Video Screencast Help

Managed Security Services Blog

Showing posts in English
MSS Global Threat Response | 19 Feb 2014 | 0 comments

EXECUTIVE SUMMARY:

FireEye published a blog on a new unpatched vulnerability in Microsoft Internet Explorer 10 (CVE-2014-0322) being exploited in the wild on 2/14/2014. The compromised website (vwg[.]org) was injected with an iframe that redirects the user to the attacker’s malicious page, which then runs a Flash file. The Flash file contains shell code and it downloads a PNG file from a remote site upon successful execution of the IE vulnerability. The PNG file has a DLL and EXE embedded at the bottom. The DLL launches the EXE which is the payload.

Data uncovered during Symantec investigation suggests a connection between this attack and the malicious actors known to Symantec as Hidden Lynx. The data indicates the same infrastructure is being leveraged as found in a previous attack by this group who used...

MSS Global Threat Response | 10 Feb 2014 | 0 comments

EXECUTIVE SUMMARY:

Credit and debit card data theft is one of the earliest forms of cybercrime and persists today. Cybercrime gangs organize sophisticated operations to steal vast amounts of data before selling it in underground marketplaces. Criminals can use the data stolen from a card’s magnetic strip to create clones. It’s a potentially lucrative business with individual cards selling for up to $100.

There are several routes attackers can take to steal this data. One option is to gain access to a database where card data is stored.  Another option is to target the point at which a retailer first acquires that card data – the Point of Sale (POS) system.

Modern POS systems are specially configured computers with sales software installed and are equipped with a card reader. Card data can be stolen by installing a device onto the card reader which can read the data off the card’s magnetic strip. This is a process known as “skimming”. As...

Jeannie Warner | 07 Jan 2014 | 1 comment

You spoke up, we listened! We know that information is only as useful as it is easy to find, access, and use – especially security intelligence. It’s our goal to continue to make it easier for the right team members to get the right information quickly. Thanks to input from our faithful customers, we have added the following new functionality to the DeepSight portal:

  • Groups – now user administrators can create groups within their organization, assign vulnerabilities to people within those groups, and create reports by individuals within the group to improve the activity tracking
  • ‘Cloning’ a current account – to save time in setup for a new user, customers can now clone an existing account with all the privileges of another user, and then simply specify the contact information
  • Introducing workflow tracking– when a user wants to assign alerts and review the activity on that alert, we can now track and report on this functionality throughout the...
MSS Global Threat Response | 06 Jan 2014 | 0 comments

Since the 14th of December, the SOC has noticed a substantial increase in the quantity of PHP code inclusion attacks against MSS customers. Specifically, attempts to compromise and infect internet facing webservers by injecting malicious PHP code have been observed. While the primary vulnerability being targeted (CVE-2012-1823) isn’t new, a significant uptick in attempts to exploit it is worthy of note. Proof of concept exploit code has been publically available for some time. At this time, it appears that only Linux webservers running out of date versions of PHP are vulnerable.

php-attack-blog-1.png

At the time of this post, more than sixty SOC customers have been affected by these exploit attempts. There is no clear correlation between this activity and any individual industry vertical, with customers in health, financial, telecommunications, local government, and more being...

MSS Global Threat Response | 07 Nov 2013 | 0 comments

EXECUTIVE SUMMARY:

Who:  Anonymous - a politically motivated group of hacktivists (mostly US and UK based).

What:  Multiple Operations have been named by various groups, the primary two are OpNov5th and OpVendetta.  These Operations may involve Denial of Service and website defacement attacks directed at Government facilities around the world.

When:  Circa November 5th 2013.

Why:  November 5th is the anniversary for activists and hacktivists to gather online and in public to protest Government.  It is known to Anonymous members as “Guy Fawkes day”.

THREAT DETAILS:

Members of the hacktivist group Anonymous, based out of the US and the UK, have publicly stated they will target "all" government facilities across the globe in support of the ‘Occupy’ movement.  Anonymous calls this a day of "global civil...

MSS Global Threat Response | 03 Oct 2013 | 0 comments

EXECUTIVE SUMMARY:

On Monday September 30, 2013, an article was posted on the Symantec Security Response blog detailing Symantec’s efforts at sinkholing 500,000 of the bots belonging to the ZeroAccess botnet. As of August 2013, the botnet is one of the largest in existence today with a population in upwards of 1.9 million computers. ZeroAccess uses peer-to-peer (P2P) as its command-and-control (C&C) communications mechanism.

In March of this year, Symantec security engineers began to study the mechanisms used by ZeroAccess bots to communicate with each other in an attempt to determine if they could be sinkholed. On June 29, they observed a new version of ZeroAccess being distributed through the P2P network. The updated version addressed the design flaw that made the botnet vulnerable to being sinkholed. However, Symantec was still successful in sinkholing a large portion of the botnet.

On July 16, Symantec began sinkholing...

Jeannie Warner | 18 Sep 2013 | 1 comment

EXECUTIVE SUMMARY:

On Tuesday September 17, 2013, Symantec’s Security Response organization published a whitepaper report on Hidden Lynx, a Chinese APT group of professional hackers with advanced capabilities.  Evidence suggests that Hidden Lynx is a Chinese state sponsored hacker group with affiliations to “Operation Aurora”.  This group was responsible for the compromise of security firm Bit9’s digital code-signing certificate, used to sign 32 pieces of malware.  They have been involved in a number of operations over the last four years. 

The group offers a “hackers for hire” operation that is tasked with retrieving information from a wide range of corporate and government targets.  They are a highly efficient team who can undertake multiple campaigns at once, breach some of the world’s best-protected organizations, and can quickly change their tactics to achieve their goal. 

They usually...

Symantec Corp. | 12 Aug 2013 | 0 comments

By Brian Dunphy, senior director, product management, Symantec Managed Security Services

In the current business climate, organizations that need to process, store or transmit credit card data are most likely familiar with the Payment Card Industry Data Security Standard or PCI DSS. This standard specifies the security controls needed to keep credit card data safe and secure during transit, processing, and storage. PCI DSS requires organizations to build and maintain a secure network, protect cardholder data, implement strong security measures, maintain a vulnerability management program and an information security policy, and test and monitor networks on a regular basis.

Today, we’re pleased to announce that Symantec Managed Security Services (MSS) is now a PCI DSS-certified service provider. While MSS is not a...

Tim G. | 11 Mar 2013 | 0 comments

The DeepSight Next Generation Portal Preview is live for all DeepSight Subscribers.

https://preview.deepsight.symantec.com

In the email that was sent there is a survey link that product management is using to collect feedback from users for continuous improvement.

Please log in and take a look around.  The new portal will be going live soon, so be prepared for these changes.

 

 

Mark Guntrip | 08 Dec 2011 | 0 comments

Everyone strives to be the best they can, whether that’s in personal or business life, but it’s always nice when someone gives you a pat on the back and confirms that you are at the top of your game – and that’s just what has happened to Symantec Managed Security Services (MSS), not just once, but three times!

Symantec MSS has been positioned by Gartner Inc. in the Leaders Quadrant of the 2011 Magic Quadrant for Managed Security Service Providers (MSSPs) North America report1. In addition, Symantec received “Strong Positive” ratings in Gartner’s MarketScope Reports for Managed Security Services in both Europe2 and Asia/Pacific3.

The point to take away here is that Symantec MSS is the only vendor to take the highest level of appraisal in each geographical report – the only vendor with a global leadership position.

...