NewsResearchIndustry
Industry
Know Your Enemy and Yourself: A Deep Dive on CISA …
Executive Summary: Conti Opens a New Front in the …
QCT & Pantsdown: An Executive Summary
Active Exploitation of F5 BIG-IP Devices (CVE-2022 …
Defending Firmware in the Firmament
Defending Firmware in the Firmament
Aggression, Orchestration and Preparation
And the Moon Bounced Over a Dumpster Fire
If the Firmware Light is Green, the Trap is Clean
The iLOBleed Implant: Lights Out Management Like You Wouldn't Believe
The iLOBleed Implant: Lights Out Management Like Y …
When Honey Bees Become Murder Hornets
Eclypsium + Defense in Depth
Defense in Depth: How Do We Turn the Tables Agains …
Pulse Secure: When Your Defenses Are Turned Agains …
Protecting Your Fortinet Devices With Firmware Security
Protecting Your Fortinet Devices With Firmware Sec …
Don't Freak Out
Don’t Freak Out. Scary Firmware Bugs Are Not Inv …
Eclypsium for Network Devices is GA: A Leap Toward …
Dear Ransomware The Gloves Are Coming Off
Fighting Back Against Bootkits
Who Will Patch Your VPN First? You, or Your Advers …
FinSpy UEFI & MBR Bootkit
FinSpy UEFI and MBR BootKit
From 33% to 69% …. Does it Matter?
Zero Trust is a critical strategy for defending our ever-growing digital attack surfaces. But Zero Trust Architecture is incomplete without device firmware and hardware verification. While adding context-aware checks on user activities does help, it cannot account for the many functions that occur inside a device, below the operating system. Three simple checks on device integrity can pave the way in this regard. Here are some examples: Add device vulnerability and firmware patch level risk to network access control. Access from an at-risk device has a long tail of impact. Once data is processed by the device, firmware attacks that happen later may bypass controls like encryption or security software that might have otherwise protected critical resources. Before enabling a device to affect mission-critical assets, check for vulnerabilities and updates. Extend context-aware access control to include device behaviors. Just like access patterns can reveal risky user activity, devices have common behavior profiles, and anomalies can reveal low-level tampering or installation of malicious firmware. Inventory components inside a device in order to enable revocation based on component properties if needed. The ability to revoke access to online sessions or offline data should extend to the device itself. If future events reveal backdoors or serious supply chain concerns, a component level inventory will help quantify exposure and enable quick and decisive action if it becomes necessary. A simple Eclypsium scan collects the information needed for these actions and more. Connect with us to discuss what might be appropriate for your environment
Three Steps to Complete Your Zero Trust Architectu …
Eclypsium Detects Severe Vulns in Accellion FTA Devices
Eclypsium Detects Severe Vulns in Accellion FTA De …
NIST Kicks the Can Feature Image
NIST Kicks the Can: Why We Need to Address Firmwar …
Feature Image You Can't Unsee the Rabbit
You Can’t Unsee the Rabbit: Perspectives on the …
Network Unmanaged Devices Feature Image
Extending Visibility and Security to Network and U …
What to ask when auditing firmware security compliance
What to Ask When Auditing Firmware Security
Boothole How It Started How It's Going
BootHole: How It Started, How It’s Going
A Secure Supply Chain Requires Independent Visibility Into Firmware Feature Image
A Secure Supply Chain Requires Independent Visibil …
In the Shadow of Sunburst: Hunting for Firmware Persistence in the Context of Supply Chain Attack IR
In the Shadow of Sunburst: Hunting for Firmware Pe …
Assessing Enterprise Firmware Security Risk in 2021 Feature Image
Assessing Enterprise Firmware Security Risk in 202 …
VPN Feature Image Shield Around WiFi Icon
Enterprise VPNs Need Securing as Attackers Capital …
INTEL-SA-00241 INTEL-SA-00404 Vulnerability Feature Image
Detect and Mitigate Critical Intel Vulnerabilities …
Feature Image
Turning our Vision into Reality
The Subjective Nature of a CVSS Score
Feature Image
Applying Lessons From CISA to Your Firmware
Feature Image
Ready Player One: What Firmware Gaming Cheats Mean …
Mitigating Risk From APT41 Attacks Against Network …
Securing the Enterprise From BootHole
Detecting Ransomware and Other Threats from Malici …
Zero Trust Feature Image
Device Integrity and the Zero Trust Framework
Feature Image
Ensuring Device Security in Federal Environments
Tools and Techniques for Updating Enterprise Firmw …
Enterprise Best Practices for Firmware Updates
Assessing Enterprise Firmware Security Risk in 202 …
Feature Image
Anatomy of a Firmware Attack
Flood of New Advisories Expose Massive Gaps in Firmware Security
Flood of New Advisories Expose Massive Gaps in Fir …
The Firmware Face of Fileless Threats Feature Image
The Firmware Face of Fileless Threats
Feature Image
Using Run-Time Hardware Telemetry to Detect Firmwa …
Feature Image
Mind The Gap: Securing Traveler Laptops From Commo …
A message from CEO Yuriy Bulygin
Firmware Security Comes of Age
ASUS Motherboard on Ice
ShadowHammer and the Firmware Supply Chain
Feature Image
Firmware Needs to Be Part of Your Incident Respons …
The Top 5 Firmware Attack Vectors
Hardware Supply Chain Threats
UEFI Attacks in the Wild
Remote UEFI Attacks
BMC, IPMI, and the Data Center Underbelly