Hackers have successfully breached CCleaner’s security to inject malware into the app and distribute it to millions of users. Security researchers at Cisco Talos discovered that download servers used by Avast (the company that owns CCleaner) were compromised to distribute malware inside CCleaner.
“For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” says the Talos team. CCleaner has been downloaded more than 2 billion times according to Avast, making it a popular target for hackers.Read more
An undocumented Microsoft Office feature allows attackers to gather sensitive configuration details on targeted systems simply by tricking recipients to open a specially crafted Word document—no VBA macros, embedded Flash objects or PE files needed.
The undocumented feature is being used by adversaries, according to Kaspersky Lab researchers, as part of a multistage attack that first involves gathering the system configuration data on targeted systems. “This code effectively sent information about the software installed on the victim machine to the attackers, including info about which version of Microsoft Office was installed,” wrote Kasperky Lab researchers.Read more
Switzerland’s defence ministry has foiled a cyber attack by malware similar to that used in other global hacking campaigns, the government said in a statement on Friday. The attack was detected in July by software that operated much like the Turla malware family, it said.
The government declined to give information about the origin of the attack or say if any damage including data theft had occurred. It cited security considerations. Government specialists took counter measures and an investigation is underway, while criminal charges have been lodged with federal prosecutors against persons unknown to them.Read more
Hackers can bypass a new security feature in MacOS High Sierra to load malicious kernel extensions. According to security researchers at Synack, the forthcoming update to MacOS features something called Secure Kernel Extension Loading” (SKEL).
Patrick Wardle, chief security researcher at Synack, said that while the feature was “wrapped in good intentions”, in its current implementation, SKEL “merely hampers the efforts of the ‘good guys'” (ie 3rd-party MacOS developers such as those that design security products). “Due to flaws in its implementation, the bad guys (hackers/malware) will likely remain unaffected,” he said in a blog post.Read more
Another month, another bunch of Android malware that's found its way onto Google Play. That's according to researchers from Check Point, who claimed to have found the second-biggest outbreak to ever hit Google's platform, with as many as 21.1 million infections from one malware family.
The malware's been dubbed ExpensiveWall after hiding inside wallpaper apps. The researchers warned it sent fraudulent premium SMS messages and charged for fake services. In the latest outbreak detected by Check Point, ExpensiveWall infected at least 50 apps, which together were downloaded between 1 million and 4.2 million times.Read more
A cache of voter records on over a half-million Americans has been found online. The records, totaling 593,328 individual sets of records, appear to contain every registered voter in the state of Alaska, according to researchers at the Kromtech Security Research Center.
The records were stored in a misconfigured CouchDB database, which was accessible to anyone with a web browser -- no password needed -- until Monday when the data was secured and subsequently pulled offline. The exposed data is just a portion of a larger voter file compiled by TargetSmart, which said its national voter file is the "most comprehensive and up-to-date voter file ever assembled."Read more
The new top-of-the-range iPhone does away with the home button and its built-in fingerprint reader in favor of a new biometric — called Face ID — which uses a 3D scan of the user’s face for authenticating and unlocking their device. It also replaces Touch ID for Apple Pay too.
Apple suggests this is an advancement over a fingerprint reader because it’s an easier and more natural action for the user to perform — you just look at the phone and it unlocks; no need to worry if you have wet fingers and so on. However offering to gate the smorgasbord of personal content that lives on a smartphone behind a face biometric inevitably raises lots of security questions.Read more
Vevo has joined the growing list of media entities to fall victim to a security breach and release of internal documents.
The online music video service, a joint venture between music giants Universal Music Group, Sony Music Entertainment and Warner Music Group, was recently targeted by hackers who posted more than 3 terabytes of internal files online, experts reported late Thursday. The leaked files are mostly benign, experts reported, containing mainly office documents, videos and promotional materials. Vevo confirmed the breach, calling it the result of a phishing scam via LinkedIn.Read more
The Trump administration on Wednesday told U.S. government agencies to remove Kaspersky Lab products from their networks, saying it was concerned the Moscow-based cyber security firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardize national security.
The decision represents a sharp response to what U.S. intelligence agencies have described as a national security threat posed by Russia in cyberspace, following an election year marred by allegations that Moscow weaponized the internet in an attempt to influence its outcome.Read more
Before services like Spotify and Netflix proliferated, people who wanted to listen to music or watch movies online, on demand, had few legal options. Instead, they would download copies of pirated media using file-sharing technology.
In early 2004, close to 8 million people in the U.S. alone were estimated to have downloaded music through so-called peer-to-peer apps like LimeWire, eDonkey, Kazaa, and BitTorrent. While it’s difficult to measure exactly how much of the world’s internet traffic consists of people swapping files, at the time some estimates said it was approaching 40 percent.Read more