Bare-Metal Cloud Firmware Security Fail Isn’t Limited to IBM – by Far

Tools used to manage bare-metal cloud environments can be used to attack data centers and are often overlooked, experts say, with IBM being one recent victim.

Security vendor Eclypsium reported last week that the Cloudborne vulnerability could be used by attackers to change a rented bare-metal server’s firmware to allow them to attack whoever uses the machine next.

One of the cloud providers that used the vulnerable baseboard management controller firmware by Supermicro was IBM Cloud, which wasn’t careful about wiping the firmware between customers, John Loucaides, VP of engineering at Eclypsium, told Data Center Knowledge. But the problem could happen with any cloud provider, he added.

Read full article at Data Center Knowledge.