Turns out some servers with Supermicro motherboards have hard-coded, plain-text passwords that can be accessed by remote, unauthenticated attackers. There is a firmware update available to remediate the issue, however over 30,000 servers remain at risk.
Just how serious is this security flaw?
Listen to episode 157 of our security slice podcast and hear Craig Young and Tyler Reguly give an overview of the vulnerability and discuss why it’s your fault if you are still vulnerable, mitigation strategies and the beneficial effects of public disclosure.
Click Here to Listen to the Podcast
- Security Slice: Credit Cards on Safari
- Security Slice: P.F. Chang’s Paper Trail
- Security Slice: iPhones vs. Androids
- Security Slice: OpenSSL Woes
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock