoverflow vulnerability in Phoenix SecureCore firmware that's potentially affecting millions of PC devices. This 8-minute video covers the vulnerability, but also succinctly explains the difficulty of securing the supply chain for IT infrastructure devices and their components. 🎦 https://lnkd.in/esbue6xb #supplychainsecurity #firmwaresecurity #UEFIvulnerability