“The recent CCleaner malware outbreak is much worse than it initially appeared, according to newly unearthed evidence. That evidence shows that the CCleaner malware infected at least 20 computers from a carefully selected list of high-profile technology companies with a mysterious payload. (credit: Talos ) Previously, researchers found no evidence that any of the computers infected by the booby-trapped version of the widely used CCleaner utility had received a second-stage payload the backdoor was capable of delivering.”
Source: CCleaner malware outbreak is much worse than it first appeared
Source papers for people who actually want to read about it:
Lots of interesting talk about the fundamentals of a secure system and it’s applications to computers.
Quote I liked (empahasis mine):
The most basic security antipattern is to “do nothing”. That means accepting any and all risk, though. Another is to “do it yourself”; that leads to thinking the system is secure because of custom elements, such as non-peer-reviewed cryptography algorithms or implementations and security through obscurity. “Hand-rolled” security systems have not fared well over the years—developers have learned that implementing stream ciphers, for example, should not be tackled in-house. But there is still a fair amount of security by obscurity, such as “super unguessable URLs”. If a product becomes successful, which is what you want, the unguessable will become all-too-guessable.
Source: [$] Antipatterns in IoT security