Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Symantec Security Response | 28 Apr 2014 18:49:13 GMT

Adobe has published a Security Bulletin for the Adobe Flash Player CVE-2014-0515 Buffer Overflow Vulnerability (CVE-2014-0515). The new Security Bulletin, APSB14-13, identifies a buffer overflow vulnerability that affects various versions of Adobe Flash Player across multiple platforms. Exploitation of this critical vulnerability could allow an attacker to remotely execute arbitrary code. Adobe has acknowledged that exploitation of the vulnerability has been reported in the wild. Further details indicate it has been used in targeted attacks.

Per the bulletin, the following versions of Adobe Flash Player are vulnerable:

  • Adobe Flash Player 13.0.0.182 and earlier versions for Windows
  • Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh
  • Adobe Flash Player 11.2.202.350 and earlier...
Christian_Tripputi | 27 Apr 2014 12:14:01 GMT

zero_day_IE_concept.png

Symantec is aware of reports of a zero-day vulnerability, Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776), that affects all versions of Internet Explorer.

Microsoft released a security advisory on a vulnerability in Internet Explorer that is being leveraged in limited targeted attacks. There is currently no patch available for this vulnerability and Microsoft has not, at the time of writing, provided a release date for one.

Our testing confirmed that the vulnerability crashes Internet Explorer on Windows XP. This will be the first zero-day vulnerability that will not be patched for Windows XP users, as Microsoft ended support for the...

Lionel Payet | 23 Apr 2014 08:23:21 GMT

Contributor: Andrea Lelli

Operation Francophoned, first uncovered by Symantec in May 2013, involved organizations receiving direct phone calls and spear phishing emails impersonating a known telecommunication provider in France, all in an effort to install malware and steal information and ultimately money from targets. 

This highly targeted dual-pronged attack has proven to be very persistent in the French speaking world. Keeping a close eye on the Francophoned campaign, Symantec observed a resurgence in October 2013 and, early this year, witnessed some changes to the social engineering attack including the use of new malware.
 

Figure1.png...

Eric Park | 16 Apr 2014 12:58:18 GMT

A variation on the 419 email scam is being used by fraudsters to take advantage of couples desperate to adopt a child. Once they are carefully lured into a fake adoption process, the victims are then asked for money to cover legal and administrative fees.

While most recent 419 scams rely more on the naivety of victims than any ingenuity on the part of the spammer, some fraudsters are beginning to make more of an effort to directly communicate with the victim to secure their confidence. Their scams are well researched, convincingly presented and may borrow stories from real life to make their stories more authentic and better able to withstand a little scrutiny.

While fake adoption scams have been seen from time to time before, in this instance Symantec observed real life...

Eric Chien | 14 Apr 2014 13:50:04 GMT

While most of the focus on Heartbleed has been on vulnerable public websites, the bug affects much more than this. While most popular sites are no longer vulnerable, this does not mean that end-users can drop their guard.

Heartbleed equally affects client software such as Web clients, email clients, chat clients, FTP clients, mobile applications, VPN clients and software updaters, to name a few. In short, any client that communicates over SSL/TLS using the vulnerable version of OpenSSL is open to attacks. 

In addition, Heartbleed affects various other servers aside from Web servers. These include proxies, media servers, game servers, database servers, chat servers and FTP servers. Finally, hardware devices are not immune to the vulnerability. It can affect routers, PBXes (business phone systems) and likely numerous devices in the Internet of Things.

Attacking these software and...

Symantec Security Response | 12 Apr 2014 23:13:34 GMT

It has been now five days since details emerged regarding the “Heartbleed” vulnerability in OpenSSL. During this time we have been researching the impact of the vulnerability, tracking the patch states of popular websites, and monitoring attacks. So what have we learned?
 

Most popular sites are no longer vulnerable

We have been tracking the most popular websites to see which of them are currently vulnerable to Heartbleed. No website included in Alexa’s top 1000 websites is currently vulnerable. Within the Alexa top 5000 websites, only 24 websites are vulnerable. Overall, within the Alexa top 50,000 websites only 1.8 percent is vulnerable to Heartbleed. Based on this data, chances are that the websites most frequently visited by the average user are not affected by Heartbleed.

It is possible that your data may...

Dick O'Brien | 09 Apr 2014 18:18:41 GMT

A newly discovered vulnerability in OpenSSL, one of the most commonly used implementations of the SSL and TLS cryptographic protocols, presents an immediate and serious danger to any unpatched server. The bug, known as Heartbleed, allows attackers to intercept secure communications and steal sensitive information such as login credentials, personal data, or even decryption keys.

Heartbleed, or the OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability (CVE-2014-0160), affects a component of OpenSSL known as Heartbeat. OpenSSL is one of the most widely used, open source implementations of the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols.

Heartbeat is an extension to the TLS protocol that allows a TLS session to be kept alive, even if no real communication has occurred for some time. The feature will verify that both computers are still connected and available for...

PraveenSingh | 08 Apr 2014 18:24:52 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing four bulletins covering a total of 11 vulnerabilities. Seven of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-...

Kevin Haley | 08 Apr 2014 09:28:08 GMT

istrbanner.png

Once again, it’s time to reveal the latest findings from our Internet Security Threat Report (ISTR), which looks at the current state of the threat landscape, based on our research and analysis from the past year. Key trends from this year’s report include the large increase in data breaches and targeted attacks, the evolution of mobile malware and ransomware, and the potential threat posed by the Internet of Things. We’ll explore each of these topics in greater detail below.

The year of the mega data breach
While 2011 was hailed by many as the “Year of the Data Breach,” breaches in 2013 far surpassed previous years in size and scale. For 2013, we found the number of data...

Roberto Sponchioni | 07 Apr 2014 23:49:19 GMT

Windows PowerShell, the Microsoft scripting language, has made the headlines recently due to malware authors leveraging it for malicious purposes. Symantec has identified more PowerShell scripts being used for nefarious purposes in attacks. Unlike other PowerShell scripts that we have identified previously, the new script, which Symantec detects as Backdoor.Trojan, has different layers of obfuscation and is able to inject malicious code into “rundll32.exe” so that it can hide itself in the computer while still running and acting like a back door.

Powershell 1.png

Figure 1. The original Microsoft Windows PowerShell script

As seen from the previous...