Collaborate Disseminate
The manufacturers have issued BIOS updates to address the issues, but researchers warn DMA attacks are likely possible against a range of laptops and desktops. Continue reading Dell, HP Memory-Access Bugs Open Attacker Path to Kernel Privileges
Intel’s Patch Tuesday releases are rarely so salient as those pushed out this month: the semiconductor chip manufacturer has patched a slew of high-profile vulnerabilities in their chips and drivers. TPM-FAIL TPM-FAIL is a name given to vulnerabi… Continue reading Intel releases updates to plug TPM-FAIL flaws, foil ZombieLoad v2 attacks
A slew of vulnerabilities affecting the baseboard management controllers (BMCs) of Supermicro servers could be exploited by remote attackers to gain access to corporate networks, Eclypsium researchers have discovered. The flaws, collectively dubbed USB… Continue reading BMC vulnerabilities in Supermicro servers allow remote takeover, data exfiltration attacks
Spurred by several past instances of attackers abusing device drivers to install a kernel rootkit or malicious firmware implants, Eclypsium researchers have decided to probe the security of a wide array of drivers. There is a lot of “bad” d… Continue reading Researchers discover 40+ insecure drivers for Windows
When researchers first found critical vulnerabilities in the firmware of Lenovo computer servers, it looked like a fairly straightforward issue. The problem, however, involved far more than the Hong Kong-based PC giant. The vulnerabilities were in the software of baseboard management controllers (BMC), the small processors used to remotely manage servers at an organization. The flaws could allow an attacker to run arbitrary code within the BMCs to retain persistent access to a computer system, or to “brick” the BMC entirely, rendering it inoperable. Those facts alone were cause for concern, but specialists at hardware-security company Eclypsium discovered a bigger story. The firmware in question was actually sourced from another company — Ohio-based Vertiv — and it was present in servers made by at least seven other vendors. “That’s when we realized just how complex and vulnerable the BMC supply chain is,” said Jesse Michael, principal security researcher at Eclypsium. The […]
The post This firmware flaw was bad enough, but then researchers looked at the supply chain appeared first on CyberScoop.
Continue reading This firmware flaw was bad enough, but then researchers looked at the supply chain
We have a Security Industry Briefings Update, where we talk about 42Crunch, Viridium, Whitecanyon, and Eclypsium! Security Industry Briefings Update 42Crunch – API security is a big deal. Why? Here is one reason: it is really easy to leave ou… Continue reading Security Industry Briefings Update – Enterprise Security Weekly #136
Paul Asadoorian and Matt Alderman recap RSA Conference 2019, including their briefings with: – 42Crunch – Baffle – CyberInt – Eclypsium – Ericom Software – Lacework – Radware – RiskRecon and More! Full Sh… Continue reading RSAC 2019 Recap – Enterprise Security Weekly #129
Eclypsium announced a collaboration with Intel to help organizations manage the entire firmware attack surface. Together with Intel, Eclypsium helps enterprise IT and cloud service providers construct a more secure foundation for computing by pairing s… Continue reading Eclypsium and Intel offer new silicon-enabled security solutions
A known vulnerability combined with a weakness in bare-metal server reclamation opens the door to powerful, high-impact attacks. Continue reading ‘Cloudborne’ IaaS Attack Allows Persistent Backdoors in the Cloud
RSA Conference announced the 10 finalists for its annual RSAC Innovation Sandbox Contest. The competition is dedicated to providing innovative startups a platform to showcase their groundbreaking technologies that have the potential to transform the in… Continue reading RSA Conference announces finalists for Innovation Sandbox Contest 2019