LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Motherboard MSI Warns of Rogue Firmware

MSI LogoMotherboard maker MSI announced today that they’re been the victim of a cyber attack and warned about rogue firmware.

Seems obvious that one should only load motherboard firmware from BLOBs provided by the mobo maker.  If someone compromised MSI, they may be able to effectively provide functional yet subverted firmware.  That would be a rootkit author’s dream.

It’s not clear if MSI’s firmware distribution channel was subverted.  Did someone break into MSI and replace their public downloads with cracked firmware?  They don’t say this happened.  Another concern would be if the hackers got away with signing keys or source code that would allow them to write their own evil firmware.

So if you’re a gamer, be careful!  Thanks to LowEndTalk admin @DP for sharing the news.

Here’s the press release from MSI:

MSI recently suffered a cyberattack on part of its information systems. Upon detecting network anomalies, the information department promptly activated relevant defense mechanisms and carried out recovery measures, and reported the incident to government law enforcement agencies and cybersecurity units. Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business.

MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.

MSI is committed to protecting the data security and privacy of consumers, employees, and partners, and will continue to strengthen its cybersecurity architecture and management to maintain business continuity and network security in the future.


No Comments

    Leave a Reply

    Some notes on commenting on LowEndBox:

    • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
    • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
    • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

    Your email address will not be published. Required fields are marked *