Example of supply chain attack, lateral movement and precise targeting

April 18, 2018

Inside the Unnerving Supply Chain Attack That Corrupted CCleaner

in September, security researchers at Cisco Talos and Morphisec made a worst nightmare-type disclosure: the ubiquitous computer cleanup tool CCleaner had been compromised by hackers for more than a month. The software updates users were downloading from CCleaner owner Avast—a security company itself—had been tainted with a malware backdoor. The incident exposed millions of computers and reinforced the threat of so-called digital supply chain attacks, situations where trusted, widely distributed software is actually infected by malicious code.

At the RSA security conference in San Francisco on Tuesday, Avast executive vice president and chief technology officer Ondrej Vlcek walked through a post-mortem of the attack, which ultimately led to 2.27 million downloads of the corrupt CCleaner version…

https://www.wired.com/story/inside-the-unnerving-supply-chain-attack-that-corrupted-ccleaner/

FAS Data Security Compliance Program

Example of supply chain attack, lateral movement and precise targeting

News

H-ISAC TIC Vulnerability Bulletin

Flaw in popular PDF creation library enabled remote code execution

Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up

Global DNS Hijacking Campaign: DNS Record Manipulation at Scale

FAS Data Security Compliance Program

Search form

You are here

Example of supply chain attack, lateral movement and precise targeting

News

H-ISAC TIC Vulnerability Bulletin

Flaw in popular PDF creation library enabled remote code execution

Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up

Global DNS Hijacking Campaign: DNS Record Manipulation at Scale