Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Medium
Hackers accessed the internal network of Avast, likely aiming for a supply chain attack targeting CCleaner. The antivirus maker determined that the attacker was able to gain access using compromised credentials via a temporary VPN account. Avast refers to this attempt by the name ‘Abiss’ and says that the threat actor behind it exercised extreme caution to avoid being detected and hide the traces of their intention. The intruder connected from a public IP address in the U.K. and took advantage of a temporary VPN profile that should no longer have been active and was not protected with two-factor authentication (2FA). Researchers observed a malicious replication of directory services from an internal IP that belonged to Avast’s VPN address range.
The exploited user account did not have the permissions of a domain administrator, indicating that the attacker achieved privilege escalation. The logs further showed that the temporary profile had been used by multiple sets of user credentials, probably obtained via credential theft. Suspecting CCleaner as the targeted asset, Avast on September 25 stopped the upcoming updates for the software and started to check prior releases for malicious modification. Avast has reset all employee credentials, with further steps planned to improve overall business security at Avast.
Avast
CCleaner versions 5.57 through 5.62
To ensure that no risk comes to its users, the company re-signed an official CCleaner release 5.63 and pushed it as an automatic update on October 15.
Additionally: