Symantec Has Some Flaws With SEP
Symantec has warned of three serious vulnerabilities in its Endpoint Protection (SEP) software, and is advising users to update their systems.
The bugs affect all builds of the 12.1 version of the SEP software, with the first two flaws allowing authorised but low privilege users of the software to gain elevated and administrative access to the management console, which can be accessed either locally or through a web-based portal.
The third bug is in the sysplant driver and enables users to bypass the SEP’s security controls and run malware and other malicious code on a targeted client machines.
“Exploitation attempts of this type generally use known methods of trust exploitation requiring enticing a currently authenticated user to access a malicious link or open a malicious document in a context such as a website or in an email,” said the security firm.
There have been no recorded exploits of the flaws, so it would appear that Symantec has squashed the bugs before they became a real-world problem for its customers.
The first two bugs were discovered by security researcher Anatoly Katyushin from rival firm Kaspersky Labs, which is a little embarrassing. Discovery of the third bug was credited to the enSilo Research Team.
Symantec advises SEP users to update their software to the 12.1 RU6 MP4 version. It also recommends that users should take precautions and restrict remote access to the management console in order to prevent hackers from attacking client systems through the web portal.
While hackers can direct sophisticated malware at even the most robustly secured systems, exploiting flaws in software offers an easier route into machines and networks, providing hackers get in before the bugs are discovered and patched.
Recent examples can be seen with the discovery of iOS malware which threatens iPhones through an Apple DRM flaw, and an error on Code.org’s website which saw the emails of its volunteers exposed.
Courtesy-TheInq
Symantec Uncovers Advanced Spying Malware
Comments Off on Symantec Uncovers Advanced Spying Malware
An advanced malicious software application has been discovered that since 2008 was used to spy on private companies, governments, research institutes and individuals in 10 countries, anti virus software maker Symantec Corp said in a report on Sunday.
The Mountain View, California-based maker of Norton anti virus products said its research showed that a “nation state” was likely the developer of the malware called Regin, or Backdoor. Regin, but Symantec did not identify any countries or victims.
Symantec said Regin’s design “makes it highly suited for persistent, long-term surveillance operations against targets,” and was withdrawn in 2011 but resurfaced from 2013 onward.
The malware uses several “stealth” features “and even when its presence is detected, it is very difficult to ascertain what it is doing,” according to Symantec. It said “many components of Regin remain undiscovered and additional functionality and versions may exist.”
Almost half of all infections occurred at addresses of Internet service providers, the report said. It said the targets were customers of the companies rather than the companies themselves. About 28 percent of targets were in telecoms while other victims were in the energy, airline, hospitality and research sectors, Symantec said.
Symantec described the malware as having five stages, each “hidden and encrypted, with the exception of the first stage.” It said “each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.”
Regin also uses what is called a modular approach that allows it to load custom features tailored to targets, the same method applied in other malware, such as Flamer and Weevil (The Mask), the anti virus company said. Some of its features were also similar to Duqu malware, uncovered in September 2011 and related to a computer worm called Stuxnet, discovered the previous year.
Symantec said Russia and Saudi Arabia accounted for about half of the confirmed infections of the Regin malware and the other countries were Mexico, Ireland, India, Iran,Afghanistan, Belgium, Austria and Pakistan.
The U.S. Is Falling Behind
February 16, 2012 by admin
Filed under Around The Net
Comments Off on The U.S. Is Falling Behind
The U.S. government is losing a race in cyberspace — a social-networking race for the hearts and minds of the Internet community, a computer security expert said Wednesday.
Other countries — and many companies — are using social-networking tools to their advantage, while the U.S. government has taken tiny steps forward, said Rand Waltzman, a program manager focused on cybersecurity at the U.S.Defense Advanced Research Projects Agency (DARPA).
The Chinese government pays citizens to patrol social-networking sites and dispute negative talk about all levels of government or any aspect of Chinese life, and companies such as Dell and Best Buy are training workers to respond to complaints on Facebook and other social-networking services, Waltzman said at the Suits and Spooks security conference in Arlington, Virginia.
U.S. regulations prevent the government from undertaking similar campaigns, he said. “Any time you want to go to the bathroom, you need presidential approval,” he said.
The U.S. will not be able to protect its residents if it cannot engage in its own covert social-media operations, Waltzman said.
Waltzman told about a U.S. special forces unit in Iraq in 2009 that attacked an insurgent paramilitary group, killed 16 of the members of the group and seized a “huge” weapons cache. As soon as the U.S. unit left the scene, the Iraqi group returned, put the bodies on prayer mats, and uploaded a photograph from a cheap mobile phone, he said. The group put out a press release in English and Arabic.
Yahoo Wins Major Lawsuit
December 17, 2011 by admin
Filed under Around The Net
Comments Off on Yahoo Wins Major Lawsuit
Yahoo has achieved a big victory against spammers, a legal victory that also includes a default judgment of $610 million.
In the lawsuit, filed in May 2008, Yahoo targeted a variety of individuals and companies, accusing them of trying to defraud people via a spam campaign that falsely informed email recipients that they had won prizes in a non-existent Yahoo-sponsored lottery.
Yahoo alleged that the defendants’ goal was to trick email recipients into providing them with personal and financial information that could be used to commit fraud by raiding victims’ bank accounts, using their credit cards and applying for loans on their behalf.
Judge Laura Taylor Swain from the U.S. District Court for the Southern District of New York ruled that Yahoo’s allegations are “uncontroverted” and said the company is entitled to $27 million in statutory damages for trademark infringement and $583 million in statutory damages for violation of the CAN-SPAM Act.
It’s not clear whether Yahoo will be able to collect the money. A default judgment is rendered when defendants in a case fail to plead or defend an action, as happened in this case, in which the defendants never responded to Yahoo’s complaint.