Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Cyber Security Group
Showing posts in English
MSS Global Threat Response | 03 Jun 2014 | 0 comments

Symantec MSS Threat Landscape Update – Gameover Zeus/Cryptolocker Takedown




Today, June 2nd 2014, Symantec’s Security Response team released a blog detailing the takedown of two of the most notorious financial fraud malware to date; Cryptolocker and the Gameover Zeus variant. The takedown was an international collaboration between agencies such as the FBI, UK’s National Crime Agency and other law enforcement agencies. Symantec, among other private sector companies, assisted the FBI in seizing a large portion of the malicious infrastructure.


Matt Sherman | 29 May 2014 | 0 comments

Without digging too far into the works of Shakespeare and by horrendously over-simplifying matters, there is a pair of characters from “Hamlet” that I would like to use as a tortured analogy. They are Rosencrantz and Guildenstern, and things do not go well for them at all.

These two characters are old college friends of the Prince Hamlet and are summoned by the King and Queen to come and look in on their friend who is having a bad time as of late. This, being a Royal summons, they show up because that’s what you do. After meeting up with Hamlet, these two characters note that Hamlet is a bit out of sorts (perhaps this has to do with his father dying recently and his mother marrying his uncle?). After Hamlet kills somebody, Rosencrantz and Guildenstern are requested to embark on a road-trip with the Prince and a note. It’s a request they honor because that’s what you do at the request of the Royals. The Prince makes some small changes to the note because Princes do that type...

James Hanlon | 16 May 2014 | 1 comment

For enterprises, these are testing times in the extreme. Never have IT departments – and the businesses that they support – been more exposed than they are today.

IT departments are challenged at every turn – with pressure from business leaders asking “is the business safe from cyber attacks?”; rapidly evolving IT estate complexity, including mobile rollouts, new cloud deployments and emerging software-defined data centres. IT relies heavily on its security teams, who are left to deal with disconnected security architectures and struggle with underfunding, and often a lack of incident investigation resources to be able to deal effectively with the waves of security incidents.

The thing is that attackers know this and are constantly seeking to extend their reach into the very fabric of the IT operations. As a result, many organisations are left vulnerable and at risk.

And it’s the nature of the attacks that are causing most consternation. Today’s assailants are...

Solange Deschatres | 01 May 2014 | 0 comments

Number of Vulnerabilities - Blog Post 2.PNG


With so much of today’s business conducted over the Internet, websites are a prime target for cybercriminals. Although the Web attacks used are often relatively well-known, protecting against them remains elusive for many companies and they’re still a common source of compromise. The complexity of the Web, compounded with holes in the infrastructure, makes many websites vulnerable, and the threat is only increasing. According to Symantec’s latest Internet Security Threat Report there were 6,787 vulnerabilities disclosed in 2013, compared with 5,291 in 2012. Even more concerning, one in eight sites had critical, unpatched, known vulnerabilities, with 67 percent of web sites used to distribute malware identified...

Vince Kornacki | 01 May 2014 | 0 comments

Today marks the one month anniversary of the devastating Heartbleed vulnerability. Specifically, one month ago today Google first notified the OpenSSL development team of the vulnerability. From the start CVE-2014-0160 was not just another software vulnerability. No, this one was big. A vulnerability of epic proportion. Who would've thought that a simple buffer over-read could threaten to undermine the security of the Internet?  As you know by now, Heartbleed allows attackers to read 64KB of server memory. What exactly is contained in that 64KB of server memory? Well that's a little random. Depending on the location of the heartbeat payload within server memory, the leak could reveal cryptographic keys, usernames and passwords, email messages, and a multitude of other sensitive information. How could this possibly happen? Looking back, a series of cascading failures is to blame.

MSS Global Threat Response | 28 Apr 2014 | 1 comment



On April 26th 2014, Microsoft released a security advisory (2963983) for a zero-day vulnerability in Internet Explorer (CVE-2014-1776).  Exploitation of the vulnerability is reportedly being used in limited, targeted attacks.  The vulnerability exists in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.  There is currently no patch available for this vulnerability and Microsoft did not provide a release date for a patch...

MSS Global Threat Response | 28 Apr 2014 | 0 comments

Emerging Threat:  Apache Struts Zero-Day (CVE-2014-0050, 0094) DoS and Remote Code Execution Vulnerability



On April 24, 2014, the Apache Software Foundation (ASF) ( released an advisory warning that a patch issued in March for a zero-day vulnerability in Apache Struts up to version, did not fully patch the vulnerability, which may result in Remote Code Execution via ClassLoader manipulation (CVE-2014-0094), or DoS attacks (CVE-2014-0050).

[Apache] Struts is an extensible framework used for creating enterprise Java Web applications.

According to Apache, in Struts, an issue with ClassLoader manipulation via request parameters was supposed to be resolved [on March 2]....

Solange Deschatres | 15 Apr 2014 | 0 comments

Give an attacker a phish and he will steal some data. Teach an attacker to spear phish and he will steal data bases.


Among the wide diversity of threats facing the modern enterprise, targeted attacks are often the most troubling and difficult to defend against. Even companies with modern security infrastructure find it hard to detect and stop targeted attacks because hackers are taking advantage of the weakest security link: people. By crafting sophisticated and customized spear phishing e-mails or exploiting browsing behavior, attackers are finding it easier to breach networks by duping people rather than systems.

Email Campaigns.png

In fact, according to Symantec’s latest Internet Security Threat Report (ISTR), the number of targeted campaigns increased 91 percent in 2013...

Jeannie Warner | 09 Apr 2014 | 0 comments

The number of spear-phishing campaigns grew a dramatic 91 percent in 2013 according to this year’s Internet Security Threat Report. With cyber attacks, it’s not a matter of if, but when an attack will occur. Without complete visibility into your environment and the current threat landscape, it’s easy to be blindsided by an attacker and have security incidents to go undetected. Organizations need to build a cyber-resilient strategy to protect sensitive data from targeted attacks and advanced persistent threats.

social-intelligence-blog.png What are Advanced Persistent Threats?

An advanced persistent threat (APT) is a targeted attack that uses multiple phases to break into a network, avoid detection, and harvest valuable information over the long term. The fact that APTs are often aimed at...

MSS Global Threat Response | 07 Apr 2014 | 0 comments

While news of the downfall of the Blackhole Exploit Kit (often referred to as “BHEK”) isn’t new, its rise and subsequent collapse is the stuff of internet crime legend. Originally appearing in late 2010, the Blackhole Exploit Kit rose to popularity due to its ease of use and overall effectiveness. Version 1 BHEK quickly became the de facto standard among exploit kits, wreaking havoc throughout 2011 and spawning a subsequent version 2 in late 2012. After the alleged creator of the BHEK, a Russian man known by the handle “Paunch”, was arrested by Russian authorities in October of 2013, a marked downturn of BHEK activity was observed by Symantec MSS. A second lesser known exploit kit named “Cool EK”, supposedly authored by Paunch as well, suffered a similar fate. Both kits have all but disappeared from widespread use on the internet by the end of 2013, with only a small number of holdouts (existing campaigns or old infrastructure) still employing them. This post is meant to highlight...