Unpacking NIST Hardware and Firmware Security Failure Scenarios
The National Institute of Standards and Technology (NIST) has released a report titled Hardware Security Failure Scenarios, enumerating 98 scenarios in which hardware and firmware weaknesses, and flaws in the supply chains ...
BTS #39 – The Art of Firmware Scraping – Edwin Shuttleworth
In this episode, Edwin Shuttleworth from Finite State discusses firmware security, insights from the GRRCON Security Conference, and the challenges of firmware analysis. The conversation covers various topics, including firmware scraping techniques, ...
What’s New in CJIS 5.9.5 as it Relates to Firmware Security?
The Criminal Justice Information Services (CJIS) is a division of the US Federal Bureau of Investigation (FBI) that is the centralized source of criminal justice information (CJI) for state, local, and federal ...
Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers
As our world becomes increasingly interconnected, the security of Operational Technology (OT) and Internet of Things (IoT) devices is more critical than ever. New findings from Forescout – Vedere Labs, the industry ...
Firmware Guide for Pen Testers
Contributions from Mathew Mullins, Supply Chain Security Consultant here at Eclypsium. Introduction Penetration tests come in many different varieties with the scope varying from all-inclusive to highly specific. When the penetration testing ...
Firmware, Supply Chain, and Frameworks – NIST SP 800-53
NIST Special Publication 800-53 rev 5, Security and Privacy Controls for Information Systems and Organizations, is one of the most important and influential documents in cybersecurity today. Read More > The post ...
USENIX Security ’23 – Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation
Authors/Presenters:Hui Jun Tay, Kyle Zeng, Jayakrishna Menon Vadayath, Arvind S. Raj, Audrey Dutcher, Tejesh Reddy, Wil Gibbs, Zion Leonahenahe Basque, Fangzhou Dong, Zack Smith, Adam Doupé, Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang ...
Patch or Perish: Secure Your Data Center with Firmware Management
In the dynamic world of data centers, where uptime and security are paramount, firmware management often goes under the radar. However, as data centers become increasingly sophisticated, efficient firmware management is crucial ...
Google Pixel Firmware Zero-Day Flaw Exploited And Patched
Google has recently issued a warning regarding a critical security flaw affecting Google Pixel Firmware, which has been actively exploited as a zero-day vulnerability. Identified as CVE-2024-32896, this high-severity issue involves an ...
Yahoo! News: Firmware flaw affects numerous generations of Intel CPUs
Using its automated binary analysis system Eclypsium Automata, Eclypsium has uncovered the existence of high-impact security vulnerabilities in Phoenix SecureCore UEFI firmware used by a wide variety of motherboard providers and Intel CPUs spanning ...