Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device.

“As the attacker has the ability to remotely execute code in the pre-boot environment, this can be used to subvert the operating system and undermine fundamental trust in the device,” researchers from enterprise device security firm Eclypsium said. “The virtually unlimited control over a device that this attack can provide makes the fruit of the labour well worth it for the attacker.”

In all, the flaws affect 128 Dell models spanning across consumer and business laptops, desktops, and tablets, totalling an estimated 30 million individual devices. Worse, the weaknesses also impact computers that have Secure Boot enabled, a security feature designed to prevent rootkits from being installed at boot time in memory.

BIOSConnect offers network-based boot recovery, allowing the BIOS to connect to Dell’s backend servers via HTTPS to download an operating system image, thereby enabling users to recover their systems when the local disk image is corrupted, replaced, or absent.

Successful exploitation of the flaws could mean loss of device integrity, what with the attacker capable of remotely executing malicious code in the pre-boot environment that could alter the initial state of the operating system and break OS-level security protections.

images from Hacker News

Enterprise applications used to live securely in data centres and office employees connected to internal networks using company-managed laptops or desktops. And data was encircled by a walled perimeter to keep everything safe.

All that changed in the last 18 months. Businesses and employees had to adapt quickly to cloud technology and remote work. The cloud gave businesses the agility to respond faster to change and the scale to accommodate rapid growth. Remote work boosted productivity by letting employees access cloud data from anywhere on any device.

This is not business as usual. The data centre and the perimeter security are no longer the centre of the universe. Now remote workers, personal mobile devices, applications, and data are in the middle.

Although employees, applications, and data have left the building, IT security teams still shoulder the responsibility for protecting confidential data and ensuring compliance with strict privacy regulations. The risk of not doing so can be costly.

Register for this upcoming webinar to learn how to reduce risk with integrated endpoint-to-cloud security.

images from Hacker News

Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on (SSO) capability.

“With just one click, an attacker could have used the flaws to get access to Atlassian’s publish Jira system and get sensitive information, such as security issues on Atlassian cloud, Bitbucket and on premise products,” Check Point Research said in an analysis shared with The Hacker News.

After the issues were reported to Atlassian on Jan. 8, 2021, the Australian company deployed a fix as part of its updates rolled out on May 18. The sub-domains affected by the flaws include –

• jira.atlassian.com
• confluence.atlassian.com
• getsupport.atlassian.com
• partners.atlassian.com
• developer.atlassian.com
• support.atlassian.com
• training.atlassian.com

images from Hacker News

VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems.

The vulnerability, identified as CVE-2021-21998, is rated 9.4 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and affects App Control (AppC) versions 8.0.x, 8.1.x, 8.5.x, and 8.6.x.

Carbon Black App Control is a security solution designed to lock down critical systems and servers to prevent unauthorized changes in the face of cyber-attacks and ensure compliance with regulatory mandates such as PCI-DSS, HIPAA, GDPR, SOX, FISMA, and NERC.

“A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate,” the California-based cloud computing and virtualization technology company said in an advisory.

CVE-2021-21998 is the second time VMware is addressing an authentication bypass issue in its Carbon Black endpoint security software. Earlier this April, the company fixed an incorrect URL handling vulnerability in the Carbon Black Cloud Workload appliance (CVE-2021-21982) that could be exploited to gain access to the administration API.

images from Hacker News

Controversial mogul and antivirus pioneer John McAfee on Wednesday died by suicide in a jail cell in Barcelona, hours after reports that he would be extradited to face federal charges in the U.S.

McAfee was 75. He is said to have died by hanging “as his nine months in prison brought him to despair,” according to McAfee’s lawyer Javier Villalba, Reuters reported. Security personnel at the Brians 2 prison tried to revive McAfee, but he was eventually declared dead, per Associated Press.

News of his death comes after Spain’s National Court approved his extradition to the U.S. to face federal criminal tax evasion charges.

McAfee worked for NASA, Xerox, and Lockheed Martin before launching the world’s first commercial antivirus software in 1987. He later resigned from the namesake security firm in 1994.

images from Hacker News