Using a risk model based on security statistics is a valid and useful approach to defending against cyber attacks. A company can decide that if one type of attack is affecting a large percentage of companies, then chances are, they may be next. The company can take steps to defend against that attack. However, sometimes past statistics are not enough and can be … [Read more...]
Ccleaner APT Update – Daily Security Byte
Last week, I warned you about the Ccleaner installer delivering malware. At the time, researchers had only analyzed the first stage malware payload, and had sink-holed the malware's command and control channel, making it ineffective. However, since then they have dissected the second stage of the attack, and found that it's a very targeted and sophisticated threat. They believe … [Read more...]
Ccleaner Supply-chain Attack – Daily Security Byte
Ccleaner is one of the most widely used Windows maintenance programs out there, with over 2 billion downloads. In fact, it was a utility that even I used often before moving to OS X. Unfortunately, Talos researchers have discovered that the official Ccleaner installer had been booby-trapped with malware for over a month. In order to have planted this malware into an installer … [Read more...]
Avast’s CCleaner Update Distributes Malware to Millions
This morning, The Verge reported an unusual attack on CCleaner, the flagship application of Avast-owned Piriform. According to security researchers at Cisco Talos, hackers injected malware into the app’s software update, which was then downloaded by 2.27 million users. CCleaner’s primary function is to perform routine maintenance and cleanup on PCs, in addition to offering … [Read more...]
How to Defend Against JavaScript Malware
For several quarters in a row, malicious JavaScript has made up a significant portion of the malware blocked by WatchGuard’s Firebox UTM appliances according to our Internet Security Report. As a matter of fact, several of the top ten most common malware strains are written in JavaScript. To help organizations better understand how JavaScript malware works, and how … [Read more...]
