Video Screencast Help

Security Response

Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Eric Park | 16 Apr 2014 12:58:18 GMT

A variation on the 419 email scam is being used by fraudsters to take advantage of couples desperate to adopt a child. Once they are carefully lured into a fake adoption process, the victims are then asked for money to cover legal and administrative fees.

While most recent 419 scams rely more on the naivety of victims than any ingenuity on the part of the spammer, some fraudsters are beginning to make more of an effort to directly communicate with the victim to secure their confidence. Their scams are well researched, convincingly presented and may borrow stories from real life to make their stories more authentic and better able to withstand a little scrutiny.

While fake adoption scams have been seen from time to time before, in this instance Symantec observed real life...

Eric Chien | 14 Apr 2014 13:50:04 GMT

While most of the focus on Heartbleed has been on vulnerable public websites, the bug affects much more than this. While most popular sites are no longer vulnerable, this does not mean that end-users can drop their guard.

Heartbleed equally affects client software such as Web clients, email clients, chat clients, FTP clients, mobile applications, VPN clients and software updaters, to name a few. In short, any client that communicates over SSL/TLS using the vulnerable version of OpenSSL is open to attacks. 

In addition, Heartbleed affects various other servers aside from Web servers. These include proxies, media servers, game servers, database servers, chat servers and FTP servers. Finally, hardware devices are not immune to the vulnerability. It can affect routers, PBXes (business phone systems) and likely numerous devices in the Internet of Things.

Attacking these software and...

Symantec Security Response | 12 Apr 2014 23:13:34 GMT

It has been now five days since details emerged regarding the “Heartbleed” vulnerability in OpenSSL. During this time we have been researching the impact of the vulnerability, tracking the patch states of popular websites, and monitoring attacks. So what have we learned?
 

Most popular sites are no longer vulnerable

We have been tracking the most popular websites to see which of them are currently vulnerable to Heartbleed. No website included in Alexa’s top 1000 websites is currently vulnerable. Within the Alexa top 5000 websites, only 24 websites are vulnerable. Overall, within the Alexa top 50,000 websites only 1.8 percent is vulnerable to Heartbleed. Based on this data, chances are that the websites most frequently visited by the average user are not affected by Heartbleed.

It is possible that your data may...

Dick O'Brien | 09 Apr 2014 18:18:41 GMT

A newly discovered vulnerability in OpenSSL, one of the most commonly used implementations of the SSL and TLS cryptographic protocols, presents an immediate and serious danger to any unpatched server. The bug, known as Heartbleed, allows attackers to intercept secure communications and steal sensitive information such as login credentials, personal data, or even decryption keys.

Heartbleed, or the OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability (CVE-2014-0160), affects a component of OpenSSL known as Heartbeat. OpenSSL is one of the most widely used, open source implementations of the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols.

Heartbeat is an extension to the TLS protocol that allows a TLS session to be kept alive, even if no real communication has occurred for some time. The feature will verify that both computers are still connected and available for...

PraveenSingh | 08 Apr 2014 18:24:52 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing four bulletins covering a total of 11 vulnerabilities. Seven of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-...

Kevin Haley | 08 Apr 2014 09:28:08 GMT

istrbanner.png

Once again, it’s time to reveal the latest findings from our Internet Security Threat Report (ISTR), which looks at the current state of the threat landscape, based on our research and analysis from the past year. Key trends from this year’s report include the large increase in data breaches and targeted attacks, the evolution of mobile malware and ransomware, and the potential threat posed by the Internet of Things. We’ll explore each of these topics in greater detail below.

The year of the mega data breach
While 2011 was hailed by many as the “Year of the Data Breach,” breaches in 2013 far surpassed previous years in size and scale. For 2013, we found the number of data...

Roberto Sponchioni | 07 Apr 2014 23:49:19 GMT

Windows PowerShell, the Microsoft scripting language, has made the headlines recently due to malware authors leveraging it for malicious purposes. Symantec has identified more PowerShell scripts being used for nefarious purposes in attacks. Unlike other PowerShell scripts that we have identified previously, the new script, which Symantec detects as Backdoor.Trojan, has different layers of obfuscation and is able to inject malicious code into “rundll32.exe” so that it can hide itself in the computer while still running and acting like a back door.

Powershell 1.png

Figure 1. The original Microsoft Windows PowerShell script

As seen from the previous...

Satnam Narang | 04 Apr 2014 14:56:45 GMT

Earlier this week, a large number of Twitter accounts were compromised and used by spammers to spread “miracle diet” spam. The compromised accounts included public figures, as well as average users of the social networking service.

Figure1_10.png
Figure 1. Twitter miracle diet spam

Déjà vu
Diet spam is quite common and can been found on various social networking sites and Twitter is no stranger to this problem. Over the years, we’ve seen many different campaigns try to capitalize on the latest miracle diet craze. In this particular case, spammers are trying to peddle garcinia cambogia extract through a page designed to look identical to the real Women’s Health website.

...

Joji Hamada | 03 Apr 2014 09:08:58 GMT

bankeiya_concept.png
In recent years, the Japanese Internet community has faced difficult times trying to combat financial Trojans such as SpyEye (Trojan.Spyeye) and Zeus (Trojan.Zbot). The number of victims affected and the amount of funds withdrawn from bank accounts due to compromises is increasing at an alarming rate. Just to give you an idea, according to the Japanese National Police Agency, the number of reported illegal Internet banking withdrawals jumped from 64 incidents in 2012 to 1,315 incidents in 2013. The loss in savings amounted to approximately 1.4 billion yen (US$ 14 million) in 2013, up from 48 million yen (US$ 480,000) in 2012.

More recently, the nation has also...

Orla Cox | 02 Apr 2014 13:59:50 GMT

Attacks are getting bigger and bolder and this calls for a new approach to cybersecurity. Cybercriminals have broadened their scope beyond conventional computer systems and now almost every connected device can be a target. 2013 was the year of the megabreach, where we witnessed some of the biggest data breaches of all time with over 500 million records exposed. Point of Sale terminals have been infected with malware in order to siphon off millions of credit card records. Attackers are even going one step further and using malicious code to steal cold hard cash. A recent piece of malware, Ploutus, allows criminals to use a mobile phone to get an ATM to spit out cash by sending a...