Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Cyber Security Group
Showing posts tagged with Managed Security Services
Showing posts in English
Tim G. | 29 Jul 2014 | 1 comment

Symantec’s Cyber Security Group has updated the intelligence available in the DeepSight Global Incidents widget on the MSS and DeepSight portal.  We have added a completely interactive environment, that will allow you to search for events by city, or by threat name this will allow you see at a glance hotspots in the threat landscape as well as search for global distributions of specific threats. 

 

Additionally you can expand this widget to full screen and more completely interact with the information.  There is an information button on the widget, and updates to the documentation have been made.

This Feature goes live on July 30th at 6:30AM EDT.

Attached is an FAQ which should help answer any questions regaridng this new feature.

MSS Global Threat Response | 30 Jun 2014 | 0 comments

Emerging Threat:  Dragonfly / Energetic Bear – APT Group

 

EXECUTIVE SUMMARY:

On June 30th 2014, Symantec Security Response released a whitepaper detailing an ongoing cyber espionage campaign dubbed Dragonfly (aka Energetic Bear).  The attackers appear to have been in operation since at least 2011.  They managed to compromise a number of strategically important organizations for spying purposes and could have caused damage or disruption to energy supplies in affected countries.  The two primary tools the group uses are Remote Access Trojans (RAT) named Backdoor.Oldrea and Trojan.Karagany.

Targets

Dragonfly initially targeted defence and aviation companies in...

MSS Global Threat Response | 13 Jun 2014 | 0 comments

Emerging Threat - Anonymous - Operation Petrol (June 20 2014)

EXECUTIVE SUMMARY:

Who:     Anonymous, a politically motivated group of hacktivists (mostly Middle East based).  Specifically the AnonGhost group and Mauritanian Hackers group will likely host this operation.

What:   Cyber-attacks against oil, gas, and energy companies, but specifically the Petroleum industry in the Middle East.

When:  Before, during, and after June 20, 2014.  Attackers may attack across different time zones.

Why:     Anonymous disagrees with the U.S. Dollar being used as the currency to buy and sell oil.

Note:    Denial of Service attacks may be a diversion from the real attacks:  fraudulent/illegal wire transfers.

 ...

MSS Global Threat Response | 11 Jun 2014 | 0 comments

Emerging Threat - Anonymous - Operation World Cup/Hacking Cup

 

EXECUTIVE SUMMARY:

Who:  Anonymous - a politically motivated group of hacktivists (mostly Brazil based).

What:  Cyber-attacks against sponsors of the World Cup, mostly DDoS based.

When:  Circa June 12th 2014, the beginning of the World Cup in Brazil.

Why:  The hacker group Anonymous is preparing cyber-attacks on corporate sponsors of the World Cup in Brazil to protest the spending of money on soccer games instead of public services.

 

THREAT TECHNICAL DETAILS:

“The [hack] attacks will be directed against official websites and those of companies sponsoring the cup…these attacks will most likely take the form of DDoS attacks.”

“We have a plan of attack…We have already conducted late-night...

MSS Global Threat Response | 03 Jun 2014 | 0 comments

Symantec MSS Threat Landscape Update – Gameover Zeus/Cryptolocker Takedown

 

EXECUTIVE SUMMARY:

 

Today, June 2nd 2014, Symantec’s Security Response team released a blog detailing the takedown of two of the most notorious financial fraud malware to date; Cryptolocker and the Gameover Zeus variant. The takedown was an international collaboration between agencies such as the FBI, UK’s National Crime Agency and other law enforcement agencies. Symantec, among other private sector companies, assisted the FBI in seizing a large portion of the malicious infrastructure.

 

...
James Hanlon | 16 May 2014 | 1 comment

For enterprises, these are testing times in the extreme. Never have IT departments – and the businesses that they support – been more exposed than they are today.

IT departments are challenged at every turn – with pressure from business leaders asking “is the business safe from cyber attacks?”; rapidly evolving IT estate complexity, including mobile rollouts, new cloud deployments and emerging software-defined data centres. IT relies heavily on its security teams, who are left to deal with disconnected security architectures and struggle with underfunding, and often a lack of incident investigation resources to be able to deal effectively with the waves of security incidents.

The thing is that attackers know this and are constantly seeking to extend their reach into the very fabric of the IT operations. As a result, many organisations are left vulnerable and at risk.

And it’s the nature of the attacks that are causing most consternation. Today’s assailants are...

Solange Deschatres | 01 May 2014 | 0 comments

Number of Vulnerabilities - Blog Post 2.PNG

 

With so much of today’s business conducted over the Internet, websites are a prime target for cybercriminals. Although the Web attacks used are often relatively well-known, protecting against them remains elusive for many companies and they’re still a common source of compromise. The complexity of the Web, compounded with holes in the infrastructure, makes many websites vulnerable, and the threat is only increasing. According to Symantec’s latest Internet Security Threat Report there were 6,787 vulnerabilities disclosed in 2013, compared with 5,291 in 2012. Even more concerning, one in eight sites had critical, unpatched, known vulnerabilities, with 67 percent of web sites used to distribute malware identified...

MSS Global Threat Response | 28 Apr 2014 | 1 comment

 

EXECUTIVE SUMMARY:

On April 26th 2014, Microsoft released a security advisory (2963983) for a zero-day vulnerability in Internet Explorer (CVE-2014-1776).  Exploitation of the vulnerability is reportedly being used in limited, targeted attacks.  The vulnerability exists in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.  There is currently no patch available for this vulnerability and Microsoft did not provide a release date for a patch...

MSS Global Threat Response | 28 Apr 2014 | 0 comments

Emerging Threat:  Apache Struts Zero-Day (CVE-2014-0050, 0094) DoS and Remote Code Execution Vulnerability

 

EXECUTIVE SUMMARY:

On April 24, 2014, the Apache Software Foundation (ASF) (http://www.apache.org) released an advisory warning that a patch issued in March for a zero-day vulnerability in Apache Struts up to version 2.3.16.1, did not fully patch the vulnerability, which may result in Remote Code Execution via ClassLoader manipulation (CVE-2014-0094), or DoS attacks (CVE-2014-0050).

[Apache] Struts is an extensible framework used for creating enterprise Java Web applications.

According to Apache, in Struts 2.3.16.1, an issue with ClassLoader manipulation via request parameters was supposed to be resolved [on March 2]....

Solange Deschatres | 15 Apr 2014 | 0 comments

Give an attacker a phish and he will steal some data. Teach an attacker to spear phish and he will steal data bases.

 

Among the wide diversity of threats facing the modern enterprise, targeted attacks are often the most troubling and difficult to defend against. Even companies with modern security infrastructure find it hard to detect and stop targeted attacks because hackers are taking advantage of the weakest security link: people. By crafting sophisticated and customized spear phishing e-mails or exploiting browsing behavior, attackers are finding it easier to breach networks by duping people rather than systems.

Email Campaigns.png

In fact, according to Symantec’s latest Internet Security Threat Report (ISTR), the number of targeted campaigns increased 91 percent in 2013...