BadCam Attack Demo - Eclypsium | Supply Chain Security for the Modern Enterprise
Learn More >| Eclypsium | Supply Chain Security for the Modern Enterprise
The FBI and CISA, along with a coalition of other international cybersecurity agencies, have released a new Cybersecurity Advisory, CSA AA25-239A, about Salt Typhoon and other Chinese State-Sponsored Advanced Persistent Threat (APT) groups. The new guidance includes specific details about protecting firmware from attacks, as well as CVEs in Cisco and Palo Alto equipment being […] The post New Salt Typhoon Defense Guidance from FBI and CISA appeared first on Eclypsium | Supply Chain Securi...| Eclypsium | Supply Chain Security for the Modern Enterprise
The European Union’s Cyber Resilience Act (CRA), Regulation (EU), 2024/2847, “aims to safeguard consumers and businesses” from risks introduced through the digital supply chain. To satisfy this regulation, countless organizations will have to change how they operate. This will require implementing rigorous supply chain monitoring and management practices, and ultimately adopting new cybersecurity technologies to […] The post FAQ: What Does the EU Cyber Resilience Act (CRA) Mean for ...| Eclypsium | Supply Chain Security for the Modern Enterprise
Download the PDF > How Eclypsium Delivers CRA Compliance for Hardware and Firmware Inventory and Supply Chain Security The EU Cyber Resilience Act, (Regulation 2024/2847) which entered into force in December 2024 and will be fully enforced by December 2027, fundamentally changes cybersecurity due diligence requirements and vulnerability handling responsibilities throughout the digital supply chain. […] The post Eclypsium Solves Challenging EU Cyber Resilience Act Requirements appeared fir...| Eclypsium | Supply Chain Security for the Modern Enterprise
The post AI Infra Summit appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.| Eclypsium | Supply Chain Security for the Modern Enterprise
Cyberdecks: Custom Hacking Platforms There are many examples online of DIY cyberdecks. These compact, modular builds push the boundaries of portable computing. The goal, at least for me, is to have something portable to run penetration testing hardware and software tools from. While you can use a small laptop, or arguably the computer you are […] The post Building the Ultimate Cyberdeck: My Custom Hackberry PI appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.| Eclypsium | Supply Chain Security for the Modern Enterprise
In this episode of Below the Surface, host Paul Asadoorian is joined by Brian Mullen, head of SSDLC at AMI, to discuss the complexities of supply chain and firmware security. They explore the challenges of maintaining security in a complicated supply chain, the importance of proactive and reactive security measures, and the implications of end-of-life […] The post BTS #57 - Brian Mullen - AMI appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.| Eclypsium | Supply Chain Security for the Modern Enterprise
Learn More >| Eclypsium | Supply Chain Security for the Modern Enterprise
Get insights on Eclypsium’s unique approach to digital supply chain security, infrastructure code security, the latest in vulnerability risk management, and industry trend developments.| Eclypsium | Supply Chain Security for the Modern Enterprise
New DoD Cyber Supply Chain Security Guidance from GAO and Secretary of Defense The first half of 2025 has seen a flood of new cybersecurity guidance for the U.S. Federal government, and particularly the Department of Defense. The Cybersecurity Maturity Model Certification (CMMC) 2.0 final rule was published on December 16, 2024, starting the clock […] The post New DoD Cyber Supply Chain Security Guidance from GAO and Secretary of Defense appeared first on Eclypsium | Supply Chain Security f...| Eclypsium | Supply Chain Security for the Modern Enterprise
What if your webcam turns on you? The post TechRadar: Your webcam could be hacked and hijacked into malware attacks - researchers warn Lenovo devices specifically at risk appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.| Eclypsium | Supply Chain Security for the Modern Enterprise
Researchers at supply chain risk management firm Eclypsium have shown how Linux-based webcams can be weaponized and turned into persistent threats. The post SecurityWeek: BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent Threats appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.| Eclypsium | Supply Chain Security for the Modern Enterprise
Lenovo webcam flaws, dubbed BadCam, let attackers turn them into BadUSB devices to inject keystrokes and launch OS-independent attacks. The post Security Affairs: BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.| Eclypsium | Supply Chain Security for the Modern Enterprise
Eclypsium researchers have discovered vulnerabilities in USB webcams that allow attackers to turn them into BadUSB attack tools. This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system. Principal security researchers Jesse Michael and Mickey Shkatov presented this research at DEF CON 2025. TL;DR Introduction to BadUSB Attacks […] The post BadCam: Now Weaponizing Linux Webcams appeared first on Eclypsium | Supply Chain Security f...| Eclypsium | Supply Chain Security for the Modern Enterprise
The GPUHammer Vulnerability is one of many hardware level security challenges facing AI infrastructure. Here’s what’s happening, and how to secure your GenAI Cloud workloads.| Eclypsium | Supply Chain Security for the Modern Enterprise
Get insights on how to protect supply chain security for your enterprise infrastructure with Eclypsium.| Eclypsium | Supply Chain Security for the Modern Enterprise
Netgear (and similar) devices, such as IoT routers, are a significant target for cyber attacks and exploitation.| Eclypsium | Supply Chain Security for the Modern Enterprise
An attacker armed with the latest knowledge of BMC vulnerabilities and exploits is poised to take control of your server(s). Given that one of these vulnerabilities, CVE-2024-54085, was recently added to the CISA KEV, we now know exploitation is happening in the wild. Organizations must inventory IT assets and then determine if a given vulnerability […]| Eclypsium | Supply Chain Security for the Modern Enterprise
CISA’s Known Exploited Vulnerabilities catalog has added a baseboard management controller vulnerability for the first time, marking a paradigm shift in attacker behavior.| Eclypsium | Supply Chain Security for the Modern Enterprise
The Salt Typhoon hack of Canadian Telcos and Viasat illuminates a dangerous blindspot in network security of critical infrastructure.| Eclypsium | Supply Chain Security for the Modern Enterprise
Discover new UEFI SMM callout vulnerabilities identified by Eclypsium Automata in AMD and AMI firmware. Learn how these flaws could let attackers execute code in privileged System Management Mode, impacting major vendors like Dell and Lenovo.| Eclypsium | Supply Chain Security for the Modern Enterprise
Eclypsium's platform enhances supply chain security by incorporating zero-trust in every device, fortifying hardware, firmware, and software.| Eclypsium | Supply Chain Security for the Modern Enterprise
The Eclypsium research team has discovered a previously unknown remotely exploitable vulnerability in AMI’s MegaRAC software that allows attackers to bypass authentication remotely.| Eclypsium | Supply Chain Security for the Modern Enterprise
Was it DNS? It’s always DNS. In this case, DNS (Domain Name System) is filled with sitting ducks (Ducks Now Sitting) for domain name hijacking. Multiple threat actors have been exploiting this attack vector which we are calling Sitting Ducks since at least 2019 to perform malware delivery, phishing, brand impersonation, and data exfiltration. As […]| Eclypsium | Supply Chain Security for the Modern Enterprise
