Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Maggie Jauregui & Brian Delgado
Twitter
LinkedIn
RSS
E-Mail

Profile of Maggie Jauregui & Brian Delgado

Security Researcher, Programmable Solutions Group at Intel / Red Team Lead, Programmable Services Group at Intel
Member Since: 3/16/2021
Author
News & Commentary Posts: 1
Comments: 1

Maggie Jauregui, Security Researcher, Programmable Solutions Group at Intel

Maggie Jauregui is a firmware and hardware FPGA security researcher for Intel's Programmable Solutions Group. Throughout her career, she has presented and delivered training presentations on firmware security topics at conferences such as DEF CON, CanSecWest, DerbyCon, NULLCON, hardwear.io, OSFC, and BSidesTLV. Follow on Twitter | LinkedIn

Brian Delgado, Red Team Lead, Programmable Services Group at Intel

Brian Delgado is the Red Team Lead for the Programmable Services Group (PSG) at Intel, focusing on security analysis of FPGA accelerators. Brian joined Intel Corp. in 1999 and has worked extensively on UEFI firmware security technologies, firmware fuzzing, and performance analysis. Brian earned his Ph.D. in Computer Science at Portland State University where he focused on firmware-assisted rootkit detection. He has given talks at a variety of technical forums including Hardware and Architectural Support for Security and Privacy (HASP), IEEE Dependable Systems and Networks (DSN), the Platform Security Summit, and IEEE International Symposium on Workload Characterization (IISWC). LinkedIn

Articles by Maggie Jauregui & Brian Delgado
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5329
PUBLISHED: 2021-07-29
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
CVE-2020-5353
PUBLISHED: 2021-07-29
The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administ...
CVE-2021-21538
PUBLISHED: 2021-07-29
Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.
CVE-2021-21546
PUBLISHED: 2021-07-29
Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.
CVE-2021-20505
PUBLISHED: 2021-07-29
The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to...