Symantec
Latest
Microsoft helped disrupt the infamous Trickbot botnet
Microsoft has confirmed that it and partners disrupted the Trickbot botnet in a bid to protect US elections.
Multiple antivirus apps are vulnerable to common security flaws
At least 28 well-known antivirus apps could be exploited by shared security flaws, and a few are still vulnerable now.
Sneaky tactics lead to millions of malware-laden Android app downloads
Reports of malware-laden Android apps with millions of downloads are becoming a monthly occurrence. Google recently removed 25 more apps from the Play Store after Symantec discovered that they shared similar malicious code structure. These apps, which seemed like benign photo and fashion apps, were downloaded by users over 2.1 million times.
Chinese spies reportedly repurposed NSA tools used to hack their computers (updated)
A group called Shadow Brokers leaked sets of hacking tools back in 2017 that led to massive security breaches around the world, including the infamous WannaCry ransomware attacks. While the group maintained that it stole the tools from the US National Security Agency (NSA), it was a mystery how it got its hands on them. Now, a Symantec report has revealed that prior to the Shadow Brokers leak, NSA tools were captured by the Buckeye, a hacking group that the US government has linked to Chinese intelligence agents. As to how Buckeye got its hands on those tools? It seems they reverse-engineered them after the NSA first used them to attack their computers.
North Korea-linked hacking group stole millions from ATMs
Lazarus, North Korea-linked hacking group that was behind the notorious WannaCry attack, managed to steal tens of millions of dollars from ATMs in Asia and Africa, according to a report from security firm Symantec. The hackers deployed malware called Trojan.FastCash and infected thousands of servers that communicate with ATMs. It then used that access to approve its own fraudulent transactions and withdraw money from the machines.
Chrome's upcoming security change will break hundreds of sites
Google will strengthen Chrome's security with its next release, but that might have some unintended consequences for the sites you use. Security researcher Scott Helme has found that hundreds of the top 1 million sites are using old Symantec HTTPS certificates (pre-June 2016) that won't be trusted when Chrome 70 arrives as soon as October 16th. Some of these are vital sites, too, including multiple Indian government sites, the government of Tel Aviv and Penn State Federal Credit Union.
LifeLock ID theft protection leak could have aided identity thieves
LifeLock's identity theft protection service suffered from a security flaw that put users' identities in jeopardy. The event forced its parent company, Symantec, to pull part of its website* down to fix the issue after it was notified by KrebsOnSecurity. According to Krebs, Atlanta-based security researcher Nathan Reese discovered the vulnerability through a newsletter email he received from the service. Upon clicking "unsubscribe," a page that clearly showed his subscriber key popped up. That allowed Reese to write a script that sequences numbers, which was able to pull keys and their corresponding email addresses from the service.
Android malware returned to Google Play with just a name change
Google has done a lot to thwart Android malware in recent months, but it's apparent there's still some work to do. Symantec recently discovered seven previously removed rogue apps that resurfaced on Google Play simply by using a new publisher and new app names. The titles masqueraded as productivity apps and would even use official Google imagery to hide their origins, but would push ads and scam websites if they were allowed to stay for four hours.
34 major tech companies are uniting to fight cyberattacks
Cyberattacks are a global issue that can cause havoc regardless of who's involved, and key members of the tech industry are uniting in a bid to fight these attacks. A group of 34 companies has signed the Cybersecurity Tech Accord, an agreement promising to defend customers around the world from hacks regardless of where they take place or who the perpetrator might be. They're promising to boost defenses for customers (including users' capacity to defend themselves), establish more partnerships to share threats and vulnerabilities, and -- importantly -- refuse to assist governments in launching cyberattacks.
The next version of Chrome will block autoplaying videos with sound
With Chrome 64, Google began allowing users to stop videos from autoplaying on specific websites but with Chrome 66, the company is adding new criteria that dictate when videos can autoplay. As 9to5Google reports, in Google's upcoming version of Chrome, there are a few conditions that must be met for media to autoplay on a website. It must be muted or not have audio, the user has to have tapped or clicked on the site while browsing, the site has to have been added to the Home Screen by the user on mobile or the user has to have frequently played media on that site if on desktop.
Telegram targeted by fake apps that serve malware and ads
Make sure you check an app's name before you download it: Telegram, for instance, had an evil twin on Google Play named "Teligram." According to Symantec, which discovered its existence, its profile and description on the store mirrored the authentic app's, with the only difference being the slightly altered logo. It was also branded as "New version updated" in an effort to fool users into thinking it's the new version of Telegram. And it probably could've fooled people, too, since it actually works as a messaging platform.
Symantec refuses Russia request for source code access
Security firm Symantec will no longer allow Russian authorities to inspect its source code, according to Reuters. "It poses a risk to the integrity of our products that we are not willing to accept," the company's Kristen Batch said. The worry is that by allowing the supposedly independent Federal Security Service (FSB) to examine source code, it would give Russia an inside view of potential software vulnerabilities and exploits.
Google and Symantec go to war over our internet security
Google and Symantec are engaged in a war about each other's security practices, with all of us caught in the crossfire. As TechCrunch reports, Google believes that Symantec has been improperly issuing security certificates for tens of thousands of websites. If the search engine follows through with its threat, then Chrome will soon no longer place the same level of trust in Symantec's certificates.
Symantec's Norton Core router aims to protect the connected home
Symantec's mostly known as the makers of Norton AntiVirus, which is probably one of the most popular antivirus software in the world despite the, uh, occasional slip-up. Now, the company is venturing into hardware, with the release of the Norton Core. It's a mobile-enabled WiFi router that touts machine learning and Symantec's threat intelligence smarts to defend your home network from getting those digital nasties in the first place.
Symantec to buy identity protection firm with checkered past
Symantec is acquiring identity-theft protection firm LifeLock for $2.3 billion. It's the company's latest move to branch out from malware protection into cybersecurity, following its purchase of Blue Coat, a company that safeguards web transactions. "With the combination of Norton and LifeLock, we will be able to deliver comprehensive cyber defense for consumers," Symantec CEO Greg Clark said in a statement.
A second hacking group is targeting bank systems
It's bad enough that one hacker group has been wreaking havoc on banking systems worldwide, but it's apparently getting worse. Security firm Symantec reports that a second group, Odinaff, has infected 10 to 20 of its customers with malware that can cover up bogus money transfer requests sent through the ubiquitous SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging system. Most of the attacks targeted Australia, Hong Kong, the UK, the Ukraine and the US. And unlike the initial attackers, Odinaff appears to be a criminal organization (possibly linked to the infamous Carbanak team) rather than a state-sponsored outfit.
Google: Symantec antivirus flaws are 'as bad as it gets'
Products from Symantec that are supposed to protect users have made them much more open to attack, according to Google. Researcher Tavis Ormandy has spotted numerous vulnerabilities in 25 Norton and Symantec products that are "as bad as it gets," he says. "Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it -- the victim does not need to open the file or interact with it in any way." Symantec has already published fixes for the exploits, so users would do well to install them immediately.
Companies could use 'intermediate' web security certificates to spy
A certificate authority (CA) is a trusted entity that issues electronic certificates (duh) to verify identity on the Internet. They're a key part of secure communications online -- and thus super important. Then there's intermediate CAs, signed by a root CA, making certificates for any website. However, they're just as powerful as those root ones. Worse still, there's no full list for the ones your system trusts because root CAs can make new ones whenever it wants, and our computers will trust 'em immediately. This is a problem when companies get their hands on them, although they could have legitimate reasons for using an intermediate CA within their own networks.
Symantec antivirus security flaw exposes Linux, Mac and Windows
Security holes in antivirus software are nothing new, but holes that exist across multiple platforms? That's rare... but it just happened. Google's Tavis Ormandy has discovered a vulnerability in Symantec's antivirus engine (used in both Symantec- and Norton-branded suites) that compromises Linux, Mac and Windows computers. If you use an early version of a compression tool to squeeze executables, you can trigger a memory buffer overflow that gives you root-level control over a system.
Google slaps Symantec for issuing fake web security certificates
Not long ago, Symantec revealed that it had issued bogus security certificates for numerous web domains, including Google's... and as you might guess, Google isn't happy. The search firm is warning Symantec that, as of June 1st, any Symantec certificates which don't meet its transparency policy may create warnings and "problems" in Google products (read: they'll be deemed insecure). Moreover, it's asking Symantec to explain why it didn't catch some of the fake certificates, the causes behind each slip-up and the steps it'll take to set things right. Not surprisingly, Google doesn't want malicious sites posing as someone else (especially not Google) in order to deliver malware or perpetuate phishing scams.
