Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
New Internet Explorer 8 Zero-Day Used in Watering Hole Attack
Symantec Security Response | 10 May 2013 20:08:22 GMT | 0 comments

Microsoft has issued Security Advisory 2847140 in response to reports regarding public exploitation of a vulnerability affecting Internet Explorer 8. Other versions such as Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected. Initial reports indicate that a website associated with a department of the US government was compromised to host the exploit in what’s known as a watering hole attack. Upon visiting the site a vulnerable victim would have been redirected to download a back door as the payload.  Symantec products detect the exploit code on the vulnerable site as Trojan.Malscript, Bloodhound.Exploit.494, or...

Read more
Google Glass and Tomorrow's Security Concerns
Symantec Security Response | 07 May 2013 23:17:04 GMT | 0 comments

If you haven’t heard, Google Glass, the latest gadget from the Silicon Valley giant, has set the media and tech world abuzz, with both admiration and controversy surrounding the device. Google Glass was released to the public last week and combines smartphone technology with wearable glasses that is reminiscent of something seen on Star Trek. Public, in this case, actually means beta testers (called Glass Explorers) who had to apply for the chance to purchase the spectacles in advance by writing a 50 word essay using the hashtag, #ifihadglass. Those chosen had the opportunity to purchase the device for $1,500 USD.

Along with the admiration of a device that appears to do everything, comes controversy.  The 8,000 individuals who were able to purchase the device were bound to a restrictive end user license agreement, in which the product would be deactivated and rendered...

Read more
Social Media and Hacktivism: Two Ideas Made for Each Other?
Hon Lau | 01 May 2013 04:17:08 GMT | 0 comments

In today’s connected world, many of us are members of at least one, if not more, social networking services. The influence and reach of social media enterprises, such as Facebook (more than 600M active users per month) and Twitter (more than 140M active users), is staggering and as communications tools they offer a global reach delivering almost instantaneous communications to huge multinational audiences. Social media is attractive for hacktivists because it is a forum for people on the Internet and where big discussions take place. Hijack a forum like this and you have an effective soapbox to get your message across. Hardly a day passes without news of another high profile breach by hacktivists and social media influencers are in the crosshairs. Are...

Read more
What’s in a Password?
Candid Wueest | 30 Apr 2013 05:38:39 GMT | 0 comments

Nearly every week now we can read about a data breach case somewhere, where millions of user accounts and potential other sensitive data has been compromised. Most people are not even shocked by such news anymore, as it is starting to become humdrum.

One of the most common attacks used in such breaches is an SQL injection. This attack has ranked first place on OWASPs Top 10 faults in Web applications for many years. There are several well-known methods to prevent SQL injections, but unfortunately it is still often encountered in productive sites. Furthermore, mis-configured Web servers and vulnerabilities in remote management tools can allow attackers to gain access to systems and read potentially sensitive files.

There has long been a heated discussion about how best to store passwords and that discussion is still ongoing. Most people agree that storing passwords in clear text in a database...

Read more
Save the Date: #ISTR Twitter Chat on Symantec Internet Security Threat Report
Symantec Security Response | 26 Apr 2013 14:52:47 GMT | 0 comments

Join Symantec Security Response experts Kevin Haley and Paul Wood on Twitter (using the #ISTR hashtag) on Tuesday, April 30, at 9 a.m. PT / 12 p.m. ET to chat about the key trends highlighted in Symantec’s recently released Internet Security Threat Report (ISTR), Volume 18.

The ISTR, which covers the major threat trends observed by Symantec in 2012, reveals a significant increase in cyberespionage attempting to gain access to confidential information and valuable intellectual property, and shows how criminal methods of obtaining this information are shifting. In fact, the largest growth area for targeted attacks in 2012 was businesses with fewer than 250 employees; 31 percent of all attacks targeted them, representing a threefold increase from 2011.

Mark your calendars to join the #ISTR chat and plan to discuss the latest attack vectors and techniques used by...

Read more
Microsoft Windows XP Support Also Ending in the Malware Community!?
Hiroshi Shinotsuka | 26 Apr 2013 12:29:58 GMT | 0 comments

Recently, I discovered a back door Trojan horse program (detected as Backdoor.Trojan) that does not work on Microsoft Windows XP. I would like to present some of the details of this threat, especially as the malware author encoded a special trick into the functionality of the Trojan. The trick appears to have been designed to allow the threat be used in targeted attacks.

The fseek function

In this threat, the author uses the fseek function, which is unusual as it is normally used to process data. For example, if the program reads 100 bytes of data from the top of the file, the fseek function process is used to move the 100 bytes.

Loop-clip_2.png

Figure 1. The fseek code trick used by the malware

However, in the...

Read more
Java Exploit CVE-2013-2423 Coverage
Lionel Payet | 24 Apr 2013 14:56:40 GMT | 0 comments

Java vulnerabilities have always been popular among cybercriminals (exploit kits authors) since they can work across multiple browsers and even multiple operating systems, the potential for infecting large numbers of users is very high.

On April 16, Oracle released its Java Critical Patch Update (CPU) for April 2013 that addressed vulnerabilities found in numerous supported products. Interestingly, one of the vulnerabilities, CVE-2013-2423, was publicly disclosed the following day and this was closely followed by a Metasploit proof of concept on April 20.

It didn’t take long for exploit kit authors to adopt this openly available vulnerability. We are currently seeing cases of Cool EK using this new Java vulnerability and we expect this exploit to be rolled out to other exploit kits.

The...

Read more
UK Government Offers Cash to Small Business to Beef Up Security
John-Paul Power | 23 Apr 2013 20:21:41 GMT | 0 comments

Small and medium enterprises (SMEs) in the UK are being offered up to £5,000 (approximately $7,600 USD) in order to improve their cybersecurity. The Innovation Vouchers scheme, being run by the government’s Technology Strategy Board, is designed to help businesses “innovate and grow” by funding outside expertise. The government has made available £500,000 ($762,600 USD) to SMEs that do not already have internal cybersecurity expertise and who are working with a new technology supplier for the first time.

Attacks targeted towards SMEs are on the increase. According to Symantec’s ...

Read more
2013 First Quarter Zero-Day Vulnerabilities
Dinesh Theerthagiri | 22 Apr 2013 21:39:35 GMT | 0 comments

In the first quarter of 2013, we spotted quite a few zero-day vulnerabilities affecting Oracle Java, Adobe Flash, Adobe Reader, and Microsoft Internet Explorer being exploited in the wild. This blog discusses the details of these zero-days exploited to spread malware in the first quarter of 2013.
 

Java zero-day vulnerabilities

t1.png

During the month of January 2013, we saw some interesting Oracle Java SE zero-day issues being actively exploited in the wild. On January 13, 2013, Oracle released a security alert for Oracle Java Runtime Environment Multiple Remote Code Execution Vulnerabilities (CVE-2013-...

Read more
Mobile Scam: Winning Without Playing
Candid Wueest | 19 Apr 2013 08:18:05 GMT | 0 comments

We have blogged before about mobile spam messages, and while email spam declined in the past year to around 66%, mobile spam—although not yet that prevalent—is now gaining ground.

Currently the “winning ticket” theme is making its rounds through central Europe. Eight friends of mine received it over the space of a few days and I am proud that none of them fell for it, even though some were sorely tempted. The message states that you have won two million pounds sterling with some numbers that you never selected, in a non-specified lottery that you have certainly never played. There are a lot of variations of this particular scam that we have observed over the years, with a range of different prizes including cars and holidays. Unfortunately, there is no money behind it—at least not for you—as of course if you never play the lottery, you will definitely...

Read more