Eclypsium – Page 3 – WindowsTechs.com

Don’t Let the Fox Watch the Henhouse: Securing Firmware

Posted on April 2, 2021 by John Loucaides

Recent attacks have caused the security industry to direct significant attention to supply chain security. As organizations look to address those challenges, it’s critical to start with what is arguably the most integral piece of the supply chain: the… Continue reading Don’t Let the Fox Watch the Henhouse: Securing Firmware→

TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions

Posted on December 3, 2020 by Tara Seals

A new “TrickBoot” module scans for vulnerable firmware and has the ability to read, write and erase it on devices. Continue reading TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions→

TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices

Posted on December 3, 2020 by Tim Starks

The malicious software known as TrickBot has morphed again, this time with a module that probes booting process firmware for vulnerabilities, possibly setting the stage for attacks that could ultimately destroy devices, researchers say. Two cybersecurity companies, Eclypsium and Advanced Intelligence (Advintel), dubbed the TrickBot add-on module “TrickBoot,” since it targets the UEFI/BIOS firmware. Firmware is permanent code programmed into a hardware device, while UEFI and BIOS are two kinds of specifications that manage a device’s start-up. TrickBoot, then, is s a “significant step in the evolution of TrickBot,” the researchers say, that could make TrickBot especially pesty. “Since firmware is stored on the motherboard as opposed to the system drives, these threats can provide attackers with ongoing persistence even if a system is re-imaged or a hard drive is replaced,” they wrote.”Equally impactful, if firmware is used to brick a device, the recovery scenarios are markedly different (and more difficult) than recovery […]

The post TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices appeared first on CyberScoop.

Continue reading TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices→

Eclypsium raises $13M to scale the company, expand sales, delivery, and R&D

Posted on October 4, 2020 by Industry News

Eclypsium announced it has raised $13 million in new funding in an oversubscribed round, from new investors AV8 Ventures, TransLink Capital, Mindset Ventures, Alumni Ventures Group, and Ridgeline Partners. Intel Capital, Madrona Venture Group, Andreess… Continue reading Eclypsium raises $13M to scale the company, expand sales, delivery, and R&D→

Bug in widely used bootloader opens Windows, Linux devices to persistent compromise

Posted on July 30, 2020 by Zeljka Zorz

A vulnerability (CVE-2020-10713) in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise, Eclypsium researchers have found. The list of affected systems includes servers and workstations, laptops a… Continue reading Bug in widely used bootloader opens Windows, Linux devices to persistent compromise→

Billions of Devices Impacted by Secure Boot Bypass

Posted on July 29, 2020 by Tara Seals

The “BootHole” bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT ,IoT and home networks. Continue reading Billions of Devices Impacted by Secure Boot Bypass→

New bug in PC booting process could take years to fix, researchers say

Posted on July 29, 2020 by Sean Lyngaas

In June, the antivirus company ESET stumbled across an insidious strain of ransomware that prevents a computer from loading and locks its data. A saving grace was that, in order for the attack to work, a ubiquitous feature known as UEFI Secure Boot, which protects computers from getting malicious code slipped on their systems, would have to be disabled. Now, researchers at hardware security company Eclypsium say they’ve found a vulnerability that, if exploited, would even work on computers that have that Secure Boot feature enabled. Exploiting the flaw, which researchers say affects just about every Linux-based operating system in existence, would make successful attacks using the ransomware spotted by ESET more likely. It would also open the door to stealthy attacks that compromise a machine’s loading process, where control over the computer is at its highest. “It’s this foundational part of the system, and everything you loaded up on […]

The post New bug in PC booting process could take years to fix, researchers say appeared first on CyberScoop.

Continue reading New bug in PC booting process could take years to fix, researchers say→

Hackable firmware lurks inside Dell, HP and Lenovo computers amid supply chain security efforts

Posted on February 19, 2020 by Sean Lyngaas

A stealthy hacking technique that could make it possible for attackers to access different components inside PCs made by the likes of Dell, HP and Lenovo still exists, five years after researchers first warned of it. Security researchers from Eclypsium, in findings published Tuesday, demonstrated how much of the firmware inside modern computers, such as webcams, USB hubs, trackpads and other internal hardware could be updated with “unsigned” code that’s not designed by the device vendor. That firmware, left unprotected, could provide outsiders with a gateway into more sensitive computer networks, all while PC customers implicitly trust their machine to safeguard their data. (The company only pointed to theoretical attacks, rather than an active, ongoing campaign against these devices.) “Firmware is meant to be invisible to the user, and so it’s not surprising that most people don’t pay attention to it,” said Eclypsium CEO Yuriy Bulgin. “However, these components make up […]

The post Hackable firmware lurks inside Dell, HP and Lenovo computers amid supply chain security efforts appeared first on CyberScoop.

Continue reading Hackable firmware lurks inside Dell, HP and Lenovo computers amid supply chain security efforts→

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

Posted on February 18, 2020 by Tara Seals

A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more. Continue reading Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs→

Why direct-memory attacks on laptops just won’t go away

Posted on January 30, 2020 by Sean Lyngaas

A dizzying array of organizations can be involved in the production of a laptop. One body puts out the specifications for the firmware, another vendor writes it and sells it to the manufacturer, and then another company makes sure it works with the device’s operating system. While there are exceptions — Apple controls more of these processes in producing Macs — the overall complexity of the laptop industry’s supply chain makes security harder. One vendor builds protections into a laptop, but if another firm doesn’t configure them properly, the chance that the machine is vulnerable to hacking grows considerably. New research from hardware security company Eclypsium shows why this challenge is so enduring. Eclypsium’s team of former white-hat hackers at Intel Corp. found two vulnerabilities in memory features of modern, “enterprise-class” HP and Dell laptops that could allow a skilled hacker to take control of the kernel, the computer’s core functionality, […]

The post Why direct-memory attacks on laptops just won’t go away appeared first on CyberScoop.

Continue reading Why direct-memory attacks on laptops just won’t go away→