Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Endpoint Protection Small Business Edition 12.x
Showing posts in English
SebastianZ | 13 Mar 2014 | 0 comments

Symantec Help (SymHelp) is a diagnostic utility used to help automate support for multiple Symantec products.  SymHelp features a new utility, the Threat Analysis Scan, that can help to identify suspicious files on a system.  This new feature replaces the previously known Load Point Analysis and Power Eraser tools.

Use the Threat Analysis Scan when you believe there might be malware on a system but security software is either unable to detect it or to remediate it. The Threat Analysis Scan can help to identify the following types of malware

  • New variants of existing threats that are not detected by the current definition sets
  • Fake antivirus applications and other rogueware
  • Rootkits
  • System settings that have been tampered with maliciously

Because the Threat Analysis Scan uses aggressive heuristics to detect these threats, there is a risk that...

Brian Burch | 25 Feb 2014 | 0 comments

Over the next few weeks, 23 million small businesses will file their taxes.[1]  While many of these companies are investing time and money to identify their 2013 tax deductions,  most don’t realize that small businesses like theirs are being identified as online targets—an oversight that could result in devastating financial loss for their business.  And at tax time, small businesses are especially lucrative targets for cybercriminals, particularly in the BYOD era where work and personal data is accessed on the same device, including bank records and sensitive emails.

In today’s interconnected world, organized crime syndicates utilize a variety of malicious tax-themed scams designed to lure victims and steal important financial information. For example, Symantec has detected a rise in tax-season-specific ‘phishing’ scams—referring to the attempted theft of sensitive information such as usernames, passwords, or...

SebastianZ | 25 Feb 2014 | 0 comments

Apple released a security update of iOS 7.0.6 - details as follows:

---------

Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

CVE-ID-> CVE-2014-1266:

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary private...

SebastianZ | 11 Feb 2014 | 0 comments

Microsoft Security Bulletin

On Tuesday the 11th of February Microsoft released the monthly Security Bulletin Summary for February 2014. The summary includes 7 Security Bulletins - 4 are classified as critical; 3 as important:

 

  • MS14-010    Cumulative Security Update for Internet Explorer (2909921)

Vulnerability impact: Critical - Remote Code Execution
Affected Software:
Microsoft Windows, Internet ExplorerSumamry

  • MS14-011    Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

Vulnerability impact: Critical - Remote Code Execution
Affected Software: Microsoft Windows

  • MS14-007    Vulnerability in Direct2D Could Allow Remote Code Execution...
SebastianZ | 27 Jan 2014 | 0 comments

Spoofed websites for popular social apps have been observed for some time now - recent reports from Malwarebytes show that one of the most popular mobile app - WhatsApp has been targetted recently as well.

The particular site at question aimed at Russian speakers and offered app download for broad scope of mobile devices - IOS, Android, Windows Phone and Blackberry. The site was resambling the legitimate website quite a bit with lot of code scrambled from the oficial website. The unsuspecting users downloading the application would get infected by variant of Android SMS Trojan that once installed would start sending text messages to premium rate numbers.

 

Reference:

Spoofed Whatsapp site delivers polymorphic SMS Trojan
http://www.net-security.org/malware_news.php?id=2687...

SebastianZ | 15 Jan 2014 | 2 comments

Microsoft Security Bulletin

On Tuesday the 14th of January Microsoft released the monthly Security Bulletin Summary for January 2014. The summary includes 4 Security Bulletins that cover altogether 6 CVEs - all are classified as important:

 

  • MS14-001    Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)

Vulnerability impact: Remote Code Execution
Word Memory Corruption Vulnerability    CVE-2014-0258
Word Memory Corruption Vulnerability    CVE-2014-0259
Word Memory Corruption Vulnerability    CVE-2014-0260

  • MS14-002    Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)

Vulnerability impact: Elevation of Privilege
Kernel NDProxy...

SebastianZ | 10 Jan 2014 | 0 comments

January 9, 2014 - Symantec has posted SYM14-001 Security Advisories relating to Symantec Products - Symantec Endpoint Protection Privilege Assumption, Policy Bypass, Local Elevation of Privilege. This is medium severity vulnerability. Detailed information about the vulnerabilities and what SEP builds are affected can be found at:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00

 

The vulnerabilities have been already resolved in latest releases of Symantec Endpoint Protection. Additionally as part of standard best practices it is advised to update to the latest version possible, keep all operating systems with...

SebastianZ | 09 Jan 2014 | 3 comments

As per Microsoft Support Lifecycle Policy both Windows XP SP3 and Office 2003 will reach end of support on April 8, 2014. The end of support means that after this date there will be no new security updates, non-security hotfixes or patches for both those products available. Technical support for XP from Microsoft will also not be available any more. Running XP SP3 (or lower) and Office 2003 after the end of support date may expose the company to potential security and compliance risks. Worth consideration is also fact that aside of vulnerable system it is expected for several third party software vendors to stop support of their applications on XP Platform after April 2014 as well - this ads additional danger of vulnerable applications and multiplies the possible infection vectors.

For Symantec Endpoint Protection customers running SEP 11.x and 12.1 on XP platform - Symantec will continue releasing definitions for all so...

SebastianZ | 08 Jan 2014 | 0 comments

In a recent "sticky" thread on Battle.net forums a new threat targetting WOW players has been reported. The Trojan "Disker" is able to compromise even the accounts using Authenticator Protection. It steals both the account credentials and Authenticator password. To verify if the machine has been compromised with the trojan it is advised to create a MSinfo file and check in it for following entries in the Startup programs section:

Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup

Trojan originates from a fake Curse website offering malicious Curse clients for downloads - the website itself was popping-up recently on major search engines while looking for "curse client" phrase.

Blizzard advises to report any compromised account directly alongside of information regarding installed addons or plugins...

SebastianZ | 08 Jan 2014 | 0 comments

It appears so. Zeroaccess botnet responsible for infecting around 2 million computers worldwide was targeted at making money through pay-per click advertising. It is also known it was able to download other threats like misleading applications on the compromised machines. It would download additional software in order to mine bitcoin currency. While the malicious activity was in progress the Trojan.Zeroaccess would hide itself with help of very advance rootkit.

Already in July 2013 Symantec Security Response Engineers managed to "sinkhole" over 25% botnet machines following an extensive study on finding out the ways of bots communication. Making use of a weakness in Zeroaccess P2P mechanism ca. 500k machines were freed from the botnet. In the meantime the botnet creators distributed a new version of Zeroaccess that addressed the...