Friday, 3 May 2019

Dell Hell Gets Hotter via Bad Bug in Every PC, Laptop

RCE FAIL


Every Dell endpoint running Microsoft Windows has a nasty remote-code execution vulnerability. The security hole is in the SupportAssist module.

Amazingly, Dell figured it would be great to allow a web page to take full control of a PC—admin privileges and all. Bypassing the tool’s minimal checks turns out to be trivial.

To top it off, it took Dell six months to fix this vulnerability. In today’s SB Blogwatch, we rush to install the patch.


Read more: securityboulevard.com/2019/05/dell-hell-gets-hotter-via-bad-bug-in-every-pc-laptop

Thursday, 2 May 2019

Huge US data leak from Microsoft cloud; 65% of households at risk

Azure ’ad enough yet?


Yet another cloud database with no security. And this one’s enormous.

This time, Microsoft was discovered hosting an 80 million-row, open database of US adults aged over 40. We still don’t know who owns the data, but some speculate shadow IT is to blame.

Obviously, Microsoft bears no responsibility whatsoever for this fantastic faux pas. The unprotected dataset is stuffed full of PII, and represents about 65% of US households.

Let that sink in for a moment: sixty-five percent. In this week’s Security Blogwatch, we’re fed up with feeling déjà vu.


Read more: techbeacon.com/security/huge-us-data-leak-microsoft-cloud-65-households-risk

Tuesday, 30 April 2019

Did Huawei Hide Backdoors in Telco Kit? Or Is This More Bloomberg BS?

Useful Idiots are Useful


Today’s revelation that Huawei put backdoors into telecom equipment is perfectly shocking. But is the story all that it seems?

Yes, it’s Bloomberg again, trying to sound authoritative about security. But, some say, failing spectacularly.

Remember last year’s hilarious “spy chip” story? In today’s SB Blogwatch, we don’t forget.


Read more: securityboulevard.com/2019/04/did-huawei-hide-backdoors-in-telco-kit-or-is-this-more-bloomberg-bs