![]() At the same time, we disabled and reset all internal user credentials. “It was clear that as soon as we released the newly signed build of CCleaner, we would be tipping our hand to the malicious actors, so at that moment, we closed the temporary VPN profile. “Having taken all these precautions, we are confident to say that our CCleaner users are protected and unaffected,” wrote Jaya Baloo, Avast’s CISO, which will surely be a huge reassurance to its millions of users. Furthermore, the earlier digital certificate was revoked in case it had fallen into the wrong hands. Keeping an admirably cool head, Avast decided it wanted to observe and track what the hacker was up to, and deliberately left open the compromised VPN profile until it was ready to take remediation actions.Īvast digitally re-signed a clean update to CCleaner and pushed it out to users on October 15th. Fortunately, there was no evidence that any of the updates to CCleaner had been maliciously altered. In response, Avast says that it stopped issuing updates for CCleaner and began to check past releases to see if they had been tampered with. After a deeper analysis, Avast determined that the hacker had been attempting to gain access to its network since at last May 14th 2019.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |