Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Business https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Avast, NordVPN Breaks Phantom Accounts – Krebs Security Accounts

Avast, NordVPN Breaks Phantom Accounts – Krebs Security Accounts

Giant for antivirus and security services Avast software provider and virtual private network (VPN) NordVPN each day reveal monthly network intrusions that – though not otherwise connected – are shared common cause: Forgotten or unknown user accounts that provided remote access to internal systems with little more than a password.

Based in the Czech Republic, Avast is considered to be the most popular antivirus provider on the market with over 435 million users. In a blog post today, Avast said it had detected and dealt with a breach between May and October 2019 that appears to target users of its CCleaner application, a popular Microsoft Windows cleanup and repair program.

Avast stated that it downloaded CCleaner Download Offline in September to check the integrity of the code and to make sure it was not injected with malware. The company also said it was revoking the certificates used to sign earlier versions of the software and discarded a re-signed clean product update by an automatic update on October 1

5th. It then deactivates and resets all internal user credentials.

"Having taken all these precautions, we are confident in saying that our CCleaner users are protected and unaffected," writes Jaya Baloo to Avast .

This is not the first so-called attack on the Avast supply chain attack: In September 2018, researchers from Cisco Talos and Morphisec found that hackers had compromised the cleanup tool. computer for more than a month, resulting in about 2.27 million downloads of the corrupt CCleaner. [19659003] Avast stated that the invasion begins when attackers use stolen credentials for a VPN service that is configured to connect to its internal network, and that the attackers were not challenged with any kind of multi-factor authentication

" We have determined that the internal network was successfully accessed by compromised credentials through a temporary VPN profile that was incorrectly maintained activated and does not require 2FA, "Baloo


Separately, NordVPN, VPNs that promise "protect your privacy online," have been reported as having been hacked . Today's confirmation and post mortem blog from Nord comes just hours after it emerged that NordVPN had a leaked internal private key, potentially allowing anyone to spin their own NordVPN imitating servers, "writes Zack Whittaker in VPN TechCrunch Software .

VPN software creates an encrypted tunnel between your computer and your VPN provider, effectively blocking your ISP or anyone else on the network (except you and your VPN provider) from being able to tell which sites you visit or view the content of your communications. This may offer a measure of anonymity, but the user also places great trust in this VPN service not to hack or expose this sensitive browsing data.

NordVPN account appears to downplay penetration, saying while attackers may have used private keys to intercept and review traffic for some of their clients, attackers would be restricted to eavesdropping on communications routing through only one of more than 3000 the company server.

"The server itself does not contain all user activity registers; none of our applications send user-created authentication credentials, so usernames and passwords cannot be hacked either, "says a NordVPN blog post. "With the same note, the only possible way to abuse the website's traffic is by carrying out a personalized and sophisticated" person in the middle "attack to intercept a link that tried to get into NordVPN."

NordVPN stated that the intrusion happened in March 2018 at one of its data centers in Finland, noting that "the attacker gained access to the server using an insecure remote control system left by the data center provider until we were aware that there is such a system. " rdVPN refused to name the datacenter The provider but said that the provider was removing the remote management account without notifying them on March 20, 2018

"When we learned of the vulnerability, the datacenter had a few months back, immediately we terminated the contract with the server provider and shredded all the servers we rented from them, "the company said. "We did not disclose the operation immediately because we had to make sure that none of our infrastructure could be prone to such problems. This cannot be done quickly because of the huge amount of servers and the complexity of our infrastructure. ”

This page may need to be updated.

TechCrunch undertook NordVPN to fulfill its task of slightly neglecting its disclosure of a breach, noting that the company had suffered a significant breach that remained undetected for more than a year.

Kenneth White Director of the Open Crypto-Audit Project, stated on Twitter that based on discarded Pastebin logs detailing the degree of penetration, "the attacker is had a complete remote administrator of its containers at a node in Finland. "

" This is God mode, "writes White. "And they did not register and did not detect it.


Many readers are wondering if they should mislead all their online communications with a VPN. However, it is important to understand the limitations of this technology and take the time to research providers before trusting them with virtually all of your browsing data – and possibly even complicating your privacy concerns in the process. For a breakdown of what to keep in mind when considering a VPN service, see this post.

Forgotten user accounts that provide remote access to internal systems – such as VPNs and Remote Desktop Services (RDP) – have been a constant source of data breaches for years. Thousands of small and medium-sized brick and mortar companies have been released from millions of customer payment card records over the years, when their hacker IT contractors use the same remote access credentials at any customer location.

Almost all of these violations could be stopped by requiring a second form of authentication in addition to a password that could easily be stolen or stolen.

The constant assault on the supply chain against Avast has something in mind that I was thinking the other day about wisdom to allow certain software to be updated automatically whenever it wanted. I heard from a reader who lamented the death of programs such as Secunia's Personal Software Inspector and FileHippo, which allowed users to automatically download and install available updates to a wide range of third-party Windows programs.

These days, I find myself turning off all auto-update features in the software I install. I'd rather be alerted to new updates when I launch the program and have the opportunity to review what's changing and if anyone has had issues with the new version. I suppose you could say that years of working with unexpected surprises on Tuesday on Microsoft Patch cured me of any kind of affinity I could ever have for auto-update features.

Tags: Avast Infringement, FileHippo, Jaya Baloo, Kenneth White, NordVPN Breakthrough, Open Crypto Audit Project, Secunia Personal Software Inspector, Supply Chain Attack, Techcrunch, Zack Whittaker

You can skip to the end and leave a comment. Pinging is currently not allowed.

Source link