Security News

Eclypsium said on Monday that, despite years of warnings from experts - and examples of rare in-the-wild attacks, such as the NSA's hard drive implant - devices continue to accept unsigned firmware. The infosec biz said a miscreant able to alter the firmware on a system - such as by intercepting or vandalizing firmware downloads, or meddling with a device using malware or as a rogue user - can do so to insert backdoors and spyware undetected, due to the lack of cryptographic checks and validations of the low-level software.

Dell Technologies on Tuesday said that it has agreed to sell its RSA Security unit to a private equity group for roughly $2.075 billion in cash. Under the terms of the agreement, a consortium led by Symphony Technology Group, Ontario Teachers' Pension Plan Board and AlpInvest Partners, will acquire RSA assets including RSA Archer, RSA NetWitness Platform, RSA SecurID, RSA Fraud and Risk Intelligence and the RSA Conference.

Dell Technologies has agreed to sell its RSA security division to private equity firm Symphony Technology Group in an all cash deal worth more than $2 billion, the companies announced Tuesday. Dell acquired RSA in 2016, along with VMware and Pivotal, as part of a blockbuster $67 billion deal for EMC, a company best known for its storage products.

Dell Technologies is flogging its infosec business RSA for $2.075bn as it tries to reduce its longstanding debt. "The transaction will further simplify our business and product portfolio. It also allows Dell Technologies to focus on our strategy to build automated and intelligent security into infrastructure, platforms and devices to keep data safe, protected and resilient."

TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP laptops and the Wi-Fi adapter on Dell XPS laptops were all found to lack secure firmware update mechanisms with proper code-signing. Eclypsium researchers analyzed a Lenovo ThinkPad X1 Carbon 6th Gen laptop, which contains two vulnerable firmware mechanisms: Touchpad firmware and TrackPoint firmware.

Users of Dell SupportAssist should patch their software immediately to fix a software bug that could lead to arbitrary code execution, the PC vendor said this week. SupportAssist is a Dell software product that comes preinstalled on most of its Windows-based endpoints.

Dell has copped to a flaw in SupportAssist - a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS - that allows local hackers to load malicious files with admin privileges. SupportAssist scans the system's hardware and software, and when an issue is detected, it sends the necessary system state information to Dell for troubleshooting to begin.

A researcher has discovered another DLL hijacking vulnerability in Dell SupportAssist that can be used to execute code with elevated privileges, and exploitation only requires low permissions. In an advisory published last week, Dell revealed that Dell SupportAssist for both business and home PCs is affected by an uncontrolled search path vulnerability that allows a local user with low privileges to execute arbitrary code with elevated permissions by getting the SupportAssist binaries to load arbitrary DLLs. The flaw, tracked as CVE-2020-5316 and classified as high severity, has been patched by Dell with the release of SupportAssist for business PCs version 2.1.4 and SupportAssist for home PCs version 3.4.1.

Dell has patched a high-severity flaw in its SupportAssist software that could allow an attacker to execute arbitrary code with administrator privileges on affected computers. The flaw, an uncontrolled search path vulnerability that is being tracked as CVE-2020-5316, could allow a locally authenticated user with low privileges to "Cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code," Dell wrote in its explanation of the bug.

Vulnerabilities in Dell and HP laptops could allow an attacker to access information and gain kernel privileges via the devices' Direct Memory Access capability. "This can allow an attacker to execute kernel code on the system, insert a wide variety of kernel implants and perform a host of additional activity such as spawning system shells or removing password requirements."