Video Screencast Help

Security Response

Showing posts in English
Symantec Security Response | 13 Nov 2013 16:54:16 GMT

 

In May of this year, sophisticated attackers breached a large Internet hosting provider and gained access to internal administrative systems. The attackers appear to have been after customer record information such as usernames, emails, and passwords. While these internal administrative systems had access to customer records, discovery of the attack and certain security implementations mitigated the scope of the breach. Customer passwords were accessible, but these passwords were hashed and salted making mass password cracking difficult. Customer financial information was also accessible, but encrypted. Unfortunately, access to the encryption key cannot be ruled out. While breaches of organizations and mass customer record dumps are posted almost daily, this particular attack was more sophisticated than we have seen in the past.

The attackers understood the target environment was generally well protected. In particular, the attackers needed a means to avoid...

Satnam Narang | 12 Nov 2013 20:48:34 GMT

Symantec Security Response has discovered many Instagram users have willingly shared their usernames and passwords to a bot-like app in order to increase likes and followers.
 

image1_15.png

Figure 1. InstLike application welcome and login
 

The application known as InstLike was available for iOS and Android devices. It could be found in both Apple App Store and Google Play Store. Google and Apple have since removed the applications from their respective stores. There is also a mobile version of the application online.

InstLike claims users will receive likes and followers for free. But as we have warned previously, these kind of “free” services for social networks are not actually...

Dinesh Theerthagiri | 12 Nov 2013 20:13:13 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 19 vulnerabilities. Nine of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the November releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Nov

The following is a breakdown of the...

Symantec Security Response | 12 Nov 2013 16:13:12 GMT

On November 11, Microsoft published a blog post about a new zero-day Microsoft Internet Explorer Unspecified Information Disclosure Vulnerability (CVE-2013-3918) affecting an Internet Explorer Active X Control, that had been publically disclosed on November 8. The blog states that this vulnerability is scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090 today through Windows Update at approximately 10:00AM PDT. As Symantec is part of the Microsoft Active Protections Program (MAPP), we are aware of this vulnerability and have the following protection in place for our customers:

Antivirus:
...

Samir_Patil | 12 Nov 2013 08:34:49 GMT

Contributor: Vijay Thawre

Typhoon Haiyan, one of the strongest tropical cyclones on record struck the Philippines this week, leaving behind a trail of mass destruction. With more than 10,000 people dead, call for help has been raised by several NGOs and organizations worldwide. Donation requests have been posted on different social networks as well as some popular websites. Meanwhile, spammers have started taking advantage of the situation by sending email containing fake donation requests.

Figure_0.png

Figure. Philippines Typhoon Haiyan scam email

In the the example shown in this blog, the spammer has sent an email that seems perfectly fine at first glance, but when you take a closer look, you can see the email is sent from a different email ID with the subject line "HELP PHILIPPINES".

The spammer disguises himself as a...

Symantec Security Response | 09 Nov 2013 01:01:52 GMT

South Korea has not been too far from media attention lately, with reports of cyberattacks involving zero-day vulnerabilities, banking Trojans, gaming Trojans, back doors and distributed denial-of-service (DDoS) attacks targeting the nation. Symantec has uncovered a recent attack campaign revolving around Downloader.Tandfuy that incorporates all of these elements.

In a recent Symantec blog entitled ‘New Internet Explorer Zero-day Targeted in Attacks Against Korea and Japan’, Symantec covered the use of the Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3897) in attacks against South Korea. Our research into this campaign has shown that the attacker has...

Symantec Security Response | 06 Nov 2013 15:13:57 GMT
On November 5, Microsoft issued an advisory and a blog post to report a new zero-day vulnerability in the Microsoft Graphics component that affects Windows, Microsoft Office and Microsoft Lync: the Multiple Microsoft Products Remote Code Execution Vulnerability (CVE-2013-3906). The advisory states that the vulnerability exists in the way that certain components handle specially crafted TIFF images, potentially allowing an attacker to remotely execute code on the affected computer. 
 
While Microsoft has yet to release a patch for this vulnerability, it has provided a temporary "...
Mircea Ciubotariu | 01 Nov 2013 16:57:22 GMT

Clean Theory 1.png

Old rules…

A popular proverb goes like this:

When one adds a pint of clean water to a barrel of sewer water one gets a barrel of sewer water, but when one adds a pint of sewer water to a barrel of clean water one gets… well… a new barrel of sewer water.

If the clean water is considered as a logically true statement and the sewer water is considered as a logically false statement, then the proverb expresses a long known principle used in logic:

Adding a true statement (clean water pint) to several chained false ones (sewer water barrel) with an AND operator (‘&’) results in an overall false statement. A similar situation occurs when adding a false statement to several chained true ones, resulting again in an overall false statement.

The...

Kevin Savage | 01 Nov 2013 11:57:33 GMT

Malicious game downloads are not a new phenomenon, but malware authors are now exhibiting a greater degree of ambition in targeting online gamers. A gaming Trojan horse is now targeting user bank accounts in addition to user gaming credentials.

Threats such as Infostealer.Gampass have plagued online gamers for years, stealing user credentials and data. And even though Trojan.Grolker is a relative newcomer to the world of online gaming Trojans, it does have a new avenue of attack.  

Symantec has been observing Trojan.Grolker in the wild since the middle of 2012. The majority of infections have been observed in South Korea, with smaller concentrations in Hungary. Attackers have targeted...

Christopher Mendes | 30 Oct 2013 07:35:35 GMT

Diwali is just around the corner and many users will be doing their festive shopping online since online shopping is cool, fast and easy these days.

India has come of age when it comes to online shopping. Many Indians are turning towards this easier mode of purchase, which is less time consuming and comes with better bargains. But online shopping is also turning out to be an easy hunting ground for opportunistic cybercriminals. Scammers and fraudsters are once again doing the rounds with "out-of-the-world offers and speedy deliveries" to users’ doorsteps.

In the sample case discussed in this blog, third-party mailers and recently registered spammy domains are being used for nefarious Web activities. The samples discussed below illustrate how the spammers have conducted a thorough study of India’s online shopping environment, and customized their campaigns accordingly.

Subject: This Diwali Gift  B[REMOVED] – A...