In the wake of the recent pager attacks, we have received numerous questions from friends and customers about the risks of batteries in supply chain attacks. It should go without saying that battery safety is a very important topic and supply chain security is at the core of our mission ... Read More

In this episode, Paul Asadorian, Larry Pesce, and Evan Dornbush delve into the recent Sophos reports on threat actors, particularly focusing on the Pacific Rim case. They discuss the implications of the findings, including the tactics used by attackers, the vulnerabilities in network devices, and the challenges of securing appliances ... Read More

The post Stop Supply Chain Invaders appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise ... Read More

What’s New in CJIS 5.9.5 as it Relates to Firmware Security? n the latest CJIS Security Policy, the FBI is now requiring that IT firmware be verified for integrity and monitored for unauthorized changes. Failure to comply with it can lead to denial of access to information in the CJIS ... Read More

Supply chain security for servers, PCs, laptops, and devices has correctly focused on protecting these systems from vulnerabilities introduced through third-party suppliers. The applicable supply chains range from design and manufacturing to distribution and integration. Each stage presents potential risks, as malicious actors could introduce compromised components, counterfeit products, or ... Read More

Eclypsium Digital Supply Chain Security Platform also wins Next Gen Software Supply Chain Security category in Cyber Defense Magazine’s Top InfoSec Innovator Awards Portland, OR – Oct. 31, 2024 – Eclypsium, the leader in digital supply chain security for enterprise hardware, firmware and software infrastructure, is proud to announce that ... Read More

The landscape of global cyber threats continues to evolve, with sophisticated, state-sponsored campaigns from China gaining attention and including network appliances and devices as targets. Among these are four major Advanced Persistent Threat (APT) groups: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant. Each of these groups exhibits unique ... Read More

In this episode, Paul Asadoorian and Matt Johansen discuss the recent targeted attacks by Chinese threat actors, particularly focusing on the Volt Typhoon group. They explore the implications of back doors in cybersecurity, the role of ISPs, and the ongoing tension between privacy and security. The conversation delves into historical ... Read More

NIS2 is an EU cybersecurity directive that covers an incredibly broad set of services including but not limited to Energy, Transportation, Finance, Healthcare, and Digital Infrastructure. The legislation is designed to ensure that these critical services maintain a consistent set of minimum responsibilities when it comes to managing their risk ... Read More

Last month marks 25 years of operation for the CVE (Common Vulnerabilities and Exposures) program, launched in September 1999. It’s difficult to imagine a world without CVEs. Much of the “vulnerability management” activities, before the CVE program became popular, relied on matching version numbers from remote scans and executing shady exploits ... Read More