About Us

Sepio Systems released a New Index to assist businesses measure and understand Risk Exposure to Hardware-based Cyber Attacks

Sepio Systems announced the release of the Hardware Access Control Index (HACx), an objective assessment, based on a number of parameters that assists companies in determining their hardware security posture. As part of its HAC-1 solution, the firm offers a rogue hardware mitigation guarantee in collaboration with Munich Re Group (Munich Re), one of the world’s leading suppliers of reinsurance, primary insurance, and insurance-related risk solutions, under which Munich Re guarantees Sepio’s obligations. It is the only index of its kind to track these types of vulnerabilities across organizations and industries, backed by assurance.

Every year, a hardware security breach compromises a company. However, because this type of attack “lies” below the network layer, most cybersecurity mitigation techniques and tools that counter networking and software-based attacks are unaware of it. By providing CISOs with actionable intelligence that enables focused risk awareness, HACx bridges the information gap.

“Cybersecurity is not about achieving an absolute level of security – there is no 100% security level. It is about how your organization measures against other potential targets that cybercriminals are evaluating. CISOs need to verify that they are leading the pack and not following it, and to do that, they need to know how they measure up. As hardware-based attack campaigns are gaining more in popularity, HACx provides the required data for cross industry and cross vertical comparison,” said Bentsi Ben-atar, CMO and Co-founder, Sepio Systems.

HACx assesses a company’s cybersecurity posture in terms of Hardware Access Control in an objective and complete manner. Sepio Systems’ research team is leading the initiative, which is based on useful customer data and risk assessment scans.

“The HAC-1 solution fills an important gap in hardware security, like rogue device mitigation originating from internal abusers and supply chain attacks. By insuring Sepio’s guarantee for its rogue device mitigation service with our unique solution aiSure, we support a truly innovative company that is a pioneer in its field,” said Michael Berger, Head of AI Insurance at Munich Re.

Newly Discovered Dell BIOS Bugs Impact 129 Models around 30 Million PCs

After uncovering various vulnerabilities that might allow attackers to execute arbitrary code in Dell PC’s BIOS, security researchers have warned that 129 models and at least 30 million Dell PCs could be at risk.

Eclypsium Discovered the security flaw in the BIOS system and they stated “Eclypsium researchers have identified multiple vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device. Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls.”

“The Eclypsium team has coordinated with Dell PSIRT throughout the disclosure process. Dell has issued a Dell Security Advisory and is scheduling BIOS/UEFI updates for affected systems and updates to affected executables from Dell.com” mentioned Eclypsium.

“These vulnerabilities enable an attacker to remotely execute code in the pre-boot environment. Such code may alter the initial state of an operating system, violating common assumptions on the hardware/firmware layers and breaking OS-level security controls. As attackers increasingly shift their focus to vendor supply chains and system firmware, it is more important than ever that organizations have independent visibility and control over the integrity of their devices,” said Eclypsium.