#1 Trusted Cybersecurity News Platform
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: Dell

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions

November 25, 2022Ravie Lakshmanan
An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the  OpenSSL  cryptographic library, underscoring a supply chain risk. EFI Development Kit, aka  EDK , is an open source implementation of the Unified Extensible Firmware Interface ( UEFI ), which functions as an interface between the operating system and the firmware embedded in the device's hardware. The firmware development environment, which is in its second iteration (EDK II), comes with its own cryptographic package called  CryptoPkg  that, in turn, makes use of services from the OpenSSL project. Per firmware security company Binarly, the firmware image associated with Lenovo Thinkpad enterprise devices was found to use three different versions of OpenSSL: 0.9.8zb, 1.0.0a, and 1.0.2j, the last of which was released in 2018. What's more, one of the firmware modules named InfineonTpmUpdateDxe relied on OpenSSL version 0.9.8zb that was shipped on Au
Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers

Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers

October 03, 2022Ravie Lakshmanan
The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver ( BYOVD ) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter)ception  that's directed against aerospace and defense industries. "The campaign started with spear-phishing emails containing malicious Amazon-themed documents and targeted an employee of an aerospace company in the Netherlands, and a political journalist in Belgium," ESET researcher Peter Kálnai  said . Attack chains unfolded upon the opening of the lure documents, leading to the distribution of malicious droppers that were trojanized versions of open source projects, corroborating recent reports from Google's  Mandiant  and  Microsoft . ESET said it uncovered evid
New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems

New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems

March 22, 2022Ravie Lakshmanan
Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software's  InsydeH2O  and HP Unified Extensible Firmware Interface ( UEFI ). Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the high-severity vulnerabilities are rated 8.2 out of 10 on the CVSS scoring system. "The active exploitation of all the discovered vulnerabilities can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement," firmware security company Binarly, which discovered the latter three flaws,  said  in a write-up. "The remote device health attestation solutions will not detect the affected systems due to the design limitations in visibility of the firmware runtime." All the flaws relate to improper input v
BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models

BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models

June 24, 2021Ravie Lakshmanan
Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device. "As the attacker has the ability to remotely execute code in the pre-boot environment, this can be used to subvert the operating system and undermine fundamental trust in the device," researchers from enterprise device security firm Eclypsium said . "The virtually unlimited control over a device that this attack can provide makes the fruit of the labor well worth it for the attacker." In all, the flaws affect 128 Dell models spanning across consumer and business laptops, desktops, and tablets, totalling an estimated 30 million individual devices. Worse, the weaknesses also impact computers that have  Secure Boot  enabled, a security feature designed to prevent  rootkits from being installed  at boot
BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide

May 05, 2021Ravie Lakshmanan
PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition. The issues, reported to Dell by researchers from SentinelOne on Dec. 1, 2020, reside in a firmware update driver named "dbutil_2_3.sys" that comes pre-installed on its devices. Hundreds of millions of desktops, laptops, notebooks, and tablets manufactured by the company are said to be vulnerable. "Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. Local authenticated user access is required," Dell  said  in an advisory. All five separate flaws have been assigned the CVE identifier CVE-2021-21551 with a CVSS score of 8.8. A breakdown of the shortcomings is as follows -  CVE-2021-21551: Local Elevation Of Privilege
Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices

December 21, 2020Ravie Lakshmanan
A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS versions 8.6 and below. Dell has addressed both the vulnerabilities in an  update  released today. The flaws also have a CVSS score of 10 out of 10, making them critical in severity. Thin clients are typically computers that run from resources stored on a central server instead of a localized hard drive. They work by establishing a remote connection to the server, which takes care of launching and running applications and storing relevant data. Tracked as CVE-2020-29491 and CVE-2020-29492 , the security shortcomings in Wyse's thin clients stem from the fact that the FTP sessions used to pull firmware upd
Dell Releases A New Cybersecurity Utility To Detect BIOS Attacks

Dell Releases A New Cybersecurity Utility To Detect BIOS Attacks

April 14, 2020Wang Wei
Computer manufacturing giant Dell has released a new security tool for its commercial customers that aims to protect their computers from stealthy and sophisticated cyberattacks involving the compromise of the BIOS. Dubbed ' SafeBIOS Events & Indicators of Attack ' (IoA), the new endpoint security software is a behavior-based threat detection system that alerts users when BIOS settings of their computers undergo some unusual changes. BIOS (Basic Input Output System) is a small but highly-privileged program that handles critical operations and starts your computer before handing it over to your operating system. Protecting the BIOS program is crucial because: Changes to the system BIOS settings could allow malicious software to run during the boot process, Once a hacker takes over the BIOS, he can stealthily control the targeted computer and gain access to the data stored on it, Malware in BIOS remains persistent and doesn't get away even when you format or
Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers

Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers

June 21, 2019Swati Khandelwal
Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information. Discovered by security researchers at SafeBreach Labs , the vulnerability, identified as CVE-2019-12280, is a privilege-escalation issue and affects Dell's SupportAssist application for business PCs (version 2.0) and home PCs (version 3.2.1 and all prior versions). Dell SupportAssist, formerly known as Dell System Detect, checks the health of your system's hardware and software, alerting customers to take appropriate action to resolve them. To do so, it runs on your computer with SYSTEM-level permissions. With this high-level privileges, the utility interacts with the Dell Support website and automatically detects Service Tag or Express Service Code of your Dell product, scans the existing device d
Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking

Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking

May 02, 2019Mohit Kumar
If you use a Dell computer, then beware — hackers could compromise your system remotely. Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers . Dell SupportAssist , formerly known as Dell System Detect , checks the health of your computer system's hardware and software. The utility has been designed to interact with the Dell Support website and automatically detect Service Tag or Express Service Code of your Dell product, scan the existing device drivers and install missing or available driver updates, as well as perform hardware diagnostic tests. If you are wondering how it works, Dell SupportAssist in the background runs a web server locally on the user system, either on port 8884, 8883, 8886, or port 8885, and accepts various commands as URL parameters to perform some-predefined tasks on the computer, like collecting
Record-Breaking Deal: Dell to Buy EMC for $67 Billion

Record-Breaking Deal: Dell to Buy EMC for $67 Billion

October 12, 2015Wang Wei
Yes, Dell is going to acquire data storage company EMC in a deal worth $67 BILLLLLLION – the largest tech deal of all time. It's record-breaking... Computing giant Dell on Monday finally confirmed that the company is indeed going to purchase the company for creating what it calls " the world's largest privately-controlled, integrated technology company. " Most of you might not have heard of EMC corporation, but it is a tech titan that operates many of the services you use nowadays. EMC offers data center storage and data processing for big technology companies, and now it is been acquired by Dell. " The combination of Dell and EMC creates an enterprise solutions powerhouse bringing our customers industry leading innovation across their entire technology environment, " Michael Dell, CEO and chairman of Dell, said in a statement . The acquisition will benefit Dell to create a new company that will sell a broad range of both consumer as well as
Deals — IT Courses and Software

Sign up for our cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.