Video Screencast Help

Security Community Blog

Showing posts in English
SebastianZ | 08 Jan 2014 | 0 comments

It appears so. Zeroaccess botnet responsible for infecting around 2 million computers worldwide was targeted at making money through pay-per click advertising. It is also known it was able to download other threats like misleading applications on the compromised machines. It would download additional software in order to mine bitcoin currency. While the malicious activity was in progress the Trojan.Zeroaccess would hide itself with help of very advance rootkit.

Already in July 2013 Symantec Security Response Engineers managed to "sinkhole" over 25% botnet machines following an extensive study on finding out the ways of bots communication. Making use of a weakness in Zeroaccess P2P mechanism ca. 500k machines were freed from the botnet. In the meantime the botnet creators distributed a new version of Zeroaccess that addressed the...

SebastianZ | 02 Jan 2014 | 0 comments

Last week Trend has reported about a new variant of Cryptolocker worm. In Trend Micro terminology -> WORM_CRILOCK.A (http://about-threats.trendmicro.com/us/malware/worm_crilock.a) - this is being detected by Symantec as Trojan.Cryptolocker.B (http://www.symantec.com/security_response/writeup.jsp?docid=2013-122312-5826-99). In a difference to previous variants of Cryptolocker this particular variant spreads over removable devices. Another significant difference is that it does not rely on a malware downloader routine any more to infect the systems but instead works as activator for software like Office or Adobe Photoshop in P2P sites.

 

Reference:
New...

Brandon Noble | 30 Dec 2013 | 2 comments

I guess we need to face it. Sality is here to stay.

We have been dealing with new Sality variants for more than 8 years and the Sality.AE family for a little over 5…the variants keep coming. It has become one of the most common file infectors reported by Enterprise customers. With its ability to move through shares and disable AV, it’s one of the most destructive and tricky threats we have out there. That said, it’s not too hard to stop, provided you have two things. The first is an understanding of how it spreads and infects, the second is a willingness to mount the proper defense while you seek out the hidden pockets of this threat and eradicate it.

So, first things first. How does it spread?

This is a file infector and it can only spread through shares. Its uses two methods, I refer to as a “Push” and a “Pull” to infect. Managing these attacks will keep the threat from spreading to more computers.

 

...

Mithun Sanghavi | 23 Dec 2013 | 0 comments
Release Updates (RUx) typically contain a significant number of fixes and may include feature-work or enhancements.  The current Release Update is considered the latest release of the product and is the appropriate version for most customers performing a new install or upgrading from an earlier release or build of the product.
 
Maintenance Patches (RUx MPx) contain a small number of fixes for specific customer issues and are based on a specific RU.  MPs can only be applied against the specific Release Update upon which they are based, e.g., RU6 MP1 can only be applied against RU6.  Maintenance Patches are appropriate for customers experiencing an issue that is resolved in the Maintenance Patch.

RTM - Release To Manufacturing

MR - Maintenance Release (Now replaced by the term "RU")

RU - Release Update...

Teresa Law | 19 Dec 2013 | 0 comments

Symantec Data Loss Prevention (DLP), a Leader in the Gartner Magic Quadrant for Content-Aware DLP, helps protect companies from malicious insiders and well-meaning employees.

Philip Routley | 15 Dec 2013 | 0 comments

Time to Get Serious about Endpoint Security

 

Time. Whatever business you’re in, there’s just never enough of it. That’s why today’s host of computing devices are so invaluable to small businesses where agility, flexibility, fast turn-round times and lightning-quick responses are vital to success and survival.

Home, hotel, café, client site – with laptops, tablets and other mobile technologies now complementing the ‘traditional’ desktop, anywhere is good if you need to get busy, get an answer, get creative or simply get in touch.

But the many benefits of the endpoint explosion come with a health warning. And that’s because endpoint security poses a potential minefield that every small business needs to detect and defuse effectively.

 

ENDLESS ENDPOINTS – WHAT YOU NEED TO KNOW

Any endpoint used by any employee is a possible weak spot in your network – a potential route in for malware, a...

Symantec Corp. | 04 Dec 2013 | 0 comments

by Vivian Tero, Data Center Security & Compliance, Information Security Group, Symantec Corp.

Today, the notion of “supply chain” has gone beyond the traditional physical flow of goods and services to include the flow of data across the business ecosystem.   In the digital supply chain, data is the valuable asset that must be protected, shared securely, managed and archived according to corporate, regulatory and legal mandates.   In this world of highly digitized services, businesses increasingly realize that one may outsource activities to a third party but they are still held accountable, not only for their own activities, but also for their suppliers and business partners.  In regulated industries, a third- or fourth-party vendors’ lack of accountability to regulators may leave a business exposed to civil and even criminal penalties.   As the threat landscape continues to evolve, the onus is, therefore, on...

captain jack sparrow | 03 Dec 2013 | 0 comments

can transmit information between computers using high-frequency sound waves inaudible to the human ear. The duo successfully sent passwords and more between non-networked Lenovo T400 laptops via the notebooks’ built-in microphones and speakers. Freaky-deaky!
The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached.

ref:
http://www.pcworld.com/article/2068525/researchers...

DomSYMC | 02 Dec 2013 | 3 comments

In our constant endeavor to provide a better experience for our customers, we are in the process of updating our Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) infrastructure.

The upgrade for CRL lists has been transitioned and implemented on May 06, 2013. With the OCSP list undergoing an upgrade by January 13, 2014.

Here’s how you’ll benefit

  • Faster response time – CRL/OCSP requests will be served from the closest location to the user with dramatically improved average response times.
  • 100+ additional new sites – more sites handling CRL/OCSP requests mean improved availability and reliability all over the globe.

More information and best practices for updating any firewall policies and/or access control devices for this transition for both CRL and OCSP lists can be found referencing our knowledge base articles below.

...

InsentraCameronM | 30 Nov 2013 | 0 comments

This Symantec Encryption Desktop howto covers the following topics:
-Download and install
-Reviewing Your Keys in SED
-Export Your Public Key
-Import Your Public Key
-Encrypt a file
-Decrypt a file