Security News

Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller software impact server equipment used in many cloud service and data center providers. The flaws were discovered by Eclypsium in August 2022 and could enable attackers, under certain conditions, to execute code, bypass authentication, and perform user enumeration.

An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk. The firmware development environment, which is in its second iteration, comes with its own cryptographic package called CryptoPkg that, in turn, makes use of services from the OpenSSL project.

The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter)ception that's directed against aerospace and defense industries.

The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack. ESET reports that among the tools deployed in this campaign, the most interesting is a new FudModule rootkit that abuses a BYOVD technique to exploit a vulnerability in a Dell hardware driver for the first time.

Dell storage customers interviewed are achieving a 60% savings over six years when they use Technology Rotation for their storage needs compared to purchasing the storage. To understand the benefits of storage refreshes and costs associated with aging storage infrastructure, IDC conducted two analyses based on interviews with study participants that.

A Moscow Arbitration Court has reportedly seized almost $11 million belonging to Dell LLC after the company failed to provide paid-for services to a local system integrator. IT systems integrator Talmer sued Dell early last month when the American computer giant declined to provide technical support services for VMware as previously agreed.

Dell is partnering with high-profile cloud-based data analytics vendor Snowflake to enable organizations to take the data they're keeping in their data centers in Dell object storage and run it in Snowflake's Data Cloud while keeping the data on premises or copying it to the public cloud, an important capability for companies with data sovereignty or privacy concerns who can't freely move it around. In another move to bridge the gap between data stored in central data center and in public clouds, Dell at the show is demonstrating how its block and file storage platforms can run in public clouds and how companies can buy the software as a managed service via cloud credits.

Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software's InsydeH2O and HP Unified Extensible Firmware Interface. "The active exploitation of all the discovered vulnerabilities can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module measurement," firmware security company Binarly, which discovered the latter three flaws, said in a write-up.

Two data protection solutions, Dell Data Protection and McAfee Complete Data Protection, can provide protection against hackers and other bad actors. Dell Data Protection is a data protection solution with multiple products targeting data and folder encryption, BitLocker management as well as self-encrypting device management.

Dell won't include Microsoft's Pluton technology in most of its commercial PCs, telling The Register: "Pluton does not align with Dell's approach to hardware security and our most secure commercial PC requirements." Microsoft launched to much fanfare its Pluton security layer for PCs in 2020 after developing it with Intel, AMD, and Qualcomm.