Symantec Intelligence

With contributions from Manoj Venugopalan, Senior Malware Analyst, Symantec

Introduction
A new day and a new zero day PDF exploit used in a Targeted attack which our Skeptic heuristic engine stopped. This one exploits a vulnerability in the 3D engine in Adobe Reader (CVE-2011-2462 http://www.adobe.com/support/security/advisories/a...) which is often used to display a 3D wire mesh object that you can rotate and view from all angles in real time. An architect might use it to mock up a plan for a building that the customer can view from within the PDF, very cool. However, the more functions you add to your software, the more chance there is to exploit the format.

Details
The targeted attack against Adobe Reader 9.4.6 on Windows was sent in 5 emails originally on the...

A wise man once said, “Whoever wishes to foresee the future must consult the past; for human events ever resemble those of preceding times.” (Machiavelli). Thus, looking back at the major cyber security trends of 2011 helps us gain perspective on what we can expect in the future. So, how would you describe the past year in cyber security and what trends do you think will continue to grow in 2012? A few thoughts come to my mind.

First, perhaps 2011 will be remembered as the year we saw the foundation laid for the successor of the infamous Stuxnet. Another thought is that 2011 will go down in history as the year of the mobile threat; after all the mobile malware movement finally began in earnest. Finally, maybe we’ll look back on 2011 as the year of targeted attacks; with a concerning number of compromised legitimate digital certificates involved.

We think these key themes from 2011 will continue to grow throughout 2012. Here’s a bit deeper look...

Do you know which of these Instant Messaging (IM) scenarios could put a company at risk and which are harmless? Have you (or someone you know) ever…

• Sent a file over IM to a coworker who needed it ASAP?
• Clicked on a link sent in IM by a colleague (i.e. “Hey I thought you might like this…”)?
• Griped to a coworker about how frustrating the day has been?
• Chatted with an ex-colleague to obtain a client list?

The rise of IM has undeniable benefits for business, but it poses a serious slew of security risks: Worms, Trojans, hackers and spim (IM spam), to name a few.

Symantec has developed a one-to-two minute survey to gauge how employees IM and how their IM habits might lure or detour cyber attacks. 

So, is IM the potential weak link in an organization’s security defense? We’ll keep you posted on what we find out.

We’d love to hear from you. Take our survey here, and...

It’s no secret that the proliferation of mobile devices in the workplace has added to the ongoing struggle between employees who want to use their mobile devices to access corporate data and the IT departments working to secure and control all of their business endpoints.

Employees demand access to corporate networks and data wherever they are with whichever device they’re using. At the same time, companies trying to keep up with that demand are under increasing pressure to comply with regulatory requirements, which in turn creates a challenge for IT departments to find ways to secure and manage mobile workers without interfering with how they get their jobs done.

To get a closer look at this challenge, Symantec partnered with IDG Research Services to sponsor a survey of IT security professionals at 115 organizations exploring the security and compliance risks associated with a growing mobile workforce.

There is no shortage of IT pros that believe...