Computer manufacturer Dell warns of a security breach. The company advises those affected to update the Dell SupportAssist Client immediately.
Vulnerability At Dell
Dell advices all users to update the Dell SupportAssist client immediately. If the automatic update is already activated in the program, the update may already have been installed. Nevertheless, you should check the version manually. To do this, navigate to the settings and click on the Software button. Then look for the About Support Assist tab, click on it and check the version number. If you still have the old version installed, you can download the latest from Dell.
Hackers Copy HTTP Request
The attacker sees exactly how the purchase form and the HTTP request are structured and creates an exact copy of it. However, with the difference that it can replace goods and recipients at will. The criminal then creates a website to encourage the victim to click a link. Clicking the link sends the HTTP request copied and modified by the attacker to the Amazon server. If the victim still has the Amazon session open, the server recognizes the purchase as correct. Of course, the attacker could also install malware that instructs the victim’s browser to send the HTTP request.
A vulnerability has now been discovered in the software, which attackers can use remotely to run malicious code on the computer. Dell advises affected customers to upgrade to a secure software version as soon as possible. This is version 2.1.4 of SupportAssist for business devices and version 3.4.1 of SupportAssist for computers that are marketed for private users.
If necessary, a new version is automatically displayed and can be downloaded and imported by clicking on Update now.