"Firmware Looms as the Next Frontier for Cybersecurity"

Researchers found five vulnerabilities in servers run by over a dozen major companies, including Huawei, Qualcomm, Nvidia, AMD, Dell, and HP, in December. The flaws had CVSS scores ranging from 5.3 (medium severity) to 9.8 (critical). The flaws reside in firmware developed by American Megatrends International (AMI) for Baseboard Management Controllers (BMCs), which are processors manufactured by AMI. BMCs are chips that sit on motherboards and allow administrators to monitor and change almost everything on a machine, from applications and data down to low-level hardware. Nate Warfield, Eclypsium's director of threat research and intelligence, and Vlad Babkin, Eclypsium's security researcher, will argue that AMI's BMC flaws were symptomatic of something larger, and more structurally flawed, in firmware security. This article continues to discuss firmware security. 

Dark Reading reports "Firmware Looms as the Next Frontier for Cybersecurity"