motherboard hacking | Breaking Cybersecurity News | The Hacker News

Enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in malicious USB devices, cybersecurity researchers at firmware security company Eclypsium told The Hacker News. Yes, that's correct. You can launch all types of USB attacks against vulnerable Supermicro servers without actually physically accessing them or waiting for your victim to pick up an unknown, untrusted USB drive and plug it into their computer. Collectively dubbed " USBAnywhere ," the attack leverages several newly discovered vulnerabilities in the firmware of BMC controllers that could let an unauthorized, remote attacker connect to a Supermicro server and virtually mount malicious USB device. Comes embedded with a majority of server chipsets, a baseboard management controller (BMC) is a hardware chip at the core of Intelligent Platform Management Interface (IPMI) utilities that allows sysadmins to remotely control and monitor a server without havin...

Remember Killer USB ?? In March, a Russian security researcher devised a weird USB stick that is capable of destroying sensitive components of a computer when plugged-in. Now, the same researcher, nicknamed Dark Purple , has launched a new version of his computer-frying USB Killer pendrive – USB Killer version 2.0 . USB Killer 2.0 is much more powerful than the previous version and is able to "kill" more than just a PC it is plugged in. USB Killer 2.0 is More Powerful to Damage any Computer The first version of USB Killer was consist of a DC/DC converter, a few caps and an FET. When plugged into a system, the converter in the USB Killer would charge the caps up to -110V , apply that voltage to signal lines of the USB interface, and repeat the entire process until everything possible in the computer is broken down. However, the second version of USB Killer dump -220V directly onto the signal lines of the USB interface, which is powerful enough to...

Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and poor access management.  Privileged accounts with access to your critical systems and sensitive data are among the most vulnerable elements in cloud setups. When mismanaged, these accounts open the doors to unauthorized access, potential malicious activity, and data breaches. That's why strong privileged access management (PAM) is indispensable. PAM plays an essential role in addressing the security challenges of complex infrastructures by enforcing strict access controls and managing the life cycle of privileged accounts. By employing PAM in hybrid and cloud environments, you're not...