Latest news with #PhilippeLaulheret
Yahoo
06-08-2025
- Yahoo
Security flaw found, fixed that could have left millions of Dell laptops vulnerable, researchers say
By AJ Vicens (Reuters) -A flaw in the chips used to secure tens of millions of Dell laptops could have given attackers the ability to steal sensitive data as well as maintain access even after a fresh operating system install, researchers with Cisco Talos said Tuesday. The previously unreported analysis, validated by Dell in a June security advisory, affected more than 100 models of Dell laptops, according to the company, and targeted a chip in the computer that stores passwords, biometric data and security codes, and installs fingerprint, smartcard and near-field communications drivers and firmware. There is no indication that the vulnerabilities have been exploited in the wild, according to the researchers, and Dell issued patches for the devices in March, April and May, with an overall security advisory published June 13. The vulnerabilities are specific to the Broadcom BCM5820X chip used by Dell in its ControlVault security firmware and software. The flaw affects laptop models common in the cybersecurity industry and government settings, according to Philippe Laulheret, the senior vulnerability researcher at Cisco Talos who discovered and led the analysis. 'Sensitive industries that require heightened security when logging in (via smartcard or NFC) are more likely to find ControlVault devices in their environment,' Laulheret wrote in a blog published Tuesday ahead of a presentation of the analysis at the Black Hat security conference in Las Vegas scheduled for August 6. The findings highlight the need for more security research focused on computer hardware tasked with handling biometrics and other sensitive data, said Nick Biasini, head of outreach at Cisco Talos. 'These concepts of secure enclaves and using biometrics and these various other types of technologies are getting more and more widespread,' Biasini said. 'It's becoming commonplace on devices but it also introduces a new attack surface." A spokesperson for Dell said in a statement that the company addressed the issues 'quickly and transparently,' and directed customers to the June 13 advisory. 'As always, it is important that customers promptly apply security updates that we make available and move to supported versions of our products to ensure their systems remain secure,' the spokesperson said. Broadcom declined to comment. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
05-08-2025
- Yahoo
Security flaw found, fixed that could have left millions of Dell laptops vulnerable, researchers say
By AJ Vicens (Reuters) -A flaw in the chips used to secure tens of millions of Dell laptops could have given attackers the ability to steal sensitive data as well as maintain access even after a fresh operating system install, researchers with Cisco Talos said Tuesday. The previously unreported analysis, validated by Dell in a June security advisory, affected more than 100 models of Dell laptops, according to the company, and targeted a chip in the computer that stores passwords, biometric data and security codes, and installs fingerprint, smartcard and near-field communications drivers and firmware. There is no indication that the vulnerabilities have been exploited in the wild, according to the researchers, and Dell issued patches for the devices in March, April and May, with an overall security advisory published June 13. The vulnerabilities are specific to the Broadcom BCM5820X chip used by Dell in its ControlVault security firmware and software. The flaw affects laptop models common in the cybersecurity industry and government settings, according to Philippe Laulheret, the senior vulnerability researcher at Cisco Talos who discovered and led the analysis. 'Sensitive industries that require heightened security when logging in (via smartcard or NFC) are more likely to find ControlVault devices in their environment,' Laulheret wrote in a blog published Tuesday ahead of a presentation of the analysis at the Black Hat security conference in Las Vegas scheduled for August 6. The findings highlight the need for more security research focused on computer hardware tasked with handling biometrics and other sensitive data, said Nick Biasini, head of outreach at Cisco Talos. 'These concepts of secure enclaves and using biometrics and these various other types of technologies are getting more and more widespread,' Biasini said. 'It's becoming commonplace on devices but it also introduces a new attack surface." A spokesperson for Dell said in a statement that the company addressed the issues 'quickly and transparently,' and directed customers to the June 13 advisory. 'As always, it is important that customers promptly apply security updates that we make available and move to supported versions of our products to ensure their systems remain secure,' the spokesperson said. Broadcom declined to comment. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Reuters
05-08-2025
- Reuters
Security flaw found, fixed that could have left millions of Dell laptops vulnerable, researchers say
Aug 5 (Reuters) - A flaw in the chips used to secure tens of millions of Dell (DELL.N), opens new tab laptops could have given attackers the ability to steal sensitive data as well as maintain access even after a fresh operating system install, researchers with Cisco Talos said Tuesday. The previously unreported analysis, validated by Dell in a June security advisory, affected more than 100 models of Dell laptops, according to the company, and targeted a chip in the computer that stores passwords, biometric data and security codes, and installs fingerprint, smartcard and near-field communications drivers and firmware. There is no indication that the vulnerabilities have been exploited in the wild, according to the researchers, and Dell issued patches for the devices in March, April and May, with an overall security advisory published June 13. The vulnerabilities are specific to the Broadcom (AVGO.O), opens new tab BCM5820X chip used by Dell in its ControlVault security firmware and software. The flaw affects laptop models common in the cybersecurity industry and government settings, according to Philippe Laulheret, the senior vulnerability researcher at Cisco Talos who discovered and led the analysis. 'Sensitive industries that require heightened security when logging in (via smartcard or NFC) are more likely to find ControlVault devices in their environment,' Laulheret wrote in a blog published Tuesday ahead of a presentation of the analysis at the Black Hat security conference in Las Vegas scheduled for August 6. The findings highlight the need for more security research focused on computer hardware tasked with handling biometrics and other sensitive data, said Nick Biasini, head of outreach at Cisco Talos. 'These concepts of secure enclaves and using biometrics and these various other types of technologies are getting more and more widespread,' Biasini said. 'It's becoming commonplace on devices but it also introduces a new attack surface." A spokesperson for Dell said in a statement that the company addressed the issues 'quickly and transparently,' and directed customers to the June 13 advisory. 'As always, it is important that customers promptly apply security updates that we make available and move to supported versions of our products to ensure their systems remain secure,' the spokesperson said. Broadcom declined to comment.
