Latest news with #dataTheft
Yahoo
06-08-2025
- Yahoo
Security flaw found, fixed that could have left millions of Dell laptops vulnerable, researchers say
By AJ Vicens (Reuters) -A flaw in the chips used to secure tens of millions of Dell laptops could have given attackers the ability to steal sensitive data as well as maintain access even after a fresh operating system install, researchers with Cisco Talos said Tuesday. The previously unreported analysis, validated by Dell in a June security advisory, affected more than 100 models of Dell laptops, according to the company, and targeted a chip in the computer that stores passwords, biometric data and security codes, and installs fingerprint, smartcard and near-field communications drivers and firmware. There is no indication that the vulnerabilities have been exploited in the wild, according to the researchers, and Dell issued patches for the devices in March, April and May, with an overall security advisory published June 13. The vulnerabilities are specific to the Broadcom BCM5820X chip used by Dell in its ControlVault security firmware and software. The flaw affects laptop models common in the cybersecurity industry and government settings, according to Philippe Laulheret, the senior vulnerability researcher at Cisco Talos who discovered and led the analysis. 'Sensitive industries that require heightened security when logging in (via smartcard or NFC) are more likely to find ControlVault devices in their environment,' Laulheret wrote in a blog published Tuesday ahead of a presentation of the analysis at the Black Hat security conference in Las Vegas scheduled for August 6. The findings highlight the need for more security research focused on computer hardware tasked with handling biometrics and other sensitive data, said Nick Biasini, head of outreach at Cisco Talos. 'These concepts of secure enclaves and using biometrics and these various other types of technologies are getting more and more widespread,' Biasini said. 'It's becoming commonplace on devices but it also introduces a new attack surface." A spokesperson for Dell said in a statement that the company addressed the issues 'quickly and transparently,' and directed customers to the June 13 advisory. 'As always, it is important that customers promptly apply security updates that we make available and move to supported versions of our products to ensure their systems remain secure,' the spokesperson said. Broadcom declined to comment. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
05-08-2025
- Yahoo
Security flaw found, fixed that could have left millions of Dell laptops vulnerable, researchers say
By AJ Vicens (Reuters) -A flaw in the chips used to secure tens of millions of Dell laptops could have given attackers the ability to steal sensitive data as well as maintain access even after a fresh operating system install, researchers with Cisco Talos said Tuesday. The previously unreported analysis, validated by Dell in a June security advisory, affected more than 100 models of Dell laptops, according to the company, and targeted a chip in the computer that stores passwords, biometric data and security codes, and installs fingerprint, smartcard and near-field communications drivers and firmware. There is no indication that the vulnerabilities have been exploited in the wild, according to the researchers, and Dell issued patches for the devices in March, April and May, with an overall security advisory published June 13. The vulnerabilities are specific to the Broadcom BCM5820X chip used by Dell in its ControlVault security firmware and software. The flaw affects laptop models common in the cybersecurity industry and government settings, according to Philippe Laulheret, the senior vulnerability researcher at Cisco Talos who discovered and led the analysis. 'Sensitive industries that require heightened security when logging in (via smartcard or NFC) are more likely to find ControlVault devices in their environment,' Laulheret wrote in a blog published Tuesday ahead of a presentation of the analysis at the Black Hat security conference in Las Vegas scheduled for August 6. The findings highlight the need for more security research focused on computer hardware tasked with handling biometrics and other sensitive data, said Nick Biasini, head of outreach at Cisco Talos. 'These concepts of secure enclaves and using biometrics and these various other types of technologies are getting more and more widespread,' Biasini said. 'It's becoming commonplace on devices but it also introduces a new attack surface." A spokesperson for Dell said in a statement that the company addressed the issues 'quickly and transparently,' and directed customers to the June 13 advisory. 'As always, it is important that customers promptly apply security updates that we make available and move to supported versions of our products to ensure their systems remain secure,' the spokesperson said. Broadcom declined to comment. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Reuters
05-08-2025
- Reuters
Security flaw found, fixed that could have left millions of Dell laptops vulnerable, researchers say
Aug 5 (Reuters) - A flaw in the chips used to secure tens of millions of Dell (DELL.N), opens new tab laptops could have given attackers the ability to steal sensitive data as well as maintain access even after a fresh operating system install, researchers with Cisco Talos said Tuesday. The previously unreported analysis, validated by Dell in a June security advisory, affected more than 100 models of Dell laptops, according to the company, and targeted a chip in the computer that stores passwords, biometric data and security codes, and installs fingerprint, smartcard and near-field communications drivers and firmware. There is no indication that the vulnerabilities have been exploited in the wild, according to the researchers, and Dell issued patches for the devices in March, April and May, with an overall security advisory published June 13. The vulnerabilities are specific to the Broadcom (AVGO.O), opens new tab BCM5820X chip used by Dell in its ControlVault security firmware and software. The flaw affects laptop models common in the cybersecurity industry and government settings, according to Philippe Laulheret, the senior vulnerability researcher at Cisco Talos who discovered and led the analysis. 'Sensitive industries that require heightened security when logging in (via smartcard or NFC) are more likely to find ControlVault devices in their environment,' Laulheret wrote in a blog published Tuesday ahead of a presentation of the analysis at the Black Hat security conference in Las Vegas scheduled for August 6. The findings highlight the need for more security research focused on computer hardware tasked with handling biometrics and other sensitive data, said Nick Biasini, head of outreach at Cisco Talos. 'These concepts of secure enclaves and using biometrics and these various other types of technologies are getting more and more widespread,' Biasini said. 'It's becoming commonplace on devices but it also introduces a new attack surface." A spokesperson for Dell said in a statement that the company addressed the issues 'quickly and transparently,' and directed customers to the June 13 advisory. 'As always, it is important that customers promptly apply security updates that we make available and move to supported versions of our products to ensure their systems remain secure,' the spokesperson said. Broadcom declined to comment.
Arabian Business
08-07-2025
- Business
- Arabian Business
Australia's Qantas says cyberattackers with data on 6 million customers have made contact
Qantas, the Australian national airline, said it has been contacted by a group claiming to be behind the cyberattack that resulted in a massive data theft involving six million of its customers. The airline did not confirm if any ransom demands have been made. Qantas data theft Last Wednesday, the airline considered to be the safest in the world when it comes to flying, fell prey to a cyberattack in one of its Filipino call centres. It resulted in the theft of customers' names, dates of birth, emails, and frequent flyer numbers. Other personal information such as credit card, passport, and financial details were not stored in the centre. The airline said on Monday evening that 'a potential cybercriminal has made contact'. A Qantas spokesman said: 'As this is a criminal matter, we have engaged the Australian Federal Police and won't be commenting any further on the details of the contact. 'There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cybersecurity experts, we continue to actively monitor.' On Friday, Vanessa Hudson, Qantas Group Chief Executive Officer, said: 'We know that data breaches can feel deeply personal and understand the genuine concern this creates for our customers. Right now we're focused on providing the answers and transparency they deserve. 'Our investigation is progressing well with our cybersecurity teams working alongside leading external specialists to determine what information has been accessed. We're finalising a process that will enable us to provide affected customers with more information about their personal information that was potentially compromised. 'We are treating this incredibly seriously and have implemented additional security measures to further strengthen our systems. I want to apologise again for the uncertainty this has caused. We're committed to keeping our affected customers informed as our investigation progresses.'
BBC News
30-06-2025
- BBC News
Huge inquiry after a million people's data stolen from garages
Eight men have been convicted over the theft of a million people's personal details from vehicle garages across the Information Commissioner's Office (ICO) said it was "one of the largest nuisance call cases" they had Curry, ICO head of investigations, said: "This case uncovered a vast, murky criminal network where crash details were stolen from garages across England, Scotland and Wales and traded to fuel distressing predatory calls."The group, which conducted their crimes between 2014 and 2017, were due to be sentenced at a later date at Bolton Crown Court. 'Snowballed' Jurors at a 10-week trial heard how the ICO seized the "widest body of evidence it has ever seen", highlighting the misuse of personal data for nuisance calls to persuade people to make personal injury investigation began in 2016 when the owner of a car repair garage in County Durham contacted the regulator with concerns after customers blamed him for the calls they were watchdog said their investigation "snowballed into one of the largest nuisance call cases the ICO has ever dealt with".Investigators then arrested eight people from Greater Manchester and Cheshire. Data sold to claims firms The ICO also found devices with 4.5 million documents,144,000 spreadsheets and 241,000 also contained 1.5 million images and 83,000 multimedia obtained personal data of about one million people from garages without their consent before selling them to claims management ICO said it expected further prosecutions of people "embedded into insurance companies and claims management companies with the sole aim of stealing personal data" as part of the second phase of its investigation. The convicted men included:Craig Cornick, 40, of Prestbury, guilty of conspiracy to unlawfully obtain personal data contrary to the Data Protection Daly, 35, pleaded guilty to two counts of conspiracy to unlawfully obtain personal McCartan, 30, of Failsworth - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Flanagan, 40, of Macclesfield - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Preece, 44, of Manchester - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Thorlby, 35, of Macclesfield - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Moktadir, 32, of Stockport - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Crompton, 35, of Northwich - pleaded guilty to two counts of conspiracy to unlawfully obtain personal data contrary to the Data Protection Act. Read more stories from Cheshire on the BBC, watch BBC North West Tonight on BBC iPlayer and follow BBC North West on X. You can also send story ideas via Whatsapp to 0808 100 2230.
