Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Supermicro, Pulse Secure Respond to Trickbot’s Ability to Target Firmware

Server and storage technology giant Supermicro and secure access solutions provider Pulse Secure have issued advisories to inform users that some of their products are vulnerable to the Trickbot malware’s ability to target firmware.

Server and storage technology giant Supermicro and secure access solutions provider Pulse Secure have issued advisories to inform users that some of their products are vulnerable to the Trickbot malware’s ability to target firmware.

In early December, security researchers at Advanced Intelligence (AdvIntel) and enterprise device security firm Eclypsium revealed that Trickbot not only survived a takedown attempt, but also gained the ability to scan UEFI/BIOS firmware for vulnerabilities that would allow making modifications.

Referred to as Trickboot, the ability would enable TrickBot operators to use firmware implants and backdoors in their attacks, control the boot operations to fully control systems, or even start bricking devices, the researchers warned at the time.

“TrickBoot is a new functionality within the TrickBot malware toolset capable of discovering vulnerabilities and enabling attackers to read/write/erase the device’s BIOS,” Supermicro notes in an advisory published this week.

The malware can check if the BIOS control register is unlocked and if modifications could be made to the BIOS region contents, and then implant malicious code that would survive OS reinstalls.

Supermicro said the vulnerability affects a subset of the X10 UP motherboards and that a mitigation will be provided. However, only products that have not reached end of life (EOL) will automatically receive the BIOS update. Patches for EOL products will be provided at request.

“A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device,” Pulse Secure notes in its advisory.

The company says that only two of its device models are affected, namely PSA-5000 and PSA-7000. Patches are available for Pulse Connect Secure / Pulse Policy Secure and are pending release for Pulse One (the on-prem appliance only).

Advertisement. Scroll to continue reading.

Related: NSA Publishes Guidance on UEFI Secure Boot Customization

Related: TrickBot Gets Updated to Survive Takedown Attempts

Related: New Dell Utility Alerts Security Teams of BIOS Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...