Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Dell. Show all posts
WorldLeaks ransomware
Data Breach Dell Dell Solution Center hack synthetic data cybersecurity WorldLeaks ransomware

Dell Confirms Breach of Demo Platform by WorldLeaks-Linked Hackers, No Sensitive Data Compromised

 

Dell Technologies has confirmed that one of its internal platforms used for showcasing products was recently accessed by a hacker. The company assured that no sensitive or customer-related data was exposed during the incident.

In an official statement to Recorded Future News, Dell explained that the breach affected its Solution Center—a tool built specifically to simulate Dell products and test proof-of-concept scenarios for commercial clients.

A Dell representative clarified, “The site is intentionally separated from customer and partner systems, as well as Dell’s networks and is not used in the provision of services to Dell customers.”

The company also emphasized that the information within the platform largely consists of synthetic data. “Based on our ongoing investigation, the data obtained by the threat actor is primarily synthetic, publicly available or Dell systems/test data,” the spokesperson added.

Although Dell did not disclose the exact timeline of the attack or identify the perpetrators, the WorldLeaks ransomware group has claimed responsibility. The gang reportedly evolved from the now-defunct Hunters International, a group known for several high-profile cyberattacks including those on the U.S. Marshals Service, Namibia’s state-run telecom company, and a Seattle-based cancer treatment center.

Cybersecurity analysts at Group-IB believe that members of WorldLeaks may have past affiliations with the Hive ransomware operation, which was dismantled by law enforcement in 2023.

Recently, Google incident responders also connected a series of data theft attacks involving outdated SonicWall appliances to the same threat actors behind WorldLeaks.

Dell, which generated $95.6 billion in revenue last fiscal year, remains one of the world’s leading hardware manufacturers.
Read more »
uber
Cisco Dell Jobs Layoffs SAP Tech Industry Technology Tesla uber

Big Tech Troubles: Tough Market Conditions Cause 150,00 Job Cuts

Big Tech Troubles: Tough Market Conditions Causes 150,00 Job Cuts


The tech industry has been hit by a wave of layoffs, with over 150,000 workers losing their jobs at major companies like Microsoft, Tesla, Cisco, and Intel. As the market adapts to new economic realities, tech firms are restructuring to reduce costs and align with evolving demands. Below are key instances of these workforce reductions.

Major Workforce Reductions

Intel: To save $10 billion by 2025, Intel has announced layoffs affecting 15,000 employees—approximately 15% of its workforce. The company is scaling back on marketing, capital expenditures, and R&D to address significant financial challenges in a competitive market.

Tesla: Tesla has reduced its workforce by 20,000 employees, impacting junior staff and senior executives alike. Departments like the Supercharging team were hit hardest. According to Bloomberg, these layoffs may account for up to 20% of Tesla's workforce.

Cisco: Cisco has laid off 10,000 employees in two rounds this year—a 5% reduction in February followed by another 7%. CEO Chuck Robbins noted that these changes aim to focus on areas like cybersecurity and AI while adapting to a “normalized demand environment.”

Restructuring Across the Sector

SAP: Enterprise software giant SAP is undergoing a restructuring process affecting 8,000 employees, roughly 7% of its global workforce. This initiative seeks to streamline operations and prioritize future growth areas.

Uber: Since the COVID-19 pandemic, Uber has laid off 6,700 employees, closing some business units and shifting focus away from ventures like self-driving cabs. These adjustments aim to stabilize operations amid shifting market demands.

Economic Shifts Driving Layoffs

Dell: In its second round of layoffs in two years, Dell has cut 6,000 jobs due to declining PC market demand. Additional cuts are anticipated as the company seeks to address cost pressures in a tough economic environment.

These layoffs reflect broader economic shifts as tech companies streamline operations to navigate challenges and focus on strategic priorities like AI, cybersecurity, and operational efficiency.

Read more »
Dell
API Data Breach Data Leak data security Dell

Dell API Abused to Steal 49 Million Customer Records in Data Breach


The threat actor responsible for the recent Dell data breach stated that he scraped information from 49 million customer records via a partner portal API that he accessed as a phony organization.

Dell had begun sending alerts to customers informing them that their personal information had been stolen in a data breach.

The Breach

This data breach compromised customer order data, which included warranty information, service tags, customer names, installed locations, customer numbers, and order numbers.

On April 28th, a threat actor, Menelik, posted the data for sale on the Breached hacking forum, but the administrators quickly removed the post. 

Menelik said that they were able to obtain the data after discovering a portal where partners, distributors, and merchants could look up order information.

Menelik claims that by opening many identities under bogus firm names, he could gain access to the portal within two days without verification.

Registering as a Partner is quite simple. You simply fill out an application form, Menelik explained.

APIs are being exploited in data breaches

Easy-to-access APIs have become a major business liability in recent years, with threat actors exploiting them to scrape sensitive data and sell it to other threat actors.

Threat actors linked phone numbers to approximately 500 million accounts in 2021 by exploiting a Facebook API issue. This data was leaked nearly for free on a hacking site, requiring only an account and a $2 fee to get it.

Later that year, in December, threat actors used a Twitter API flaw to connect millions of phone numbers and email addresses to Twitter accounts, which were then sold on hacking forums.

Lessons Learned

This breach serves as a stark reminder of several critical lessons:

API Security Matters: APIs are essential for seamless communication between systems, but their security must not be overlooked. Regular audits and robust access controls are crucial.

Third-Party Risks: Partner portals and third-party integrations can introduce vulnerabilities. Companies must assess and monitor these connections rigorously.

Data Minimization: Collect only the data necessary for business operations. The less data stored, the less there is to lose.

Incident Response: Dell’s swift response demonstrates the importance of having an effective incident response plan. Preparedness matters.

The Scale

The sheer volume of compromised records—49 million—underscores the severity of the breach. Such a massive data leak can have far-reaching consequences for affected individuals. From identity theft to targeted phishing attacks, the fallout can be extensive.

Dell’s Response

Dell promptly detected the breach and took action. They notify affected customers about the incident, urging them to be cautious and vigilant. Additionally, Dell is enhancing security protocols to prevent similar incidents in the future.

Read more »
phishing
Data Breach database Dell Hacking Personal Information phishing

Dell Data Breach Exposes Personal Information Of 49 Million

 




Dell, the renowned computer manufacturer, has issued a cautionary notice to its customers regarding a disconcerting data breach. The breach, which affects an estimated 49 million customers, involves unauthorised access to an online portal containing sensitive customer information. Dell has disclosed that the breached data includes customers' names, physical addresses, and detailed information regarding Dell hardware purchases such as service tags, item descriptions, order dates, and related warranty details. Notably, the compromised information excludes financial details, email addresses, and telephone numbers. Dell accentuated its collaboration with law enforcement and a third-party forensics firm to thoroughly investigate the breach. While Dell declined to specify the number of affected individuals, it assures ongoing efforts to address the incident.

Data for Sale on the Dark Web

Disturbingly, reports have surfaced indicating that a threat actor, operating under the pseudonym Menelik, endeavoured to sell a database containing Dell customer information on a prominent hacking forum. The compromised data encompasses purchases spanning from 2017 to 2024, affecting a staggering 49 million customers. While Dell's initial notification primarily encompasses personal purchases, the breadth of the breach extends its tendrils to affect consumers, enterprises, partners, and educational institutions alike.

In the wake of such an imminent breach, customers are vehemently advised to exercise utmost caution against potential phishing attacks. Armed with comprehensive customer information, malicious actors may orchestrate targeted scams through various mediums, ranging from deceptive emails to physical mail. The criticality of vigilance cannot be overstated, as hackers may employ sophisticated tactics, such as tech support or invoice scams, to extract sensitive information from unsuspecting victims. Furthermore, there exists a palpable risk of malware dissemination through malicious flash drives, underscoring the imperative for users to exercise discretion when interacting with external storage devices.

In response to the breach, Dell has initiated a rigorous investigation, leveraging the expertise of law enforcement agencies and third-party forensic specialists. While the company reassures customers that no financial or payment data, email addresses, or telephone numbers were compromised, it acknowledges the severity of the breach and the pressing need for proactive measures to secure customer data security.

As investigations progress, affected customers are implored to remain informed and enact robust security measures to mitigate the inherent risks associated with potential phishing and malware attacks, thereby safeguarding their sensitive personal information from malicious exploitation.





Read more »
Tech Industry
AI technology AI-powered tool API Artifical Intelligence Cyber Security Dell generative AI tools Software Tech Industry

Dell Launches Innovative Generative AI Tool for Model Customization

Dell has introduced a groundbreaking Generative AI tool poised to reshape the landscape of model customization. This remarkable development signifies a significant stride forward in artificial intelligence, with the potential to revolutionize a wide array of industries. 

Dell, a trailblazer in technology solutions, has harnessed the power of Generative AI to create a tool that empowers businesses to customize models with unprecedented precision and efficiency. This tool comes at a pivotal moment when the demand for tailored AI solutions is higher than ever before. 

The tool's capabilities have been met with widespread excitement and acclaim from experts in the field. Steve McDowell, a prominent technology analyst, emphasizes the significance of Dell's venture into Generative AI. He notes, "Dell's deep dive into Generative AI showcases their commitment to staying at the forefront of technological innovation."

One of the key features that sets Dell's Generative AI tool apart is its versatility. It caters to a diverse range of industries, from healthcare to finance, manufacturing to entertainment. This adaptability ensures that businesses of all sizes and sectors can harness the power of AI to meet their specific needs.

Furthermore, Dell's tool comes equipped with a user-friendly interface, making it accessible to both seasoned AI experts and those new to the field. This democratization of AI customization is a pivotal step towards creating a more inclusive and innovative technological landscape.

The enhanced hardware and software portfolio accompanying this release further cements Dell's commitment to providing comprehensive solutions. By covering an extensive range of use cases, Dell ensures that businesses can integrate AI seamlessly into their operations, regardless of their industry or specific requirements.

Technology innovator Dell has used the potential of generative AI to develop a platform that enables companies to customize models with previously unheard-of accuracy and effectiveness. This technology is released at a critical time when there is a greater-than-ever need for customized AI solutions.

A significant development in the development of artificial intelligence is the release of Dell's Generative AI tool. Its ability to fundamentally alter model customization in a variety of industries is evidence of Dell's unwavering commitment to technical advancement. With this tool, Dell is laying the groundwork for a time when everyone may access and customize AI, in addition to offering a strong solution. 
Read more »
Vulnerability and Exploits
BIOS Virus Code Execution Flaw Dell System Breach Vulnerabilities and Exploits Vulnerability and Exploits

Several Dell Systems are Affected by New BIOS Bugs

 

Active exploitation of all of the identified problems cannot be detected by firmware integrity monitoring systems, as per Firmware Insyde Software's InsydeH2O and HP Unified Extensible Firmware Interface (UEFI), which discovered the vulnerabilities. As previously stated, secure remote health attestation systems are unable to detect compromised systems due to technical limitations. 

The high-severity vulnerabilities are identified as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421 on the CVSS scoring system. 

All of the weaknesses are related to poor input validation vulnerabilities in the firmware's System Management Mode (SMM), permitting a local privileged attacker to execute arbitrary code via the management system interrupt (SMI). System Management Mode in x86 microcontrollers is a special-purpose CPU mode for performing system-wide functions like power efficiency, hardware and system control, temperature monitoring, and other exclusive manufacturer-developed code. 

A non-maskable interrupt (SMI) is activated at runtime whenever one of these tasks is requested, and SMM code installed by the BIOS is executed. The method is ripe for misuse because SMM code runs at the greatest privilege level and is transparent to the underlying operating system, making it ideal for implanting persistent firmware. A variety of Dell products are affected, including the Alienware, Inspiron, Vostro, and Edge Gateway 3000 Series, with the Texas-based PC company advising customers to replace their BIOS as soon as possible. 

"The ongoing identification of these vulnerabilities demonstrates what we call repeatable failures' around input cleanliness or, in general, insecure coding habits," according to Binarly researchers. "These errors are directly related to the codebase's complexity or support for legacy components which receive less security attention but are nevertheless frequently used in the field. In many cases, the same vulnerability can be addressed numerous times, yet the attack surface's complexity still leaves open gaps for malicious exploitation." 

Dell SupportAssist is a program which manages support functions such as troubleshooting and recovery on Windows-based Dell workstations. The BIOSConnect feature can be used to restore a corrupted operating system as well as upgrade firmware. 

The functionality does this by connecting to Dell's cloud infrastructure and pulling required code to a user's device. 
Read more »
Technology
AWS Cyberattacks Dell Ransomware ransomware attacks Technology

Dell and AWS Partner to Prevent Customer Data from Cyberattacks

 

Dell Technology has partnered with AWS (Amazon Web Services) to safeguard customer data from cyberattacks by incorporating Dell's cyber recovery solution to the AWS Marketplace with the release of Dell EMC PowerProtect Cyber Recovery for AWS. Outdated cybersecurity firms are finding it difficult to prevent against malware and cyberattacks. With an increase in with from home culture and remote work since past two years, cybersecurity throughout the internet and cloud platforms has become more sophisticated. 

During the same time, the number of ransomware, malware, and hacking attacks has risen drastically, with more than 33% of organizations suffering ransomware breaches. Even amateur threat actors use RaaS (ransomware as a service) platforms to execute efficient and sophisticated cyber attacks. Via the AWS Marketplace, consumers can easily buy and use air tight cyber vault from Dell, to help safeguard and separate data away from a ransomware attack. 

Dell EMC PowerProtect Cyber Recovery for AWS offers multiple levels of protection with a unique approach that helps AWS customers to start normal business task easily and without any fear after a ransomware attack. In a statement, Dell said "the solution moves a customer’s critical data away from the attack surface, physically and logically isolating it with a secure, automated operational air gap. Unlike standard backup solutions, this air gap locks down management interfaces, requiring separate security credentials and multi-factor authentication for access." 

Nowadays, organizations are adopting various IT infrastructures across the on-premises environment and public cloud, data safety solutions can help in robust data security. Dell EMC PowerProtect Cyber Recovery for AWS offers customers help via addressing the rising risks of ransomware and different cyberattacks. Dell VP of data protection product management, David Noy said "data is a strategic asset and protecting it against ransomware and other cyberattacks is critical for organizations to make informed decisions about their business and thrive in today’s digital economy."
Read more »
Subscribe to: Posts (Atom)