Bleeping Computer: Dell, Apple, Netflix face lawsuits for pulling services out of Russia. “A Moscow Arbitration Court has reportedly seized almost $11 million belonging to Dell LLC after the company failed to provide paid-for services to a local system integrator. IT systems integrator Talmer sued Dell early last month when the American computer giant declined to provide technical support services for VMware as previously agreed. Dell is the representative of VMware in Russia and was reselling these services until March 1, 2022.”
BetaNews: Security flaw in Dell SupportAssist tool puts millions of Windows systems at risk. “Dell has announced that both the Business and Home versions of its SupportAssist tool have a security vulnerability within the PC Doctor component that requires immediate patching. The discovery was made by SafeBreach, and there could be over 100 million systems that are affected.”
Security Boulevard: Dell Hell Gets Hotter via Bad Bug in Every PC, Laptop. “Every Dell endpoint running Microsoft Windows has a nasty remote-code execution vulnerability. The security hole is in the SupportAssist module. Amazingly, Dell figured it would be great to allow a web page to take full control of a PC—admin privileges and all. Bypassing the tool’s minimal checks turns out to be trivial. To top it off, it took Dell six months to fix this vulnerability. In today’s SB Blogwatch, we rush to install the patch.”
A tech support scam using customer details is causing concern that Dell customer data has been leaked. “Tech-support scams, in which fraudsters pose as computer technicians who charge hefty fees to fix non-existent malware infections, have been a nuisance for years. A relatively new one targeting Dell computer owners is notable because the criminals behind it use private customer details to trick their marks into thinking the calls come from authorized Dell personnel.”
Ruh-roh. Dell apparently has yet another security issue. “Dell’s newest vulnerability, much like the previous one, involves the company installing a self-signed security certificate (a digital credential that authenticates websites) alongside a private key (which sort of serves as a password) on its customers’ computers. The combination, when met with a little reverse engineering, allows any technically savvy attacker to snoop on users’ encrypted Internet traffic, or to steal their sensitive information.”
Apparently Dell has been selling computers with an unhappy prize inside. “Dell is back-pedaling today after it was revealed that the PC giant has been shipping a number of its laptops with a preinstalled, self-signed root certificate authority called eDellRoot. The impact of this is that users could be left at risk from attackers, potentially enabling information theft.” Lenovo did something very similar, didn’t it?