Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Vulnerabilities & Exploits
Showing posts in English
Microsoft Patch Tuesday - October 2012
Candid Wueest | 09 Oct 2012 17:55:37 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 20 vulnerabilities. One of this month's issues is rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the October releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-Oct

The following is a breakdown of the issues...

Read more
Microsoft Patch Tuesday - September 2012
Candid Wueest | 11 Sep 2012 16:57:35 GMT

Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing two bulletins covering a total of two vulnerabilities. None of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available
  • Run all software with the least privileges required while still maintaining functionality
  • Avoid handling files from unknown or questionable sources
  • Never visit sites of unknown or questionable integrity
  • Block external access at the network perimeter to all key systems unless specific access is required

Microsoft's summary of the September releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-Sep

The following is a breakdown of the issues...

Read more
The Elderwood Project
Symantec Security Response | 06 Sep 2012 23:00:00 GMT

In 2009, we saw the start of high profile attacks by a group using the Hydraq (Aurora) Trojan horse. We've been monitoring the attacking group's activities for the last three years as they've consistently targeted a number of industries. These attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. These attackers are systematic and re-use components of an infrastructure we have termed the "Elderwood Platform". The term "Elderwood" comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits. The attacking methodology has always used spear phishing emails but we are now seeing an increased adoption of "watering hole" attacks (...

Read more
The Elderwood Project (Infographic)
Symantec Security Response | 06 Sep 2012 23:00:00 GMT

Symantec Security Response have published a research paper revealing details about a series of attacks perpetrated by a highly organized and well funded group using the “Elderwood” Attack Platform. This platform is a series of tools and infrastructure used by this group to perform attacks against targets in a speedy and efficient manner. The group behind this platform used it to carry out a multitude of attacks against targets primarily in the defense industry and other organizations within its supply chain. This group demonstrates a dogged persistence and tenacity, along with a high degree of technical expertise as shown by the seemingly unlimited supply of zero-day exploits that they have employed in the past. This research examines a time window of at least three years in which numerous attacks were conducted and still continues to take place to this day. The paper covers the attack methods used, the possible motives, the scale of the attacks and what to do to stay...

Read more
CVE-2012-1535: Adobe Flash Player Vulnerability Exploited with Multiple Emails
Bhaskar Krishna | 21 Aug 2012 21:12:17 GMT

As we are all aware, Adobe released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh, and Linux. These security updates address the Adobe Flash Player CVE-2012-1535 Remote Code Execution Vulnerability that could cause the application to crash and potentially allow an attacker to take control of the compromised computer. Adobe has also stated that there are reports of the vulnerability being exploited in the wild in limited targeted attacks distributed through malicious Word documents.

We have observed these threats since August 10, 2012, and to-date we have successfully blocked more than 1,300 samples. The first sample...

Read more
Microsoft Patch Tuesday - August 2012
Candid Wueest | 14 Aug 2012 17:42:43 GMT

Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 26 vulnerabilities. Twenty-one of this month's issues are rated ’Critical’. The Critical issues affect Windows common controls, Internet Explorer, Remote Desktop Protocol (RDP), Print Spooler service, Remote Administration Protocol (RAP), and Microsoft Exchange Server.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available
  • Run all software with the least privileges required while still maintaining functionality
  • Avoid handling files from unknown or questionable sources
  • Never visit sites of unknown or questionable integrity
  • Block external access at the network perimeter to all key systems unless specific access is required

Microsoft's summary of the August releases can be found here...

Read more
Microsoft Patch Tuesday - July 2012
Candid Wueest | 10 Jul 2012 17:27:26 GMT

Hello and welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 16 vulnerabilities. Four of this month's issues are rated 'Critical' affecting Microsoft Data Access Components, Internet Explorer, and XML Core Services.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the July releases can be found here:
http://technet.microsoft.com/en-...

Read more
Printer Madness: W32.Printlove Video
Jeet Morparia | 02 Jul 2012 17:10:54 GMT

Recently we have received several customer issues about garbage being printed on their network printers. During our investigation, we came across a new worm that causes the garbage print jobs. Symantec detects this worm as W32.Printlove. W32.Printlove uses the Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability (CVE 2010-2729) discovered in 2010 to spread across networks. We have created a video that demonstrates how it accidently prints garbage.
 

...

Read more
Microsoft Patch Tuesday - June 2012
Candid Wueest | 12 Jun 2012 18:03:01 GMT

Hello, welcome to this month’s blog on the Microsoft patch release. This is a larger month—the vendor is releasing seven bulletins covering a total of 27 vulnerabilities.

Ten of this month's issues are rated 'Critical' affecting Remote Desktop Protocol and Internet Explorer. The remaining issues affect .NET Framework, Office, and Dynamics AX.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available
  • Run all software with the least privileges required while still maintaining functionality
  • Avoid handling files from unknown or questionable sources
  • Never visit sites of unknown or questionable integrity
  • Block external access at the network perimeter to all key systems unless specific access is required

Microsoft’s summary of the June releases can be found here:
...

Read more
W32.Flamer: Spreading Mechanism Tricks and Exploits
Symantec Security Response | 01 Jun 2012 11:13:13 GMT

Flamer has the ability to spread from one computer to the next. However, Flamer does not automatically spread, but instead waits for instructions from the attackers. Flamer can spread using the following methods:

Read more