informa
/
Slideshow

10 Security Product Flaw Scares

CCleaner compromise puts the crown on several years' worth of headlines about cybersecurity product weaknesses.
FireEye 0Days
Memory Allocation AV Flaws
Juniper Backdoor
TrendMicro's 'Ridiculous' Flaw and Then Some
Symantec Remote Execution Flaws
AV Hooking Vuln
DoubleAgent
'Crazy Bad' Windows Malware Engine Flaw
Cloud Engine as Exfiltration Tool
CCleaner Debacle
1/10

This week's news that a legitimate version of Avast's CCleaner tool was compromised to deliver malware offers a stark example of how damaging security tools can be when the bad guys' subvert them to act maliciously.

For several decades now, we've heard the dangers of security tools that don't properly recognize malware or malicious activities. But the last few years have flipped the script as more security researchers and black hats have discovered that many security tools can also act as a very convenient tool for compromising the enterprise.

In order to properly work, these tools usually need very high administrative privileges and typically run processes at the lowest levels of the system. This makes them a prime target for attackers.

In the past two years, a number of embarrassing zero-days have come to light that had the criminals, or cyber spies, licking their chops at the thought of the complete ownage that such flaws can afford them.

 
Next slide
Recommended Reading: