News | Enterprise Firmware Security | Eclypsium

Featured Coverage

September 3, 2019

Insecure virtual USB feature in Supermicro BMCs exposes servers to attack

Security researchers have found a way to attach virtual USB devices remotely to Supermicro servers, including over the internet, by abusing a feature in their baseband management controller software.

Read CSO Online article

August 11, 2019

Critical Windows 10 Warning: Millions Of Users At Risk

Eclypsium researchers found a common design flaw within the hardware device drivers from multiple vendors. In total, the number of hardware vendors affected runs to 20 and includes every major BIOS vendor. The nature of the vulnerability has the potential for the widespread compromise of Windows 10 machines.

Read Forbes article

July 17, 2019

Gigabyte and Lenovo servers impacted by common BMC firmware flaws

Security researchers from Eclypsium published details about two vulnerabilities that can be used to establish extremely persistent backdoors that can survive even OS reinstalls. Two different bugs, EOLs, and a complex supply chain make patching a nightmare.

Read ZDNet article

Podcasts

October 11, 2019

Yuriy Bulygin – CEO and co-founder, Eclypsium

September 5, 2019

Post Vegas edition, more news than we can handle

August 14, 2019

The CyberWire Daily Podcast

Security Industry Briefings Update – Enterprise Security Weekly #136

RSAC 2019 Recap – Enterprise Security Weekly #129

Supermicro hardware weaknesses let researchers backdoor an IBM cloud server

February 28, 2019

In the News

How FISMA Requirements Relate to Firmware Security

October 3, 2019

Exploit found in Supermicro motherboards could allow for remote hijacking

September 5, 2019

Supermicro fixes BMC software flaws that expose servers to virtual USB attacks

September 5, 2019

Supermicro: New Critical Security Flaw Lets Hackers Take Over Corporate Servers, Exfiltrate Data

September 4, 2019

Over 47K Supermicro servers’ BMCs are prone to USBAnywhere, a remote virtual media vulnerability

September 4, 2019

At least 47,000 servers vulnerable to remote attack

September 3, 2019

BMC vulnerabilities in Supermicro servers allow remote takeover, data exfiltration attacks

September 3, 2019

USBAnywhere Bugs in Supermicro Servers Allow Remote USB Access

September 3, 2019

Enjoy the holiday weekend, America? Well-rested? Good. Supermicro server boards can be remotely hijacked

September 3, 2019

Supermicro Bug Could Let “Virtual USBs” Take Over Corporate Servers

September 3, 2019

Over 47K Supermicro Corporate Servers Vulnerable to Attack

September 3, 2019

Supermicro Vulnerability Gives “Virtually Omnipotent Control over a Server and its Contents”

September 3, 2019

Researchers found several flaws, such as weak encryption, in a popular series of servers.

September 3, 2019

Supermicro BMCs were susceptible to remote attacks, according to firmware security startup

September 3, 2019

USBAnywhere: BMC Flaws Expose Supermicro Servers to Remote Attacks

September 3, 2019

BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks

September 3, 2019

Researchers discover 40+ insecure drivers for Windows

August 13, 2019

What do Windows 10 and Uber or Lyft have in common? One bad driver can really ruin your day. And 40 can totally ruin your month

August 12, 2019

Screwed Drivers’ Report Finds Intel, AMD and Nvidia Vulnerabilities (Among Others)

August 11, 2019

Researchers Find Over 40 Windows Security Flaws In Drivers From AMD, NVIDIA, Intel And Others

August 11, 2019

Vulnerabilities in Device Drivers From 20 Vendors Expose PCs to Persistent Malware

August 11, 2019

Windows 10 Security Alert: Vulnerabilities Found in Over 40 Drivers

August 10, 2019

Drivers from Over 40 Manufacturers Including Intel, NVIDIA, AMD Vulnerable to Privilege Escalation Malware Attacks

August 10, 2019

Driver Disaster: Over 40 Signed Drivers Can’t Pass Security Muster

August 10, 2019

Researchers find security flaws in 40 kernel drivers from 20 vendors

August 10, 2019

CYBER NEWS ROUNDUP: WHAT TO EXPECT AT BLACK HAT AND DEF CON

Intel, Sequretek, Eclypsium and Perception Point Advance Threat Detection Solutions

Firmware Vulnerabilities Show Supply Chain Risks

Vulnerable firmware in enterprise server supply chain

BMC firmware weaknesses put popular servers at risk

BMC Firmware Vulnerabilities Affect Lenovo, Gigabyte Servers

If malware wants to bury deep inside your Lenovo or Gigabyte servers, they can just ask Vertiv’s insecure BMC firmware

Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted

This firmware flaw was bad enough, but then researchers looked at the supply chain

Security Flaws Found in Intel Software, Data Center SSDs

The importance of hardening firmware security

Windows 10 security: Bad bug in our CPU diagnostics app, so patch now, says Intel

Intel Patches High-Severity Flaw in Processor Diagnostic Tool

Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Jolted by Meltdown and Spectre, Intel aims to accelerate patching process

How do I stop old USB drives from infecting my new Windows PC?

Business Briefs: Ubiquity Ventures Announces Its First Portfolio Companies

How Portland-area startups captured attention from 3 heavy-hitting investors

Eclypsium Platform 1.0 now available

Bare-Metal Cloud Firmware Security Fail Isn’t Limited to IBM – by Far

Bare-Metal Cloud Firmware Security Fail Isn’t Limited to IBM – by Far

How one Beaverton security company is fighting to protect firmware

Intel and Partner Ecosystem Offer New Silicon-Enabled Security Solutions

Hottest new cybersecurity products at RSA 2019

February 28, 2019

Supermicro hardware weaknesses let researchers backdoor an IBM cloud server

February 27, 2019

Security team discussed weakness in bare-metal services

February 27, 2019

Bare-metal cloud servers vulnerable to Cloudborne flaw

February 26, 2019

Morning Cybersecurity

February 26, 2019

After IBM SoftLayer fails to scrub bare-metal box firmware of any lurking spies, alarm raised over cloud server security

February 26, 2019

Supermicro hardware weaknesses let researchers backdoor an IBM cloud server

February 26, 2019

Hackers Can Slip Invisible Malware into ‘Bare Metal’ Cloud Computers

February 26, 2019

‘Cloudborne’: Bare-Metal Cloud Servers Vulnerable to Attack

February 26, 2019

‘Cloudborne’ IaaS Attack Allows Persistent Backdoors in the Cloud

February 26, 2019

Hackers Can Plant Backdoors on Bare Metal Cloud Servers: Researchers

February 26, 2019

Hackers Backdoor Cloud Servers to Attack Future Customers

February 26, 2019

Security automation on display in 2019 RSAC Innovation Sandbox

February 22, 2019

Innovation and Emerging Technology at the 2019 RSA Conference

February 20, 2019

Eclypsium demonstrates the remote bricking of a server

December 20, 2018

Watch researchers remotely brick a server by corrupting its BMC and UEFI firmware

December 19, 2018

How to Remotely Brick a Server

December 19, 2018

Fed IT security falls short

December 19, 2018

Servers Can Be Bricked Remotely via BMC Attack

December 19, 2018

How BMC and UEFI can be exploited to brick servers and take down your data center

December 19, 2018

Eclypsium raises $8.75M Series A round led by Madrona Venture Group to tackle hardware security

December 4, 2018

If Supermicro boards were so bug-ridden, why would hackers ever need implants?

October 11, 2018

Supermicro servers fixed after insecure firmware updating discovered

September 10, 2018

Supermicro wraps crypto-blanket around server firmware to hide it from malware injectors

September 7, 2018

Vulnerabilities found in the remote management interface of Supermicro servers

September 6, 2018

Intel Xeon workhorses boot evil maids out of the hotel: USB-based spying thwarted by fix

Evil Maid Attack Takes Your PC To The Cleaners With Sub-4 Minute Backdoor Firmware Install

Watch a Hacker Install a Firmware Backdoor on a Laptop in Less Than 5 Minutes

What got breached this week? Ticket portals, DNA sites, and Atlanta’s police cameras

Supermicro is the latest hardware vendor with a security issue

Firmware Vulnerabilities Disclosed in Supermicro Server Products

Spectre chip security vulnerability strikes again; patches incoming

Experts warn new ‘Superspectre’ bug uses the chip flaw to gain access to ‘all the secrets’ stored on a machine

Ex-Intel security expert: This new Spectre attack can even reveal firmware secrets

New Spectre Attack Recovers Data From a CPU’s Protected SMM Mode

Millions of Computers Are at Risk of Hacks That Crack Into Their Core

Intel Capital boosts startup investment, including Portland cybersecurity company

October 19, 2017

Former Intel security researchers launch firmware-targeted startup, land $2M

October 4, 2017

Press Releases

Eclypsium Collaborates with Intel to Reduce Firmware Attack Surface

Eclypsium Platform Now Generally Available; Joint Demos Available at RSA Conference

Eclypsium Selected as Finalist for 2019 RSA Conference Innovation Sandbox Contest

Eclypsium recognized for pioneering security that defends the firmware layer of the enterprise from vulnerabilities and threats

Firmware Security Leader Eclypsium Raises $8.75M Series A

Madrona Venture Group, Andreessen Horowitz and Intel Capital Invest in Eclypsium’s Oversubscribed Series A Round.

News Blog

Feature Image

Using Run-Time Hardware Telemetry to Detect Firmwa …

Announcing General Availability of Eclypsium Platf …

Series A Funding and Eclypsium’s Next Chapter

UEFI Attacks in the Wild

Infrastructure Attacks Take Center Stage

Eclypsium at Black Hat USA

Introducing Eclypsium

Media Contact

ZAG Communications for Eclypsium
Kari Walker
kari@zagcommunications.com
+1 (703) 928-9996