Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Dell. Show all posts

Dell API Abused to Steal 49 Million Customer Records in Data Breach


The threat actor responsible for the recent Dell data breach stated that he scraped information from 49 million customer records via a partner portal API that he accessed as a phony organization.

Dell had begun sending alerts to customers informing them that their personal information had been stolen in a data breach.

The Breach

This data breach compromised customer order data, which included warranty information, service tags, customer names, installed locations, customer numbers, and order numbers.

On April 28th, a threat actor, Menelik, posted the data for sale on the Breached hacking forum, but the administrators quickly removed the post. 

Menelik said that they were able to obtain the data after discovering a portal where partners, distributors, and merchants could look up order information.

Menelik claims that by opening many identities under bogus firm names, he could gain access to the portal within two days without verification.

Registering as a Partner is quite simple. You simply fill out an application form, Menelik explained.

APIs are being exploited in data breaches

Easy-to-access APIs have become a major business liability in recent years, with threat actors exploiting them to scrape sensitive data and sell it to other threat actors.

Threat actors linked phone numbers to approximately 500 million accounts in 2021 by exploiting a Facebook API issue. This data was leaked nearly for free on a hacking site, requiring only an account and a $2 fee to get it.

Later that year, in December, threat actors used a Twitter API flaw to connect millions of phone numbers and email addresses to Twitter accounts, which were then sold on hacking forums.

Lessons Learned

This breach serves as a stark reminder of several critical lessons:

API Security Matters: APIs are essential for seamless communication between systems, but their security must not be overlooked. Regular audits and robust access controls are crucial.

Third-Party Risks: Partner portals and third-party integrations can introduce vulnerabilities. Companies must assess and monitor these connections rigorously.

Data Minimization: Collect only the data necessary for business operations. The less data stored, the less there is to lose.

Incident Response: Dell’s swift response demonstrates the importance of having an effective incident response plan. Preparedness matters.

The Scale

The sheer volume of compromised records—49 million—underscores the severity of the breach. Such a massive data leak can have far-reaching consequences for affected individuals. From identity theft to targeted phishing attacks, the fallout can be extensive.

Dell’s Response

Dell promptly detected the breach and took action. They notify affected customers about the incident, urging them to be cautious and vigilant. Additionally, Dell is enhancing security protocols to prevent similar incidents in the future.

Dell Data Breach Exposes Personal Information Of 49 Million

 




Dell, the renowned computer manufacturer, has issued a cautionary notice to its customers regarding a disconcerting data breach. The breach, which affects an estimated 49 million customers, involves unauthorised access to an online portal containing sensitive customer information. Dell has disclosed that the breached data includes customers' names, physical addresses, and detailed information regarding Dell hardware purchases such as service tags, item descriptions, order dates, and related warranty details. Notably, the compromised information excludes financial details, email addresses, and telephone numbers. Dell accentuated its collaboration with law enforcement and a third-party forensics firm to thoroughly investigate the breach. While Dell declined to specify the number of affected individuals, it assures ongoing efforts to address the incident.

Data for Sale on the Dark Web

Disturbingly, reports have surfaced indicating that a threat actor, operating under the pseudonym Menelik, endeavoured to sell a database containing Dell customer information on a prominent hacking forum. The compromised data encompasses purchases spanning from 2017 to 2024, affecting a staggering 49 million customers. While Dell's initial notification primarily encompasses personal purchases, the breadth of the breach extends its tendrils to affect consumers, enterprises, partners, and educational institutions alike.

In the wake of such an imminent breach, customers are vehemently advised to exercise utmost caution against potential phishing attacks. Armed with comprehensive customer information, malicious actors may orchestrate targeted scams through various mediums, ranging from deceptive emails to physical mail. The criticality of vigilance cannot be overstated, as hackers may employ sophisticated tactics, such as tech support or invoice scams, to extract sensitive information from unsuspecting victims. Furthermore, there exists a palpable risk of malware dissemination through malicious flash drives, underscoring the imperative for users to exercise discretion when interacting with external storage devices.

In response to the breach, Dell has initiated a rigorous investigation, leveraging the expertise of law enforcement agencies and third-party forensic specialists. While the company reassures customers that no financial or payment data, email addresses, or telephone numbers were compromised, it acknowledges the severity of the breach and the pressing need for proactive measures to secure customer data security.

As investigations progress, affected customers are implored to remain informed and enact robust security measures to mitigate the inherent risks associated with potential phishing and malware attacks, thereby safeguarding their sensitive personal information from malicious exploitation.





Dell Launches Innovative Generative AI Tool for Model Customization

Dell has introduced a groundbreaking Generative AI tool poised to reshape the landscape of model customization. This remarkable development signifies a significant stride forward in artificial intelligence, with the potential to revolutionize a wide array of industries. 

Dell, a trailblazer in technology solutions, has harnessed the power of Generative AI to create a tool that empowers businesses to customize models with unprecedented precision and efficiency. This tool comes at a pivotal moment when the demand for tailored AI solutions is higher than ever before. 

The tool's capabilities have been met with widespread excitement and acclaim from experts in the field. Steve McDowell, a prominent technology analyst, emphasizes the significance of Dell's venture into Generative AI. He notes, "Dell's deep dive into Generative AI showcases their commitment to staying at the forefront of technological innovation."

One of the key features that sets Dell's Generative AI tool apart is its versatility. It caters to a diverse range of industries, from healthcare to finance, manufacturing to entertainment. This adaptability ensures that businesses of all sizes and sectors can harness the power of AI to meet their specific needs.

Furthermore, Dell's tool comes equipped with a user-friendly interface, making it accessible to both seasoned AI experts and those new to the field. This democratization of AI customization is a pivotal step towards creating a more inclusive and innovative technological landscape.

The enhanced hardware and software portfolio accompanying this release further cements Dell's commitment to providing comprehensive solutions. By covering an extensive range of use cases, Dell ensures that businesses can integrate AI seamlessly into their operations, regardless of their industry or specific requirements.

Technology innovator Dell has used the potential of generative AI to develop a platform that enables companies to customize models with previously unheard-of accuracy and effectiveness. This technology is released at a critical time when there is a greater-than-ever need for customized AI solutions.

A significant development in the development of artificial intelligence is the release of Dell's Generative AI tool. Its ability to fundamentally alter model customization in a variety of industries is evidence of Dell's unwavering commitment to technical advancement. With this tool, Dell is laying the groundwork for a time when everyone may access and customize AI, in addition to offering a strong solution. 

Several Dell Systems are Affected by New BIOS Bugs

 

Active exploitation of all of the identified problems cannot be detected by firmware integrity monitoring systems, as per Firmware Insyde Software's InsydeH2O and HP Unified Extensible Firmware Interface (UEFI), which discovered the vulnerabilities. As previously stated, secure remote health attestation systems are unable to detect compromised systems due to technical limitations. 

The high-severity vulnerabilities are identified as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421 on the CVSS scoring system. 

All of the weaknesses are related to poor input validation vulnerabilities in the firmware's System Management Mode (SMM), permitting a local privileged attacker to execute arbitrary code via the management system interrupt (SMI). System Management Mode in x86 microcontrollers is a special-purpose CPU mode for performing system-wide functions like power efficiency, hardware and system control, temperature monitoring, and other exclusive manufacturer-developed code. 

A non-maskable interrupt (SMI) is activated at runtime whenever one of these tasks is requested, and SMM code installed by the BIOS is executed. The method is ripe for misuse because SMM code runs at the greatest privilege level and is transparent to the underlying operating system, making it ideal for implanting persistent firmware. A variety of Dell products are affected, including the Alienware, Inspiron, Vostro, and Edge Gateway 3000 Series, with the Texas-based PC company advising customers to replace their BIOS as soon as possible. 

"The ongoing identification of these vulnerabilities demonstrates what we call repeatable failures' around input cleanliness or, in general, insecure coding habits," according to Binarly researchers. "These errors are directly related to the codebase's complexity or support for legacy components which receive less security attention but are nevertheless frequently used in the field. In many cases, the same vulnerability can be addressed numerous times, yet the attack surface's complexity still leaves open gaps for malicious exploitation." 

Dell SupportAssist is a program which manages support functions such as troubleshooting and recovery on Windows-based Dell workstations. The BIOSConnect feature can be used to restore a corrupted operating system as well as upgrade firmware. 

The functionality does this by connecting to Dell's cloud infrastructure and pulling required code to a user's device. 

Dell and AWS Partner to Prevent Customer Data from Cyberattacks

 

Dell Technology has partnered with AWS (Amazon Web Services) to safeguard customer data from cyberattacks by incorporating Dell's cyber recovery solution to the AWS Marketplace with the release of Dell EMC PowerProtect Cyber Recovery for AWS. Outdated cybersecurity firms are finding it difficult to prevent against malware and cyberattacks. With an increase in with from home culture and remote work since past two years, cybersecurity throughout the internet and cloud platforms has become more sophisticated. 

During the same time, the number of ransomware, malware, and hacking attacks has risen drastically, with more than 33% of organizations suffering ransomware breaches. Even amateur threat actors use RaaS (ransomware as a service) platforms to execute efficient and sophisticated cyber attacks. Via the AWS Marketplace, consumers can easily buy and use air tight cyber vault from Dell, to help safeguard and separate data away from a ransomware attack. 

Dell EMC PowerProtect Cyber Recovery for AWS offers multiple levels of protection with a unique approach that helps AWS customers to start normal business task easily and without any fear after a ransomware attack. In a statement, Dell said "the solution moves a customer’s critical data away from the attack surface, physically and logically isolating it with a secure, automated operational air gap. Unlike standard backup solutions, this air gap locks down management interfaces, requiring separate security credentials and multi-factor authentication for access." 

Nowadays, organizations are adopting various IT infrastructures across the on-premises environment and public cloud, data safety solutions can help in robust data security. Dell EMC PowerProtect Cyber Recovery for AWS offers customers help via addressing the rising risks of ransomware and different cyberattacks. Dell VP of data protection product management, David Noy said "data is a strategic asset and protecting it against ransomware and other cyberattacks is critical for organizations to make informed decisions about their business and thrive in today’s digital economy."