Hi-Tech

CCleaner Attack Shows Need to Bolster Software Development Security

CCleaner Attack Shows Need to Bolster Software Development Security

Security researchers at Cisco Systems Inc. and Morphisec Ltd. informed Avast Software, Piriform's parent company about the breach.

The malware infecting CCleaner could give hackers control over the devices of more than 2 million users. "After all, if you ran version 5.33 of CCleaner your PC may have been compromised". "At this stage, we don't want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it", he said. They have made sure to put the server down and that the attackers won't be able to reach other servers.

In a security notice posted earlier today, Piriform vice president of products Paul Yung apologized to users for the security issue and added, "to the best of our knowledge, we were able to disarm the threat before it was able to do any harm".

It said that the decision may be different for corporate users and will depend on corporate IT policies. Users are really anxious as it is hard for them to trust on software which is popular ones.

"The malicious aspect of the software allowed for remote administration of a machine that had the compromised version of CCleaner installed", he told the E-Commerce Times.

"And due to the proactive approach to update as many users as possible, we are now down to 730,000 users still using the affected version (5.33.6162)".




"An attacker would have full access to the system, including anything a user did while logged on, such as inputting credit card information to a shopping site", Wenzler explained, "or user names and passwords when logging in anywhere". The software doesn't update automatically.

The malware was created to collect information about users' PCs, including installed software and MAC addresses of network-connected devices, and then send that data to an external server.

The threat was real but limited, according to Chris Roberts, chief security architect at Acalvio. APT17, also known as Operation Aurora, is one of the most sophisticated cyber attacks ever conducted and they specialize in supply chain attacks.

While Avast said that it would not disclose the list of targeted companies publicly "for privacy reasons", Cisco said that the domains the attackers were attempting to target included those held by HTC, Sony, Samsung, Intel, VMware, Microsoft, Vodafone, Google, D-Link, Linksys, Akamai and even Cisco itself - as well as a German gambling company, for some reason. Avast acquired Piriform on July 18, 2017.

"We really don't know who is behind it", Vlcek said.

"Organizations need to be vigilant", he told the E-Commerce Times, "and continuously monitor the security of critical organizations, applications, and platforms present within their supply chain".


  • Lineups, match thread, and how to watch Carabao Cup online

    Lineups, match thread, and how to watch Carabao Cup online

    With two weeks off for the October worldwide break, the time table for return, at the earliest, is almost a month from now. This was his first start since May 2016, but his first complete game for Arsenal for far longer than that.
    Iran Says Ready to Supply Pakistan's Energy Needs

    Iran Says Ready to Supply Pakistan's Energy Needs

    Both the parties discussed issues relating to bilateral relationships as well as the peace and stability in Afghanistan. Foreign Secretary Tehmina Janjua told journalists after the meeting in NY , that the interaction was an "ice-breaker".
    Bangladesh face tough test on South Africa tour

    Bangladesh face tough test on South Africa tour

    Also significant is the fact that India will play a Test fewer than planned‚ which is likely to cost CSA money in lost revenue. With India not available to play the Boxing Day Test in December, South Africa will ask Zimbabwe to play the Traditional Test.
  • Iran's Zarif, EU's Mogherini Discuss JCPOA Implementation

    Iran's Zarif, EU's Mogherini Discuss JCPOA Implementation

    CHANG: OK, so President Trump called this deal an embarrassment, and he's signaling he might walk away from it. He accused Trump of using - and these are Rouhani's words - ignorant, absurd and hateful rhetoric.
    Laurence Fishburne's Wife Gina Torres Photographed Kissing Mystery Man

    Laurence Fishburne's Wife Gina Torres Photographed Kissing Mystery Man

    With all the premieres and promotional work the pair have had to attend, they have, for the past two years, turned up solo. Torres, who wasn't wearing a wedding ring, was seen holding the man's face in her hands and kissing him across the table.
    IT officers raid properties of SM Krishna's son-in-law VG Siddhartha in Karnataka

    IT officers raid properties of SM Krishna's son-in-law VG Siddhartha in Karnataka

    VG Siddhartha is son-in-law of SM Krishna who served as the External Affairs Minister in the Manmohan Singh-led UPA-1 government. The searches began at around 8.30 AM on Wednesday and teams are also conducting raids on Siddhartha's residence in Bengaluru .
  • Foo Fighters' 'Concrete and Gold' Is Too Much Gold, Not Enough Concrete

    Foo Fighters' 'Concrete and Gold' Is Too Much Gold, Not Enough Concrete

    Now the Foo Fighters seem to be searching for the sounds they grew up with and leaves more to be desired from their album. They may have taken their name from an old term for UFOs, but the Foo Fighters have always been a down-to-earth bunch.
    Fed will start to trim its huge bond portfolio

    Fed will start to trim its huge bond portfolio

    Treasury bonds and mortgage-backed securities acquired in the years after the 2008 financial crisis. The Fed, as expected, also said it would begin in October to reduce its holdings of U.S.
    Zynga Inc. (ZNGA) vs. Activision Blizzard, Inc. (ATVI)

    Zynga Inc. (ZNGA) vs. Activision Blizzard, Inc. (ATVI)

    Activision Blizzard, Inc. (ATVI ) pays a dividend of 0.30, which translates to dividend yield of 0.47% based on the current price. It is negative, as 73 investors sold ATVI shares while 204 reduced holdings. 49 funds opened positions while 113 raised stakes.
  • SEC Says It Was a Victim of a Computer Hack Last Year

    SEC Says It Was a Victim of a Computer Hack Last Year

    It said the security vulnerability used in the hack had been patched shortly after it was discovered. The SEC has scored some victories in tackling cyber criminals in recent years.
    All the new features you should know about

    All the new features you should know about

    Well nothing is ideal , this version although outstanding, has its certain faults, but overall so the best the Apple has offered! ActiveSync is now an old protocol that does not support some advanced features such as the ever-popular Focused Inbox .
    Trump to make debut speech at United Nations

    Trump to make debut speech at United Nations

    He said of the US: "If it is forced to defend itself or its allies, we will have no choice but to totally destroy North Korea ". He urged United Nations member states to work together to isolate the Kim government until it ceases its "hostile" behavior.