Servers running on motherboards sold by Supermicro contain high-severity vulnerabilities that can allow hackers to remotely install malicious firmware that runs even before the operating system, making infections impossible to detect or remove without unusual protections in place. One of the two vulnerabilities is the result of an incomplete patch Supermicro released in January, said… Read More »
On Wednesday, CISA added CVE-2024-54085 to its list of vulnerabilities known to be exploited in the wild. The notice provided no further details. In an email on Thursday, Eclypsium researchers said the scope of the exploits has the potential to be broad. That scope includes: Attackers could chain multiple BMC exploits to implant malicious code… Read More »
reader comments 24 Hardware sold for years by the likes of Intel and Lenovo contains a remotely exploitable vulnerability that will never be fixed. The cause: a supply chain snafu involving an open source software package and hardware from multiple manufacturers that directly or indirectly incorporated it into their products. Researchers from security firm Binarly… Read More »
Getty Images reader comments 32 with If your organization uses servers that are equipped with baseboard management controllers from Supermicro, it may be time, once again, to patch seven high-severity vulnerabilities that attackers could exploit to gain control of them. And sorry, but the fixes must be installed manually. Typically abbreviated as BMCs, baseboard management… Read More »