Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Supermicro, Pulse Secure Respond to Trickbot’s Ability to Target Firmware

Server and storage technology giant Supermicro and secure access solutions provider Pulse Secure have issued advisories to inform users that some of their products are vulnerable to the Trickbot malware’s ability to target firmware.

Server and storage technology giant Supermicro and secure access solutions provider Pulse Secure have issued advisories to inform users that some of their products are vulnerable to the Trickbot malware’s ability to target firmware.

In early December, security researchers at Advanced Intelligence (AdvIntel) and enterprise device security firm Eclypsium revealed that Trickbot not only survived a takedown attempt, but also gained the ability to scan UEFI/BIOS firmware for vulnerabilities that would allow making modifications.

Referred to as Trickboot, the ability would enable TrickBot operators to use firmware implants and backdoors in their attacks, control the boot operations to fully control systems, or even start bricking devices, the researchers warned at the time.

“TrickBoot is a new functionality within the TrickBot malware toolset capable of discovering vulnerabilities and enabling attackers to read/write/erase the device’s BIOS,” Supermicro notes in an advisory published this week.

The malware can check if the BIOS control register is unlocked and if modifications could be made to the BIOS region contents, and then implant malicious code that would survive OS reinstalls.

Supermicro said the vulnerability affects a subset of the X10 UP motherboards and that a mitigation will be provided. However, only products that have not reached end of life (EOL) will automatically receive the BIOS update. Patches for EOL products will be provided at request.

“A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device,” Pulse Secure notes in its advisory.

The company says that only two of its device models are affected, namely PSA-5000 and PSA-7000. Patches are available for Pulse Connect Secure / Pulse Policy Secure and are pending release for Pulse One (the on-prem appliance only).

Related: NSA Publishes Guidance on UEFI Secure Boot Customization

Related: TrickBot Gets Updated to Survive Takedown Attempts

Related: New Dell Utility Alerts Security Teams of BIOS Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.