Severe BMC Vulnerabilities – Nate Warfield – PSW #766
Eclypsium's research team has discovered 3 vulnerabilities in BMCs. Nate Warfield comes on the show to tell the full story! This has garnered much attention in the press:
- Original research post: https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/
- https://www.securityweek.com/security-flaws-ami-bmc-can-expose-many-data-centers-clouds-attacks
- https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html
- https://therecord.media/three-vulnerabilities-found-in-popular-baseboard-software/
- https://www.bleepingcomputer.com/news/security/severe-ami-megarac-flaws-impact-servers-from-amd-arm-hpe-dell-others/
- https://duo.com/decipher/trio-of-megarac-bmc-flaws-could-have-long-range-effects
- https://www.csoonline.com/article/3682137/flaws-in-megarac-baseband-management-firmware-impact-many-server-brands.html
Announcements
Follow us on Twitter for livestream reminders, highlighted clips, memes, and more! You can find us at SecWeekly.
Guest
Nate has 20 years of experience in network security and engineering, including designing networks for Microsoft and other Fortune 100 companies. During his career at Microsoft he transitioned to security research and vulnerability management, managing researcher engagement & patch delivery for high profile Windows vulnerabilities. A prolific conference speaker, he has presented his research on systemic flaws in cloud and network security at numerous security conferences worldwide. In 2020, he was named one of WIRED magazine’s WIRED25 for starting a volunteer group providing threat intelligence to hospitals & healthcare organizations during the COVID-19 pandemic.
Hosts
