BMC vulnerability | Breaking Cybersecurity News | The Hacker News

Enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in malicious USB devices, cybersecurity researchers at firmware security company Eclypsium told The Hacker News. Yes, that's correct. You can launch all types of USB attacks against vulnerable Supermicro servers without actually physically accessing them or waiting for your victim to pick up an unknown, untrusted USB drive and plug it into their computer. Collectively dubbed " USBAnywhere ," the attack leverages several newly discovered vulnerabilities in the firmware of BMC controllers that could let an unauthorized, remote attacker connect to a Supermicro server and virtually mount malicious USB device. Comes embedded with a majority of server chipsets, a baseboard management controller (BMC) is a hardware chip at the core of Intelligent Platform Management Interface (IPMI) utilities that allows sysadmins to remotely control and monitor a server without havin

A Flaw has been discovered in the motherboards manufactured by the server manufacturer Supermicro, has left more than 30,000 servers vulnerable to hackers that could allow them to remotely compromise the management interface of unpatched servers. The vulnerability actually resides in the Baseboard Management Controller (BMC) in the WPCM450 line of chips incorporated into the motherboards. Security Researcher at CARInet Security Incident Response Team, discovered that Baseboard Management Controller (BMC) of Supermicro motherboards contain a binary file that stores remote login passwords in clear text and the file is available for download simply by connecting to the specific port, 49152. Baseboard Management Controller (BMC) is the central part of the microcontroller that resides on server motherboard or in the chassis of a blade server or telecom platform. The BMC links to a main processor and other onboard elements via a simple serial bus. Baseboard management contr

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo