MacKeeper User Information Exposed In Data Breach
MacKeeper User Information Exposed
Customer names, Internet addresses, and login credentials of MacKeeper users were recently leaked online. The MacKeeper utility is designed to “optimize” Apple Mac computers. Kromtech, the German-based firm behind MacKeeper, said that users' payment details were "never at risk."
The firm believes the security expert who discovered the exposure is the only one who has accessed the data." The privacy and security of our clients' information remains our top priority and from the moment we were aware of the access, we immediately took several proactive steps to identify and correct the issue," Kromtech said in a statement.
- Security Operations Center provides around-the-clock security monitoring, daily log review, web application firewall management and advanced anomaly detection
- Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
- Log management could detect any suspicious user account activity.
Derusbi RAT bypasses driver signature enforcement
Derusbi is a well-known RAT family used in various APT attacks since at least 2008. Researchers have described two known variants of this malware: a client version, acting as any other RAT by contacting its command and control (C&C) server, and a server version that listens for incoming connections from a client.
An evolution of Derusbi has found a way to bypass Windows drivers’ signature enforcement. Various samples of this driver were signed with legitimate, stolen certificates and some were still perfectly valid.
The malware configuration can embed up to 8 C&C addresses. A configuration update mechanism is also available by requesting the URL in the configuration. The resulting web page is then parsed and examined for specific tags.
The architecture of this new Derusbi variant is distributed among various drivers and processes, each one being responsible for specific task. This prevents a single process from performing all the malicious tasks and security software from raising alerts.
|188.8.131.52 - NEW||184.108.40.206 - NEW|
|220.127.116.11 - NEW||18.104.22.168 - NEW|
|22.214.171.124 - NEW||126.96.36.199 - NEW|
|188.8.131.52 - NEW||184.108.40.206 - NEW|
|220.127.116.11 - NEW||18.104.22.168|
|22.214.171.124 - NEW||126.96.36.199 - NEW|
|188.8.131.52 - NEW||184.108.40.206 - NEW|
|220.127.116.11||18.104.22.168 - NEW|
|22.214.171.124 - NEW||126.96.36.199 - NEW|
|188.8.131.52 - NEW||184.108.40.206 - NEW|