In this episode, Paul Asadoorian and Chase Snyder discuss the latest security threats and vulnerabilities affecting network appliances, particularly focusing on Avanti and Fortinet platforms. They explore the increasing risks associated with these devices, the need for improved security standards, and the challenges of risk management and visibility in network ... Read More

Security appliances, such as firewalls, VPNs, and secure web gateways, are designed to protect organizations from cyber threats. However, these assets designed to protect enterprises are increasingly the target of attackers who exploit vulnerabilities in security appliances to gain access, evade security teams, and maintain persistence within target organizations.  The ... Read More

What Type of Attacks Will We See in 2025? January 23, 2025Time: 1:00 pm ET | 10:00 am PTSpeaker: Paul Asadoorian, Principal Security Researcher Bootkits, network infrastructure attacks, and firmware vulnerabilities all saw major development in 2024, and these major trends show no sign of slowing down in 2025. Join ... Read More

The Year of the Typhoon Highlights from this edition: The post Below the Surface Winter 2024 Edition – The Year in Review appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise ... Read More

Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. The post The Hacker News: Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers appeared first on ... Read More

A firmware-dwelling bootkit in the iSeq 100 could be a key win for threat actors. The post Ars Technica: Widely used DNA sequencer still doesn’t enforce Secure Boot appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise ... Read More

Eclypsium’s research team has identified BIOS/UEFI vulnerabilities in a popular DNA gene sequencer made by Illumina, a leading genomics and healthcare technology vendor. More specifically, we found that the Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM mode and without Secure Boot or standard firmware ... Read More

A disturbing trend is emerging in the healthcare sector: vulnerabilities in medical devices, notably those containing sensitive genetic information. Recent reports highlight a critical security flaw in Illumina’s iSeq 100 DNA sequencer, raising serious concerns about the safety of patient data and the integrity of genetic research. The post Archyde: ... Read More

Recent research has uncovered a concerning vulnerability in modern Trusted Execution Environments (TEEs) that challenges fundamental assumptions about memory security. The BadRAM attack, detailed in a paper by De Meulemeester et al., demonstrates how a low-cost hardware manipulation can compromise the integrity guarantees of systems like AMD SEV-SNP (Secure Encrypted ... Read More

In this episode, Paul Asadoorian, Alec Summers, and Lisa Olson discuss the 25th anniversary of the CVE program, its evolution, and the importance of transparency in vulnerability management. They explore the history of CVE, the process of creating CVE records, and the role of CNAs in ensuring accountability. The conversation ... Read More