#netsec

Cisco Systems has discovered that if you downloaded CCleaner 5.33 between August 15 and September 12, your computer is compromised:

On September 13, 2017 while conducting customer beta testing of our new exploit detection technology, Cisco Talos identified a specific executable which was triggering our advanced malware protection systems. Upon closer inspection, the executable in question was the installer for CCleaner v5.33, which was being delivered to endpoints by the legitimate CCleaner download servers. 

We identified that even though the downloaded installation executable was signed using a valid digital signature issued to Piriform, CCleaner was not the only application that came with the download.

During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality.

We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner's download server as recently as September 11, 2017.

http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

If you have any other version installed, you’re safe.

If you’ve been compromised, the safest thing to do is to straight up reset your computer from scratch; it’s the nuclear option, yes, but it’s the safest.

One of Europe's top hotels has admitted they had to pay thousands in Bitcoin ransom to cybercriminals who managed to hack their electronic key system, locking hundreds of guests in or out of their rooms until the money was paid.

Furious hotel managers at the Romantik Seehotel Jaegerwirt, a luxurious 4-star hotel with a beautiful lakeside setting on the Alpine Turracher Hoehe Pass in Austria, said they decided to go public with what happened to warn others of the dangers of cybercrime.

And they said they wanted to see more done to tackle cybercriminals as this sort of activity is set to get worse. The hotel has a modern IT system which includes key cards for hotel doors, like many other hotels in the industry.

Hotel management said that they have now been hit three times by cybercriminals who this time managed to take down the entire key system. The guests could no longer get in or out of the hotel rooms and new key cards could not be programmed.

The attack, which coincided with the opening weekend of the winter season, was allegedly so massive that it even shut down all hotel computers, including the reservation system and the cash desk system.

The hackers promised to restore the system quickly if just 1,500 EUR (1,272 GBP) in Bitcoin was paid to them.

Managing Director Christoph Brandstaetter said: "The house was totally booked with 180 guests, we had no other choice. Neither police nor insurance help you in this case.

"The restoration of our system after the first attack in summer has cost us several thousand Euros. We did not get any money from the insurance so far because none of those to blame could be found."

The manager said it was cheaper and faster for the hotel to just pay the Bitcoin.

Brandstaetter said: "Every euro that is paid to blackmailers hurts us. We know that other colleagues have been attacked, who have done similarly."

When the hackers got the money, they unlocked the key registry system and all other computers, making them all run as normal again.

Yet according to the hotel, the hackers left a back door open in the system, and tried to attack the systems again.

On the fourth attempt the hackers had however no chance because the computers had been replaced and the latest security standards integrated, and some networks had been decoupled.

The Seehotel Jaegerwirt, which has existed for 111 years, also has another, innovative, trick in store to keep the hackers out for good.

Brandstaetter said: "We are planning at the next room refurbishment for old-fashioned door locks with real keys. Just like 111 years ago at the time of our great-grandfathers."

Shodan — The Pioneer Launch Year: 2009 Developer: John Matherly Features: The first widely accessible internet asset search engine, often referred to as “the Google of the Internet of Things” Supports searching by IP, port, protocol, geographic location, and organization Offers a paid API for security research, threat intelligence, and vulnerability monitoring Highlights: Mature ecosystem, large data coverage, widely used globally Limitations: Free usage is limited; advanced features require a subscription

ZoomEye — Comprehensive Asset Discovery Launch Year: 2013 Developer: Knownsec 404Team Features: Supports service fingerprinting, web component detection, and vulnerability search Provides API access and bulk export capabilities, suitable for enterprise asset mapping Highlights: Real-time data updates, strong search capabilities, active user community Limitations: Some advanced features require membership or credits

Censys — Research-Focused Launch Year: 2015 Origin: Developed from a university research project Features: Focused on academic and research use, provides global scanning datasets and certificate transparency information Supports SQL-style query language for advanced searches Powerful API for researchers and data scientists Highlights: Data analysis friendly, TLS certificate search support, generous free tier Limitations: Interface may be technical for beginners

Netlas — Emerging Tool Launch Year: 2021 Features: Modern interface, multi-dimensional searches including IPv4, domains, ports, vulnerabilities, and WHOIS Designed for security operations and threat intelligence analysis Highlights: Clean UI, fast search speed, user-friendly query syntax Limitations: Data coverage is still growing compared to established tools

FOFA — Asset Tracking and Monitoring Launch Year: 2018 Features: Focused on internet asset mapping, supports extensive query syntax Searches by protocol, component, domain, and certificate Provides monitoring features to track changes in specific assets Highlights: Flexible search capabilities, useful for asset management and monitoring Limitations: Full access requires membership

Conclusion Each internet asset search engine has its own strengths: Shodan: Global coverage, mature ecosystem ZoomEye: Real-time updates, comprehensive asset discovery Censys: Research-oriented, strong certificate analysis capabilities Netlas: Modern interface, fast and versatile searches FOFA: Advanced search syntax, asset monitoring

🔒 netsecar.com - Secure your net with Secar!