Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Supermicro BMCs were susceptible to remote attacks, according to firmware security startup

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 4 Sep 2019 05:48:59 +0000 (UTC)
https://www.cyberscoop.com/supermicro-bmcs-susceptible-remote-attacks-according-firmware-security-startup/

By Greg Otto
CYBERSCOOP
September 3, 2019
Researchers from an enterprise firmware security startup have found an issue with a key component in various Supermicro motherboards that could allow attackers to remotely access some of an organization’s most valuable assets.
Issues in the baseboard management controllers of Supermicro’s X9, X10 and X11 platforms that could allow an attacker to easily connect to a server and mount a virtual disk drive to the BMC, according to researchers from Eclypsium. After mounting a drive, an attacker could modify a server, implant malware, or even disable the device entirely.
“Threats operating at this level can easily subvert traditional security measures and put the device and the integrity of all its data at risk,” Eclypsium notes in its research, which was released Tuesday. “As such, organizations should begin to treat these layers of security with the attention that it deserves.”
The BMC is a processor that measures the physical state of a computer and gathers information on internal machine particulars like temperature and power supply. It’s common for system administrators to remotely access BMCs to make various adjustments to servers. 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: