Severe BMC Vulnerabilities – Nate Warfield – PSW #766
Eclypsium's research team has discovered 3 vulnerabilities in BMCs. Nate Warfield comes on the show to tell the full story! This has garnered much attention in the press:
- Original research post: https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/
- https://www.securityweek.com/security-flaws-ami-bmc-can-expose-many-data-centers-clouds-attacks
- https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html
- https://therecord.media/three-vulnerabilities-found-in-popular-baseboard-software/
- https://www.bleepingcomputer.com/news/security/severe-ami-megarac-flaws-impact-servers-from-amd-arm-hpe-dell-others/
- https://duo.com/decipher/trio-of-megarac-bmc-flaws-could-have-long-range-effects
- https://www.csoonline.com/article/3682137/flaws-in-megarac-baseband-management-firmware-impact-many-server-brands.html
Announcements
Stay up-to-date with us on X (formerly known as Twitter) for the latest show clips and updates! Find us @SecWeekly and stay connected with our cybersecurity community.
Guest
Nate has 20 years of experience in network security and engineering, including designing networks for Microsoft and other Fortune 100 companies. During his career at Microsoft he transitioned to security research and vulnerability management, managing researcher engagement & patch delivery for high profile Windows vulnerabilities. A prolific conference speaker, he has presented his research on systemic flaws in cloud and network security at numerous security conferences worldwide. In 2020, he was named one of WIRED magazine’s WIRED25 for starting a volunteer group providing threat intelligence to hospitals & healthcare organizations during the COVID-19 pandemic.