baseboard management controller

NVIDIA Patches Critical Bug in High-Performance Servers

Posted on October 29, 2020 by Tom Spring

NVIDIA said a high-severity information-disclosure bug impacting its DGX A100 server line wouldn’t be patched until early 2021. Continue reading NVIDIA Patches Critical Bug in High-Performance Servers→

Supermicro BMCs were susceptible to remote attacks, according to firmware security startup

Posted on September 3, 2019 by Greg Otto

Researchers from an enterprise firmware security startup have found an issue with a key component in various Supermicro motherboards that could allow attackers to remotely access some of an organization’s most valuable assets. Issues in the baseboard management controllers of Supermicro’s X9, X10 and X11 platforms that could allow an attacker to easily connect to a server and mount a virtual disk drive to the BMC, according to researchers from Eclypsium. After mounting a drive, an attacker could modify a server, implant malware, or even disable the device entirely. “Threats operating at this level can easily subvert traditional security measures and put the device and the integrity of all its data at risk,” Eclypsium notes in its research, which was released Tuesday. “As such, organizations should begin to treat these layers of security with the attention that it deserves.” The BMC is a processor that measures the physical state of a […]

The post Supermicro BMCs were susceptible to remote attacks, according to firmware security startup appeared first on CyberScoop.

Continue reading Supermicro BMCs were susceptible to remote attacks, according to firmware security startup→

Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted

Posted on July 17, 2019 by Tom Spring

Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware. Continue reading Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted→

Building a Proof of Concept Hardware Implant

Posted on October 24, 2018 by Tom Nardi

You’ve no doubt heard about the “hardware implants” which were supposedly found on some server motherboards, which has led to all sorts of hand-wringing online. There’s no end of debate about the capabilities of such devices, how large they would need to be, and quite frankly, if they even exist to begin with. We’re through the looking-glass now, and there’s understandably a mad rush to learn as much as possible about the threat these types of devices represent.

[Nicolas Oberli] of Kudelski Security wanted to do more than idly speculate, so he decided to come up with a model of …read more

Continue reading Building a Proof of Concept Hardware Implant→

Malicious Component Found on Server Motherboards Supplied to Numerous Companies

Posted on October 4, 2018 by Inderpreet Singh

This morning Bloomberg is reporting a bombshell for hardware security. Companies like Amazon and Apple have found a malicious chip on their server motherboards. These are not counterfeit chips. They are not part of the motherboard design. These were added by the factory at the time of manufacture. The chip was placed among other signal conditioning components and is incredibly hard to spot as the nature of these motherboards includes hundreds of minuscule components.

Though Amazon and Apple have denied it, according to Bloomberg, a private security contractor in Canada found the hidden chip on server motherboards. Elemental Technologies, acquired …read more

Continue reading Malicious Component Found on Server Motherboards Supplied to Numerous Companies→