Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
SebastianZ | 29 Jan 2014 | 0 comments

Data Privacy Day led by National Cyber Security Alliance being held in the United States and Canada on 28 January 2014 alongside of the Data Protection Day celebration in Europe. The purpose of Data Privacy day is to raise awareness and promote data privacy education. For those not able to attend - there is a free stream recording available at: http://www.ustream.tv/staysafeonline

- See more at: http://www.staysafeonline.org/data-privacy-day/about

SebastianZ | 27 Jan 2014 | 1 comment

Fortinet’s FortiGuard Labs has published a very interesting whitepaper about 10 years anniversary of mobile malware. According to the study mobile malware is evolving quite rapidly - only in 2013 researchers of FortiGuard have see more than 1300 new malicious applications per day with up to 400.000 malicious applications in total.

The whitepaper goes back up to 2004 and the first mobile worm - Cabir (infecting Nokia phones) up to year 2013 and arrival of first Ransomware for Android devices - FakeDefend.

Reference:
The World’s First Mobile Malware Celebrates its 10th Birthday
http://www.fortinet.com/resource_center/whitepapers/10th-anniversary-of-first-mobile-malware.html

...

SebastianZ | 27 Jan 2014 | 0 comments

Spoofed websites for popular social apps have been observed for some time now - recent reports from Malwarebytes show that one of the most popular mobile app - WhatsApp has been targetted recently as well.

The particular site at question aimed at Russian speakers and offered app download for broad scope of mobile devices - IOS, Android, Windows Phone and Blackberry. The site was resambling the legitimate website quite a bit with lot of code scrambled from the oficial website. The unsuspecting users downloading the application would get infected by variant of Android SMS Trojan that once installed would start sending text messages to premium rate numbers.

 

Reference:

Spoofed Whatsapp site delivers polymorphic SMS Trojan
http://www.net-security.org/malware_news.php?id=2687...

The Conquistador | 24 Jan 2014 | 1 comment

Here is how I corrected this

Baseline Filtering Engine service issue.

Good day everyone, here are the steps that worked for me with the BFE issue.

Error Code 0x80070424 with Windows Firewall and "Base Filtering Engine Service" Not available in services database list.

 

danma_

danma_

13,009 Points 10 3 3

Recent Achievements

Ratings Board President Blog Party Starter New Wiki Editor

View Profile

26 Dec 2011 11:44 PM

  • Comments 261
  • ...
Jesper_Mathiasson | 17 Jan 2014 | 0 comments
There are too many service requests that are handled manually and spread across multiple systems, which are repeatable and are using several approval steps. That makes the service delivery both time consuming and cost inefficient. 
 
Zitac SEP Process Automation creates the right possibilities to make the SEP administration more efficient and increase the end user experience without affecting security. Zitac has today created a number of predefined automated processes that easily can be integrated in your environment with focus on:
 
  • Secure delegation of the SEP administration based on user or group specific needs
    - Firewall policies
    - Situation based policies. For example to allow USB connected storage devices
  • Manage Virus outbreaks by predefined automated processes
    - SMS alerts
     
  • SEP Group administration
    - In...
SebastianZ | 15 Jan 2014 | 2 comments

Microsoft Security Bulletin

On Tuesday the 14th of January Microsoft released the monthly Security Bulletin Summary for January 2014. The summary includes 4 Security Bulletins that cover altogether 6 CVEs - all are classified as important:

 

  • MS14-001    Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)

Vulnerability impact: Remote Code Execution
Word Memory Corruption Vulnerability    CVE-2014-0258
Word Memory Corruption Vulnerability    CVE-2014-0259
Word Memory Corruption Vulnerability    CVE-2014-0260

  • MS14-002    Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)

Vulnerability impact: Elevation of Privilege
Kernel NDProxy...

SebastianZ | 10 Jan 2014 | 0 comments

January 9, 2014 - Symantec has posted SYM14-001 Security Advisories relating to Symantec Products - Symantec Endpoint Protection Privilege Assumption, Policy Bypass, Local Elevation of Privilege. This is medium severity vulnerability. Detailed information about the vulnerabilities and what SEP builds are affected can be found at:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00

 

The vulnerabilities have been already resolved in latest releases of Symantec Endpoint Protection. Additionally as part of standard best practices it is advised to update to the latest version possible, keep all operating systems with...

SebastianZ | 09 Jan 2014 | 3 comments

As per Microsoft Support Lifecycle Policy both Windows XP SP3 and Office 2003 will reach end of support on April 8, 2014. The end of support means that after this date there will be no new security updates, non-security hotfixes or patches for both those products available. Technical support for XP from Microsoft will also not be available any more. Running XP SP3 (or lower) and Office 2003 after the end of support date may expose the company to potential security and compliance risks. Worth consideration is also fact that aside of vulnerable system it is expected for several third party software vendors to stop support of their applications on XP Platform after April 2014 as well - this ads additional danger of vulnerable applications and multiplies the possible infection vectors.

For Symantec Endpoint Protection customers running SEP 11.x and 12.1 on XP platform - Symantec will continue releasing definitions for all so...

SebastianZ | 08 Jan 2014 | 0 comments

In a recent "sticky" thread on Battle.net forums a new threat targetting WOW players has been reported. The Trojan "Disker" is able to compromise even the accounts using Authenticator Protection. It steals both the account credentials and Authenticator password. To verify if the machine has been compromised with the trojan it is advised to create a MSinfo file and check in it for following entries in the Startup programs section:

Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup

Trojan originates from a fake Curse website offering malicious Curse clients for downloads - the website itself was popping-up recently on major search engines while looking for "curse client" phrase.

Blizzard advises to report any compromised account directly alongside of information regarding installed addons or plugins...

SebastianZ | 08 Jan 2014 | 0 comments

It appears so. Zeroaccess botnet responsible for infecting around 2 million computers worldwide was targeted at making money through pay-per click advertising. It is also known it was able to download other threats like misleading applications on the compromised machines. It would download additional software in order to mine bitcoin currency. While the malicious activity was in progress the Trojan.Zeroaccess would hide itself with help of very advance rootkit.

Already in July 2013 Symantec Security Response Engineers managed to "sinkhole" over 25% botnet machines following an extensive study on finding out the ways of bots communication. Making use of a weakness in Zeroaccess P2P mechanism ca. 500k machines were freed from the botnet. In the meantime the botnet creators distributed a new version of Zeroaccess that addressed the...