Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Vulnerabilities & Exploits
Showing posts in English
The Elderwood Project (Infographic)
Symantec Security Response | 06 Sep 2012 23:00:00 GMT | 0 comments

Symantec Security Response have published a research paper revealing details about a series of attacks perpetrated by a highly organized and well funded group using the “Elderwood” Attack Platform. This platform is a series of tools and infrastructure used by this group to perform attacks against targets in a speedy and efficient manner. The group behind this platform used it to carry out a multitude of attacks against targets primarily in the defense industry and other organizations within its supply chain. This group demonstrates a dogged persistence and tenacity, along with a high degree of technical expertise as shown by the seemingly unlimited supply of zero-day exploits that they have employed in the past. This research examines a time window of at least three years in which numerous attacks were conducted and still continues to take place to this day. The paper covers the attack methods used, the possible motives, the scale of the attacks and what to do to stay...

Read more
CVE-2012-1535: Adobe Flash Player Vulnerability Exploited with Multiple Emails
Bhaskar Krishna | 21 Aug 2012 21:12:17 GMT | 0 comments

As we are all aware, Adobe released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh, and Linux. These security updates address the Adobe Flash Player CVE-2012-1535 Remote Code Execution Vulnerability that could cause the application to crash and potentially allow an attacker to take control of the compromised computer. Adobe has also stated that there are reports of the vulnerability being exploited in the wild in limited targeted attacks distributed through malicious Word documents.

We have observed these threats since August 10, 2012, and to-date we have successfully blocked more than 1,300 samples. The first sample...

Read more
Microsoft Patch Tuesday - August 2012
Candid Wueest | 14 Aug 2012 17:42:43 GMT | 0 comments

Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 26 vulnerabilities. Twenty-one of this month's issues are rated ’Critical’. The Critical issues affect Windows common controls, Internet Explorer, Remote Desktop Protocol (RDP), Print Spooler service, Remote Administration Protocol (RAP), and Microsoft Exchange Server.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available
  • Run all software with the least privileges required while still maintaining functionality
  • Avoid handling files from unknown or questionable sources
  • Never visit sites of unknown or questionable integrity
  • Block external access at the network perimeter to all key systems unless specific access is required

Microsoft's summary of the August releases can be found here...

Read more
Microsoft Patch Tuesday - July 2012
Candid Wueest | 10 Jul 2012 17:27:26 GMT | 0 comments

Hello and welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 16 vulnerabilities. Four of this month's issues are rated 'Critical' affecting Microsoft Data Access Components, Internet Explorer, and XML Core Services.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the July releases can be found here:
http://technet.microsoft.com/en-...

Read more
Printer Madness: W32.Printlove Video
Jeet Morparia | 02 Jul 2012 17:10:54 GMT | 0 comments

Recently we have received several customer issues about garbage being printed on their network printers. During our investigation, we came across a new worm that causes the garbage print jobs. Symantec detects this worm as W32.Printlove. W32.Printlove uses the Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability (CVE 2010-2729) discovered in 2010 to spread across networks. We have created a video that demonstrates how it accidently prints garbage.
 

...

Read more
Microsoft Patch Tuesday - June 2012
Candid Wueest | 12 Jun 2012 18:03:01 GMT | 0 comments

Hello, welcome to this month’s blog on the Microsoft patch release. This is a larger month—the vendor is releasing seven bulletins covering a total of 27 vulnerabilities.

Ten of this month's issues are rated 'Critical' affecting Remote Desktop Protocol and Internet Explorer. The remaining issues affect .NET Framework, Office, and Dynamics AX.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available
  • Run all software with the least privileges required while still maintaining functionality
  • Avoid handling files from unknown or questionable sources
  • Never visit sites of unknown or questionable integrity
  • Block external access at the network perimeter to all key systems unless specific access is required

Microsoft’s summary of the June releases can be found here:
...

Read more
W32.Flamer: Spreading Mechanism Tricks and Exploits
Symantec Security Response | 01 Jun 2012 11:13:13 GMT | 0 comments

Flamer has the ability to spread from one computer to the next. However, Flamer does not automatically spread, but instead waits for instructions from the attackers. Flamer can spread using the following methods:

Read more
Tibetan-Themed Malware Subverts a Legitimate Application
Symantec Security Response | 24 May 2012 12:12:33 GMT | 0 comments

Analysis by: Hiroshi Shinotsuka

Recent malware campaigns that used Tibet-related issues as bait have been well documented and it should come as no surprise that we have seen another Tibetan-themed attack using a malicious Word document. The emails involved in the attack are in English and were sent to a clothing company in the United States.

While they appear to come from Tibet-related organizations, the email headers revealed that they were sent from a mail server in Russia.

Recently, we discovered a file that differs to other malware in that it uses a well-known graphics card manufacturer’s legitimately signed program as an attack vector.

After opening the attached...

Read more
Microsoft Patch Tuesday - May 2012
Candid Wueest | 08 May 2012 18:14:56 GMT | 0 comments

Hello, welcome to this month’s blog on the Microsoft patch release. This is a larger month—the vendor is releasing 7 bulletins covering a total of 23 vulnerabilities.

Eight of this month's issues are rated ‘Critical’ and they affect Windows, .NET, Office and Silverlight. The remaining issues affect Office and Windows.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the May releases can be found here:
...

Read more
Microsoft Patch Tuesday - April 2012
Robert Keith | 10 Apr 2012 18:16:22 GMT | 0 comments

Hello, welcome to this month’s blog on the Microsoft patch release. This is an average month—the vendor is releasing six bulletins covering a total of 11 vulnerabilities.

Seven of this month's issues are rated ‘Critical’ and they affect Internet Explorer, .NET, and Windows. The remaining issues affect Internet Explorer, Windows, Forefront Unified Access Gateway, and Office.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the April releases can be found here:
...

Read more