Security News

Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors. Blackwing Intelligence security researchers discovered vulnerabilities during research sponsored by Microsoft's Offensive Research and Security Engineering to assess the security of the top three embedded fingerprint sensors used for Windows Hello fingerprint authentication.

An unfixed hardcoded encryption key flaw in Dell's Compellent Integration Tools for VMware (CITV) allows attackers to decrypt stored vCenter admin credentials and retrieve the cleartext password. [...]

Read our interview from Dell Technologies World 2023 about cloud and edge workloads and Dell's NativeEdge product. To get into the details, I spoke with Aaron Chaisson, Dell Technologies' vice president of telecom and edge solutions marketing, at Dell Technologies World in Las Vegas.

According to the Dell Global Data Protection Index, 67% of 1,000 IT decision-makers globally aren't very confident that their data across all public clouds is protected. At Dell Technologies World 2023, I spoke with Rob Emsley, the director of product marketing for data protection at Dell Technologies, about the changing world of data protection.

Throughout the first day of the conference, CEO Michael Dell and fellow executives drilled down into what AI could do for enterprises beyond ChatGPT. "Enterprises are going to be able to train far simpler AI models on specific, confidential data less expensively and securely, driving breakthroughs in productivity and efficiency," Michael Dell said. Dell's solution, Project Helix, is a full stack, on-premises offering in which companies train and guide their own proprietary AI. For example, a company might deploy a large language model to read all of the knowledge articles on its website and answer a user's questions based on a summary of those articles, said Forrester analyst Rowan Curran.

Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller software impact server equipment used in many cloud service and data center providers. The flaws were discovered by Eclypsium in August 2022 and could enable attackers, under certain conditions, to execute code, bypass authentication, and perform user enumeration.

An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk. The firmware development environment, which is in its second iteration, comes with its own cryptographic package called CryptoPkg that, in turn, makes use of services from the OpenSSL project.

The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter)ception that's directed against aerospace and defense industries.

The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack. ESET reports that among the tools deployed in this campaign, the most interesting is a new FudModule rootkit that abuses a BYOVD technique to exploit a vulnerability in a Dell hardware driver for the first time.

Dell storage customers interviewed are achieving a 60% savings over six years when they use Technology Rotation for their storage needs compared to purchasing the storage. To understand the benefits of storage refreshes and costs associated with aging storage infrastructure, IDC conducted two analyses based on interviews with study participants that.