Chris Garland

Eclypsium | Supply Chain Security for the Modern Enterprise

Over the past 50 years, traveling in automobiles has become much safer. Part of this is due to government regulations and part due to market forces. Given the criticality of enterprise IT products in our society today, we will likely see a combination of these two market influences work to ... Read More

Several different tools and techniques are available for Android to enumerate software and configurations, allowing you to begin to validate the software on devices. This cheat sheet is based on the work performed on Android TV devices (we documented our steps in the post Android TV Devices: Pre-0wned Supply Chain ... Read More

Securing IT assets demands continuous effort from both technology vendors and purchasing organizations. Vendors must deliver secure offerings with timely updates and defenses against known threats, and it’s up to end-users to apply those patches and configure security features correctly. However, this model often breaks down when we look below ... Read More

Cheryl is super passionate about supply chain security and visibility. Tune in to our discussion on how we can collectively get better at reducing the attack surface and working to fix the wide variety of digital supply chain issues we have today. Show Notes The post BTS #26 - What ... Read More

Following record results in FY23, company prioritizes channel momentum Portland, OR – March 26, 2024 – Eclypsium, the digital supply chain security company protecting critical hardware, firmware, and software in enterprise IT infrastructure, today announced the launch of the Eclypsium Global Partner Program, a new program focused on helping partners ... Read More

In our continuing series on the CISA Known Exploited Vulnerabilities (KEV) catalog, we provide an update on the landscape of cyber threats as it has evolved since March 2023. The KEV list, an essential tool for cybersecurity professionals, highlights vulnerabilities that have been actively exploited by cyber adversaries. The KEV ... Read More

Paul and Allan will talk a little bit about Allan’s background and current work at Eclypsium. Next, we’ll cover some of the recent news and topics we’ve been discussing on our blog including Firewall and VPN appliance security struggles, Shim Shady, Glubteba and other malware targeting UEFI, and some thoughts ... Read More

March 19, 2024Time: 1:00 pm ET | 10:00 am PT The ever-evolving landscape of network security faced new challenges in 2023 as hackers developed sophisticated methods to exploit vulnerabilities in network devices. Join Nate Warfield, Director of Threat Research, as he delves into the latest trends in network device hacking, ... Read More

Recently, Eclypsium worked with a customer and Lenovo to identify a end of manufacturing step that was not properly executed affecting some Lenovo ThinkSystem SR670V2 servers. In this case, all parties involved followed reporting and disclosure procedures to mitigate the risk of this incomplete process step for end users. This ... Read More

Our analysis has identified multiple vulnerabilities affecting Zyxel’s USG line of firewalls and VPN appliances running firmware versions 5.36 and below. The vulnerabilities can allow an unauthenticated attacker to force the admin interface of the device to send an HTTP GET to any URL of the attacker’s choosing and store ... Read More