![]() Supply-chain attacks are today's top threat, and government agencies in the US and France have recently issued alerts about an ongoing campaign perpetrated by Chinese hackers. "We believe all global software companies, including both Microsoft and us at Avast, will need to continue to vigilantly protect our networks from attacks by those who seek to damage us and our users," Avast told us.īut Avast and TeamViewer aren't the only companies that have been targeted only to serve as a jumping point into the network of other companies. As long as an app is good at its job, hackers are going to keep coming. As the company told ZDNet, the threats it's facing are no different than what its competitors are facing.įor example, TeamViewer, which offers an eponymously named product, also suffered a security breach at the hands of Chinese hackers back in 2016. However, this huge userbase is also the reason why Avast bought it in the first place.Īvast's plan of attack involves bolstering its security. The app's gigantic userbase makes CCleaner a perfect target for supply-chain attacks. It's an all-in-one system administration toolkit, and one very good at its job, if we're to look at its download numbers. The app now supports remote management features, hard drive defragmentation, email alerts, cloud-based management features, and many more. However, as previously stated in this article, today, CCleaner is more than just a "useless" registry cleaner. In the light of this second hack, many users have expressed their opinions today, claiming that Avast should just retire CCleaner, as the app is only a magnet for state-sponsored hackers, and that the app has no real purpose (many consider registry cleaner apps as being useless or plain harmful). While Avast refrained from attributing the attack to any threat actor, the Czech Security Information Service (BIS), the country's intelligence service, said in a press release today that Chinese hackers were behind this attack, just like in the first. ![]() The company is still investigating this second breach but said that hackers weren't successful at pushing out a malicious CCleaner release today. This was their entry point inside Avast's network. This is especially the case when that latest version of CCleaner has data collection options enabled by default (see the section below).Avast said hackers compromised an employee's VPN credentials to access a temporary VPN profile that was left active and without 2FA protection. It's a bit ironic to claim that going into a user's system without their permission and making changes is a move based on privacy and transparency. "Since the release of v5.46 we have updated some users to this version to meet legal requirements and give users more autonomy and transparency over their privacy settings." As it turned out, that's exactly what happened.Ī Piriform staff member responded with the following: A user on Piriform's forums noticed that CCleaner had automatically updated on his system without his permission. ![]() The latest CCleaner controversy comes from ignoring user preferences about checking for updates. In our opinion, it isn't time to trust CCleaner. This is unfortunately not surprising after Avast purchased CCleaner developer Piriform in July 2017. Why Is CCleaner No Longer Safe?ĬCleaner, once a tidy app with no history of issues, has had several major problems in less than a year. Here's why you can't trust CCleaner anymore, and what to replace it with. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |