There are now reports that the CCleaner breach was part of a targeted attack.
https://www.wired.com/story/ccleaner-malware-targeted-tech-firms/Some people believe that reformatting and restoring from a backup is the only way to be sure there isn't a lingering infection. Here's what Cisco's Talos Intelligence posted about it.
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.htmlThese new findings raise our level of concern about these events, as elements of our research point towards a possible unknown, sophisticated actor. These findings also support and reinforce our previous recommendation that those impacted by this supply chain attack should not simply remove the affected version of CCleaner or update to the latest version, but should restore from backups or reimage systems to ensure that they completely remove not only the backdoored version of CCleaner but also any other malware that may be resident on the system.
and discussions at slashdot, including why 32-bit computers were targeted (more apt to be old business machines).
https://it.slashdot.org/story/17/09/21/1...ific-tech-firmsI don't plan on recommending CCleaner anymore, unless they already have an old version they downloaded months ago and none of the improvements listed in the version history apply to them.
https://www.piriform.com/ccleaner/version-historyI didn't realize Avast had bought Piriform (on July 2017 according to Wikipedia), though that alone wouldn't make me avoid CCleaner. I can't find any info on how CCleaner v5.33 was infected. If it was an inside job by an employee, it could happen again.
+_+_+_+_+_+_+_+_+
Equifax hired a music major as chief security officer
http://www.marketwatch.com/story/equifax...icer-2017-09-15Equifax set up a website that was supposed to tell you if you were "potentially" affected at
https://www.equifaxsecurity2017.comHowever people have reported getting conflicting results -- sometimes it says yes, sometimes no for the same individual. It's been suggested this site is just a way to get people to enroll in their credit monitoring service, which may be "free" at the moment but will start charging later, attempting to profit after the breach.