Category Archives: Exploits and Vulnerabilities

Hackers compromised free CCleaner software, Avast’s Piriform says

via: Reuters

SAN FRANCISCO (Reuters) – Hackers broke into British company Piriform’s free software for optimizing computer performance last month potentially allowing them to control the devices of more than two million users, the company and independent researchers said on Monday.

The malicious program was slipped into legitimate software called CCleaner, which is downloaded for personal computers and Android phones as often as five million times a week. It cleans up junk programs and advertising cookies to speed up devices.

CCleaner is the main product made by London’s Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner.

A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s (CSCO.O) Talos unit said.

Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software.

“There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program.

In a blog post, Piriform confirmed that two programs released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud.

Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12. A new, uncompromised version of CCleaner was released the same day and a clean version of CCleaner Cloud was released on Sept. 15, it said.

The nature of the attack code suggests that the hacker won access to a machine used to create CCleaner, Williams said.

CCleaner does not update automatically, so each person who has installed the problematic version will need to delete it and install a fresh version, he said.

Williams said that Talos detected the issue at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs.

Piriform said it had worked with U.S. law enforcement to shut down a server located in the United States to which traffic was set to be directed.

It said the server was closed down on Sept. 15 “before any known harm was done”.

Source: https://www.reuters.com/article/us-security-avast/hackers-compromised-free-ccleaner-software-avasts-piriform-says-idUSKCN1BT0R9

Google provides explanation on recent Google Docs campaign

A Google spokesperson shared the following statement with TNW, noting that 0.1 percent of Gmail users were affected. That’s roughly 1 million users, though:

“We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1 percent of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”

Source: https://thenextweb.com/security/2017/05/03/massive-google-docs-phishing-attack-currently-sweeping-internet/#.tnw_G8nzqYyw

Article: There’s (Almost) Nothing You Can Do About Stagefright

An article form PC Mag highlights a newly discovered vulnerability that effects 950 Million Android phones.

“While most Android hacks at least require victims to make some kind of mistake, like getting tricked into downloading malware, the Stagefright vulnerability could already be on nearly a billion Android phones regardless of what users do. And what’s the real culprit behind a vulnerability this huge (besides the hackers of course)? The ongoing issue of Android fragmentation

According to Israeli enterprise mobile security company Zimperium, it’s frighteningly easy for Stagefright to infect your phone. At fault is a recently detected flaw in Google’s open source media library code, that allows attackers to execute code on your device just by sending you a text message. The Stagefright vulnerability could be used to put a phone and its data at the mercy of an attacker. Contacts, camera, microphone, and photos are under the hacker’s control. Again, this can all happen completely under your nose. There are no external signs that the breach is occurring.”

Android fragmentation

 

 

Critical Schannel Vulnerability Effecting All Versions Of Windows

Please be advised of a recently discovered vulnerability in SCHANNEL affecting ALL VERSIONS OF WINDOWS!

Description

The vulnerability can be used by an attacker for drive-by attacks to run code remotely and take over the user’s machine.  In these drive-by attacks, hackers install code on web sites which attempts to covertly install malicious code on the unprotected computers of visitors to the site. Users are typically led to these sites via phishing emails and other scams.

Further information regarding the details of the vulnerability:

http://www.theregister.co.uk/2014/11/12/driveby_unicorn_0day_beats_emet_affects_all_windows_versions/

Solution

A patch, MS14-066, released yesterday as part of Microsoft’s
Patch Tuesday remediates this issue for all supported versions of Windows. Please note, THIS DOES NOT INCLUDE WINDOWS XP! This security update is rated Critical for all supported releases of Microsoft Windows. If you have automatic updates turned on, you will get this new update without having to do anything.  If you haven’t turned on automatic updates, you should do so now.  Click the “Check for Updates” button on the Windows Update portion of your Control Panel.

The patch can be manually downloaded here:

https://technet.microsoft.com/library/security/MS14-066

Internet Explorer 6 and IE 7 Zero Day Vulnerability – Protect Yourself

Microsoft Security Advisory 977981 – IE 6 and IE 7