• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Firmware Vulnerabilities Disclosed in Supermicro Server Products

DooKey

DooKey

[H]F Junkie
2FA
Joined
Apr 25, 2001
Messages
14,479
If you own or support Supermicro products you should be aware there are some vulnerabilities in the configuration of some motherboards. This vulnerability is only able to be exploited if the malicious software is already running on the system, but it does have the nasty ability to hide in the firmware and will survive OS reinstalls. Obviously this takes some kind of insider threat to be effective, however, insider threats are the worse kind and the fact the malware can hide in the firmware after an OS reinstall makes it nasty. Supermicro is aware of the issue and is currently working on the fix.

According to Eclypsium researchers, some Supermicro products had an incorrectly set Descriptor Region that allowed software running on the OS (such as malware) to modify the Descriptor Region and then tamper with local firmware.
 
You must log in or register to reply here.
Back
Top